private ModuleImages imageModule;
private ModuleTopics themenModule;
private String directOp ="yes";
-
+ private String passwdProtection ="yes";
// Singelton / Kontruktor
private static ServletModuleOpenIndy instance = new ServletModuleOpenIndy();
public static ServletModule getInstance() { return instance; }
postingFormDoneTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDoneTemplate");
postingFormDupeTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDupeTemplate");
directOp = MirConfig.getProp("DirectOpenposting").toLowerCase();
+ passwdProtection = MirConfig.getProp("PasswdProtection").toLowerCase();
mainModule = new ModuleComment(DatabaseComment.getInstance());
contentModule = new ModuleContent(DatabaseContent.getInstance());
themenModule = new ModuleTopics(DatabaseTopics.getInstance());
imageModule = new ModuleImages(DatabaseImages.getInstance());
defaultAction="addposting";
+
}
catch (StorageObjectException e) {
theLog.printError("servletmoduleopenindy could not be initialized");
String aid = req.getParameter("aid"); // the article id the comment will belong to
if (aid!=null && !aid.equals(""))
{
- SimpleHash mergeData = new SimpleHash();
- // ok, article
+ SimpleHash mergeData = new SimpleHash();
+
+ // onetimepasswd
+ if(passwdProtection.equals("yes")){
+ String passwd = this.createOneTimePasswd();
+ System.out.println(passwd);
+ HttpSession session = req.getSession(false);
+ session.setAttribute("passwd",passwd);
+ mergeData.put("passwd", passwd);
+ }
+
mergeData.put("aid", aid);
deliver(req, res, mergeData, commentFormTemplate);
}
* the commentDone Page
*/
- public void inscomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException
+ public void inscomment(HttpServletRequest req, HttpServletResponse res)
+ throws ServletModuleException,ServletModuleUserException
{
String aid = req.getParameter("to_media"); // the article id the comment will belong to
if (aid!=null && !aid.equals(""))
withValues.put(k,StringUtil.removeHTMLTags(v));
}
withValues.put("is_published","1");
-
+
+ //checking the onetimepasswd
+ if(passwdProtection.equals("yes")){
+ HttpSession session = req.getSession(false);
+ String sessionPasswd = (String)session.getAttribute("passwd");
+ if ( sessionPasswd == null){
+ throw new ServletModuleUserException("Lost password");
+ }
+ String passwd = req.getParameter("passwd");
+ if ( passwd == null || (!sessionPasswd.equals(passwd))) {
+ throw new ServletModuleUserException("Missing password");
+ }
+ session.invalidate();
+ }
+
// inserting into database
String id = mainModule.add(withValues);
theLog.printDebugInfo("id: "+id);
public void addposting(HttpServletRequest req, HttpServletResponse res)
throws ServletModuleException {
SimpleHash mergeData = new SimpleHash();
+
+ // onetimepasswd
+ if(passwdProtection.equals("yes")){
+ String passwd = this.createOneTimePasswd();
+ System.out.println(passwd);
+ HttpSession session = req.getSession(false);
+ session.setAttribute("passwd",passwd);
+ mergeData.put("passwd", passwd);
+ }
+
+ String maxMedia = MirConfig.getProp("ServletModule.OpenIndy.MaxMediaUploadItems");
String numOfMedia = req.getParameter("medianum");
if(numOfMedia==null||numOfMedia.equals("")){
numOfMedia="1";
+ } else if(Integer.parseInt(numOfMedia) > Integer.parseInt(maxMedia)) {
+ numOfMedia = maxMedia;
}
int mediaNum = Integer.parseInt(numOfMedia);
mergeData.put("mediafields",mediaFields);
- /** @todo popups missing */
+ SimpleHash extraInfo = new SimpleHash();
try{
SimpleList popUpData = DatabaseLanguage.getInstance().getPopupData();
- mergeData.put("languagePopUpData", popUpData );
- mergeData.put("themenPopupData", themenModule.getTopicsAsSimpleList());
+ extraInfo.put("languagePopUpData", popUpData );
+ extraInfo.put("themenPopupData", themenModule.getTopicsAsSimpleList());
} catch (Exception e) {
theLog.printError("languagePopUpData or getTopicslist failed "
+e.toString());
throw new ServletModuleException("OpenIndy -- failed getting language or topics: "+e.toString());
- }
+ }
- deliver(req, res, mergeData, postingFormTemplate);
+ deliver(req, res, mergeData, extraInfo, postingFormTemplate);
}
/**
WebdbMultipartRequest mp = new WebdbMultipartRequest(req);
HashMap withValues = mp.getParameters();
+
+ //checking the onetimepasswd
+ if(passwdProtection.equals("yes")){
+ HttpSession session = req.getSession(false);
+ String sessionPasswd = (String)session.getAttribute("passwd");
+ if ( sessionPasswd == null){
+ throw new ServletModuleUserException("Lost password");
+ }
+ String passwd = (String)withValues.get("passwd");
+ if ( passwd == null || (!sessionPasswd.equals(passwd))) {
+ throw new ServletModuleUserException("Missing password");
+ }
+ session.invalidate();
+ }
if ((((String)withValues.get("title")).length() == 0) ||
(((String)withValues.get("description")).length() == 0) ||
//the browser is in error, better check against the file extension
if (contentType.equals("text/plain") ||
contentType.equals("application/octet-stream")) {
- /**
- * This is just a temporary way to get the content-type via
- * the .extension , we could maybe use a magic method, by looking
- * at the header (first few bytes) of the file. (like the file(1)
- * command).
