YalpPGSQLAuth: fix crash in userVerify

- fix NullPointer deref
- fix Exception Handling

Signed-off-by: Manuel Traut <manut@mecka.net>

1 files changed, 17 insertions, 8 deletions

diff --git a/src/YalpAuth/YalpPGSqlAuth/YalpAuthPluginImpl.java b/src/YalpAuth/YalpPGSqlAuth/YalpAuthPluginImpl.java
index d7c7a21..3124845 100644
--- a/src/YalpAuth/YalpPGSqlAuth/YalpAuthPluginImpl.java
+++ b/src/YalpAuth/YalpPGSqlAuth/YalpAuthPluginImpl.java
@@ -93,31 +93,40 @@ public class YalpAuthPluginImpl extends AuthPluginInterfacePOA{
 		YalpError error = new YalpError ("auth ok", YalpErrorCode.OK,
 			YalpErrorLevel.ERROR_LEVEL_INFO, "authentication module working");
 
-		try{
-			ResultSet result=stat.executeQuery("select * from \"user\" where \"username\" = '"+username+"' and \"passwd\" = '"+passwd+"';");
+		try {
+			String query = "select * from \"Users\" where \"name\" = '"+username+"' and \"passwd\" = '"+passwd+"';";
+
+			ResultSet result = stat.executeQuery(query);
 
 			if (result.next()){
-				if (result.getBoolean(5)==true)
+				if (result.getInt(1)>1)
 				{
-					user.value.level = AccessRights.ADMIN;
+					user.value = new YalpUser
+						(666, username, "real name", AccessRights.ADMIN);
 					err.value = error;
 					return;
 				}
 				else
 				{
-					user.value.level = AccessRights.USER;
+					user.value = new YalpUser
+						(666, username, "real name", AccessRights.USER);
 					err.value = error;
 					return;
 				}
 			}
 			else
 			{
-				user.value.level = AccessRights.DENY;
+					user.value = new YalpUser
+						(666, username, "real name", AccessRights.DENY);
 				err.value = error;
 				return;
 			}
-		}catch (SQLException e){
-			user.value.level = AccessRights.DENY;
+
+		} catch (SQLException e){
+			System.out.println("SQL ExceptioN!\n");
+			e.printStackTrace();
+			user.value = new YalpUser
+				(666, username, "real name", AccessRights.DENY);
 			error.code = YalpErrorCode.ERROR_SQL;
 			error.msg = "failed to send auth request to pgsql db";
 			error.level = YalpErrorLevel.ERROR_LEVEL_ERROR;