文档章节

反编译BugZero以突破“未注册版本中管理员只能创建五用户”的限制

苗哥
 苗哥
发布于 2012/06/29 17:00
字数 3447
阅读 301
收藏 0

上周在电脑上安装了Bugzero,觉得做得不错,界面什么的比BugZilla好很多,准备在机器上长期使用,结果得瑟了几天后发现,未注册版本中,管理员只能创建五个用户,再创建新用户就会提示超出限制,实在让人泄气,具体现象如下:使用admin帐户登录后,进入User菜单,添加新用户失败,页面上打印错误信息如下。

User accounts have exceeded the limit, please upgrade to a full version.

憋了壹下午之后实在是不爽,就琢磨着把它给破解了,反正哥也是做JAVA开发的,想必那代码也不会难到哪里去,了不起花点时间读壹下。说干就干,于是打开eclipse并连上远程调试,在整个bugzero工程中搜索这段字符串,壹开始怀疑它是直接hardcode在class/jar文件中的,结果找了下没有结果,后来壹想,这个项目是支持国际化的,上面那段文件最有可能出现在properties文件里,所以就指定搜索properties文件,果然在文件/bugzero/WebRoot/WEB-INF/classes/conf/messages.properties里找到了它,如下所示:

jsp.no_active_issue=There Are No Active Issues For You
jsp.no_query_result=No Issue Was Found.

license.user_accounts.limit=User accounts have exceeded the limit, please upgrade to a full version.
license.total.limit=Failed to save, limit has been exceeded. Please upgrade to a paid version.

接下来要想办法找到key=license.user_accounts.limit在代码中出现的位置。于是召唤出反编译神器JD-GUI,将bugzero.jar整个包加载到软件中,然后File->Save All Sources将反编译出的源代码保存到本地,接着在Notepad++里全局搜索字符串license.user_accounts.limit,果真在bugzero\src\com\websina\persistence\PersonEntity.java找到了,如下图所示:

if (0 == i) {
       String str = MessageCode.get("license.user_accounts.limit");
       throw new InfoException(str);
     }

大致看了下整个类,基本是用户帐户信息的增删改操作,还附带有壹个用户登录的验证,没什么特别的。于是开始关注那个if语句中的i变量,在debug模式下壹路往上跟,最后果真让我找到了几处可疑的地方:

int i = Project.Edition.num5();
//此处省略部分代码
int j = Project.Edition.num5();

于是点进去具体看了看,Project.Edition.num5()对应的是Project类中的壹个常量:

public static final class Edition
   {
     private static int num5 = 5;
     private static int num99 = 99;
     //此处省略部分代码
   }
     public static int num5() {
       return num5;
     }
 
     public static int num99() {
       return num99;
     }

到这里时我觉得那个num5与num99相当可疑,于是想:i与j的初始值是5,创建新用户的数量限制也是5,是不是有什么关联关系,于是没想那么多,直接把num99的值赋给了i与j,将其重新导出成JAR文件后,再用WinRAR将这个文件打开,展开层层目录,取出其中的PersonEntity.class文件,替换掉%TOMCAT_HOME%/webapps/bugzero/WEB-INF/lib/bugzero.jar中对应的class文件,重启tomcat,再用管理员登录进去,添加第六个用户,成功了,开心!后来我又认真看了下这段代码,99也是相当可疑的,因为未注册用户的BugZero中,每用户只能提交100个BUG,而这里却显示99,与临界值特别接近,极有可能也是壹个重要的突破口,不管三七二十壹,将num5与num99的值都修改成了9999,这样就不怕你限制我了,哼哼...

根据bugzero网站上提供的信息,除了这个五用户限制外,还有壹个地方会限制,就是当你的BUG记录达到100条时,再添加新的记录也会报类似问题,所以我准备先把这些代码保留下来,因为目前的BUG记录还不到100条,所以暂时看不到那个提示信息,等到能够看到时,我准备再更新这篇文章,来个全面的记录。暂时把重要的源代码贴到这里供自己以后参考。
package com.websina.persistence;
 
 import com.websina.bean.AppContext;
 import com.websina.bean.Group;
 import com.websina.bean.Person;
 import com.websina.bean.Persons;
import com.websina.bean.Project;
 import com.websina.bean.ReloadableManager;
 import com.websina.util.BooleanUtil;
 import com.websina.util.DynamicField;
 import com.websina.util.InfoException;
 import com.websina.util.MessageCode;
 import com.websina.util.StringUtil;
 import com.websina.util.log.Log;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.sql.Timestamp;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
import java.util.Set;
 
 public class PersonEntity extends DatabaseEntity
 {	 
   public static void login(Person paramPerson)
     throws DBException, InfoException
   {
     int i = Project.Edition.num99();//99
     if (i > 0) {
       monitor(i + 2);
     }
     String username = paramPerson.getUsername();
     String password = paramPerson.getPassword();
     if ((username == null) || (username.trim().length() == 0))
       throw new InfoException(MessageCode.get("servlet.login.username_is_empty"));//Username is empty
     if ((!paramPerson.isAuthenticated()) && ((password == null) || (password.length() == 0)))
     {
       throw new InfoException(MessageCode.get("servlet.login.password_is_empty"));//Password is empty
     }
     boolean bool = false;
     int j = 0;
     int k = 0;
     long l = 0L;
 
