| Code with Finding: |
class ServerInputProcessor {
private void processLogin(String inputLine) throws ConnectionException {
Connection conn = DBManager.getConnection();
String username = Utils.getValue(inputLine).toLowerCase();
boolean userExist = false;
boolean pwMatch = false;
String pwhash = "";
String command = "";
String salt = "";
// check username existence
String[] userInfo = DatabaseAdmin.getUserInfo(conn, username);
if (userInfo != null) {
userExist = true;
pwhash = userInfo[1];
salt = pwhash.substring(0, Hash.SALT_STRING_LENGTH);
// user integrity check
Boolean userIntegrity = DatabaseAdmin.userIntegrityCheck(conn, username);
if (userIntegrity == null) {
} else if (!userIntegrity.booleanValue()) {
System.out.println("DATABASE INTEGRITY ERROR: data for " + username +
" has been compromised. Check the database.");
}
}
// ask for password
command += "print Input password:;getPassword;";
sendWithNonce(command);
char[] pwdChars = Utils.byteToCharArray(recvBytesWithNonce());
String enteredPwdHash = Hash.hashExistingPwd(salt, pwdChars);
Arrays.fill(pwdChars, ' ');
// check password
if (userExist) {
pwMatch = Hash.comparePwd(pwhash, enteredPwdHash);
}
// 3 second delay
try {
Thread.sleep(1000L);
} catch (InterruptedException e) {
}
// Output for Client
if (userExist && pwMatch) {
user = username;
command = "setLoggedIn true;" + SocialNetworkAdmin.printUserInfo(conn, username);
// printing out boards
sendWithNonce(command + SocialNetworkNavigation.printPath(currentPath)
+ SocialNetworkBoards.viewBoards(user));
} else {
sendWithNonce("print username does not exist or invalid password.");
}
DBManager.closeConnection(conn);
}
}
class ServerInputProcessor {
private void processPost() throws ConnectionException {
/* Verify the user is in the right place to create a post */
String boardName = currentPath[0];
boolean canPost = false;
if (boardName == null) {
sendWithNonce("print Must be within a board's region or in the freeforall board to create a post");
} else if (boardName.equals("freeforall")) {
String postNum = currentPath[1];
if (postNum == null) {
canPost = true;
} else {
sendWithNonce("print Must go back to the board page to create a post (not inside a post)");
}
} else { // in a regular board
String regionName = currentPath[1];
if (regionName == null) {
sendWithNonce("print Must be within a board's region or in the freeforall board to create a post");
} else {
String postNum = currentPath[2];
if (postNum == null) { // in a board, region, not in a post
canPost = true;
} else {
sendWithNonce("print Must go back to the region page to create a post (not inside a post)");
}
}
}
if (canPost) {
//AUTHORIZATION FUNCTION and EXISTS CHECK
String authToPost = SocialNetworkPosts.authorizedToPost(user, currentPath[0], currentPath[1]);
if (!authToPost.equals("true")) {
sendWithNonce(authToPost);
return ;
}
sendWithNonce("print Start typing your content. Type 'cancel' after any new line to cancel.;print "
+ "Press enter once to insert a new line.;print Press enter twice to submit.;askForInput ");
String content = recvWithNonce();
while (content.equals("")) {
sendWithNonce("print Content is empty. Please try again. Type 'cancel' to cancel.;askForInput ");
content = recvWithNonce();
}
boolean cancelled = content.trim().equals("cancel");
String additionalContent = "";
while (!cancelled) {
sendWithNonce("print ;askForInput ");
additionalContent = recvWithNonce();
if (additionalContent.equals("")) {
break;
} else if (additionalContent.trim().equals("cancel")) {
cancelled = true;
} else {
content += ";print \t" + additionalContent;
}
}
if (cancelled) {
sendWithNonce("print Post Creation cancelled");
} else {
sendWithNonce(SocialNetworkPosts.createPost(user, content,
currentPath[0], currentPath[1]));
}
}
}
}
class ServerInputProcessor {
/**
* Similar to processPost basically... except that you must be in a post
* @throws ConnectionException
*
* @throws IOException
*/
private void processReply() throws ConnectionException {
/* Verify the user is in the right place to create a post */
String boardName = currentPath[0];
String postNum = "";
boolean canReply = false;
if (boardName == null) {
sendWithNonce("print Must be within a post to create a reply");
} else if (boardName.equals("freeforall")) {
postNum = currentPath[1];
if (postNum == null) {
sendWithNonce("print Must be within a post to create a reply");
} else {
canReply = true;
}
} else { // in a regular board
String regionName = currentPath[1];
if (regionName == null) {
sendWithNonce("print Must be within a post to create a reply");
} else {
postNum = currentPath[2];
if (postNum == null) { // in a board, region, not in a post
sendWithNonce("print Must be within a post to create a reply");
} else {
canReply = true;
}
}
}
if (canReply) {
//AUTHORIZATION FUNCTION and EXISTS CHECK
String authToReply = SocialNetworkPosts.authorizedToReply(user, currentPath[0], currentPath[1], Integer.parseInt(postNum));
if (!authToReply.equals("true")) {
sendWithNonce(authToReply);
return ;
}
sendWithNonce("print Start typing your content. Type 'cancel' after any new line to cancel.;print "
+ "Press enter once to insert a new line.;print Press enter twice to submit.;askForInput ");
String content = recvWithNonce();
while (content.equals("")) {
sendWithNonce("print Content is empty. Please try again. Type 'cancel' to cancel.;askForInput ");
content = recvWithNonce();
}
boolean cancelled = content.trim().equals("cancel");
String additionalContent = "";
while (!cancelled) {
sendWithNonce("print ;askForInput ");
additionalContent = recvWithNonce();
if (additionalContent.equals("")) {
break;
} else if (additionalContent.trim().equals("cancel")) {
cancelled = true;
} else {
content += ";print \t" + additionalContent;
}
}
if (cancelled) {
sendWithNonce("print Reply Creation cancelled");
} else {
sendWithNonce(SocialNetworkPosts.createReply(user, content,
currentPath[0], currentPath[1],
Integer.parseInt(postNum)));
}
}
}
}
|