- * The Oreilly method relies on the content-type that the client
- * browser sends and that sometimes is application-octet stream with
- * broken/mis-configured browsers.
- *
- * The map file should be Mir/content-types.properties, it's the
- * default Sun Java file with some additional entries that it did
- * not have. So if you support a new media type you have to make
- * sure that it is in this file -mh
- */
- contentType = FileUtil.guessContentTypeFromName(fileName);
- if (contentType==null)
- contentType = "text/plain"; // rfc1867 says this is the default
+ /**
+ * Fallback to finding the mime-type through the standard ServletApi
+ * ServletContext getMimeType() method.
+ *
+ * This is a way to get the content-type via the .extension,
+ * we could maybe use a magic method as an additional method of
+ * figuring out the content-type, by looking at the header (first
+ * few bytes) of the file. (like the file(1) command). We could
+ * also call the "file" command through Runtime. This is an
+ * option that I almost prefer as it is already implemented and
+ * exists with an up-to-date map on most modern Unix like systems.
+ * I haven't found a really nice implementation of the magic method
+ * in pure java yet.
+ *
+ * The first method we try thought is the "Oreilly method". It
+ * relies on the content-type that the client browser sends and
+ * that sometimes is application-octet stream with
+ * broken/mis-configured browsers.
+ *
+ * The map file we use for the extensions is the standard web-app
+ * deployment descriptor file (web.xml). See Mir's web.xml or see
+ * your Servlet containers (most likely Tomcat) documentation.
+ * So if you support a new media type you have to make sure that
+ * it is in this file -mh
+ */
+ ServletContext ctx =
+ (ServletContext)MirConfig.getPropAsObject("ServletContext");
+ contentType = ctx.getMimeType(fileName);
+ if (contentType==null)
+ contentType = "text/plain"; // rfc1867 says this is the default
}
HashMap mediaValues = new HashMap();
if (contentType.equals("text/plain") ||
contentType.equals("application/octet-stream")) {
- throw new ServletModuleUserException("One or more files of unrecognized types");
+ contentModule.deleteById(cid);
+ _throwBadContentType(fileName, contentType);
}
String mediaTitle=(String)withValues.get("media_title"+i);
mediaValues.put("is_produced", "0");
mediaValues.put("is_published","0");
- //the where clause to find the media_type entry
- //from the content-type.
- //we use the media type entry to lookup the
- //media Handler/Storage classes
- //String wc = " mime_type = '"+contentType+"'";
-
// @todo this should probably be moved to DatabaseMediaType -mh
String[] cTypeSplit = StringUtil.split(contentType, "/");
String wc = " mime_type LIKE '"+cTypeSplit[0]+"%'";
Database mediaStorage;
ProducerMedia mediaProducer;
- //if we found an entry matching the
+ //if we didn't find an entry matching the
//content-type int the table.
- if (mediaTypesList.size() > 0) {
- Entity mediaType = null;
-
- // find out if we an exact content-type match if so take it.
- // otherwise just use the first one.
- // @todo this should probably be moved to DatabaseMediaType -mh
- for(int j=0;j<mediaTypesList.size();j++) {
- if(contentType.equals(
- mediaTypesList.elementAt(j).getValue("mime_type")))
- mediaType = mediaTypesList.elementAt(j);
- }
-
- if( mediaType == null )
- mediaType = mediaTypesList.elementAt(0);
-
- //get the class names from the media_type table.
- mediaTypeId = mediaType.getId();
- try {
- // ############### @todo: merge these and the getURL call into one
- // getURL helper call that just takes the Entity as a parameter
- // along with media_type
- mediaHandler = MediaHelper.getHandler(mediaType);
- mediaStorage = MediaHelper.getStorage(mediaType,
- "mircoders.storage.Database");
- Class prodCls = Class.forName("mircoders.producer.Producer"
- +mediaType.getValue("tablename"));
- mediaProducer = (ProducerMedia)prodCls.newInstance();
- } catch (Exception e) {
- theLog.printError("getting media handler failed: "+e.toString());
- contentModule.deleteById(cid);
- throw new ServletModuleException("getting media handler failed: "
- +e.toString());
- }
-
- mediaValues.put("to_media_type",mediaTypeId);
-
- //load the classes via reflection
- String MediaId;
- Entity mediaEnt = null;
- try {
- mediaEnt = (Entity)mediaStorage.getEntityClass().newInstance();
- mediaEnt.setStorage(mediaStorage);
- mediaEnt.setValues(mediaValues);
- mediaId = mediaEnt.insert();
-
- //save and store the media data/metadata
- mediaHandler.set(mpReq.getMedia(), mediaEnt,
- mediaType);
-
- //were done with mpReq at this point, dereference it.