     Connection localConnection = null;
     Statement localStatement = null;
     String str3 = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("login_person");
       localSQLProc.setString(1, username);
       localSQLProc.setString(2, password);
       str3 = localSQLProc.getSqlString();
       if (paramPerson.isAuthenticated()) {
         int n = str3.indexOf("AND password=");
         if (n != -1) {
           str3 = str3.substring(0, n);
         }
       }
       localStatement = localConnection.createStatement();
       ResultSet localResultSet = localStatement.executeQuery(str3);
       if (localResultSet.next()) {
         paramPerson.setId(localResultSet.getInt(1));
         paramPerson.setUsername(localResultSet.getString(2));
         String str5;
         if ((str5 = localResultSet.getString(3)) != null) {
           str5 = str5.trim();
           if ((paramPerson.getGroup() != null) && (!paramPerson.getGroup().equals(str5)))
             j = 1;
           else
             paramPerson.setGroup(str5);
         }
         else if (paramPerson.getGroup() != null) {
           j = 1;
         }
         if ((str5 = localResultSet.getString(4)) != null) {
           str5 = str5.trim();
           if ((!paramPerson.getUsername().equals(paramPerson.getFullname())) && (!paramPerson.getFullname().equals(str5)))
             j = 1;
           else
             paramPerson.setFullname(str5);
         }
         else if (paramPerson.getFullname() != null) {
           j = 1;
         }
         if ((str5 = localResultSet.getString(5)) != null) {
           str5 = str5.trim();
           if ((paramPerson.getEmail() != null) && (!paramPerson.getEmail().equals(str5)))
             j = 1;
           else
             paramPerson.setEmail(str5);
         }
         else if (paramPerson.getEmail() != null) {
           j = 1;
         }
         if ((str5 = localResultSet.getString(6)) != null) {
           str5 = str5.trim();
           paramPerson.setDefaultProject(str5);
           paramPerson.setProject(str5);
         }
         try {
           if ((str5 = localResultSet.getString(7)) != null)
             paramPerson.setSignature(str5);
         } catch (SQLException localSQLException2) {
           if (Log.doDebug()) Log.debug(localSQLException2.getMessage() + " (Person.login: signature field is empty)");
         }
         if ((str5 = localResultSet.getString(8)) != null) {
           paramPerson.setBrowseMode(str5.trim());
         }
 
         if ((str5 = localResultSet.getString(9)) != null) {
           paramPerson.setCompany(str5.trim());
         }
         if ((str5 = localResultSet.getString(10)) != null) {
           paramPerson.setAddress(str5.trim());
         }
         if ((str5 = localResultSet.getString(11)) != null) {
           paramPerson.setPhone(str5.trim());
         }
         k = localResultSet.getInt(12);
         try {
           Timestamp localTimestamp = localResultSet.getTimestamp(13);
           if (localTimestamp != null) l = localTimestamp.getTime(); 
         }
         catch (SQLException localSQLException3) {
           if (Log.doDebug()) Log.debug(localSQLException3.getMessage() + " (Person.ts)");
         }
         bool = true;
       } else if ((paramPerson.isAuthenticated()) && (paramPerson.getGroup() != null) && (paramPerson.getFullname() != null) && (paramPerson.getEmail() != null))
       {
         bool = true;
         j = 1;
       }
       localResultSet.close();
       commitQuery(localConnection);
     } catch (SQLException localSQLException1) {
       checkDB(localConnection, localSQLException1);
       error(localSQLException1, str3, null);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
     if (AppContext.getEnableAccountLockout()) {
       if (bool) {
         if (k > AppContext.getAccountLockoutThreshold()) {
           bool = (AppContext.getAccountLockoutDuration() > 0) && (System.currentTimeMillis() - l > AppContext.getAccountLockoutDuration());
         }
         if ((bool) && (k > 0))
         {
           paramPerson.setTimestamp(new Date());
           resetFailedLoginCount(username, paramPerson.getTimestamp(), 0);
         }
       } else if ((Persons.getInstance().contains(username)) || (paramPerson.isAdmin())) {
         resetFailedLoginCount(username, new Date(), 1);
       }
     }
 
     if (bool) {
    	 System.out.println("bool is true, entered the system successfully.");
       if (paramPerson.isAdmin()) {
         if (false == paramPerson.isAuthenticated()) paramPerson.loadAdmin(); 
       }
       else {
         if (j != 0) {
           int m = paramPerson.getId() == 0 ? 1 : 0;
           paramPerson.save();
           if (m != 0)
             Persons.getInstance().add(paramPerson);
           else {
             Persons.getInstance().update(paramPerson);
           }
 
