<%@ page import="javax.naming.*,espn.security.*,javax.naming.directory.*,java.text.*,java.util.*,java.io.*,java.net.*,WABean.*,espn.tools.JSPUtils.*,espn.security.crypto.*" %> <% String sUsername = "", sPassword = "", loginuri = "", sReturnURL = ""; try { String sTemp; Enumeration eParams = request.getParameterNames(); while (eParams.hasMoreElements()) { sTemp = (String) eParams.nextElement(); if (sTemp.equalsIgnoreCase("ESPNUser")) sUsername = request.getParameterValues(sTemp)[0]; else if(sTemp.equalsIgnoreCase("ESPNPass")) sPassword = request.getParameterValues(sTemp)[0]; else if(sTemp.equalsIgnoreCase("ReturnURL")) sReturnURL = request.getParameterValues(sTemp)[0]; } //************************************// ServletContext servletContext = getServletConfig().getServletContext(); loginuri = "/howesportsdata/login/index.jsp?Failed=true&returnurl=" + sReturnURL; if ((sUsername == null || sUsername.equalsIgnoreCase("")) || (sPassword == null || sPassword.equalsIgnoreCase(""))) { response.sendRedirect(loginuri); /* loginuri = "/login/index.jsp?Failed=true&returnurl=" + sReturnURL; RequestDispatcher requestDispatcher = servletContext.getRequestDispatcher(loginuri); requestDispatcher.forward(request,response); return; */ } session.removeAttribute("UserName"); boolean dbcheck = false; UserProfile profile = UserProfile.getUserProfile("UserName", sUsername.toLowerCase()); if (profile != null) dbcheck = profile.validateDatabaseUser(sPassword); if (dbcheck) { ACL.loadUserRole(request, sUsername.toLowerCase()); //out.println("ret url :"+ sReturnURL); if (ACL.canUserAccessURL(request, sReturnURL)) { out.println("access granted! :"); session.setAttribute("UserName", sUsername.toLowerCase()); //if ((!profile.hasLogged()) || (!profile.hasChangedPassword())) //Config.displayScreen(response, getServletConfig().getServletContext().getRealPath(request.getServletPath()), getServletConfig().getServletContext().getRealPath("/"), Config.CHANGE_PASSWORD); //if (profile.checkNull()) // Config.displayScreen(response, getServletConfig().getServletContext().getRealPath(request.getServletPath()), getServletConfig().getServletContext().getRealPath("/"), Config.UPDATE_PROFILE); AuditLog.auditRequest(request, sReturnURL, profile, dbcheck); if (ACL.canUserAccessURL(request, "/howesportsdata/user/admin/")) response.sendRedirect("/howesportsdata/user/admin/index.jsp"); else response.sendRedirect(sReturnURL); return; } else { out.println("access denied! :"); throw new ForbiddenException(); } } else { response.sendRedirect(loginuri); /* loginuri = "/login/index.jsp?Failed=true&returnurl=" + sReturnURL; RequestDispatcher requestDispatcher = servletContext.getRequestDispatcher(loginuri); requestDispatcher.forward(request,response); return; */ } } catch (ForbiddenException e) { Config.displayScreen(response, getServletConfig().getServletContext().getRealPath(request.getServletPath()), getServletConfig().getServletContext().getRealPath("/"), Config.FORBIDDEN); } catch (UserNotLoggedInException e) { Config.displayScreen(response, getServletConfig().getServletContext().getRealPath(request.getServletPath()), getServletConfig().getServletContext().getRealPath("/"), Config.LOGIN_FILE); } catch (Exception e) { out.print("Login error: " + e.getMessage()); } %>