反编译BugZero以突破“未注册版本中管理员只能创建五用户”的限制
上周在电脑上安装了Bugzero,觉得做得不错,界面什么的比BugZilla好很多,准备在机器上长期使用,结果得瑟了几天后发现,未注册版本中,管理员只能创建五个用户,再创建新用户就会提示超出限制,实在让人泄气,具体现象如下:使用admin帐户登录后,进入User菜单,添加新用户失败,页面上打印错误信息如下。
User accounts have exceeded the limit, please upgrade to a full version.
憋了壹下午之后实在是不爽,就琢磨着把它给破解了,反正哥也是做JAVA开发的,想必那代码也不会难到哪里去,了不起花点时间读壹下。说干就干,于是打开eclipse并连上远程调试,在整个bugzero工程中搜索这段字符串,壹开始怀疑它是直接hardcode在class/jar文件中的,结果找了下没有结果,后来壹想,这个项目是支持国际化的,上面那段文件最有可能出现在properties文件里,所以就指定搜索properties文件,果然在文件/bugzero/WebRoot/WEB-INF/classes/conf/messages.properties里找到了它,如下所示:
jsp.no_active_issue=There Are No Active Issues For You jsp.no_query_result=No Issue Was Found. license.user_accounts.limit=User accounts have exceeded the limit, please upgrade to a full version. license.total.limit=Failed to save, limit has been exceeded. Please upgrade to a paid version.
接下来要想办法找到key=license.user_accounts.limit在代码中出现的位置。于是召唤出反编译神器JD-GUI,将bugzero.jar整个包加载到软件中,然后File->Save All Sources将反编译出的源代码保存到本地,接着在Notepad++里全局搜索字符串license.user_accounts.limit,果真在bugzero\src\com\websina\persistence\PersonEntity.java找到了,如下图所示:
if (0 == i) {
String str = MessageCode.get("license.user_accounts.limit");
throw new InfoException(str);
}
大致看了下整个类,基本是用户帐户信息的增删改操作,还附带有壹个用户登录的验证,没什么特别的。于是开始关注那个if语句中的i变量,在debug模式下壹路往上跟,最后果真让我找到了几处可疑的地方:
int i = Project.Edition.num5(); //此处省略部分代码 int j = Project.Edition.num5();
于是点进去具体看了看,Project.Edition.num5()对应的是Project类中的壹个常量:
public static final class Edition
{
private static int num5 = 5;
private static int num99 = 99;
//此处省略部分代码
}
public static int num5() {
return num5;
}
public static int num99() {
return num99;
}
到这里时我觉得那个num5与num99相当可疑,于是想:i与j的初始值是5,创建新用户的数量限制也是5,是不是有什么关联关系,于是没想那么多,直接把num99的值赋给了i与j,将其重新导出成JAR文件后,再用WinRAR将这个文件打开,展开层层目录,取出其中的PersonEntity.class文件,替换掉%TOMCAT_HOME%/webapps/bugzero/WEB-INF/lib/bugzero.jar中对应的class文件,重启tomcat,再用管理员登录进去,添加第六个用户,成功了,开心!后来我又认真看了下这段代码,99也是相当可疑的,因为未注册用户的BugZero中,每用户只能提交100个BUG,而这里却显示99,与临界值特别接近,极有可能也是壹个重要的突破口,不管三七二十壹,将num5与num99的值都修改成了9999,这样就不怕你限制我了,哼哼...
