X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=source%2Fmircoders%2Fservlet%2FServletModuleOpenIndy.java;h=4148b353e9eda1b6a5f7e6a7e1ac2c766d8bdbc2;hb=eb87de01924c0e179dc4d056d9ff8842991c5128;hp=ad77a2e54c456355e3a28e7a206aa0a8b6d28f7a;hpb=917f53303f78e0096b1a5ce98fc0ee80912d1334;p=mir.git diff --git a/source/mircoders/servlet/ServletModuleOpenIndy.java b/source/mircoders/servlet/ServletModuleOpenIndy.java index ad77a2e5..4148b353 100755 --- a/source/mircoders/servlet/ServletModuleOpenIndy.java +++ b/source/mircoders/servlet/ServletModuleOpenIndy.java @@ -37,13 +37,15 @@ import mircoders.producer.*; public class ServletModuleOpenIndy extends ServletModule { - private String commentFormTemplate, commentFormDoneTemplate, commentFormDupeTemplate; - private String postingFormTemplate, postingFormDoneTemplate, postingFormDupeTemplate; - private ModuleContent contentModule; - private ModuleImages imageModule; - private ModuleTopics themenModule; - private String directOp ="yes"; - + private String commentFormTemplate, commentFormDoneTemplate, + commentFormDupeTemplate; + private String postingFormTemplate, postingFormDoneTemplate, + postingFormDupeTemplate; + private ModuleContent contentModule; + private ModuleImages imageModule; + private ModuleTopics themenModule; + private String directOp ="yes"; + private String passwdProtection ="yes"; // Singelton / Kontruktor private static ServletModuleOpenIndy instance = new ServletModuleOpenIndy(); public static ServletModule getInstance() { return instance; } @@ -58,11 +60,13 @@ public class ServletModuleOpenIndy extends ServletModule postingFormDoneTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDoneTemplate"); postingFormDupeTemplate = MirConfig.getProp("ServletModule.OpenIndy.PostingDupeTemplate"); directOp = MirConfig.getProp("DirectOpenposting").toLowerCase(); + passwdProtection = MirConfig.getProp("PasswdProtection").toLowerCase(); mainModule = new ModuleComment(DatabaseComment.getInstance()); contentModule = new ModuleContent(DatabaseContent.getInstance()); themenModule = new ModuleTopics(DatabaseTopics.getInstance()); imageModule = new ModuleImages(DatabaseImages.getInstance()); defaultAction="addposting"; + } catch (StorageObjectException e) { theLog.printError("servletmoduleopenindy could not be initialized"); @@ -79,8 +83,17 @@ public class ServletModuleOpenIndy extends ServletModule String aid = req.getParameter("aid"); // the article id the comment will belong to if (aid!=null && !aid.equals("")) { - SimpleHash mergeData = new SimpleHash(); - // ok, article + SimpleHash mergeData = new SimpleHash(); + + // onetimepasswd + if(passwdProtection.equals("yes")){ + String passwd = this.createOneTimePasswd(); + System.out.println(passwd); + HttpSession session = req.getSession(false); + session.setAttribute("passwd",passwd); + mergeData.put("passwd", passwd); + } + mergeData.put("aid", aid); deliver(req, res, mergeData, commentFormTemplate); } @@ -92,7 +105,8 @@ public class ServletModuleOpenIndy extends ServletModule * the commentDone Page */ - public void inscomment(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException + public void inscomment(HttpServletRequest req, HttpServletResponse res) + throws ServletModuleException,ServletModuleUserException { String aid = req.getParameter("to_media"); // the article id the comment will belong to if (aid!