- //as it contains mucho mem. -mh 01.10.2001
- mpReq=null;
-
- //we got this far, associate the media to the article
- mediaEnt.setValueForProperty("is_published","1");
- mediaEnt.update();
- //produce it
- mediaProducer.handle(null, null, false, false, mediaId);
- DatabaseContentToMedia.getInstance().addMedia(cid,mediaId);
- } catch (Exception e) {
- theLog.printError("setting media failed: "+e.toString());
- contentModule.deleteById(cid);
- throw new ServletModuleException("setting media failed: "+e.toString());
- }
+ if (mediaTypesList.size() == 0) {
+ contentModule.deleteById(cid);
+ _throwBadContentType(fileName, contentType);
+ }
- } else {
+ Entity mediaType = null;
+ Entity mediaType2 = null;
+
+ // find out if we an exact content-type match if so take it.
+ // otherwise try to match majortype/*
+ // @todo this should probably be moved to DatabaseMediaType -mh
+ for(int j=0;j<mediaTypesList.size();j++) {
+ if(contentType.equals(
+ mediaTypesList.elementAt(j).getValue("mime_type")))
+ mediaType = mediaTypesList.elementAt(j);
+ else if ((mediaTypesList.elementAt(j).getValue("mime_type")).equals(
+ cTypeSplit[0]+"/*") )
+ mediaType2= mediaTypesList.elementAt(j);
+ }
+
+ if ( (mediaType == null) && (mediaType2 == null) ) {
contentModule.deleteById(cid);
- theLog.printDebugInfo("Wrong file type uploaded!: " + fileName);
- throw new ServletModuleUserException("One or more files of unrecognized types");
- } // end if-else mediaTypesList.size() > 0
+ _throwBadContentType(fileName, contentType);
+ }
+ else if( (mediaType == null) && (mediaType2 != null) )
+ mediaType = mediaType2;
+
+ //get the class names from the media_type table.
+ mediaTypeId = mediaType.getId();
+ try {
+ // ############### @todo: merge these and the getURL call into one
+ // getURL helper call that just takes the Entity as a parameter
+ // along with media_type
+ mediaHandler = MediaHelper.getHandler(mediaType);
+ mediaStorage = MediaHelper.getStorage(mediaType,
+ "mircoders.storage.Database");
+ Class prodCls = Class.forName("mircoders.producer.Producer"
+ +mediaType.getValue("tablename"));
+ mediaProducer = (ProducerMedia)prodCls.newInstance();
+ } catch (Exception e) {
+ theLog.printError("getting media handler failed: "+e.toString());
+ contentModule.deleteById(cid);
+ throw new ServletModuleException("getting media handler failed: "
+ +e.toString());
+ }
+
+ mediaValues.put("to_media_type",mediaTypeId);
+
+ //load the classes via reflection
+ String MediaId;
+ Entity mediaEnt = null;
+ try {
+ mediaEnt = (Entity)mediaStorage.getEntityClass().newInstance();
+ mediaEnt.setStorage(mediaStorage);
+ mediaEnt.setValues(mediaValues);
+ mediaId = mediaEnt.insert();
+
+ //save and store the media data/metadata
+ mediaHandler.set(mpReq.getMedia(), mediaEnt,
+ mediaType);
+
+ //were done with mpReq at this point, dereference it.
+ //as it contains mucho mem. -mh 01.10.2001
+ mpReq=null;
+ //we got this far, associate the media to the article
+ mediaEnt.setValueForProperty("is_published","1");
+ mediaEnt.update();
+ //produce it
+ mediaProducer.handle(null, null, false, false, mediaId);
+ DatabaseContentToMedia.getInstance().addMedia(cid,mediaId);
+ } catch (Exception e) {
+ theLog.printError("setting media failed: "+e.toString());
+ contentModule.deleteById(cid);
+ throw new ServletModuleException("setting media failed: "
+ +e.toString());
+ }
+
} //end for Iterator...
//if we're here all is ok...
deliver(req, res, mergeData, postingFormDoneTemplate);
}
+ private void _throwBadContentType (String fileName, String contentType)
+ throws ServletModuleUserException {
+
+ theLog.printDebugInfo("Wrong file type uploaded!: " + fileName+" "
+ +contentType);
+ throw new ServletModuleUserException("The file you uploaded is of the "
+ +"following mime-type: "+contentType
+ +", we do not support this mime-type. "
+ +"Error One or more files of unrecognized type. Sorry");
+ }
+
+ protected String createOneTimePasswd(){
+ Random r = new Random();
+ int random = r.nextInt();
+ long l = System.currentTimeMillis();
+ l = (l*l*l*l)/random;
+ if(l<0) l = l * -1;
+ String returnString = ""+l;
+ return returnString.substring(5);
+ }
+
}
projects / mir.git / blobdiff