           ReloadableManager.invalidate("com.websina.bean.Persons");
         }
 
         loadProjectList(paramPerson);
 
         loadStoredQuery(paramPerson);
       }
     } else {
    	 System.out.println("Line 185: bool is false here, login failed and exit.");
       String str4 = MessageCode.get("servlet.login.login_failed");//login failed for {0}
       str4 = StringUtil.replace(str4, username);
       Assert.doAssert(bool, str4);
     }
   }
 
   public static void loadProjectList(Person paramPerson)
     throws DBException, InfoException
   {
     if (paramPerson == null) {
    	 //throw exception: Sorry, to load the project list, you need to be properly logged in.
       String localObject1 = MessageCode.get("persistence.person.login_check");
       localObject1 = StringUtil.replace((String)localObject1, "project list");
       throw new InfoException((String)localObject1);
     }
     int i = paramPerson.getId();
 
     if (i == 0) {
    	 //throw exception: loadProjectList: PersonId for {username} is 0, required to be > 0.
       String localObject1 = MessageCode.get("persistence.person.wrong_id");
       localObject1 = StringUtil.replace((String)localObject1, paramPerson.getUsername());
       throw new InfoException("loadProjectList: " + (String)localObject1);
     }
 
     Object localObject1 = loadProjectList(i, paramPerson);
     if (((Map)localObject1).isEmpty()) {
    	 //throw exception: {username} has no project assigned, please contact project manager.
       String localObject2 = MessageCode.get("persistence.person.no_project");
       localObject2 = StringUtil.replace((String)localObject2, paramPerson.getUsername());
       throw new InfoException((String)localObject2);
     }
     Object localObject2 = new DynamicField("projectList");
     ((DynamicField)localObject2).set((Map)localObject1);
     paramPerson.setProjectList((DynamicField)localObject2);
 
     setDefaultProject(paramPerson);
   }
 
   private static Map loadProjectList(int paramInt, Person paramPerson)
     throws DBException
   {
     Connection localConnection = null;
     Statement localStatement = null;
     HashMap localHashMap = new HashMap();
     String str1 = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("get_project_list");
       localSQLProc.setInt(1, paramInt);
       str1 = localSQLProc.getSqlString();
       localStatement = localConnection.createStatement();
       ResultSet localObject1 = localStatement.executeQuery(str1);
       System.out.println("Line 239 SQL: " + str1);
       String str2;
       String str3;
       String str4;
       while (((ResultSet)localObject1).next()) {
         str2 = ((ResultSet)localObject1).getString(1);
         if (paramPerson == null) {
           localHashMap.put(str2, null);
         } else {
           str3 = ((ResultSet)localObject1).getString(2);
           str4 = ((ResultSet)localObject1).getString(3);
           if ((str3 == null) || (str3.trim().length() == 0)) {
             str3 = str2;
           }
           localHashMap.put(str2, str3);
           if ((str4 != null) && (str4.trim().length() > 0)) {
             paramPerson.addProjectGroup(str4, str2, str3);
           }
         }
       }
       ((ResultSet)localObject1).close();
 
       if (paramPerson != null) {
         localSQLProc = SQLFileParser.make("get_project_list_by_group");
         localSQLProc.setString(1, paramPerson.getGroup());
         str1 = localSQLProc.getSqlString();
         System.out.println("Line 265 SQL: " + str1);
         localObject1 = localStatement.executeQuery(str1);
         while (((ResultSet)localObject1).next()) {
           str2 = ((ResultSet)localObject1).getString(1);
           str3 = ((ResultSet)localObject1).getString(2);
           str4 = ((ResultSet)localObject1).getString(3);
           if ((str3 == null) || (str3.trim().length() == 0)) {
             str3 = str2;
           }
           localHashMap.put(str2, str3);
           if ((str4 != null) && (str4.trim().length() > 0)) {
             paramPerson.addProjectGroup(str4, str2, str3);
           }
         }
         ((ResultSet)localObject1).close();
       }
 
       commitQuery(localConnection);
       Log.debug(str1);
     } catch (SQLException localSQLException) {
       checkDB(localConnection, localSQLException);
       //throw exception: Failed to load project list for person of Id = '{0}'.
       Object localObject1 = MessageCode.get("persistence.person.load_project_list_failed");
       localObject1 = StringUtil.replace((String)localObject1, String.valueOf(paramInt));
       error(localSQLException, str1, (String)localObject1);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
     return (Map)localHashMap;
   }
 
   private static void setDefaultProject(Person paramPerson)
   {
     String str = paramPerson.getProjectId();
     DynamicField localDynamicField = paramPerson.getProjectList();
     if ((localDynamicField != null) && (!localDynamicField.isEmpty()) && ((str == null) || (!localDynamicField.contains(str))))
     {
       str = localDynamicField.getValue()[0];
       paramPerson.setProject(str);
     }
   }
 
