📄 memberwebhandler.java
字号:
} catch (DatabaseException ex) {// we dont need to catch BadInputException since the memberID is already exits
log.fatal("Assertion in MemberWebHandler.uploadPicture");// we dont want it to be here
// need to delete the file if the above database task failed
FileUtil.deleteFile(thumbnailFile);
throw ex;
}
}
void prepareForgotPassword(HttpServletRequest request)
throws AssertionException, DatabaseException, AuthenticationException {
OnlineUser onlineUser = onlineUserManager.getOnlineUser(request);
if (MVNForumConfig.getEnableCaptcha()) {
onlineUser.buildNewCaptcha();
}
}
void forgotPassword(HttpServletRequest request)
throws BadInputException, ObjectNotFoundException, DatabaseException, MessagingException,
AssertionException, AssertionException, DatabaseException, AuthenticationException, IOException,TemplateException {
// use for the captcha feature
OnlineUser onlineUser = onlineUserManager.getOnlineUser(request);
int memberID = 0;
String memberName = ParamUtil.getParameter(request, "MemberName");
StringUtil.checkGoodName(memberName);
String memberEmail = ParamUtil.getParameter(request, "MemberEmail");
if (memberEmail.length() > 0) {
memberEmail = ParamUtil.getParameterEmail(request, "MemberEmail");
}
if (memberName.length() > 0) {// user enter his MemberName
// we find the email of this memberID, not the provided email
memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName);
MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID);
memberEmail = bean.getMemberEmail();
} else if (memberEmail.length() > 0) {// user enter his email
// we find the MemberID of this mail, now we sure that user didnt enter his MemberID
memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberEmail(memberEmail);
MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID);
memberName = bean.getMemberName();
} else {// user didnt enter any thing
throw new BadInputException("You must enter at least your MemberName or email");
}
// now we have the correct pair of MemberID and MemberEmail
// Check the assumption above
MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID);
if (!memberEmail.equalsIgnoreCase(bean.getMemberEmail())) {
throw new AssertionException("Assertion when process forgot password. This is a serious bug. Please contact the Web site administrator to report the bug.");
}
// end check
// Now check the captcha
if (MVNForumConfig.getEnableCaptcha()) {
String captchaResponse = ParamUtil.getParameterSafe(request, "CaptchaResponse", false);
onlineUser.ensureCorrectCaptchaResponse(captchaResponse);
}
String currentTempPassword = DAOFactory.getMemberDAO().getTempPassword(memberID);
// if the current value length is less then 5, we assume that it is not set
// and we generate the new value only in this case. This will prevent the
// different values are sent out and confuse user.
if (currentTempPassword.length() < 5) {
//generate a temp password
currentTempPassword = Encoder.getMD5_Base64(String.valueOf(System.currentTimeMillis()));
DAOFactory.getMemberDAO().updateTempPassword(memberID, currentTempPassword);
}
// next, encode to make sure it could be put on a link
String urlEncodedTempPassword = Encoder.encodeURL(currentTempPassword);
// we have pass the assertion check, go ahead
String serverName = ParamUtil.getServer2(request);
StringBuffer passwordResetUrl = new StringBuffer(256);
passwordResetUrl.append(serverName);
passwordResetUrl.append(ParamUtil.getContextPath());
passwordResetUrl.append(UserModuleConfig.getUrlPattern());
passwordResetUrl.append("/resetpassword?temppassword=");
passwordResetUrl.append(urlEncodedTempPassword);
passwordResetUrl.append("&member=");
passwordResetUrl.append(memberName);
// Prepare the FreeMarker configuration;
Configuration cfg = MVNForumConfig.getFreeMarkerConfiguration();
//Below is a code to map content of email to template
Map root = new HashMap();
root.put("serverName", serverName);
