*/
public Authorization createAuthorization(String username, String password)
throws UnauthorizedException
{
if (username == null || password == null) {
throw new UnauthorizedException();
}
//Yazd stores all passwords in hashed form. So, hash the plain text
//password for comparison.
password = StringUtils.hash(password);
int userID = 0;
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(AUTHORIZE);
pstmt.setString(1, username);
pstmt.setString(2, password);
ResultSet rs = pstmt.executeQuery();
//If the query had no results, the username and password
//did not match a user record. Therefore, throw an exception.
if (!rs.next()) {
throw new UnauthorizedException();
}
userID = rs.getInt(1);
pstmt = con.prepareStatement(CHECKLOGIN);
pstmt.setInt(1,userID);
pstmt.setString(2,"notactive");
rs = pstmt.executeQuery();
if(rs.next()){
//This account is not activated yet and can not be authorized to login.
throw new UserNotActivatedException("User not yet activated");
}
//pstmt.setInt(1,userID);
pstmt.setString(2,"lastlogin");
rs = pstmt.executeQuery();
//If the query had no results, insert the lastlogin into properties
if (!rs.next()) {
pstmt = con.prepareStatement(INSERTLOGIN);
pstmt.setInt(1,userID);
pstmt.setString(2,"lastlogin");
pstmt.setString(3,Long.toString(Calendar.getInstance().getTimeInMillis()));
pstmt.executeUpdate();
}else{
pstmt = con.prepareStatement(UPDATELOGIN);
pstmt.setString(1,Long.toString(Calendar.getInstance().getTimeInMillis()));
pstmt.setInt(2,userID);
pstmt.setString(3,"lastlogin");
pstmt.executeUpdate();
}
}
catch( SQLException sqle ) {
System.err.println("Exception in DbAuthorizationFactory:" + sqle);
sqle.printStackTrace();
throw new UnauthorizedException();
}
finally {
try { pstmt.close(); }
catch (Exception e) { e.printStackTrace(); }
try { con.close(); }