=null && !aid.equals("")) @@ -109,7 +123,21 @@ public class ServletModuleOpenIndy extends ServletModule withValues.put(k,StringUtil.removeHTMLTags(v)); } withValues.put("is_published","1"); - + + //checking the onetimepasswd + if(passwdProtection.equals("yes")){ + HttpSession session = req.getSession(false); + String sessionPasswd = (String)session.getAttribute("passwd"); + if ( sessionPasswd == null){ + throw new ServletModuleUserException("Lost password"); + } + String passwd = req.getParameter("passwd"); + if ( passwd == null || (!sessionPasswd.equals(passwd))) { + throw new ServletModuleUserException("Missing password"); + } + session.invalidate(); + } + // inserting into database String id = mainModule.add(withValues); theLog.printDebugInfo("id: "+id); @@ -142,12 +170,25 @@ public class ServletModuleOpenIndy extends ServletModule * Method for delivering the form-Page for open posting */ - public void addposting(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException - { + public void addposting(HttpServletRequest req, HttpServletResponse res) + throws ServletModuleException { SimpleHash mergeData = new SimpleHash(); + + // onetimepasswd + if(passwdProtection.equals("yes")){ + String passwd = this.createOneTimePasswd(); + System.out.println(passwd); + HttpSession session = req.getSession(false); + session.setAttribute("passwd",passwd); + mergeData.put("passwd", passwd); + } + + String maxMedia = MirConfig.getProp("ServletModule.OpenIndy.MaxMediaUploadItems"); String numOfMedia = req.getParameter("medianum"); if(numOfMedia==null||numOfMedia.equals("")){ numOfMedia="1"; + } else if(Integer.parseInt(numOfMedia) > Integer.parseInt(maxMedia)) { + numOfMedia = maxMedia; } int mediaNum = Integer.parseInt(numOfMedia); @@ -158,16 +199,20 @@ public class ServletModuleOpenIndy extends ServletModule } mergeData.put("medianum",numOfMedia); mergeData.put("mediafields",mediaFields); - mergeData.put("themenPopupData", themenModule.getTopicsAsSimpleList()); - /** @todo popups missing */ + SimpleHash extraInfo = new SimpleHash(); try{ - mergeData.put("languagePopUpData",DatabaseLanguage.getInstance().getPopupData()); + SimpleList popUpData = DatabaseLanguage.getInstance().getPopupData(); + extraInfo.put("languagePopUpData", popUpData ); + extraInfo.put("themenPopupData", themenModule.getTopicsAsSimpleList()); } catch (Exception e) { - theLog.printError("languagePopUpData failed"); + theLog.printError("languagePopUpData or getTopicslist failed " + +e.toString()); + throw new ServletModuleException("OpenIndy -- failed getting language or topics: "+e.toString()); } - deliver(req, res, mergeData, postingFormTemplate); + + deliver(req, res, mergeData, extraInfo, postingFormTemplate); } /** @@ -176,15 +221,35 @@ public class ServletModuleOpenIndy extends ServletModule */ public void insposting(HttpServletRequest req, HttpServletResponse res) - throws ServletModuleException + throws ServletModuleException, ServletModuleUserException { SimpleHash mergeData = new SimpleHash(); boolean setMedia=false; + boolean setTopic = false; try { WebdbMultipartRequest mp = new WebdbMultipartRequest(req); HashMap withValues = mp.getParameters(); + + //checking the onetimepasswd + if(passwdProtection.equals("yes")){ + HttpSession session = req.getSession(false); + String sessionPasswd = (String)session.getAttribute("passwd"); + if ( sessionPasswd == null){ + throw new ServletModuleUserException("Lost password"); + } + String passwd = (String)withValues.get("passwd"); + if ( passwd == null || (!sessionPasswd.equals(passwd))) { + throw new ServletModuleUserException("Missing password"); + } + session.invalidate(); + } + + if ((((String)withValues.get("title")).length() == 0) || + (((String)withValues.get("description")).length() == 0) || + (((String)withValues.get("content_data")).length() == 0)) + throw new ServletModuleUserException("Missing field"); // call the routines that escape html @@ -205,8 +270,9 @@ public class ServletModuleOpenIndy extends ServletModule withValues.put("date", StringUtil.date2webdbDate(new GregorianCalendar())); withValues.put("publish_path", StringUtil.webdbDate2path((String)withValues.get("date"))); withValues.put("is_produced", "0"); - // op-articles are immediatly published - withValues.put("is_published","1"); + // op-articles are not immediatly published + // we don't know that all is good yet (media, title is present, etc..) + withValues.put("is_published","0"); // if op