root.put("MVNForumInfo", MVNForumInfo.getProductDesc());
root.put("passwordResetUrl", passwordResetUrl.toString());
root.put("memberName", memberName);
root.put("currentTempPassword", currentTempPassword);
StringWriter subjectWriter = new StringWriter(256);
Template subjectTemplate = cfg.getTemplate(MVNForumGlobal.TEMPLATE_FORGOTPASSWORD_SUBJECT);
subjectTemplate.process(root, subjectWriter);
String subject = subjectWriter.toString();
StringWriter bodyWriter = new StringWriter(1024);
Template bodyTemplate = cfg.getTemplate(MVNForumGlobal.TEMPLATE_FORGOTPASSWORD_BODY);
bodyTemplate.process(root, bodyWriter);
String body = bodyWriter.toString();
// String subject= "Your MEMBER password of website " + serverName;
/* String body = "This email is sent to you because you (or someone) have requested PASSWORD RESET from web site " + serverName + ".\n" +
"If you did not request this password reset feature, just ignore and DELETE this email IMMEDIATELY.\n" +
"If you do want to reset your password, please use this url to reset your password:\n" +
passwordResetUrl.toString() + "\n" +
"Thank you for using " + MVNForumInfo.getProductDesc() + " and we hope that you enjoy our forum.\n" +
serverName + " webmaster\n\n" +
"NOTE: you could use the information below in case the above link does not work:\n" +
"Your Member Name = " + memberName + "\n" +
"Your temporary password = " + currentTempPassword + "\n";
*/
log.debug("subject = " + subject);
log.debug("body = " + body);
try {
MailUtil.sendMail(MVNForumConfig.getWebMasterEmail() /*use the default MailFrom value*/,
memberEmail /*to*/, "" /*cc*/, "" /*bcc*/, subject, body);
} catch (UnsupportedEncodingException e) {
log.error("Cannot support encoding", e);
}
// Only destroy captcha when send mail successfully
if (MVNForumConfig.getEnableCaptcha()) {
onlineUser.destroyCurrentCaptcha();
}
}
void resetPassword(HttpServletRequest request)
throws BadInputException, ObjectNotFoundException, DatabaseException {
String memberName = ParamUtil.getParameter(request, "member", true);
StringUtil.checkGoodName(memberName);
// IMPORTANT: MUST check that temp password is not empty, because temppassword = empty
// means cannot reset password
String memberTempPassword = ParamUtil.getParameter(request, "temppassword", true);
int memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName);
String currentTempPassword = DAOFactory.getMemberDAO().getTempPassword(memberID);
if (memberTempPassword.equals(currentTempPassword) == false) {
throw new BadInputException("Your temporary password is not correct, please try the forgot password feature.");
}
String memberPassword1 = ParamUtil.getParameterPassword(request, "MemberMatkhau", 3, 0);
String memberPassword2 = ParamUtil.getParameterPassword(request, "MemberMatkhauConfirm", 3, 0);
if (!memberPassword1.equals(memberPassword2)) {
throw new BadInputException("Password and confirmed password are not the same, please try again.");
}
String memberPassword = Encoder.getMD5_Base64(memberPassword1);
DAOFactory.getMemberDAO().updatePassword(memberID, memberPassword);
DAOFactory.getMemberDAO().updateTempPassword(memberID, "");// reset the temp password
}
void sendActivateCode(HttpServletRequest request)
throws BadInputException, ObjectNotFoundException, DatabaseException,
MessagingException, AssertionException,IOException, TemplateException {
int memberID = 0;
String memberName = ParamUtil.getParameter(request, "MemberName", true);
StringUtil.checkGoodName(memberName);
String memberEmail = ParamUtil.getParameterEmail(request, "MemberEmail");
// we find the email of this memberID, not the provided email
memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName);
// Check if the email is correct
MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID);
if (!memberEmail.equalsIgnoreCase(bean.getMemberEmail())) {
throw new AssertionException("Your provided email does not equals to the member's email in our database. Please try again.");
