X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;ds=sidebyside;f=source%2Fmircoders%2Fservlet%2FServletModuleOpenIndy.java;h=4148b353e9eda1b6a5f7e6a7e1ac2c766d8bdbc2;hb=eb87de01924c0e179dc4d056d9ff8842991c5128;hp=7c7219d1e81ab55373e315bc00bd5473d7dbab4d;hpb=bcd2b1efed0a7b2161e236b78aafbfc87f435656;p=mir.git diff --git a/source/mircoders/servlet/ServletModuleOpenIndy.java b/source/mircoders/servlet/ServletModuleOpenIndy.java index 7c7219d1..4148b353 100755 --- a/source/mircoders/servlet/ServletModuleOpenIndy.java +++ b/source/mircoders/servlet/ServletModuleOpenIndy.java @@ -45,7 +45,7 @@ public class ServletModuleOpenIndy extends ServletModule private ModuleImages imageModule; private ModuleTopics themenModule; private String directOp ="yes"; - + private String passwdProtection ="yes"; // Singelton / Kontruktor private static ServletModuleOpenIndy instance = new ServletModuleOpenIndy(); public static ServletModule getInstance() { return instance; } @@ -60,11 +60,13 @@ public class ServletModuleOpenIndy extends ServletModule postingFormDoneTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDoneTemplate"); postingFormDupeTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDupeTemplate"); directOp = MirConfig.getProp("DirectOpenposting").toLowerCase(); + passwdProtection = MirConfig.getProp("PasswdProtection").toLowerCase(); mainModule = new ModuleComment(DatabaseComment.getInstance()); contentModule = new ModuleContent(DatabaseContent.getInstance()); themenModule = new ModuleTopics(DatabaseTopics.getInstance()); imageModule = new ModuleImages(DatabaseImages.getInstance()); defaultAction="addposting"; + } catch (StorageObjectException e) { theLog.printError("servletmoduleopenindy could not be initialized"); @@ -81,8 +83,17 @@ public class ServletModuleOpenIndy extends ServletModule String aid = req.getParameter("aid"); // the article id the comment will belong to if (aid!=null && !aid.equals("")) { - SimpleHash mergeData = new SimpleHash(); - // ok, article + SimpleHash mergeData = new SimpleHash(); + + // onetimepasswd + if(passwdProtection.equals("yes")){ + String passwd = this.createOneTimePasswd(); + System.out.println(passwd); + HttpSession session = req.getSession(false); + session.setAttribute("passwd",passwd); + mergeData.put("passwd", passwd); + } + mergeData.put("aid", aid); deliver(req, res, mergeData, commentFormTemplate); } @@ -94,7 +105,8 @@ public class ServletModuleOpenIndy extends ServletModule * the commentDone Page */ - public void inscomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException + public void inscomment(HttpServletRequest req, HttpServletResponse res) + throws ServletModuleException,ServletModuleUserException { String aid = req.getParameter("to_media"); // the article id the comment will belong to if (aid!=null && !aid.equals("")) @@ -111,7 +123,21 @@ public class ServletModuleOpenIndy extends ServletModule withValues.put(k,StringUtil.removeHTMLTags(v)); } withValues.put("is_published","1"); - + + //checking the onetimepasswd + if(passwdProtection.equals("yes")){ + HttpSession session = req.getSession(false); + String sessionPasswd = (String)session.getAttribute("passwd"); + if ( sessionPasswd == null){ + throw new ServletModuleUserException("Lost password"); + } + String passwd = req.getParameter("passwd"); + if ( passwd == null || (!sessionPasswd.equals(passwd))) { + throw new ServletModuleUserException("Missing password"); + } + session.invalidate(); + } + // inserting into database String id = mainModule.add(withValues); theLog.printDebugInfo("id: "+id); @@ -147,9 +173,22 @@ public class ServletModuleOpenIndy extends ServletModule public void addposting(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException { SimpleHash mergeData = new SimpleHash(); + + // onetimepasswd + if(passwdProtection.equals("yes")){ + String passwd = this.createOneTimePasswd(); + System.out.println(passwd); + HttpSession session = req.getSession(false); + session.setAttribute("passwd",passwd); + mergeData.put("passwd", passwd); + } + + String maxMedia = MirConfig.getProp("ServletModule.OpenIndy.MaxMediaUploadItems"); String