   public static void loadStoredQuery(Person paramPerson)
     throws DBException, InfoException
   {
     int i;
     if ((paramPerson == null) || ((i = paramPerson.getId()) == 0)) {
    	 //Sorry, to load the stored query, you need to be properly logged in.
       String str1 = MessageCode.get("persistence.person.login_check");
       str1 = StringUtil.replace(str1, "stored query");
       throw new InfoException(str1);
     }
     setDefaultProject(paramPerson);
     String str1 = paramPerson.getProjectId();
     if (str1 == null) {
       return;
     }
     DynamicField localDynamicField1 = paramPerson.getStoredQuery();
     DynamicField localDynamicField2 = paramPerson.getStoredReport();
     localDynamicField1.clear();
     localDynamicField2.clear();
     Connection localConnection = null;
     Statement localStatement = null;
     String str2 = null;
 
     Set localSet = paramPerson.getRoles();
     Group localGroup = Group.getInstance();
     int j = (localGroup.isTypeGroup(localSet)) || (localGroup.isGuest(localSet)) || (localGroup.isTypeGuestGroup(localSet)) ? 1 : 0;
     try
     {
       localConnection = checkout();
       SQLProc localSQLProc = null;
       if (j != 0)
         localSQLProc = SQLFileParser.make("get_query_list_group");
       else {
         localSQLProc = SQLFileParser.make("get_query_list");
       }
       localSQLProc.setInt(1, i);
       str2 = localSQLProc.getSqlString("$PROJECT", str1);
       if (j != 0) {
         String localObject1 = SQLExpr.stringIN(localSet);
         str2 = StringUtil.replace(str2, "$GROUPS", (String)localObject1);
       }
       localStatement = localConnection.createStatement();
       ResultSet localObject1 = localStatement.executeQuery(str2);
       while (((ResultSet)localObject1).next()) {
         int k = ((ResultSet)localObject1).getInt(1);
         String str3 = ((ResultSet)localObject1).getString(2);
         String str4 = ((ResultSet)localObject1).getString(3);
         String str5 = ((ResultSet)localObject1).getString(4);
         String str6 = ((ResultSet)localObject1).getString(5);
         if ((BooleanUtil.getFlagAsBoolean(str5, false)) && (!paramPerson.getUsername().equals(str6)))
         {
           str3 = str3 + ' ' + '(' + str6 + ')';
         }
         if ((str4 == null) || (str4.indexOf('0') != -1))
           localDynamicField1.add(Integer.toString(k), str3);
         else {
           localDynamicField2.add(Integer.toString(k), str3);
         }
       }
       ((ResultSet)localObject1).close();
       commitQuery(localConnection);
       Log.debug(str2);
     } catch (SQLException localSQLException) {
       checkDB(localConnection, localSQLException);
       Object localObject1 = MessageCode.get("persistence.person.load_stored_query_failed");
       localObject1 = StringUtil.replace((String)localObject1, paramPerson.getUsername());
       localObject1 = StringUtil.replace((String)localObject1, "{1}", str1);
       error(localSQLException, str2, (String)localObject1);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
   }
 
   public static Person load(int paramInt)
     throws DBException, InfoException
   {
     if (paramInt == 0) {
       return null;
     }
     Person localPerson = null;
     Connection localConnection = null;
     Statement localStatement = null;
     String str1 = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("get_person");
       localSQLProc.setInt(1, paramInt);
       str1 = localSQLProc.getSqlString();
       localStatement = localConnection.createStatement();
       ResultSet localObject1 = localStatement.executeQuery(str1);
       if (((ResultSet)localObject1).next()) {
         localPerson = new Person();
         localPerson.setId(paramInt);
         localPerson.setUsername(((ResultSet)localObject1).getString(1));
         String str2;
         if ((str2 = ((ResultSet)localObject1).getString(2)) != null)
           localPerson.setPassword(str2.trim());
         if ((str2 = ((ResultSet)localObject1).getString(3)) != null)
           localPerson.setGroup(str2.trim());
         if ((str2 = ((ResultSet)localObject1).getString(4)) != null)
           localPerson.setFullname(str2.trim());
         if ((str2 = ((ResultSet)localObject1).getString(5)) != null) {
           localPerson.setEmail(str2.trim());
         }
         if ((str2 = ((ResultSet)localObject1).getString(6)) != null)
           localPerson.setDefaultProject(str2.trim());
         try
         {
           if ((str2 = ((ResultSet)localObject1).getString(7)) != null)
             localPerson.setSignature(str2);
         } catch (SQLException localSQLException2) {
           if (Log.doDebug()) Log.debug(localSQLException2.getMessage() + " (Person.load: signature field is empty)");
         }
         if ((str2 = ((ResultSet)localObject1).getString(8)) != null) {
           localPerson.setBrowseMode(str2.trim());
         }
 