根据bugzero网站上提供的信息,除了这个五用户限制外,还有壹个地方会限制,就是当你的BUG记录达到100条时,再添加新的记录也会报类似问题,所以我准备先把这些代码保留下来,因为目前的BUG记录还不到100条,所以暂时看不到那个提示信息,等到能够看到时,我准备再更新这篇文章,来个全面的记录。暂时把重要的源代码贴到这里供自己以后参考。
package com.websina.persistence;
import com.websina.bean.AppContext;
import com.websina.bean.Group;
import com.websina.bean.Person;
import com.websina.bean.Persons;
import com.websina.bean.Project;
import com.websina.bean.ReloadableManager;
import com.websina.util.BooleanUtil;
import com.websina.util.DynamicField;
import com.websina.util.InfoException;
import com.websina.util.MessageCode;
import com.websina.util.StringUtil;
import com.websina.util.log.Log;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
public class PersonEntity extends DatabaseEntity
{
public static void login(Person paramPerson)
throws DBException, InfoException
{
int i = Project.Edition.num99();//99
if (i > 0) {
monitor(i + 2);
}
String username = paramPerson.getUsername();
String password = paramPerson.getPassword();
if ((username == null) || (username.trim().length() == 0))
throw new InfoException(MessageCode.get("servlet.login.username_is_empty"));//Username is empty
if ((!paramPerson.isAuthenticated()) && ((password == null) || (password.length() == 0)))
{
throw new InfoException(MessageCode.get("servlet.login.password_is_empty"));//Password is empty
}
boolean bool = false;
int j = 0;
int k = 0;
long l = 0L;
Connection localConnection = null;
Statement localStatement = null;
String str3 = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("login_person");
localSQLProc.setString(1, username);
localSQLProc.setString(2, password);
str3 = localSQLProc.getSqlString();
if (paramPerson.isAuthenticated()) {
int n = str3.indexOf("AND password=");
if (n != -1) {
str3 = str3.substring(0, n);
}
}
localStatement = localConnection.createStatement();
ResultSet localResultSet = localStatement.executeQuery(str3);
if (localResultSet.next()) {
paramPerson.setId(localResultSet.getInt(1));
paramPerson.setUsername(localResultSet.getString(2));
String str5;
if ((str5 = localResultSet.getString(3)) != null) {
str5 = str5.trim();
if ((paramPerson.getGroup() != null) && (!paramPerson.getGroup().equals(str5)))
j = 1;
else
paramPerson.setGroup(str5);
}
else if (paramPerson.getGroup() != null) {
j = 1;
}
if ((str5 = localResultSet.getString(4)) != null) {
str5 = str5.trim();
if ((!paramPerson.getUsername().equals(paramPerson.getFullname())) && (!paramPerson.getFullname().equals(str5)))
j = 1;
else
paramPerson.setFullname(str5);
}
else if (paramPerson.getFullname() != null) {
j = 1;
}
if ((str5 = localResultSet.getString(5)) != null) {
str5 = str5.trim();
if ((paramPerson.getEmail() != null) && (!paramPerson.getEmail().equals(str5)))
j = 1;
else
paramPerson.setEmail(str5);
}
else if (paramPerson.getEmail() != null) {
j = 1;
}
if ((str5 = localResultSet.getString(6)) != null) {
str5 = str5.trim();
paramPerson.setDefaultProject(str5);
paramPerson.setProject(str5);
}
try {
if ((str5 = localResultSet.getString(7)) != null)
paramPerson.setSignature(str5);
} catch (SQLException localSQLException2) {
if (Log.doDebug()) Log.debug(localSQLException2.getMessage() + " (Person.login: signature field is empty)");
}
if ((str5 = localResultSet.getString(8)) != null) {
paramPerson.setBrowseMode(str5.trim());
}
if ((str5 = localResultSet.getString(9)) != null) {
paramPerson.setCompany(str5.trim());
}
if ((str5 = localResultSet.getString(10)) != null) {
paramPerson.setAddress(str5.trim());
}
if ((str5 = localResultSet.getString(11)) != null) {
paramPerson.setPhone(str5.trim());
}
k = localResultSet.getInt(12);
try {
Timestamp localTimestamp = localResultSet.getTimestamp(13);
if (localTimestamp != null) l = localTimestamp.getTime();
}
catch (SQLException localSQLException3) {
if (Log.doDebug()) Log.debug(localSQLException3.getMessage() + " (Person.ts)");
}
bool = true;
} else if ((paramPerson.isAuthenticated()) && (paramPerson.getGroup() != null) && (paramPerson.getFullname() != null) && (paramPerson.getEmail() != null))
{
bool = true;
j = 1;
}
localResultSet.close();
commitQuery(localConnection);
} catch (SQLException localSQLException1) {
checkDB(localConnection, localSQLException1);
error(localSQLException1, str3, null);
} finally {
close(localStatement);
checkin(localConnection);
}
if (AppContext.getEnableAccountLockout()) {
if (bool) {
if (k > AppContext.getAccountLockoutThreshold()) {
