From fa0c7eff8a238b0d026ed371be96068c91db0e49 Mon Sep 17 00:00:00 2001 From: "wirth.marcel" Date: Wed, 9 Apr 2008 12:02:15 +0000 Subject: [PATCH] MultiLevelLogin1 database changes git-svn-id: http://webgoat.googlecode.com/svn/trunk@309 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/lessons/MultiLevelLogin1.java | 103 ++++++++++++++++-- 1 file changed, 96 insertions(+), 7 deletions(-) diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java index 897760b3a..7d7d28870 100644 --- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java +++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java @@ -485,10 +485,12 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter private void updateTan(String user, WebSession s) { int tanNr = getTanPosition(user, s); + + Connection connection = null; try { - Connection connection = DatabaseUtilities.getConnection(s); + connection = DatabaseUtilities.getConnection(s); String query = "UPDATE user_data_tan SET login_count = ? WHERE first_name = ?"; PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); @@ -500,6 +502,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter { e.printStackTrace(); } + finally + { + try + { + if (connection != null) + { + connection.close(); + } + } + catch (Exception e) + { + e.printStackTrace(); + } + } } @@ -510,10 +526,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter */ private void resetTans(WebSession s) { - + Connection connection = null; try { - Connection connection = DatabaseUtilities.getConnection(s); + connection = DatabaseUtilities.getConnection(s); String query = "UPDATE user_data_tan SET login_count = 0 WHERE login_count > 0"; PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); @@ -523,6 +539,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter { e.printStackTrace(); } + finally + { + try + { + if (connection != null) + { + connection.close(); + } + } + catch (Exception e) + { + e.printStackTrace(); + } + } } @@ -536,9 +566,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter private int getTanPosition(String user, WebSession s) { int tanNr = 0; + Connection connection = null; try { - Connection connection = DatabaseUtilities.getConnection(s); + connection = DatabaseUtilities.getConnection(s); String query = "SELECT login_count FROM user_data_tan WHERE first_name = ?"; PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); @@ -564,6 +595,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter { e.printStackTrace(); } + finally + { + try + { + if (connection != null) + { + connection.close(); + } + } + catch (Exception e) + { + e.printStackTrace(); + } + } return tanNr; } @@ -577,9 +622,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter */ private ResultSet getUser(String user, WebSession s) { + Connection connection = null; try { - Connection connection = DatabaseUtilities.getConnection(s); + connection = DatabaseUtilities.getConnection(s); String query = "SELECT * FROM user_data_tan WHERE first_name = ? "; PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); @@ -593,6 +639,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter { e.printStackTrace(); } + finally + { + try + { + if (connection != null) + { + connection.close(); + } + } + catch (Exception e) + { + e.printStackTrace(); + } + } return null; } @@ -609,9 +669,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter private boolean correctTan(String user, String tan, String tanPosition, WebSession s) { if (tan.equals("")) { return false; } + Connection connection = null; try { - Connection connection = DatabaseUtilities.getConnection(s); + connection = DatabaseUtilities.getConnection(s); String query = "SELECT user_data_tan.userid FROM user_data_tan, tan WHERE user_data_tan.first_name = ? " + "AND user_data_tan.userid = tan.userid AND tan.tanValue = ? AND tan.tanNr = ?"; PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, @@ -631,6 +692,19 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter } catch (Exception e) { e.printStackTrace(); + } finally + { + try + { + if (connection != null) + { + connection.close(); + } + } + catch (Exception e) + { + e.printStackTrace(); + } } return false; } @@ -645,9 +719,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter */ private boolean correctLogin(String userName, String password, WebSession s) { + Connection connection = null; try { - Connection connection = DatabaseUtilities.getConnection(s); + connection = DatabaseUtilities.getConnection(s); String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?"; PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); @@ -666,6 +741,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter { e.printStackTrace(); } + finally + { + try + { + if (connection != null) + { + connection.close(); + } + } + catch (Exception e) + { + e.printStackTrace(); + } + } return false;