         if ((str2 = ((ResultSet)localObject1).getString(9)) != null) {
           localPerson.setActive(BooleanUtil.getStatusAsBoolean(str2, true));
         }
 
         if ((str2 = ((ResultSet)localObject1).getString(10)) != null) {
           localPerson.setCompany(str2.trim());
         }
         if ((str2 = ((ResultSet)localObject1).getString(11)) != null) {
           localPerson.setAddress(str2.trim());
         }
         if ((str2 = ((ResultSet)localObject1).getString(12)) != null) {
           localPerson.setPhone(str2.trim());
         }
       }
       ((ResultSet)localObject1).close();
       commitQuery(localConnection);
       Log.debug(str1);
     } catch (SQLException localSQLException1) {
       checkDB(localConnection, localSQLException1);
       Object localObject1 = MessageCode.get("persistence.person.load_failed");
       error(localSQLException1, str1, (String)localObject1);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
     return (Person)localPerson;
   }
 
   public static void save(Person paramPerson)
     throws DBException, InfoException
   {
     int i = paramPerson.getId();
     int j = Project.Edition.num99();
     if (j > 0) {
       if (i == 0)
         monitor(j + 1);
       else {
         monitor(j + 2);
       }
     }
     String str1 = paramPerson.getUsername();
     if (str1 == null) {
    	 //username not set.
       String localObject1 = MessageCode.get("persistence.person.username_not_set");
       throw new InfoException((String)localObject1);
     }
     if ((i == 0) && (getPerson(str1) != null)) {
       String localObject1 = MessageCode.get("persistence.person.username_exists");
       localObject1 = StringUtil.replace((String)localObject1, str1);
       throw new InfoException((String)localObject1);
     }
     Object localObject1 = null;
     Statement localStatement = null;
     String str2 = null;
     try {
       localObject1 = checkout();
       localStatement = ((Connection)localObject1).createStatement();
       SQLProc localSQLProc = null;
       StringBuffer localObject2 = null;
       if (i == 0) {
         i = Sequence.getLast(Person.class);
         paramPerson.setId(i);
         localSQLProc = SQLFileParser.make("new_person");
         localObject2 = new StringBuffer(" (new user: id=").append(i).append(')');
       } else {
         localSQLProc = SQLFileParser.make("update_person");
         localObject2 = new StringBuffer(" (user updated: id=").append(i).append(')');
       }
       localSQLProc.setString(1, paramPerson.getGroup());
       localSQLProc.setString(2, str1);
       localSQLProc.setString(3, paramPerson.getPassword());
       localSQLProc.setString(4, paramPerson.getFullname());
       localSQLProc.setString(5, paramPerson.getEmail());
       localSQLProc.setString(6, paramPerson.getDefaultProjectId());
       localSQLProc.setString(7, paramPerson.getSignature());
       localSQLProc.setString(8, paramPerson.getBrowseMode());
       localSQLProc.setString(9, paramPerson.getCompany());
       localSQLProc.setString(10, paramPerson.getAddress());
       localSQLProc.setString(11, paramPerson.getPhone());
       localSQLProc.setInt(12, i);
 
       str2 = localSQLProc.getSqlString();
       localStatement.executeUpdate(str2);
       commit((Connection)localObject1);
       String str3 = MessageCode.get("persistence.person.saved");
       str3 = StringUtil.replace(str3, paramPerson.getUsername());
       System.out.println("com.websina.persistence.PersonEntity.save(Line 512): " + ((StringBuffer)localObject2).insert(0, str3).toString());
     } catch (SQLException localSQLException) {
       checkDB((Connection)localObject1, localSQLException);
       Object localObject2 = MessageCode.get("persistence.person.save_failed");
       localObject2 = StringUtil.replace((String)localObject2, paramPerson.getUsername());
       rollback(localSQLException, (Connection)localObject1, str2, (String)localObject2);
     } finally {
       close(localStatement);
       checkin((Connection)localObject1);
     }
   }
 
   public static void delete(Person paramPerson)
     throws DBException, InfoException
   {
     int i = paramPerson.getId();
     if (i == 0) {
       String str = MessageCode.get("persistence.person.wrong_id");
       str = StringUtil.replace(str, paramPerson.getUsername());
       throw new InfoException(str);
     }
     delete(i, paramPerson);
   }
 
   public static void delete(String paramString)
     throws DBException, InfoException
   {
     Person localPerson = getPerson(paramString);
     if (localPerson == null) {
       String str = MessageCode.get("persistence.person.wrong_id");
       str = StringUtil.replace(str, paramString);
       throw new InfoException(str);
     }
     delete(localPerson.getId(), localPerson);
   }
 
   public static void delete(int paramInt)
     throws DBException, InfoException
   {
     delete(paramInt, null);
   }
 