bool = (AppContext.getAccountLockoutDuration() > 0) && (System.currentTimeMillis() - l > AppContext.getAccountLockoutDuration());
}
if ((bool) && (k > 0))
{
paramPerson.setTimestamp(new Date());
resetFailedLoginCount(username, paramPerson.getTimestamp(), 0);
}
} else if ((Persons.getInstance().contains(username)) || (paramPerson.isAdmin())) {
resetFailedLoginCount(username, new Date(), 1);
}
}
if (bool) {
System.out.println("bool is true, entered the system successfully.");
if (paramPerson.isAdmin()) {
if (false == paramPerson.isAuthenticated()) paramPerson.loadAdmin();
}
else {
if (j != 0) {
int m = paramPerson.getId() == 0 ? 1 : 0;
paramPerson.save();
if (m != 0)
Persons.getInstance().add(paramPerson);
else {
Persons.getInstance().update(paramPerson);
}
ReloadableManager.invalidate("com.websina.bean.Persons");
}
loadProjectList(paramPerson);
loadStoredQuery(paramPerson);
}
} else {
System.out.println("Line 185: bool is false here, login failed and exit.");
String str4 = MessageCode.get("servlet.login.login_failed");//login failed for {0}
str4 = StringUtil.replace(str4, username);
Assert.doAssert(bool, str4);
}
}
public static void loadProjectList(Person paramPerson)
throws DBException, InfoException
{
if (paramPerson == null) {
//throw exception: Sorry, to load the project list, you need to be properly logged in.
String localObject1 = MessageCode.get("persistence.person.login_check");
localObject1 = StringUtil.replace((String)localObject1, "project list");
throw new InfoException((String)localObject1);
}
int i = paramPerson.getId();
if (i == 0) {
//throw exception: loadProjectList: PersonId for {username} is 0, required to be > 0.
String localObject1 = MessageCode.get("persistence.person.wrong_id");
localObject1 = StringUtil.replace((String)localObject1, paramPerson.getUsername());
throw new InfoException("loadProjectList: " + (String)localObject1);
}
Object localObject1 = loadProjectList(i, paramPerson);
if (((Map)localObject1).isEmpty()) {
//throw exception: {username} has no project assigned, please contact project manager.
String localObject2 = MessageCode.get("persistence.person.no_project");
localObject2 = StringUtil.replace((String)localObject2, paramPerson.getUsername());
throw new InfoException((String)localObject2);
}
Object localObject2 = new DynamicField("projectList");
((DynamicField)localObject2).set((Map)localObject1);
paramPerson.setProjectList((DynamicField)localObject2);
setDefaultProject(paramPerson);
}
private static Map loadProjectList(int paramInt, Person paramPerson)
throws DBException
{
Connection localConnection = null;
Statement localStatement = null;
HashMap localHashMap = new HashMap();
String str1 = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("get_project_list");
localSQLProc.setInt(1, paramInt);
str1 = localSQLProc.getSqlString();
localStatement = localConnection.createStatement();
ResultSet localObject1 = localStatement.executeQuery(str1);
System.out.println("Line 239 SQL: " + str1);
String str2;
String str3;
String str4;
while (((ResultSet)localObject1).next()) {
str2 = ((ResultSet)localObject1).getString(1);
if (paramPerson == null) {
localHashMap.put(str2, null);
} else {
str3 = ((ResultSet)localObject1).getString(2);
str4 = ((ResultSet)localObject1).getString(3);
if ((str3 == null) || (str3.trim().length() == 0)) {
str3 = str2;
}
localHashMap.put(str2, str3);
if ((str4 != null) && (str4.trim().length() > 0)) {
paramPerson.addProjectGroup(str4, str2, str3);
}
}
}
((ResultSet)localObject1).close();
if (paramPerson != null) {
localSQLProc = SQLFileParser.make("get_project_list_by_group");
localSQLProc.setString(1, paramPerson.getGroup());
str1 = localSQLProc.getSqlString();
System.out.println("Line 265 SQL: " + str1);
localObject1 = localStatement.executeQuery(str1);
while (((ResultSet)localObject1).next()) {
str2 = ((ResultSet)localObject1).getString(1);
str3 = ((ResultSet)localObject1).getString(2);
str4 = ((ResultSet)localObject1).getString(3);
if ((str3 == null) || (str3.trim().length() == 0)) {
str3 = str2;
}
localHashMap.put(str2, str3);
if ((str4 != null) && (str4.trim().length() > 0)) {
paramPerson.addProjectGroup(str4, str2, str3);
}
}
((ResultSet)localObject1).close();
}
commitQuery(localConnection);
Log.debug(str1);
} catch (SQLException localSQLException) {
checkDB(localConnection, localSQLException);
//throw exception: Failed to load project list for person of Id = '{0}'.