numOfMedia = req.getParameter("medianum"); if(numOfMedia==null||numOfMedia.equals("")){ numOfMedia="1"; + } else if(Integer.parseInt(numOfMedia) > Integer.parseInt(maxMedia)) { + numOfMedia = maxMedia; } int mediaNum = Integer.parseInt(numOfMedia); @@ -163,7 +202,6 @@ public class ServletModuleOpenIndy extends ServletModule SimpleHash extraInfo = new SimpleHash(); - /** @todo popups missing */ try{ SimpleList popUpData = DatabaseLanguage.getInstance().getPopupData(); extraInfo.put("languagePopUpData", popUpData ); @@ -172,7 +210,7 @@ public class ServletModuleOpenIndy extends ServletModule theLog.printError("languagePopUpData or getTopicslist failed " +e.toString()); throw new ServletModuleException("OpenIndy -- failed getting language or topics: "+e.toString()); - } + } deliver(req, res, mergeData, extraInfo, postingFormTemplate); } @@ -193,6 +231,20 @@ public class ServletModuleOpenIndy extends ServletModule WebdbMultipartRequest mp = new WebdbMultipartRequest(req); HashMap withValues = mp.getParameters(); + + //checking the onetimepasswd + if(passwdProtection.equals("yes")){ + HttpSession session = req.getSession(false); + String sessionPasswd = (String)session.getAttribute("passwd"); + if ( sessionPasswd == null){ + throw new ServletModuleUserException("Lost password"); + } + String passwd = (String)withValues.get("passwd"); + if ( passwd == null || (!sessionPasswd.equals(passwd))) { + throw new ServletModuleUserException("Missing password"); + } + session.invalidate(); + } if ((((String)withValues.get("title")).length() == 0) || (((String)withValues.get("description")).length() == 0) || @@ -274,23 +326,36 @@ public class ServletModuleOpenIndy extends ServletModule //the browser is in error, better check against the file extension if (contentType.equals("text/plain") || contentType.equals("application/octet-stream")) { - /** - * This is just a temporary way to get the content-type via - * the .extension , we could maybe use a magic method, by looking - * at the header (first few bytes) of the file. (like the file(1) - * command). - * The Oreilly method relies on the content-type that the client - * browser sends and that sometimes is application-octet stream with - * broken/mis-configured browsers. - * - * The map file should be Mir/content-types.properties, it's the - * default Sun Java file with some additional entries that it did - * not have. So if you support a new media type you have to make - * sure that it is in this file -mh - */ - contentType = FileUtil.guessContentTypeFromName(fileName); - if (contentType==null) - contentType = "text/plain"; // rfc1867 says this is the default + /** + * Fallback to finding the mime-type through the standard ServletApi + * ServletContext getMimeType() method. + * + * This is a way to get the content-type via the .extension, + * we could maybe use a magic method as an additional method of + * figuring out the content-type, by looking at the header (first + * few bytes) of the file. (like the file(1) command). We could + * also call the "file" command through Runtime. This is an + * option that I almost prefer as it is already implemented and + * exists with an up-to-date map on most modern Unix like systems. + * I haven't found a really nice implementation of the magic method + * in pure java yet. + * + * The first method we try thought is the "Oreilly method". It + * relies on the content-type that the client browser sends and + * that sometimes is application-octet stream with + * broken/mis-configured browsers. + * + * The map file we use for the extensions is the standard web-app + * deployment descriptor file (web.xml). See Mir's web.xml or see + * your Servlet containers (most likely Tomcat) documentation. + * So if you support a new media type you have to make sure that + * it is in this file -mh + */ + ServletContext ctx = + (ServletContext)MirConfig.getPropAsObject("ServletContext"); + contentType = ctx.getMimeType(fileName); + if (contentType==null) + contentType = "text/plain"; // rfc1867 says this is the default } HashMap mediaValues = new HashMap(); @@ -298,7 +363,8 @@ public class ServletModuleOpenIndy