   public static void updatePassword(Person paramPerson)
     throws DBException
   {
     Connection localConnection = null;
     Statement localStatement = null;
     String str = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("update_person_password");
       localSQLProc.setString(1, paramPerson.getPassword());
       localSQLProc.setInt(2, paramPerson.getId());
       str = localSQLProc.getSqlString();
       localStatement = localConnection.createStatement();
       localStatement.executeUpdate(str);
       commit(localConnection);
       if (Log.doDebug()) Log.debug("Password updated in database for user id=" + paramPerson.getId()); 
     }
     catch (SQLException localSQLException) {
       rollback(localSQLException, localConnection, null);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
   }
 
   public static void updateTimestamp(Person paramPerson)
     throws DBException
   {
     Connection localConnection = null;
     Statement localStatement = null;
     String str = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("update_person_timestamp");
       if (paramPerson.getTimestamp() == null)
         localSQLProc.setNull(1);
       else {
         localSQLProc.setTimestamp(1, new Timestamp(paramPerson.getTimestamp().getTime()));
       }
       localSQLProc.setInt(2, paramPerson.getId());
       str = localSQLProc.getSqlString();
       localStatement = localConnection.createStatement();
       localStatement.executeUpdate(str);
       commit(localConnection);
       Log.debug(str);
     } catch (SQLException localSQLException) {
       rollback(localSQLException, localConnection, str, null);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
   }
 
   public static void updateStatus(Person paramPerson)
     throws DBException
   {
     Connection localConnection = null;
     Statement localStatement = null;
     String str1 = null;
     try {
       localConnection = checkout();
       localStatement = localConnection.createStatement();
       SQLProc localSQLProc = SQLFileParser.make("update_person_status");
       localSQLProc.setString(1, paramPerson.isActive() ? null : BooleanUtil.getStatusAsString(false));
       localSQLProc.setInt(2, paramPerson.getId());
       str1 = localSQLProc.getSqlString();
       localStatement.executeUpdate(str1);
       commit(localConnection);
       Log.debug(str1);
     } catch (SQLException localSQLException) {
       checkDB(localConnection, localSQLException);
       String str2 = MessageCode.get("persistence.person.save_failed");
       str2 = StringUtil.replace(str2, paramPerson.getUsername());
       rollback(localSQLException, localConnection, str1, str2);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
   }
 
   private static void delete(int paramInt, Person paramPerson)
     throws DBException, InfoException
   {
     if (paramPerson == null) paramPerson = load(paramInt);
     if (paramPerson == null) return;
 
     Set localSet = AssignmentEntity.getPersonProject(paramPerson.getUsername());
     Object localObject2;
     Object localObject3;
     if ((localSet != null) && (!localSet.isEmpty())) {
       Iterator localObject1 = localSet.iterator();
       localObject2 = new StringBuffer();
       while (((Iterator)localObject1).hasNext()) {
         ((StringBuffer)localObject2).append((String)((Iterator)localObject1).next());
         ((StringBuffer)localObject2).append("<br>");
       }
       localObject3 = MessageCode.get("persistence.person.delete_assignment_first");
       localObject3 = StringUtil.replace((String)localObject3, paramPerson.getUsername());
       localObject3 = StringUtil.replace((String)localObject3, "{1}", ((StringBuffer)localObject2).toString());
       throw new InfoException((String)localObject3);
     }
 
     Object localObject1 = null;
     try {
       localObject1 = checkout();
 
       localObject2 = loadProjectList(paramInt, paramPerson);
       if (localObject2 != null) {
         localObject3 = ((Map)localObject2).keySet().iterator();
         while (((Iterator)localObject3).hasNext()) {
           String str = (String)((Iterator)localObject3).next();
           QueryEntity.removeStoredQuery((Connection)localObject1, str, paramInt);
           EmailTriggerEntity.deletePerson((Connection)localObject1, str, paramInt);
         }
 
       }
 
       AccessEntity.deletePerson((Connection)localObject1, paramInt);
 
       deletePerson((Connection)localObject1, paramInt);
 
       commit((Connection)localObject1);
       localObject3 = MessageCode.get("persistence.person.deleted");
       localObject3 = StringUtil.replace((String)localObject3, String.valueOf(paramInt));
       Log.info((String)localObject3);
     } catch (SQLException localSQLException) {
       checkDB((Connection)localObject1, localSQLException);
       localObject3 = MessageCode.get("persistence.person.delete_failed");
       localObject3 = StringUtil.replace((String)localObject3, String.valueOf(paramInt));
       localObject3 = StringUtil.replace((String)localObject3, "{1}", paramPerson.getUsername());
       rollback(localSQLException, (Connection)localObject1, null, (String)localObject3);
     } finally {
       checkin((Connection)localObject1);
     }
   }
 