Object localObject1 = MessageCode.get("persistence.person.load_project_list_failed");
localObject1 = StringUtil.replace((String)localObject1, String.valueOf(paramInt));
error(localSQLException, str1, (String)localObject1);
} finally {
close(localStatement);
checkin(localConnection);
}
return (Map)localHashMap;
}
private static void setDefaultProject(Person paramPerson)
{
String str = paramPerson.getProjectId();
DynamicField localDynamicField = paramPerson.getProjectList();
if ((localDynamicField != null) && (!localDynamicField.isEmpty()) && ((str == null) || (!localDynamicField.contains(str))))
{
str = localDynamicField.getValue()[0];
paramPerson.setProject(str);
}
}
public static void loadStoredQuery(Person paramPerson)
throws DBException, InfoException
{
int i;
if ((paramPerson == null) || ((i = paramPerson.getId()) == 0)) {
//Sorry, to load the stored query, you need to be properly logged in.
String str1 = MessageCode.get("persistence.person.login_check");
str1 = StringUtil.replace(str1, "stored query");
throw new InfoException(str1);
}
setDefaultProject(paramPerson);
String str1 = paramPerson.getProjectId();
if (str1 == null) {
return;
}
DynamicField localDynamicField1 = paramPerson.getStoredQuery();
DynamicField localDynamicField2 = paramPerson.getStoredReport();
localDynamicField1.clear();
localDynamicField2.clear();
Connection localConnection = null;
Statement localStatement = null;
String str2 = null;
Set localSet = paramPerson.getRoles();
Group localGroup = Group.getInstance();
int j = (localGroup.isTypeGroup(localSet)) || (localGroup.isGuest(localSet)) || (localGroup.isTypeGuestGroup(localSet)) ? 1 : 0;
try
{
localConnection = checkout();
SQLProc localSQLProc = null;
if (j != 0)
localSQLProc = SQLFileParser.make("get_query_list_group");
else {
localSQLProc = SQLFileParser.make("get_query_list");
}
localSQLProc.setInt(1, i);
str2 = localSQLProc.getSqlString("$PROJECT", str1);
if (j != 0) {
String localObject1 = SQLExpr.stringIN(localSet);
str2 = StringUtil.replace(str2, "$GROUPS", (String)localObject1);
}
localStatement = localConnection.createStatement();
ResultSet localObject1 = localStatement.executeQuery(str2);
while (((ResultSet)localObject1).next()) {
int k = ((ResultSet)localObject1).getInt(1);
String str3 = ((ResultSet)localObject1).getString(2);
String str4 = ((ResultSet)localObject1).getString(3);
String str5 = ((ResultSet)localObject1).getString(4);
String str6 = ((ResultSet)localObject1).getString(5);
if ((BooleanUtil.getFlagAsBoolean(str5, false)) && (!paramPerson.getUsername().equals(str6)))
{
str3 = str3 + ' ' + '(' + str6 + ')';
}
if ((str4 == null) || (str4.indexOf('0') != -1))
localDynamicField1.add(Integer.toString(k), str3);
else {
localDynamicField2.add(Integer.toString(k), str3);
}
}
((ResultSet)localObject1).close();
commitQuery(localConnection);
Log.debug(str2);
} catch (SQLException localSQLException) {
checkDB(localConnection, localSQLException);
