dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MultiLevelLogin1 database changes

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@309 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel 2008-04-09 12:02:15 +00:00
parent aa23f8169b
commit fa0c7eff8a
1 changed files with 96 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
View File

@ -485,10 +485,12 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
private void updateTan(String user, WebSession s) private void updateTan(String user, WebSession s)
{ {
int tanNr = getTanPosition(user, s); int tanNr = getTanPosition(user, s);
Connection connection = null;
try try
{ {
Connection connection = DatabaseUtilities.getConnection(s); connection = DatabaseUtilities.getConnection(s);
String query = "UPDATE user_data_tan SET login_count = ? WHERE first_name = ?"; String query = "UPDATE user_data_tan SET login_count = ? WHERE first_name = ?";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY); ResultSet.CONCUR_READ_ONLY);
@ -500,6 +502,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
{ {
e.printStackTrace(); e.printStackTrace();
} }
finally
{
try
{
if (connection != null)
{
connection.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
} }
@ -510,10 +526,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
*/ */
private void resetTans(WebSession s) private void resetTans(WebSession s)
{ {
Connection connection = null;
try try
{ {
Connection connection = DatabaseUtilities.getConnection(s); connection = DatabaseUtilities.getConnection(s);
String query = "UPDATE user_data_tan SET login_count = 0 WHERE login_count > 0"; String query = "UPDATE user_data_tan SET login_count = 0 WHERE login_count > 0";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY); ResultSet.CONCUR_READ_ONLY);
@ -523,6 +539,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
{ {
e.printStackTrace(); e.printStackTrace();
} }
finally
{
try
{
if (connection != null)
{
connection.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
} }
@ -536,9 +566,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
private int getTanPosition(String user, WebSession s) private int getTanPosition(String user, WebSession s)
{ {
int tanNr = 0; int tanNr = 0;
Connection connection = null;
try try
{ {
Connection connection = DatabaseUtilities.getConnection(s); connection = DatabaseUtilities.getConnection(s);
String query = "SELECT login_count FROM user_data_tan WHERE first_name = ?"; String query = "SELECT login_count FROM user_data_tan WHERE first_name = ?";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY); ResultSet.CONCUR_READ_ONLY);
@ -564,6 +595,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
{ {
e.printStackTrace(); e.printStackTrace();
} }
finally
{
try
{
if (connection != null)
{
connection.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
return tanNr; return tanNr;
} }
@ -577,9 +622,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
*/ */
private ResultSet getUser(String user, WebSession s) private ResultSet getUser(String user, WebSession s)
{ {
Connection connection = null;
try try
{ {
Connection connection = DatabaseUtilities.getConnection(s); connection = DatabaseUtilities.getConnection(s);
String query = "SELECT * FROM user_data_tan WHERE first_name = ? "; String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY); ResultSet.CONCUR_READ_ONLY);
@ -593,6 +639,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
{ {
e.printStackTrace(); e.printStackTrace();
} }
finally
{
try
{
if (connection != null)
{
connection.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
return null; return null;
} }
@ -609,9 +669,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
private boolean correctTan(String user, String tan, String tanPosition, WebSession s) private boolean correctTan(String user, String tan, String tanPosition, WebSession s)
{ {
if (tan.equals("")) { return false; } if (tan.equals("")) { return false; }
Connection connection = null;
try try
{ {
Connection connection = DatabaseUtilities.getConnection(s); connection = DatabaseUtilities.getConnection(s);
String query = "SELECT user_data_tan.userid FROM user_data_tan, tan WHERE user_data_tan.first_name = ? " String query = "SELECT user_data_tan.userid FROM user_data_tan, tan WHERE user_data_tan.first_name = ? "
+ "AND user_data_tan.userid = tan.userid AND tan.tanValue = ? AND tan.tanNr = ?"; + "AND user_data_tan.userid = tan.userid AND tan.tanValue = ? AND tan.tanNr = ?";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
@ -631,6 +692,19 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
} catch (Exception e) } catch (Exception e)
{ {
e.printStackTrace(); e.printStackTrace();
} finally
{
try
{
if (connection != null)
{
connection.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
} }
return false; return false;
} }
@ -645,9 +719,10 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
*/ */
private boolean correctLogin(String userName, String password, WebSession s) private boolean correctLogin(String userName, String password, WebSession s)
{ {
Connection connection = null;
try try
{ {
Connection connection = DatabaseUtilities.getConnection(s); connection = DatabaseUtilities.getConnection(s);
String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?"; String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY); ResultSet.CONCUR_READ_ONLY);
@ -666,6 +741,20 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
{ {
e.printStackTrace(); e.printStackTrace();
} }
finally
{
try
{
if (connection != null)
{
connection.close();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}
return false; return false;