   private static void deletePerson(Connection paramConnection, int paramInt)
     throws DBException, SQLException
   {
     SQLProc localSQLProc = SQLFileParser.make("delete_person");
     localSQLProc.setInt(1, paramInt);
     String str1 = localSQLProc.getSqlString();
     Statement localStatement = paramConnection.createStatement();
     try {
       localStatement.executeUpdate(str1);
       Log.debug(str1);
     } catch (SQLException localSQLException) {
       String str2 = localSQLException.getMessage();
       int i = -1;
       if ((str2 != null) && (str2.indexOf('_') != -1)) {
         String str3 = str2.toLowerCase();
         i = str3.indexOf("_trigger");
         if (i == -1) i = str3.indexOf("_query");
       }
       if (i != -1) {
         int j = str2.lastIndexOf('\'', i);
         if (j == -1) j = str2.lastIndexOf('"', i);
         if (j == -1) j = str2.lastIndexOf(' ', i);
         if (j == -1) throw localSQLException;
         j++; String str4 = str2.substring(j, i);
         QueryEntity.removeStoredQuery(paramConnection, str4, paramInt);
         EmailTriggerEntity.deletePerson(paramConnection, str4, paramInt);
         deletePerson(paramConnection, paramInt);
       } else {
         throw localSQLException;
       }
     } finally {
       close(localStatement);
     }
   }
 
   private static Person getPerson(String paramString) throws DBException, InfoException
   {
     if (paramString == null) {
       String localObject1 = MessageCode.get("persistence.person.username_not_set");
       throw new InfoException((String)localObject1);
     }
     Object localObject1 = null;
     Connection localConnection = null;
     Statement localStatement = null;
     String str1 = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("get_person_username");
       localSQLProc.setString(1, paramString);
       str1 = localSQLProc.getSqlString();
       localStatement = localConnection.createStatement();
       ResultSet localObject2 = localStatement.executeQuery(str1);
       if (((ResultSet)localObject2).next()) {
         localObject1 = new Person();
         ((Person)localObject1).setUsername(paramString);
         ((Person)localObject1).setId(((ResultSet)localObject2).getInt(1));
         String str2;
         if ((str2 = ((ResultSet)localObject2).getString(2)) != null)
           ((Person)localObject1).setPassword(str2.trim());
         if ((str2 = ((ResultSet)localObject2).getString(3)) != null)
           ((Person)localObject1).setGroup(str2.trim());
         if ((str2 = ((ResultSet)localObject2).getString(4)) != null)
           ((Person)localObject1).setFullname(str2.trim());
         if ((str2 = ((ResultSet)localObject2).getString(5)) != null)
           ((Person)localObject1).setEmail(str2.trim());
       }
       ((ResultSet)localObject2).close();
       commitQuery(localConnection);
       Log.debug(str1);
     } catch (SQLException localSQLException) {
       checkDB(localConnection, localSQLException);
       Object localObject2 = "PersonEntity: " + localSQLException.getMessage();
       error(localSQLException, str1, (String)localObject2);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
     return (Person)(Person)localObject1;
   }
 
   public static Set getGroupedUsers(String paramString, Set paramSet) throws DBException, InfoException {
     Connection localConnection = null;
     Statement localStatement = null;
     String str1 = null;
     HashSet localHashSet = null;
     try {
       localConnection = checkout();
       SQLProc localSQLProc = SQLFileParser.make("get_grouped_users");
       localSQLProc.setString(1, paramString);
       str1 = localSQLProc.getSqlString();
       String str2 = SQLExpr.stringIN(paramSet);
       str1 = StringUtil.replace(str1, "$GROUPS", str2);
       localStatement = localConnection.createStatement();
       ResultSet localResultSet = localStatement.executeQuery(str1);
       while (localResultSet.next()) {
         if (localHashSet == null) localHashSet = new HashSet();
         localHashSet.add(localResultSet.getString(1));
       }
       localResultSet.close();
       commitQuery(localConnection);
       Log.debug(str1);
     } catch (SQLException localSQLException) {
       checkDB(localConnection, localSQLException);
       String str2 = "PersonEntity: " + localSQLException.getMessage();
       error(localSQLException, str1, str2);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
     return localHashSet;
   }
 
   public static void resetFailedLoginCount(String paramString)
     throws DBException
   {
     resetFailedLoginCount(paramString, new Date(), 0);
   }
 
   private static void resetFailedLoginCount(String paramString, Date paramDate, int paramInt)
     throws DBException
   {
     Connection localConnection = null;
     Statement localStatement = null;
     String str1 = null;
     try {
       localConnection = checkout();
       localStatement = localConnection.createStatement();
       SQLProc localSQLProc = SQLFileParser.make("update_person_failed_logins_" + paramInt);
       localSQLProc.setTimestamp(1, new Timestamp(paramDate.getTime()));
       localSQLProc.setString(2, paramString);
       str1 = localSQLProc.getSqlString();
       localStatement.executeUpdate(str1);
       commit(localConnection);
       Log.debug(str1);
     } catch (SQLException localSQLException) {
       checkDB(localConnection, localSQLException);
       String str2 = MessageCode.get("persistence.person.save_failed");
       str2 = StringUtil.replace(str2, paramString);
       rollback(localSQLException, localConnection, str1, str2);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
   }
 
