diff --git a/AstuteSystem/sql/astute.sql b/AstuteSystem/sql/astute.sql index 04ee9ef..fc8964f 100644 --- a/AstuteSystem/sql/astute.sql +++ b/AstuteSystem/sql/astute.sql @@ -810,9 +810,9 @@ CREATE TABLE IF NOT EXISTS `user` ( -- Dumping data for table astute.user: ~2 rows (approximately) /*!40000 ALTER TABLE `user` DISABLE KEYS */; INSERT INTO `user` (`user_id`, `username`, `password`, `first_name`, `middle_name`, `last_name`, `role`, `email`, `office_phone_ext`, `cell_phone`) VALUES - (1, 'sparikh', 'sparikh', 'Saurin', NULL, 'Parikh', 'Owner', 'sparikh@Astuteng.com', 2024002004, 3014616485), - (2, 'humaretiya', 'humaretiya', 'Haresh', NULL, 'Umaretiya', 'Owner', 'Humaretiya@astuteng.com', 2024002004, 0); -/*!40000 ALTER TABLE `user` ENABLE KEYS */; + (1, ENCODE('sparikh', 'astutesecret'), ENCODE('sparikh', 'astutesecret'), 'Saurin', NULL, 'Parikh', 'Owner', 'sparikh@Astuteng.com', 2024002004, 3014616485), + (2, ENCODE('humaretiya', 'astutesecret'), ENCODE('humaretiya', 'astutesecret'), 'Haresh', NULL, 'Umaretiya', 'Owner', 'Humaretiya@astuteng.com', 2024002004, 0); +/*!40000 ALTER TABLE ENCODE('gkatwala', 'astutesecret')`user` ENABLE KEYS */; /*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */; /*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */; diff --git a/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java b/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java index bb4125a..8e06230 100644 --- a/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java +++ b/AstuteSystem/src/main/java/com/astute/dao/SqlDAO.java @@ -20,7 +20,7 @@ import static com.astute.exceptions.AstuteException.AUTH_ERROR; import static com.astute.exceptions.AstuteException.DB_ERROR; public class SqlDAO extends DAO { - + String key = "astutesecret"; public SqlDAO() throws AstuteException { } @@ -1128,8 +1128,7 @@ public class SqlDAO extends DAO { public User getUser(String username) throws AstuteException { - String sql = "select user_id, username, password, CONCAT(first_name, ' ', last_name) as name from user where username='" + username + "'"; - + String sql = "select user_id, DECODE(username,'"+key+"'), DECODE(password,'"+key+"'), CONCAT(first_name, ' ', last_name) as name from user where username=ENCODE('" + username + "','"+key+"')"; try { Statement stmt = conn.createStatement(); ResultSet resultSet = stmt.executeQuery(sql); @@ -1142,7 +1141,6 @@ public class SqlDAO extends DAO { resultSet.getString(4), null ); } -// conn.close(); return user; } catch (SQLException e) { e.printStackTrace(); @@ -1355,19 +1353,9 @@ public class SqlDAO extends DAO { =============================== Utility Methods =============================================== */ public User login(String username, String password) throws AstuteException{ + User user = getUser(username); - boolean check = false; if (user != null && password.equals(user.getPassword())) { - check = true; - } -// try { -// check = checkPasswordHash(user.getPassword(), password); -// } catch (NoSuchAlgorithmException e) { -// -// } catch (InvalidKeySpecException e) { -// -// } - if (check) { //create session String sessionId = UUID.randomUUID().toString().replaceAll("-", "");