extends ServletModule if (contentType.equals("text/plain") || contentType.equals("application/octet-stream")) { - throw new ServletModuleUserException("One or more files of unrecognized types"); + contentModule.deleteById(cid); + _throwBadContentType(fileName, contentType); } String mediaTitle=(String)withValues.get("media_title"+i); @@ -314,12 +380,6 @@ public class ServletModuleOpenIndy extends ServletModule mediaValues.put("is_produced", "0"); mediaValues.put("is_published","0"); - //the where clause to find the media_type entry - //from the content-type. - //we use the media type entry to lookup the - //media Handler/Storage classes - //String wc = " mime_type = '"+contentType+"'"; - // @todo this should probably be moved to DatabaseMediaType -mh String[] cTypeSplit = StringUtil.split(contentType, "/"); String wc = " mime_type LIKE '"+cTypeSplit[0]+"%'"; @@ -332,79 +392,86 @@ public class ServletModuleOpenIndy extends ServletModule Database mediaStorage; ProducerMedia mediaProducer; - //if we found an entry matching the + //if we didn't find an entry matching the //content-type int the table. - if (mediaTypesList.size() > 0) { - Entity mediaType = null; - - // find out if we an exact content-type match if so take it. - // otherwise just use the first one. - // @todo this should probably be moved to DatabaseMediaType -mh - for(int j=0;j 0 + _throwBadContentType(fileName, contentType); + } + else if( (mediaType == null) && (mediaType2 != null) ) + mediaType = mediaType2; + + //get the class names from the media_type table. + mediaTypeId = mediaType.getId(); + try { + // ############### @todo: merge these and the getURL call into one + // getURL helper call that just takes the Entity as a parameter + // along with media_type + mediaHandler = MediaHelper.getHandler(mediaType); + mediaStorage = MediaHelper.getStorage(mediaType, + "mircoders.storage.Database"); + Class prodCls = Class.forName("mircoders.producer.Producer" + +mediaType.getValue("tablename")); + mediaProducer = (ProducerMedia)prodCls.newInstance(); + } catch (Exception e) { + theLog.printError("getting media handler failed: "+e.toString()); + contentModule.deleteById(cid); + throw new ServletModuleException("getting media handler failed: " + +e.toString()); + } + + mediaValues.put("to_media_type",mediaTypeId); + + //load the classes via reflection + String MediaId; + Entity mediaEnt = null; + try { + mediaEnt = (Entity)mediaStorage.getEntityClass().newInstance(); + mediaEnt.setStorage(mediaStorage); + mediaEnt.setValues(mediaValues); + mediaId = mediaEnt.insert(); + + //save and store the media data/metadata + mediaHandler.set(mpReq.getMedia(), mediaEnt, + mediaType); + + //were done with mpReq at this point, dereference it. + //as it contains mucho mem. -mh 01.10.2001 + mpReq=null; + //we got this far, associate the media to the article + mediaEnt.setValueForProperty("is_published","1"); + mediaEnt.update(); + //produce it + mediaProducer.handle(null, null, false, false, mediaId); + DatabaseContentToMedia.getInstance().addMedia(cid,mediaId); + } catch (Exception e) { + theLog.printError("setting media failed: "+e.toString()); + contentModule.deleteById(cid); + throw new ServletModuleException("setting media failed: " + +e.toString()); + } + } //end for Iterator... //if we're here all is ok... @@ -440,6 +507,27 @@ public class ServletModuleOpenIndy extends ServletModule deliver(req, res, mergeData, postingFormDoneTemplate); } + private void _throwBadContentType (String fileName, String contentType) + throws ServletModuleUserException { + + theLog.printDebugInfo("Wrong file type uploaded!: " + fileName+" " + +contentType); + throw new ServletModuleUserException("The file you uploaded is of the " + +"following mime-type: "+contentType + +", we do not support this mime-type. " + +"Error One or more files of unrecognized type. Sorry"); + } + + protected String createOneTimePasswd(){ + Random r = new Random(); + int random = r.nextInt(); + long l = System.currentTimeMillis(); + l = (l*l*l*l)/random; + if(l<0) l = l * -1; + String returnString = ""+l; + return returnString.substring(5); + } + }