Object localObject1 = MessageCode.get("persistence.person.load_stored_query_failed");
localObject1 = StringUtil.replace((String)localObject1, paramPerson.getUsername());
localObject1 = StringUtil.replace((String)localObject1, "{1}", str1);
error(localSQLException, str2, (String)localObject1);
} finally {
close(localStatement);
checkin(localConnection);
}
}
public static Person load(int paramInt)
throws DBException, InfoException
{
if (paramInt == 0) {
return null;
}
Person localPerson = null;
Connection localConnection = null;
Statement localStatement = null;
String str1 = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("get_person");
localSQLProc.setInt(1, paramInt);
str1 = localSQLProc.getSqlString();
localStatement = localConnection.createStatement();
ResultSet localObject1 = localStatement.executeQuery(str1);
if (((ResultSet)localObject1).next()) {
localPerson = new Person();
localPerson.setId(paramInt);
localPerson.setUsername(((ResultSet)localObject1).getString(1));
String str2;
if ((str2 = ((ResultSet)localObject1).getString(2)) != null)
localPerson.setPassword(str2.trim());
if ((str2 = ((ResultSet)localObject1).getString(3)) != null)
localPerson.setGroup(str2.trim());
if ((str2 = ((ResultSet)localObject1).getString(4)) != null)
localPerson.setFullname(str2.trim());
if ((str2 = ((ResultSet)localObject1).getString(5)) != null) {
localPerson.setEmail(str2.trim());
}
if ((str2 = ((ResultSet)localObject1).getString(6)) != null)
localPerson.setDefaultProject(str2.trim());
try
{
if ((str2 = ((ResultSet)localObject1).getString(7)) != null)
localPerson.setSignature(str2);
} catch (SQLException localSQLException2) {
if (Log.doDebug()) Log.debug(localSQLException2.getMessage() + " (Person.load: signature field is empty)");
}
if ((str2 = ((ResultSet)localObject1).getString(8)) != null) {
localPerson.setBrowseMode(str2.trim());
}
if ((str2 = ((ResultSet)localObject1).getString(9)) != null) {
localPerson.setActive(BooleanUtil.getStatusAsBoolean(str2, true));
}
if ((str2 = ((ResultSet)localObject1).getString(10)) != null) {
localPerson.setCompany(str2.trim());
}
if ((str2 = ((ResultSet)localObject1).getString(11)) != null) {
localPerson.setAddress(str2.trim());
}
if ((str2 = ((ResultSet)localObject1).getString(12)) != null) {
localPerson.setPhone(str2.trim());
}
}
((ResultSet)localObject1).close();
commitQuery(localConnection);
Log.debug(str1);
} catch (SQLException localSQLException1) {
checkDB(localConnection, localSQLException1);
Object localObject1 = MessageCode.get("persistence.person.load_failed");
error(localSQLException1, str1, (String)localObject1);
} finally {
close(localStatement);
checkin(localConnection);
}
return (Person)localPerson;
}
public static void save(Person paramPerson)
throws DBException, InfoException
{
int i = paramPerson.getId();
int j = Project.Edition.num99();
if (j > 0) {
if (i == 0)
monitor(j + 1);
else {
monitor(j + 2);
}
}
String str1 = paramPerson.getUsername();
if (str1 == null) {
//username not set.
