support for CAPTCHAs

[mir.git] / source / mircoders / localizer / basic / MirBasicPostingSessionHandler.java

diff --git a/source/mircoders/localizer/basic/MirBasicPostingSessionHandler.java b/source/mircoders/localizer/basic/MirBasicPostingSessionHandler.java
index 31822f5..7483a78 100755 (executable)
--- a/source/mircoders/localizer/basic/MirBasicPostingSessionHandler.java
+++ b/source/mircoders/localizer/basic/MirBasicPostingSessionHandler.java
@@ -38,6 +38,7 @@ import mir.util.FileRoutines;
 import mir.util.IORoutines;
 import mircoders.global.MirGlobal;
 import mircoders.media.UnsupportedMediaTypeExc;
+import mircoders.localizer.MirOpenPostingLocalizer;
 
 import java.io.*;
 import java.util.*;
@@ -51,7 +52,7 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
   protected MirPropertiesConfiguration configuration = MirPropertiesConfiguration.instance();
 
   /** Previously uploaded files */
-  protected List attachments;
+  protected final List attachments = new ArrayList();
   /** counter to generate unique field names for uploaded files */
   protected int uploadedFileIndex = 0;
 
@@ -63,7 +64,6 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
   private boolean persistentUploadedFiles;
 
   public MirBasicPostingSessionHandler(boolean aPersistentUploadedFiles) {
-    attachments = new ArrayList();
     persistentUploadedFiles = aPersistentUploadedFiles;
   }
 
@@ -114,6 +114,7 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
           processAttachmentError(aRequest, aSession, attachment, t);
         }
         catch (Throwable u) {
+          logger.error("Error while processing attachment error", u);
         }
         logger.error("Error while processing attachment", t);
       }
@@ -161,17 +162,6 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
    * when an older session gets re-initiated after a session timeout.
    */
   protected void initializeSession(Request aRequest, Session aSession) throws SessionExc, SessionFailure {
-    if (MirGlobal.abuse().getOpenPostingPassword()) {
-      String password = (String) aSession.getAttribute("password");
-      if (password==null) {
-        password = generateOnetimePassword();
-        aSession.setAttribute("password", password);
-      }
-    }
-    else {
-      aSession.deleteAttribute("password");
-    }
-
     aSession.setAttribute("referer", aRequest.getHeader("Referer"));
   }
 
@@ -190,6 +180,8 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
       nrMediaItems = Math.min(configuration.getInt("ServletModule.OpenIndy.MaxMediaUploadItems"), Integer.parseInt(aRequest.getParameter("nrmediaitems")));
     }
     catch (Throwable t) {
+      logger.warn("Error while retrieving configuration setting " +
+              "ServletModule.OpenIndy.MaxMediaUploadItems", t);
     }
 
     aSession.setAttribute("nrmediaitems", new Integer(nrMediaItems));
@@ -201,7 +193,10 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
 
     aResponse.setResponseValue("nrmediaitems", new Integer(nrMediaItems));
     aResponse.setResponseValue("mediaitems", mediaItems);
-    aResponse.setResponseValue("password", aSession.getAttribute("password"));
+
+    if (MirGlobal.abuse().getRequireCaptcha()) {
+      aResponse.setResponseValue("password", Boolean.TRUE);
+    }
     aResponse.setResponseValue("referer", aSession.getAttribute("referer"));
     aResponse.setResponseValue("errors", null);
 
@@ -415,10 +410,12 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
    * store data, etc
    */
   protected boolean shouldProcessRequest(Request aRequest, Session aSession, List aValidationErrors) throws SessionExc, SessionFailure {
-    if (aRequest.getParameter("post")==null)
+    if (aRequest.getParameter("post")==null) {
       return false;
-               validate(aValidationErrors, aRequest, aSession);
-               return (aValidationErrors == null || aValidationErrors.size() == 0);
+    }
+    validate(aValidationErrors, aRequest, aSession);
+    
+    return (aValidationErrors == null || aValidationErrors.size() == 0);
   }
 
   /**
@@ -429,43 +426,23 @@ public abstract class MirBasicPostingSessionHandler implements SessionHandler {
    * <code>aResults</code> is empty.
    */
   protected void validate(List aResults, Request aRequest, Session aSession) throws SessionExc, SessionFailure {
-    String password = (String) aSession.getAttribute("password");
-
-    if (password!=null) {
-      String submittedPassword= aRequest.getParameter("password").trim();
+    if (MirGlobal.abuse().getRequireCaptcha()) {
+      String submittedPassword = aRequest.getParameter("password");
+      MirOpenPostingLocalizer.Captcha captcha = (MirOpenPostingLocalizer.Captcha) aSession.getAttribute("captcha");
 
-      if (!password.equals(submittedPassword)) {
-        aResults.add(new ValidationError("password", "passwordmismatch"));
+      if (captcha == null || !captcha.validateAnswer(submittedPassword)) {
+        aResults.add(new ValidationError("password", "validationerror.passwordmismatch"));
       }
     }
   }
 
 
-  /**
-   * Method to generate a one-time password
-   *
-   * @return a password, to be used once
-   */
-  protected String generateOnetimePassword() {
-    Random r = new Random();
-    int random = r.nextInt();
-
-    long l = System.currentTimeMillis();
-
-    l = (l*l*l*l)/random;
-    if (l<0)
-      l = l * -1;
-
-    String returnString = ""+l;
-
-    return returnString.substring(5);
-  }
 
   /**
    * Method to filter the attributes and their values of a request
    * based on the fields of a database object.
    */
-  protected static final Map getIntersectingValues(Request aRequest, Database aStorage) throws SessionFailure {
+  protected static Map getIntersectingValues(Request aRequest, Database aStorage) throws SessionFailure {
     Map result = new HashMap();
 
     Iterator i = aStorage.getFieldNames().iterator();