package Oad; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.Statement; import java.util.Random; public class Auth { static String AuthTable = "users"; static String AuthUser = "uName"; static String AuthPass = "pass"; public static int USER = 1; public static int NEWS = 2; public static int FILE = 4; public static int COMMENT = 8; static void UpdateSession(String sSID) { try { Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection Yhendus = DriverManager.getConnection( "jdbc:mysql://127.0.0.1/if21", "if21", "ke+88lla"); Statement Paring = Yhendus.createStatement(); Paring.executeUpdate("update sessions set access=now() where sid='" + sSID + "'"); Yhendus.close(); } catch (Exception e) { e.printStackTrace(); } } static String genSID() { String sSIDChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; Random rRND = new Random(); String sRet = ""; for (int i = 0; i < 32; i++) sRet += Character.toString(sSIDChars.charAt(rRND.nextInt(sSIDChars .length()))); return sRet; } public static boolean sessOK(String sSID, String sIP) { try { Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection Yhendus = DriverManager.getConnection( "jdbc:mysql://127.0.0.1/if21", "if21", "ke+88lla"); PreparedStatement Paring = Yhendus .prepareStatement("select sid from sessions where sid=? and ip=? and access > now() - interval 900 second"); Paring.setString(1, sSID); Paring.setString(2, sIP); ResultSet Tulemus = Paring.executeQuery(); if (Tulemus.next()) { UpdateSession(sSID); Yhendus.close(); return true; } Yhendus.close(); } catch (Exception e) { e.printStackTrace(); } return false; } public static String doAuth(String sSID, String sIP, int iArea) { try { Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection Yhendus = DriverManager.getConnection( "jdbc:mysql://127.0.0.1/if21", "if21", "ke+88lla"); PreparedStatement Paring = Yhendus .prepareStatement("select uname from sessions where sid=? and ip=?"); Paring.setString(1, sSID); Paring.setString(2, sIP); ResultSet Tulemus = Paring.executeQuery(); if (Tulemus.next()) { String sUname = Tulemus.getString(1); Paring = Yhendus.prepareStatement("select rights_ID from " + AuthTable + " where uname=?"); Paring.setString(1, sUname); Tulemus = Paring.executeQuery(); if (Tulemus.next()) { int iGrupid = Tulemus.getInt(1); if ((iGrupid & iArea) > 0) { Yhendus.close(); return sUname; } else { Yhendus.close(); return null; } } else { Yhendus.close(); return null; } } else { Yhendus.close(); return null; } } catch (Exception e) { e.printStackTrace(); } return null; } public static String mkSID(String sUser, String sPass, String sIP) { try { Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection Yhendus = DriverManager.getConnection( "jdbc:mysql://127.0.0.1/if21", "if21", "ke+88lla"); PreparedStatement Paring = Yhendus.prepareStatement("select " + AuthUser + " from "+AuthTable+" where " + AuthUser + "=? and " + AuthPass + "=?"); Paring.setString(1, sUser); Paring.setString(2, sPass); ResultSet Tulemus = Paring.executeQuery(); if (Tulemus.next()) { String uname = Tulemus.getString(1); String sSID = genSID(); Paring = Yhendus .prepareStatement("select sid from sessions where sid=?"); boolean OK = false; while (!OK) { Paring.setString(1, sSID); Tulemus = Paring.executeQuery(); if (!Tulemus.next()) OK = true; else sSID = genSID(); } Statement UusSID = Yhendus.createStatement(); UusSID .executeUpdate("insert into sessions(sid, uname, ip) values ('" + sSID + "', '" + uname + "', '" + sIP + "')"); Yhendus.close(); return sSID; } else { Yhendus.close(); return null; } } catch (Exception e) { e.printStackTrace(); } return null; } }