direct article-type == newswire if (directOp.equals("yes")) withValues.put("to_article_type","1"); @@ -220,7 +286,7 @@ public class ServletModuleOpenIndy extends ServletModule theLog.printDebugInfo("id: "+cid); //insert was not successfull if(cid==null){ - //How do we know that it was not succesful cause of a + //How do we know that it was not succesful cause of a //dupe, what if it failed cause of "No space left on device"? //Or is there something I am missing? Wouldn't it be better //to have an explicit dupe check and then insert? I have no @@ -230,12 +296,15 @@ public class ServletModuleOpenIndy extends ServletModule } String[] to_topicsArr = mp.getParameterValues("to_topic"); - if (to_topicsArr != null && to_topicsArr.length > 0) { + + if (to_topicsArr != null && to_topicsArr.length > 0) { try{ DatabaseContentToTopics.getInstance().setTopics(cid,to_topicsArr); - theLog.printError("setting content_x_topic success"); + setTopic = true; } catch (Exception e) { theLog.printError("setting content_x_topic failed"); + contentModule.deleteById(cid); + throw new ServletModuleException("smod - openindy :: insposting: setting content_x_topic failed: "+e.toString()); } //end try } //end if @@ -246,23 +315,56 @@ public class ServletModuleOpenIndy extends ServletModule MpRequest mpReq = (MpRequest)it.next(); String fileName = mpReq.getFilename(); - //This is just a temporary way to get the content-type via - //the .extension , we need to use a magic method, by looking - //at the header (first few bytes) of the file. - //the Oreilly method sucks cause it relies on the - //content-type the client browser sends and that's - //too often application-octet stream. -mh - String contentType = FileUtil.guessContentTypeFromName(fileName); + //get the content-type from what the client browser + //sends us. (the "Oreilly method") + String contentType = mpReq.getContentType(); + + theLog.printInfo("FROM BROWSER: "+contentType); + + //if the client browser sent us unknown (text/plain is default) + //or if we got application/octet-stream, it's possible that + //the browser is in error, better check against the file extension + if (contentType.equals("text/plain") || + contentType.equals("application/octet-stream")) { + /** + * Fallback to finding the mime-type through the standard ServletApi + * ServletContext getMimeType() method. + * + * This is a way to get the content-type via the .extension, + * we could maybe use a magic method as an additional method of + * figuring out the content-type, by looking at the header (first + * few bytes) of the file. (like the file(1) command). We could + * also call the "file" command through Runtime. This is an + * option that I almost prefer as it is already implemented and + * exists with an up-to-date map on most modern Unix like systems. + * I haven't found a really nice implementation of the magic method + * in pure java yet. + * + * The first method we try thought is the "Oreilly method". It + * relies on the content-type that the client browser sends and + * that sometimes is application-octet stream with + * broken/mis-configured browsers. + * + * The map file we use for the extensions is the standard web-app + * deployment descriptor file (web.xml). See Mir's web.xml or see + * your Servlet containers (most likely Tomcat) documentation. + * So if you support a new media type you have to make sure that + * it is in this file -mh + */ + ServletContext ctx = + (ServletContext)MirConfig.getPropAsObject("ServletContext"); + contentType = ctx.getMimeType(fileName); + if (contentType==null) + contentType = "text/plain"; // rfc1867 says this is the default + } HashMap mediaValues = new HashMap(); - theLog.printError("CONTENT TYPE IS: "+contentType); + theLog.printInfo("CONTENT TYPE IS: "+contentType); - //The map file should be Mir/content-types.properties, it's the - //default Sun Java file+ some entries that it did not have. - //so