   private static void monitor(int paramInt) throws DBException, InfoException {
     Connection localConnection = null;
     Statement localStatement = null;
     int i = 0;
     try {
       localConnection = checkout();
       localStatement = localConnection.createStatement();
       ResultSet resultSet = localStatement.executeQuery("select count(*) from person");
       //System.out.println("com.websina.persistence.PersonEntity.monitor(Line 836): localResultSet has " + resultSet.getInt(1) + "items.");
       if ((resultSet.next()) && (resultSet.getInt(1) < paramInt)) {
         i = 1;
       }
       resultSet.close();
       commitQuery(localConnection);
     } catch (SQLException e) {
       checkDB(localConnection, e);
       throw new DBException(e);
     } finally {
       close(localStatement);
       checkin(localConnection);
     }
     if (0 == i) {
       String str = MessageCode.get("license.user_accounts.limit");
       throw new InfoException(str);
     }
   }
 }

© 著作权归作者所有

苗哥

苗哥

粉丝 246
博文 110
码字总数 130745
作品 0
上海
后端工程师
私信 提问
加载中

评论(3)

水牛叔叔
水牛叔叔
厉害
苗哥
苗哥 博主

引用来自“鉴客”的评论

牛X啊。。。

过奖了,也就是改了下代码,相当于最基础的爆破,没有仔细去找它的注册算法。
鉴客
鉴客
牛X啊。。。
Bugzero 6.5.3 发布,Bug 跟踪管理平台

Bugzero 6.5.3 发布,该版本升级 JavaMail 到 javamail-1.4.5,更好处理连接远程邮箱的错误问题。 BugZero是一个基于Web的问题(bug)跟踪平台 Bugzero™ 是一个多功能,基于网络 (Web-based) ...

oschina
2012/10/04
524
0
Bugzero 6.5.1 发布,Bug 跟踪管理平台

Bugzero 6.5.1 发布,该版本可通过日期时间或者文本输入框来禁用表单输入域,修复了用户名和email地址处理的 bug。 BugZero是一个基于Web的问题(bug)跟踪平台 Bugzero™ 是一个多功能,基于网...

oschina
2012/08/03
446
1
Bugzero 6.6.3 发布,缺陷跟踪系统

Bugzero 6.6.3 发布,此版本更新内容如下: 因为许可问题而没有保存成功的 Emails 会发回给发送者,甚至是游客用户 二级责任用户现完全拥有写权限 BugZero是一个基于Web的问题(bug)跟踪平台 ...

oschina
2013/12/31
560
1
BugZero 5.8.3 发布

BugZero是一个基于Web的问题(bug)跟踪平台,新版本对 JSP 代码进行了重构。 下载地址: http://www.websina.com/bugzero/price.html#download...

红薯
2009/09/21
163
0
Bugzero 6.6.4 发布,bug 跟踪平台

Bugzero 6.6.4 发布,此版本更新内容如下: 多项目查询时, "state" 字段会列出所有已选项目的状态 修复了关于 "ignore closed" 的问题 现有的 CC 字段添加了新 To 字段。 BugZero是一个基于...

oschina
2014/05/07
672
0

没有更多内容

加载失败,请刷新页面

加载更多

数据结构与算法

线性结构 数组 链表 树 二分查找 用数组表示 二叉树 二叉树可以用链表表示 二叉树的遍历分递归和非递归方式; 递归分为前序遍历、中序遍历和后序遍历; 非递归可以使用堆栈方式和队列方式实现...

铲平王
7分钟前
0
0
这是一份完整的Python魔术方法教程

在Python中,所有以“__”双下划线包起来的方法,都统称为“Magic Method”,中文称『魔术方法』,例如类的初始化方法 __init__ ,Python中所有的魔术方法均在官方文档中有相应描述,但是对于官...

编程资源库
7分钟前
0
0
JavaScript深入浅出第2课:函数是一等公民是什么意思呢?

摘要: 听起来很炫酷的一等公民是啥? 《JavaScript深入浅出》系列: JavaScript深入浅出第1课:箭头函数中的this究竟是什么鬼? JavaScript深入浅出第2课:函数是一等公民是什么意思呢? 看...

Fundebug
7分钟前
0
0
Google 出品的 Java 编码规范,强烈推荐,权威又科学!

原文:google.github.io/styleguide/javaguide.html 译者:Hawstein 来源:hawstein.com/2014/01/20/google-java-style/ 这份文档是Google Java编程风格规范的完整定义。当且仅当一个Java源文...

Java技术栈
10分钟前
0
0
Consul注册中心常用的API

问题 在使用Consul注册中心的过程中,涉及到服务注册,服务注销,服务列表查询,检查点列表查询,检查点注销等等Http的API。 Consul Http API 服务注册接口 请求方式:PUT 请求URL:http://...

亚林瓜子
21分钟前
0
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部