This method hashes the user submitted password and sends it to the database. The database does the rest of the work, including Brute Force prevention. @param userName The submitted user name to be used in authentication process @param password The submitted password in plain text to be used in authe
(String ApplicationRoot, String userName, String password)
| 65 | */ |
| 66 | |
| 67 | public static String[] authUser (String ApplicationRoot, String userName, String password) |
| 68 | { |
| 69 | String[] result = null; |
| 70 | log.debug("$$$ Getter.authUser $$$"); |
| 71 | log.debug("userName = " + userName); |
| 72 | |
| 73 | boolean userFound = false; |
| 74 | boolean goOn = false; |
| 75 | Connection conn = Database.getCoreConnection(ApplicationRoot); |
| 76 | try |
| 77 | { |
| 78 | //See if user Exists |
| 79 | CallableStatement callstmt = conn.prepareCall("call userFind(?)"); |
| 80 | log.debug("Gathering userFind ResultSet"); |
| 81 | callstmt.setString(1, userName); |
| 82 | ResultSet userFind = callstmt.executeQuery(); |
| 83 | log.debug("Opening Result Set from userFind"); |
| 84 | try |
| 85 | { |
| 86 | userFind.next(); |
| 87 | log.debug("User Found"); //User found if a row is in the database, this line will not work if the result set is empty |
| 88 | userFound = true; |
| 89 | } |
| 90 | catch(Exception e) |
| 91 | { |
| 92 | log.debug("User did not exist"); |
| 93 | userFound = false; |
| 94 | } |
| 95 | if(userFound) |
| 96 | { |
| 97 | //Authenticate User |
| 98 | callstmt = conn.prepareCall("call authUser(?, ?)"); |
| 99 | log.debug("Gathering authUser ResultSet"); |
| 100 | callstmt.setString(1, userName); |
| 101 | callstmt.setString(2, password); |
| 102 | ResultSet loginAttempt = callstmt.executeQuery(); |
| 103 | log.debug("Opening Result Set from authUser"); |
| 104 | try |
| 105 | { |
| 106 | loginAttempt.next(); |
| 107 | goOn = true; //Valid password for user submitted |
| 108 | } |
| 109 | catch (SQLException e) |
| 110 | { |
| 111 | //... Outer Catch has preference to this one for some reason... This code is never reached! |
| 112 | // But I'll leave it here just in case. That includes the else block if goOn is false |
| 113 | log.debug("Incorrect Credentials"); |
| 114 | goOn = false; |
| 115 | } |
| 116 | if(goOn) |
| 117 | { |
| 118 | //ResultSet Not Empty => Credentials Correct |
| 119 | result = new String[5]; |
| 120 | result[0] = loginAttempt.getString(1); //Id |
| 121 | result[1] = loginAttempt.getString(2); //userName |
| 122 | result[2] = loginAttempt.getString(3); //role |
| 123 | result[4] = loginAttempt.getString(6); //classId |
| 124 | if (loginAttempt.getBoolean(5)) //Checking for temp password flag, if true, index View will prompt to change |