String localObject1 = MessageCode.get("persistence.person.username_not_set");
throw new InfoException((String)localObject1);
}
if ((i == 0) && (getPerson(str1) != null)) {
String localObject1 = MessageCode.get("persistence.person.username_exists");
localObject1 = StringUtil.replace((String)localObject1, str1);
throw new InfoException((String)localObject1);
}
Object localObject1 = null;
Statement localStatement = null;
String str2 = null;
try {
localObject1 = checkout();
localStatement = ((Connection)localObject1).createStatement();
SQLProc localSQLProc = null;
StringBuffer localObject2 = null;
if (i == 0) {
i = Sequence.getLast(Person.class);
paramPerson.setId(i);
localSQLProc = SQLFileParser.make("new_person");
localObject2 = new StringBuffer(" (new user: id=").append(i).append(')');
} else {
localSQLProc = SQLFileParser.make("update_person");
localObject2 = new StringBuffer(" (user updated: id=").append(i).append(')');
}
localSQLProc.setString(1, paramPerson.getGroup());
localSQLProc.setString(2, str1);
localSQLProc.setString(3, paramPerson.getPassword());
localSQLProc.setString(4, paramPerson.getFullname());
localSQLProc.setString(5, paramPerson.getEmail());
localSQLProc.setString(6, paramPerson.getDefaultProjectId());
localSQLProc.setString(7, paramPerson.getSignature());
localSQLProc.setString(8, paramPerson.getBrowseMode());
localSQLProc.setString(9, paramPerson.getCompany());
localSQLProc.setString(10, paramPerson.getAddress());
localSQLProc.setString(11, paramPerson.getPhone());
localSQLProc.setInt(12, i);
str2 = localSQLProc.getSqlString();
localStatement.executeUpdate(str2);
commit((Connection)localObject1);
String str3 = MessageCode.get("persistence.person.saved");
str3 = StringUtil.replace(str3, paramPerson.getUsername());
System.out.println("com.websina.persistence.PersonEntity.save(Line 512): " + ((StringBuffer)localObject2).insert(0, str3).toString());
} catch (SQLException localSQLException) {
checkDB((Connection)localObject1, localSQLException);
Object localObject2 = MessageCode.get("persistence.person.save_failed");
localObject2 = StringUtil.replace((String)localObject2, paramPerson.getUsername());
rollback(localSQLException, (Connection)localObject1, str2, (String)localObject2);
} finally {
close(localStatement);
checkin((Connection)localObject1);
}
}
public static void delete(Person paramPerson)
throws DBException, InfoException
{
int i = paramPerson.getId();
if (i == 0) {
String str = MessageCode.get("persistence.person.wrong_id");
str = StringUtil.replace(str, paramPerson.getUsername());
throw new InfoException(str);
}
delete(i, paramPerson);
}
public static void delete(String paramString)
throws DBException, InfoException
{
Person localPerson = getPerson(paramString);
if (localPerson == null) {
String str = MessageCode.get("persistence.person.wrong_id");
str = StringUtil.replace(str, paramString);
throw new InfoException(str);
}
delete(localPerson.getId(), localPerson);
}
public static void delete(int paramInt)
throws DBException, InfoException
{
delete(paramInt, null);
}
public static void updatePassword(Person paramPerson)
throws DBException
{
Connection localConnection = null;
Statement localStatement = null;
String str = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("update_person_password");
localSQLProc.setString(1, paramPerson.getPassword());
localSQLProc.setInt(2, paramPerson.getId());
str = localSQLProc.getSqlString();
localStatement = localConnection.createStatement();
localStatement.executeUpdate(str);
commit(localConnection);
if (Log.doDebug()) Log.debug("Password updated in database for user id=" + paramPerson.getId());
}
catch (SQLException localSQLException) {
rollback(localSQLException, localConnection, null);
} finally {
close(localStatement);
checkin(localConnection);
}
}
public static void updateTimestamp(Person paramPerson)
throws DBException
{
Connection localConnection = null;
Statement localStatement = null;
String str = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("update_person_timestamp");
if (paramPerson.getTimestamp() == null)
localSQLProc.setNull(1);
else {
localSQLProc.setTimestamp(1, new Timestamp(paramPerson.getTimestamp().getTime()));
}
localSQLProc.setInt(2, paramPerson.getId());
str = localSQLProc.getSqlString();
localStatement = localConnection.createStatement();
localStatement.executeUpdate(str);
commit(localConnection);
Log.debug(str);
} catch (SQLException localSQLException) {
