| Code with Finding: |
class SocialNetworkDatabasePosts {
/** Gets a post from the designated board and region
* with the given post number.
* ASSUMES that the board, region, and post are all valid.
*/
public static String getPost(Connection conn, String username, String boardName,
String regionName, int postNum) {
String getOriginalPost = "";
String getReplies = "";
String postAndReplies = "";
/*No joining of results because of redundancy of data returned*/
if (boardName.equals("freeforall")) {
getOriginalPost = "SELECT * FROM freeforall.posts " +
"WHERE pid = ?";
getReplies = "SELECT * FROM freeforall.replies " +
"WHERE pid = ? ORDER BY dateReplied ASC";
}
else {
getOriginalPost = "SELECT * FROM " + boardName + ".posts " +
"WHERE pid = ? AND rname = ?";
getReplies = "SELECT * FROM " + boardName + ".replies " +
"WHERE pid = ? AND rname = ? ORDER BY dateReplied ASC";
}
PreparedStatement originalPost = null;
ResultSet postResult = null;
PreparedStatement replies = null;
ResultSet repliesResult = null;
boolean sqlex = false;
try {
originalPost = conn.prepareStatement(getOriginalPost);
replies = conn.prepareStatement(getReplies);
originalPost.setInt(1, postNum);
replies.setInt(1, postNum);
if (!boardName.equals("freeforall")) {
originalPost.setString(2, regionName);
replies.setString(2, regionName);
}
postResult = originalPost.executeQuery();
if (postResult.next()) { /*Only expect one post result*/
//Make sure the checksum is correct
if (!Arrays.equals(
Hash.generateChecksum((SharedKeyCrypto.decrypt(postResult.getString("content"))).getBytes("UTF8")),
CryptoUtil.decode(postResult.getString("checksum")))) {
postAndReplies +=
"print ----- Post# " + postNum + "[" + postResult.getString("postedBy") + "]----- " +
postResult.getTimestamp("datePosted").toString() + ";print \t" +
"Content could not be fetched -- Integrity Failure!" + ";";
}
else {
postAndReplies +=
"print ----- Post# " + postNum + "[" + postResult.getString("postedBy") + "]----- " +
postResult.getTimestamp("datePosted").toString() + ";print \t" +
SharedKeyCrypto.decrypt(postResult.getString("content")) + ";";
}
repliesResult = replies.executeQuery();
while (repliesResult.next()) { //Print out all replies
//for each reply, make sure the checksum is correct.
if(!Arrays.equals(
Hash.generateChecksum((SharedKeyCrypto.decrypt(repliesResult.getString("content"))).getBytes("UTF8")),
CryptoUtil.decode(repliesResult.getString("checksum")))) {
postAndReplies += "print ----- Reply[" + repliesResult.getString("repliedBy") + "] ----- " +
repliesResult.getTimestamp("dateReplied").toString() + ";print \t" +
"Content could not be fetched -- Integrity Failure!" + ";";
}
else {
postAndReplies += "print ----- Reply[" + repliesResult.getString("repliedBy") + "] ----- " +
repliesResult.getTimestamp("dateReplied").toString() + ";print \t" +
SharedKeyCrypto.decrypt(repliesResult.getString("content")) + ";";
}
}
}
// if there's no postResult, the post DNE.
}
catch (SQLException e) {
e.printStackTrace();
sqlex = true;
} catch (UnsupportedEncodingException e) {
// This should not happen.
}
if (postAndReplies.equals("") && !sqlex) {
return "print Error: Post does not exist. Refresh. If the problem persists, contact an admin.";
}
else if (sqlex) {
return "print Error: Database error while querying post and replies. Contact an admin.";
}
else return postAndReplies;
}
}
class SocialNetworkDatabasePosts {
public static int addFFAParticipipant(Connection conn, int post, String username, String priv) {
int status = 0;
String query = "INSERT INTO freeforall.postprivileges (pid, username, privilege) " +
"VALUES (?, ?, ?)";
PreparedStatement pstmt = null;
try {
pstmt = conn.prepareStatement(query);
pstmt.setInt(1, post);
pstmt.setString(2, username);
pstmt.setString(3, priv);
status = pstmt.executeUpdate();
} catch (SQLException e) {
status = 0;
}
return status;
}
}
|