if you support a new media type you have to make sure that - //it is in this file -mh - if ((contentType==null) || (contentType=="application/octet-stream")) { - throw new ServletModuleException("ModuleException: One or more files of unrecognized types"); + if (contentType.equals("text/plain") || + contentType.equals("application/octet-stream")) { + contentModule.deleteById(cid); + _throwBadContentType(fileName, contentType); } String mediaTitle=(String)withValues.get("media_title"+i); @@ -276,71 +378,108 @@ public class ServletModuleOpenIndy extends ServletModule mediaValues.put("to_publisher", "1"); // op user mediaValues.put("to_media_folder", "7"); // op media_folder mediaValues.put("is_produced", "0"); - mediaValues.put("is_published","1"); + mediaValues.put("is_published","0"); - //the where clause to find the media_type entry - //from the content-type. - //we use the media type entry to lookup the - //media Handler/Storage classes - String wc = " mime_type='"+contentType+"'"; + // @todo this should probably be moved to DatabaseMediaType -mh + String[] cTypeSplit = StringUtil.split(contentType, "/"); + String wc = " mime_type LIKE '"+cTypeSplit[0]+"%'"; - EntityList mediaTypesList = DatabaseMediaType.getInstance().selectByWhereClause(wc); + DatabaseMediaType mediaTypeStor = DatabaseMediaType.getInstance(); + EntityList mediaTypesList = mediaTypeStor.selectByWhereClause(wc); String mediaTypeId = null; - String mediaStorageName = null; - String mediaHandlerName = null; + MirMedia mediaHandler; + Database mediaStorage; + ProducerMedia mediaProducer; - //if we found an entry matching the + //if we didn't find an entry matching the //content-type int the table. - if (mediaTypesList.size() > 0) { - //get the class names from the media_type table. - mediaTypeId = mediaTypesList.elementAt(0).getId(); - mediaStorageName = mediaTypesList.elementAt(0).getValue("tablename"); - mediaHandlerName = mediaTypesList.elementAt(0).getValue("classname"); - mediaValues.put("to_media_type",mediaTypeId); - - //load the classes via reflection - String MediaId; - try { - Class mediaStorageClass = Class.forName("mircoders.storage.Database"+mediaStorageName); - Method m = mediaStorageClass.getMethod("getInstance", null); - Database mediaStorage = (Database)m.invoke(null, null); - Entity mediaEnt = (Entity)mediaStorage.getEntityClass().newInstance(); - mediaEnt.setStorage(mediaStorage); - mediaEnt.setValues(mediaValues); - mediaId = mediaEnt.insert(); - - Class mediaHandlerClass = Class.forName("mir.media.MediaHandler"+mediaHandlerName); - MirMedia mediaHandler = (MirMedia)mediaHandlerClass.newInstance(); - //save and store the media data/metadata - mediaHandler.set(mpReq.getMedia(), mediaEnt,mediaTypesList.elementAt(0)); - - //were done with mpReq at this point, dereference it. - //as it contains mucho mem. -mh 01.10.2001 - mpReq=null; - - if(mediaId!=null){ - new ProducerMedia().handle(null, null, false, false, mediaId); - } - } catch (Exception e) { - theLog.printError("setting uploaded_media failed: "+e.toString()); - } //end try-catch - - //we got this far, associate the media to the article - try{ - DatabaseContentToMedia.getInstance().addMedia(cid,mediaId); - theLog.printError("setting content_x_media success"); - } catch (Exception e) { - theLog.printError("setting content_x_media failed"); - } + if (mediaTypesList.size() == 0) { + contentModule.deleteById(cid); + _throwBadContentType(fileName, contentType); + } - } else { - theLog.printDebugInfo("Wrong file uploaded!: " + fileName); - throw new ServletModuleException("ModuleException: One or more files of unrecognized types"); - } // end if-else mediaTypesList.size() > 0 + Entity mediaType = null; + Entity mediaType2 = null; + + // find out if we an exact content-type match if so take it. + // otherwise try to match majortype/* + // @todo this should probably be moved to DatabaseMediaType -mh + for(int j=0;j