rollback(localSQLException, localConnection, str, null);
} finally {
close(localStatement);
checkin(localConnection);
}
}
public static void updateStatus(Person paramPerson)
throws DBException
{
Connection localConnection = null;
Statement localStatement = null;
String str1 = null;
try {
localConnection = checkout();
localStatement = localConnection.createStatement();
SQLProc localSQLProc = SQLFileParser.make("update_person_status");
localSQLProc.setString(1, paramPerson.isActive() ? null : BooleanUtil.getStatusAsString(false));
localSQLProc.setInt(2, paramPerson.getId());
str1 = localSQLProc.getSqlString();
localStatement.executeUpdate(str1);
commit(localConnection);
Log.debug(str1);
} catch (SQLException localSQLException) {
checkDB(localConnection, localSQLException);
String str2 = MessageCode.get("persistence.person.save_failed");
str2 = StringUtil.replace(str2, paramPerson.getUsername());
rollback(localSQLException, localConnection, str1, str2);
} finally {
close(localStatement);
checkin(localConnection);
}
}
private static void delete(int paramInt, Person paramPerson)
throws DBException, InfoException
{
if (paramPerson == null) paramPerson = load(paramInt);
if (paramPerson == null) return;
Set localSet = AssignmentEntity.getPersonProject(paramPerson.getUsername());
Object localObject2;
Object localObject3;
if ((localSet != null) && (!localSet.isEmpty())) {
Iterator localObject1 = localSet.iterator();
localObject2 = new StringBuffer();
while (((Iterator)localObject1).hasNext()) {
((StringBuffer)localObject2).append((String)((Iterator)localObject1).next());
((StringBuffer)localObject2).append("<br>");
}
localObject3 = MessageCode.get("persistence.person.delete_assignment_first");
localObject3 = StringUtil.replace((String)localObject3, paramPerson.getUsername());
localObject3 = StringUtil.replace((String)localObject3, "{1}", ((StringBuffer)localObject2).toString());
throw new InfoException((String)localObject3);
}
Object localObject1 = null;
try {
localObject1 = checkout();
localObject2 = loadProjectList(paramInt, paramPerson);
if (localObject2 != null) {
localObject3 = ((Map)localObject2).keySet().iterator();
while (((Iterator)localObject3).hasNext()) {
String str = (String)((Iterator)localObject3).next();
QueryEntity.removeStoredQuery((Connection)localObject1, str, paramInt);
EmailTriggerEntity.deletePerson((Connection)localObject1, str, paramInt);
}
}
AccessEntity.deletePerson((Connection)localObject1, paramInt);
deletePerson((Connection)localObject1, paramInt);
commit((Connection)localObject1);
localObject3 = MessageCode.get("persistence.person.deleted");
localObject3 = StringUtil.replace((String)localObject3, String.valueOf(paramInt));
Log.info((String)localObject3);
} catch (SQLException localSQLException) {
checkDB((Connection)localObject1, localSQLException);
localObject3 = MessageCode.get("persistence.person.delete_failed");
localObject3 = StringUtil.replace((String)localObject3, String.valueOf(paramInt));
localObject3 = StringUtil.replace((String)localObject3, "{1}", paramPerson.getUsername());
rollback(localSQLException, (Connection)localObject1, null, (String)localObject3);
} finally {
checkin((Connection)localObject1);
}
}
private static void deletePerson(Connection paramConnection, int paramInt)
throws DBException, SQLException
{
SQLProc localSQLProc = SQLFileParser.make("delete_person");
localSQLProc.setInt(1, paramInt);
String str1 = localSQLProc.getSqlString();
Statement localStatement = paramConnection.createStatement();
try {
localStatement.executeUpdate(str1);
Log.debug(str1);
} catch (SQLException localSQLException) {
String str2 = localSQLException.getMessage();
int i = -1;
if ((str2 != null) && (str2.indexOf('_') != -1)) {
String str3 = str2.toLowerCase();
i = str3.indexOf("_trigger");
if (i == -1) i = str3.indexOf("_query");
}
if (i != -1) {
int j = str2.lastIndexOf('\'', i);
if (j == -1) j = str2.lastIndexOf('"', i);
if (j == -1) j = str2.lastIndexOf(' ', i);
if (j == -1) throw localSQLException;
j++; String str4 = str2.substring(j, i);
QueryEntity.removeStoredQuery(paramConnection, str4, paramInt);
EmailTriggerEntity.deletePerson(paramConnection, str4, paramInt);
deletePerson(paramConnection, paramInt);
} else {
throw localSQLException;
}
} finally {
close(localStatement);
}
}
private static Person getPerson(String paramString) throws DBException, InfoException
{
if (paramString == null) {
String localObject1 = MessageCode.get("persistence.person.username_not_set");
