private ModuleImages imageModule;
private ModuleTopics themenModule;
private String directOp ="yes";
-
+ private String passwdProtection ="yes";
// Singelton / Kontruktor
private static ServletModuleOpenIndy instance = new ServletModuleOpenIndy();
public static ServletModule getInstance() { return instance; }
postingFormDoneTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDoneTemplate");
postingFormDupeTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDupeTemplate");
directOp = MirConfig.getProp("DirectOpenposting").toLowerCase();
+ passwdProtection = MirConfig.getProp("PasswdProtection").toLowerCase();
mainModule = new ModuleComment(DatabaseComment.getInstance());
contentModule = new ModuleContent(DatabaseContent.getInstance());
themenModule = new ModuleTopics(DatabaseTopics.getInstance());
imageModule = new ModuleImages(DatabaseImages.getInstance());
defaultAction="addposting";
+
}
catch (StorageObjectException e) {
theLog.printError("servletmoduleopenindy could not be initialized");
String aid = req.getParameter("aid"); // the article id the comment will belong to
if (aid!=null && !aid.equals(""))
{
- SimpleHash mergeData = new SimpleHash();
- // ok, article
+ SimpleHash mergeData = new SimpleHash();
+
+ // onetimepasswd
+ if(passwdProtection.equals("yes")){
+ String passwd = this.createOneTimePasswd();
+ System.out.println(passwd);
+ HttpSession session = req.getSession(false);
+ session.setAttribute("passwd",passwd);
+ mergeData.put("passwd", passwd);
+ }
+
mergeData.put("aid", aid);
deliver(req, res, mergeData, commentFormTemplate);
}
* the commentDone Page
*/
- public void inscomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException
+ public void inscomment(HttpServletRequest req, HttpServletResponse res)
+ throws ServletModuleException,ServletModuleUserException
{
String aid = req.getParameter("to_media"); // the article id the comment will belong to
if (aid!=null && !aid.equals(""))
withValues.put(k,StringUtil.removeHTMLTags(v));
}
withValues.put("is_published","1");
-
+
+ //checking the onetimepasswd
+ if(passwdProtection.equals("yes")){
+ HttpSession session = req.getSession(false);
+ String sessionPasswd = (String)session.getAttribute("passwd");
+ if ( sessionPasswd == null){
+ throw new ServletModuleUserException("Lost password");
+ }
+ String passwd = req.getParameter("passwd");
+ if ( passwd == null || (!sessionPasswd.equals(passwd))) {
+ throw new ServletModuleUserException("Missing password");
+ }
+ session.invalidate();
+ }
+
// inserting into database
String id = mainModule.add(withValues);
theLog.printDebugInfo("id: "+id);
public void addposting(HttpServletRequest req, HttpServletResponse res)
throws ServletModuleException {
SimpleHash mergeData = new SimpleHash();
+
+ // onetimepasswd
+ if(passwdProtection.equals("yes")){
+ String passwd = this.createOneTimePasswd();
+ System.out.println(passwd);
+ HttpSession session = req.getSession(false);
+ session.setAttribute("passwd",passwd);
+ mergeData.put("passwd", passwd);
+ }
+
String maxMedia = MirConfig.getProp("ServletModule.OpenIndy.MaxMediaUploadItems");
String numOfMedia = req.getParameter("medianum");
if(numOfMedia==null||numOfMedia.equals("")){
SimpleHash extraInfo = new SimpleHash();
- /** @todo popups missing */
try{
SimpleList popUpData = DatabaseLanguage.getInstance().getPopupData();
extraInfo.put("languagePopUpData", popUpData );
theLog.printError("languagePopUpData or getTopicslist failed "
+e.toString());
throw new ServletModuleException("OpenIndy -- failed getting language or topics: "+e.toString());
- }
+ }
deliver(req, res, mergeData, extraInfo, postingFormTemplate);
}
WebdbMultipartRequest mp = new WebdbMultipartRequest(req);
HashMap withValues = mp.getParameters();
+
+ //checking the onetimepasswd
+ if(passwdProtection.equals("yes")){
+ HttpSession session = req.getSession(false);
+ String sessionPasswd = (String)session.getAttribute("passwd");
+ if ( sessionPasswd == null){
+ throw new ServletModuleUserException("Lost password");
+ }
+ String passwd = (String)withValues.get("passwd");
+ if ( passwd == null || (!sessionPasswd.equals(passwd))) {
+ throw new ServletModuleUserException("Missing password");
+ }
+ session.invalidate();
+ }
if ((((String)withValues.get("title")).length() == 0) ||
(((String)withValues.get("description")).length() == 0) ||
* This is a way to get the content-type via the .extension,
* we could maybe use a magic method as an additional method of
* figuring out the content-type, by looking at the header (first
- * few bytes) of the file. (like the file(1) command). We could
+ * few bytes) of the file. (like the file(1) command). We could
* also call the "file" command through Runtime. This is an
* option that I almost prefer as it is already implemented and
* exists with an up-to-date map on most modern Unix like systems.
* in pure java yet.
*
* The first method we try thought is the "Oreilly method". It
- * relies on the content-type that the client browser sends and
+ * relies on the content-type that the client browser sends and
* that sometimes is application-octet stream with
* broken/mis-configured browsers.
*
* The map file we use for the extensions is the standard web-app
* deployment descriptor file (web.xml). See Mir's web.xml or see
* your Servlet containers (most likely Tomcat) documentation.
- * So if you support a new media type you have to make sure that
+ * So if you support a new media type you have to make sure that
* it is in this file -mh
*/
ServletContext ctx =
mediaType = mediaTypesList.elementAt(j);
else if ((mediaTypesList.elementAt(j).getValue("mime_type")).equals(
cTypeSplit[0]+"/*") )
- mediaType2= mediaTypesList.elementAt(j);
- }
+ mediaType2= mediaTypesList.elementAt(j);
+ }
if ( (mediaType == null) && (mediaType2 == null) ) {
contentModule.deleteById(cid);
+", we do not support this mime-type. "
+"Error One or more files of unrecognized type. Sorry");
}
+
+ protected String createOneTimePasswd(){
+ Random r = new Random();
+ int random = r.nextInt();
+ long l = System.currentTimeMillis();
+ l = (l*l*l*l)/random;
+ if(l<0) l = l * -1;
+ String returnString = ""+l;
+ return returnString.substring(5);
+ }
}