| Code with Finding: |
class ServerInputProcessor {
private void processRegistration() throws ConnectionException{
String newUser = "";
sendWithNonce("print Choose a username that's between 2-50 characters long. " +
"Only use digits, letters, and underscore:;" +
"askForInput;");
boolean invalid = true;
Connection conn = DBManager.getConnection();
// check if username already exist
while (invalid) {
newUser = recvWithNonce().toLowerCase();
if (newUser.equals("cancel")) {
sendWithNonce(CANCEL);
return;
}
String[] userInfo = DatabaseAdmin.getUserInfo(conn, newUser);
if (userInfo == null)
invalid = false;
String command = "";
if (invalid || newUser.equals("cancel") || newUser.equals("deleteduser")) {
// if the last 2 conds lead to this block, set invalid to true again
invalid = true;
command = "print Username already exist. Choose a different one.;"
+ "askForInput;";
sendWithNonce(command);
} else if (!newUser.matches("^[0-9a-z_]{2,50}$")) {
invalid = true;
command = "print Invalid username format. Please choose another one.;" +
"askForInput;";
sendWithNonce(command);
}
}
// username isn't already in the DB
boolean groupExist = false;
String command = "";
Map<Integer, String> groupList = DatabaseAdmin.getGroupList(conn);
String groupNum = "";
int aid = 0;
// check if chosen group exist
while (!groupExist) {
command += SocialNetworkAdmin.displayGroupList(conn, groupList, newUser);
sendWithNonce(command);
groupNum = recvWithNonce();
if (groupNum.equals("cancel")) {
sendWithNonce(CANCEL);
return;
}
try {
aid = Integer.parseInt(groupNum);
if (!groupList.containsKey(aid)) {
command = "print Please choose a group from the list.;";
} else {
groupExist = true;
}
} catch (NumberFormatException e) {
command = "print Please input the NUMBER corresponding to the group.;";
}
}
// create password
sendWithNonce("createPassword");
byte[] pwdBytes = recvBytesWithNonce();
char[] pwdChars = Utils.byteToCharArray(pwdBytes);
String pwdStore = Hash.createPwdHashStore(pwdChars);
Arrays.fill(pwdBytes, (byte)0x00);
Arrays.fill(pwdChars, ' ');
// ask security question
command = "print Please answer the following security question for password retrieval.;";
command += "print Type in lower case letters, and use less than 40 characters.;";
command += SECURITY_QUESTION + "getSecAnswer;";
sendWithNonce(command);
byte[] answerBytes = recvBytesWithNonce();
char[] answerChars = Utils.byteToCharArray(answerBytes);
String answerStore = Hash.createPwdHashStore(answerChars);
Arrays.fill(answerChars, ' ');
Arrays.fill(answerBytes, (byte)0x00);
sendWithNonce(SocialNetworkAdmin.insertRegRequest(conn, newUser, aid, pwdStore,
answerStore));
DBManager.closeConnection(conn);
}
}
|
