MultiLevelLogin2 database

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@310 4033779f-a91e-0410-96ef-6bf7bf53c507

main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin2.java

@@ -488,10 +488,10 @@ public class MultiLevelLogin2 extends LessonAdapter
 	private void updateTan(String user, WebSession s)
 	{
 		int tanNr = getTanPosition(user, s);
-
+		Connection connection = null;
 		try
 		{
-			Connection connection = DatabaseUtilities.getConnection(s);
+			connection = DatabaseUtilities.getConnection(s);
 			String query = "UPDATE user_data_tan SET login_count = ? WHERE first_name = ?";
 			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
 																			ResultSet.CONCUR_READ_ONLY);
@@ -503,6 +503,20 @@ public class MultiLevelLogin2 extends LessonAdapter
 		{
 			e.printStackTrace();
 		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
 
 	}
 
@@ -515,9 +529,10 @@ public class MultiLevelLogin2 extends LessonAdapter
 	 */
 	private ResultSet getUser(String user, WebSession s)
 	{
+		Connection connection = null;
 		try
 		{
-			Connection connection = DatabaseUtilities.getConnection(s);
+			connection = DatabaseUtilities.getConnection(s);
 			String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
 			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
 																			ResultSet.CONCUR_READ_ONLY);
@@ -531,6 +546,20 @@ public class MultiLevelLogin2 extends LessonAdapter
 		{
 			e.printStackTrace();
 		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
 		return null;
 
 	}
@@ -542,10 +571,10 @@ public class MultiLevelLogin2 extends LessonAdapter
 	 */
 	private void resetTans(WebSession s)
 	{
-
+		Connection connection = null;
 		try
 		{
-			Connection connection = DatabaseUtilities.getConnection(s);
+			connection = DatabaseUtilities.getConnection(s);
 			String query = "UPDATE user_data_tan SET login_count = 0 WHERE login_count > 0";
 			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
 																			ResultSet.CONCUR_READ_ONLY);
@@ -555,6 +584,20 @@ public class MultiLevelLogin2 extends LessonAdapter
 		{
 			e.printStackTrace();
 		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
 
 	}
 
@@ -568,9 +611,10 @@ public class MultiLevelLogin2 extends LessonAdapter
 	private int getTanPosition(String user, WebSession s)
 	{
 		int tanNr = 0;
+		Connection connection = null;
 		try
 		{
-			Connection connection = DatabaseUtilities.getConnection(s);
+			connection = DatabaseUtilities.getConnection(s);
 			String query = "SELECT login_count FROM user_data_tan WHERE first_name = ?";
 			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
 																			ResultSet.CONCUR_READ_ONLY);
@@ -591,6 +635,20 @@ public class MultiLevelLogin2 extends LessonAdapter
 		{
 			e.printStackTrace();
 		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
 
 		return tanNr;
 	}
@@ -605,9 +663,10 @@ public class MultiLevelLogin2 extends LessonAdapter
 	 */
 	private String getTan(String user, int tanPosition, WebSession s)
 	{
+		Connection connection = null;
 		try
 		{
-			Connection connection = DatabaseUtilities.getConnection(s);
+			connection = DatabaseUtilities.getConnection(s);
 			String query = "SELECT tan.tanValue FROM user_data_tan, tan WHERE user_data_tan.first_name = ? "
 					+ "AND user_data_tan.userid = tan.userid AND tan.tanNr = ?";
 			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
@@ -628,6 +687,20 @@ public class MultiLevelLogin2 extends LessonAdapter
 		{
 			e.printStackTrace();
 		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
 		return "";
 
 	}
@@ -655,9 +728,10 @@ public class MultiLevelLogin2 extends LessonAdapter
 	 */
 	private boolean correctLogin(String userName, String password, WebSession s)
 	{
+		Connection connection = null;
 		try
 		{
-			Connection connection = DatabaseUtilities.getConnection(s);
+			connection = DatabaseUtilities.getConnection(s);
 			String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
 			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
 																			ResultSet.CONCUR_READ_ONLY);
@@ -676,6 +750,20 @@ public class MultiLevelLogin2 extends LessonAdapter
 		{
 			e.printStackTrace();
 		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
 
 		return false;