throw new InfoException((String)localObject1);
}
Object localObject1 = null;
Connection localConnection = null;
Statement localStatement = null;
String str1 = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("get_person_username");
localSQLProc.setString(1, paramString);
str1 = localSQLProc.getSqlString();
localStatement = localConnection.createStatement();
ResultSet localObject2 = localStatement.executeQuery(str1);
if (((ResultSet)localObject2).next()) {
localObject1 = new Person();
((Person)localObject1).setUsername(paramString);
((Person)localObject1).setId(((ResultSet)localObject2).getInt(1));
String str2;
if ((str2 = ((ResultSet)localObject2).getString(2)) != null)
((Person)localObject1).setPassword(str2.trim());
if ((str2 = ((ResultSet)localObject2).getString(3)) != null)
((Person)localObject1).setGroup(str2.trim());
if ((str2 = ((ResultSet)localObject2).getString(4)) != null)
((Person)localObject1).setFullname(str2.trim());
if ((str2 = ((ResultSet)localObject2).getString(5)) != null)
((Person)localObject1).setEmail(str2.trim());
}
((ResultSet)localObject2).close();
commitQuery(localConnection);
Log.debug(str1);
} catch (SQLException localSQLException) {
checkDB(localConnection, localSQLException);
Object localObject2 = "PersonEntity: " + localSQLException.getMessage();
error(localSQLException, str1, (String)localObject2);
} finally {
close(localStatement);
checkin(localConnection);
}
return (Person)(Person)localObject1;
}
public static Set getGroupedUsers(String paramString, Set paramSet) throws DBException, InfoException {
Connection localConnection = null;
Statement localStatement = null;
String str1 = null;
HashSet localHashSet = null;
try {
localConnection = checkout();
SQLProc localSQLProc = SQLFileParser.make("get_grouped_users");
localSQLProc.setString(1, paramString);
str1 = localSQLProc.getSqlString();
String str2 = SQLExpr.stringIN(paramSet);
str1 = StringUtil.replace(str1, "$GROUPS", str2);
localStatement = localConnection.createStatement();
ResultSet localResultSet = localStatement.executeQuery(str1);
while (localResultSet.next()) {
if (localHashSet == null) localHashSet = new HashSet();
localHashSet.add(localResultSet.getString(1));
}
localResultSet.close();
commitQuery(localConnection);
Log.debug(str1);
} catch (SQLException localSQLException) {
checkDB(localConnection, localSQLException);
String str2 = "PersonEntity: " + localSQLException.getMessage();
error(localSQLException, str1, str2);
} finally {
close(localStatement);
checkin(localConnection);
}
return localHashSet;
}
public static void resetFailedLoginCount(String paramString)
throws DBException
{
resetFailedLoginCount(paramString, new Date(), 0);
}
private static void resetFailedLoginCount(String paramString, Date paramDate, int paramInt)
throws DBException
{
Connection localConnection = null;
Statement localStatement = null;
String str1 = null;
try {
localConnection = checkout();
localStatement = localConnection.createStatement();
SQLProc localSQLProc = SQLFileParser.make("update_person_failed_logins_" + paramInt);
localSQLProc.setTimestamp(1, new Timestamp(paramDate.getTime()));
localSQLProc.setString(2, paramString);
str1 = localSQLProc.getSqlString();
localStatement.executeUpdate(str1);
commit(localConnection);
Log.debug(str1);
} catch (SQLException localSQLException) {
checkDB(localConnection, localSQLException);
String str2 = MessageCode.get("persistence.person.save_failed");
str2 = StringUtil.replace(str2, paramString);
rollback(localSQLException, localConnection, str1, str2);
} finally {
close(localStatement);
checkin(localConnection);
}
}
private static void monitor(int paramInt) throws DBException, InfoException {
Connection localConnection = null;
Statement localStatement = null;
int i = 0;
try {
localConnection = checkout();
localStatement = localConnection.createStatement();
ResultSet resultSet = localStatement.executeQuery("select count(*) from person");
//System.out.println("com.websina.persistence.PersonEntity.monitor(Line 836): localResultSet has " + resultSet.getInt(1) + "items.");
if ((resultSet.next()) && (resultSet.getInt(1) < paramInt)) {
i = 1;
}
resultSet.close();
commitQuery(localConnection);
} catch (SQLException e) {
checkDB(localConnection, e);
throw new DBException(e);
} finally {
close(localStatement);
checkin(localConnection);
}
if (0 == i) {
String str = MessageCode.get("license.user_accounts.limit");
throw new InfoException(str);
}
}
}