}
// end check, send mail now
String serverName = ParamUtil.getServer2(request);
SendMailUtil.sendActivationCodeEmail(memberID, serverName);
}
void activateMember(HttpServletRequest request)
throws BadInputException, ObjectNotFoundException, DatabaseException,
AuthenticationException, AssertionException {
String memberName = ParamUtil.getParameter(request, "member", true);
StringUtil.checkGoodName(memberName);
// IMPORTANT: MUST check that ActivateCode is not empty, because ActivateCode = empty
// means invalid
String memberActivateCode = ParamUtil.getParameter(request, "activatecode", true);
if (memberActivateCode.equals(MemberBean.MEMBER_ACTIVATECODE_ACTIVATED)) {
throw new BadInputException("Cannot activate member with invalid activation code.");
}
int memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName);
// Now, check that this member is not activated, to prevent the
// situation that other people try to annoy this member
if (DAOFactory.getMemberDAO().getActivateCode(memberID).equals(MemberBean.MEMBER_ACTIVATECODE_ACTIVATED)) {
throw new BadInputException("Cannot activate an activated member.");
}
String currentActivateCode = DAOFactory.getMemberDAO().getActivateCode(memberID);
if (memberActivateCode.equals(currentActivateCode) == false) {
throw new BadInputException("Your activation code is not correct, please try the Member Account Activation feature.");
}
DAOFactory.getMemberDAO().updateActivateCode(memberID, MemberBean.MEMBER_ACTIVATECODE_ACTIVATED);// activate member
// now reload the permission if this online user is the activated user
OnlineUser onlineUser = onlineUserManager.getOnlineUser(request);
if (memberID == onlineUser.getMemberID()) {
onlineUser.reloadPermission();
}
}
/*************************************************
* For public view
*************************************************/
void prepareView_forPublic(HttpServletRequest request)
throws BadInputException, ObjectNotFoundException, DatabaseException, AssertionException {
String memberName = ParamUtil.getParameter(request, "member", false);
// primary key column(s)
int memberID;
if (memberName.length() == 0) {
memberID = ParamUtil.getParameterInt(request, "memberid");
} else {// has MemberName
/**@todo: improve this for better performance(dont use this method,
* and write 2 new methods)*/
StringUtil.checkGoodName(memberName);// check for better security
memberID = DAOFactory.getMemberDAO().getMemberIDFromMemberName(memberName);
}
DAOFactory.getMemberDAO().increaseViewCount(memberID);
MemberBean bean = DAOFactory.getMemberDAO().getMember_forPublic(memberID);
request.setAttribute("MemberBean", bean);
}
/**
* This method supports sorting base on many criteria
*/
void prepareListMembers_forPublic(HttpServletRequest request)
throws DatabaseException, AssertionException, BadInputException, AuthenticationException {
OnlineUser onlineUser = onlineUserManager.getOnlineUser(request);
MVNForumPermission permission = onlineUser.getPermission();
//@todo: some permission checking is needed ???
// for sort and order stuff
String sort = ParamUtil.getParameter(request, "sort");
String order = ParamUtil.getParameter(request, "order");
if (sort.length() == 0) sort = "MemberCreationDate";
if (order.length()== 0) order = "DESC";
// we continue
int postsPerPage = onlineUser.getPostsPerPage();
int offset = 0;
try {
offset = ParamUtil.getParameterInt(request, "offset");
} catch (BadInputException e) {
// do nothing
}
int totalMembers = DAOFactory.getMemberDAO().getNumberOfMembers();
if (offset > totalMembers) {
throw new BadInputException("The offset is not allowed to be greater than total members.");
}
Collection memberRows = DAOFactory.getMemberDAO().getMembers_withSortSupport_limit(offset, postsPerPage, sort, order);
request.setAttribute("MemberBeans", memberRows);
request.setAttribute("TotalMembers", new Integer(totalMembers));
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -