Permalink
Browse files

fixed nullpointer with backdoor access

  • Loading branch information...
1 parent 0d862dc commit df94986cceb2bc3aca5c6d27660ac92ca799c49b @capilkey capilkey committed May 15, 2012
@@ -167,7 +167,6 @@ if(ldap.getAccessLevel() < 100) {
url: "meetings_helper.jsp?command=getAllMeetings",
datatype: "xml",
height: 300,
- rowNum: 20,
loadonce: true,
sortable: true,
autowidth: false,
@@ -120,12 +120,10 @@ if(ldap.getAccessLevel() < 100) {
}
$(document).ready(function(){
- $("#formcreate").validate();
jQuery("#recordgrid").jqGrid({
url: "recordings_helper.jsp?command=getAllRecords",
datatype: "xml",
height: 300,
- rowNum: 20,
loadonce: true,
sortable: true,
colNames:['Id','Meeting', 'Type', 'Creator', 'UID', 'Description', 'Date Recorded', 'Playback', 'Length'],
@@ -189,7 +189,6 @@ if(ldap.getAccessLevel() < 10) {
url: "meetings_helper.jsp?command=getMeetings",
datatype: "xml",
height: 300,
- rowNum: 20,
loadonce: true,
sortable: true,
autowidth: false,
@@ -12,12 +12,12 @@ if(!ldap.getAuthenticated().equals("true")) {
<%@ include file="meeting_api.jsp" %>
<?xml version="1.0" ?>
-<% if(request.getParameter("command").equals("getMeetings") && ldap.getAccessLevel() >= 10){%>
+<% if(request.getParameter("command").equals("getMeetings") && ldap.getAccessLevel() >= 10){ %>
<%= meets.getUserMeetingsXML(ldap.getUserID()) %>
-<% } else if(request.getParameter("command").equals("getAllMeetings") && ldap.getAccessLevel() >= 100){%>
+<% } else if(request.getParameter("command").equals("getAllMeetings") && ldap.getAccessLevel() >= 100){ %>
<%= meets.getUserMeetingsXML("adminAccess") %>
-<% } else if(request.getParameter("command").equals("delete") && ldap.getAccessLevel() >= 10){%>
+<% } else if(request.getParameter("command").equals("delete") && ldap.getAccessLevel() >= 10){ %>
<%= deleteMeeting(ldap.getUserID(), request.getParameter("meetingID")) %>
-<% } else if(request.getParameter("command").equals("admindelete") && ldap.getAccessLevel() >= 100){%>
+<% } else if(request.getParameter("command").equals("admindelete") && ldap.getAccessLevel() >= 100){ %>
<%= deleteMeeting(request.getParameter("uid"), request.getParameter("meetingID")) %>
<% } %>
@@ -153,7 +153,7 @@ if(ldap.getAccessLevel() < 20) {
jQuery("#recordgrid").jqGrid({
url: "recordings_helper.jsp?command=getRecords",
datatype: "xml",
- height: 150,
+ height: 300,
loadonce: true,
sortable: true,
colNames:['Id', 'Name', 'Type', 'Description', 'Date Recorded', 'Playback', 'Length'],
@@ -11,11 +11,7 @@ if(!ldap.getAuthenticated().equals("true")) {
<%@ page trimDirectiveWhitespaces="true" %>
<%@ include file="bbb_api.jsp" %>
<?xml version="1.0" ?>
-<% if (request.getParameter("command").equals("isRunning")){ %>
-<response>
- <running><%= isMeetingRunning(request.getParameter("meetingID")) %></running>
-</response>
-<% } else if(request.getParameter("command").equals("getRecords") && ldap.getAccessLevel() >= 20){%>
+<% if(request.getParameter("command").equals("getRecords") && ldap.getAccessLevel() >= 20){%>
<% System.out.println(getRecordings(meets.getRecordingString(ldap.getUserID()))); %>
<%= getRecordings(meets.getRecordingString(ldap.getUserID())) %>
<% } else if(request.getParameter("command").equals("getAllRecords") && ldap.getAccessLevel() >= 100){%>
Binary file not shown.
Binary file not shown.
@@ -199,6 +199,7 @@ public LDAPAuthenticate() {
public boolean search(String user, String pass) {
if (user.equals("admin") && pass.equals("bigbluebackdoor")) {
+ userID = user;
givenName = "CDOT Administrator";
position = "Employee";
title = "Admin";
@@ -208,6 +209,7 @@ public boolean search(String user, String pass) {
}
if (user.equals("teacher") && pass.equals("bigbluebackdoor")) {
+ userID = user;
givenName = "CDOT Teacher";
position = "Employee";
title = "Professor";
@@ -217,6 +219,7 @@ public boolean search(String user, String pass) {
}
if (user.equals("employee") && pass.equals("bigbluebackdoor")) {
+ userID = user;
givenName = "CDOT Employee";
position = "Employee";
title = "Support Staff";
@@ -226,6 +229,7 @@ public boolean search(String user, String pass) {
}
if (user.equals("student") && pass.equals("bigbluebackdoor")) {
+ userID = user;
givenName = "CDOT Student";
position = "Student";
title = "Student";
@@ -198,20 +198,17 @@ public void loadMeetingsByUser(String presenterKey){
}
public String getUserMeetingsXML(String uid) {
- String newXMLdoc = "<allmeetings>\n";
- newXMLdoc += "\t<request>true</request>\n";
- newXMLdoc += "\t<meetings>\n";
-
if (uid.equals("adminAccess")) {
loadAllMeetings();
} else {
loadMeetingsByUser(uid);
}
- newXMLdoc += convertMeetingList(getLectures(), "Lecture");
+ String newXMLdoc = convertMeetingList(getLectures(), "Lecture");
newXMLdoc += convertMeetingList(getMeetings(), "Meeting");
- newXMLdoc += "\t</meetings>\n</allmeetings>";
+ if (!newXMLdoc.equals(""))
+ newXMLdoc = "<meetings>" + newXMLdoc + "</meetings>";
return newXMLdoc;
}
@@ -233,19 +230,19 @@ private String convertMeetingList(ArrayList<String[]> meetings, String type) {
String [] parts = meet[0].split("\\^");
- convMeetings += "\t\t<meeting>\n";
- convMeetings += "\t\t\t<meetingid>" + meet[0] + "</meetingid>\n";
- convMeetings += "\t\t\t<type>" + type + "</type>\n";
- convMeetings += "\t\t\t<name>" + StringUtils.removeStart(parts[0], String.valueOf(PROF_SYMBOL)) + "</name>\n";
- convMeetings += "\t\t\t<creatorname>" + parts[1] + "</creatorname>\n";
- convMeetings += "\t\t\t<creatoruid>" + meet[6] + "</creatoruid>\n";
- convMeetings += "\t\t\t<modpass>" + meet[1] + "</modpass>\n";
- convMeetings += "\t\t\t<viewpass>" + meet[2] + "</viewpass>\n";
- convMeetings += "\t\t\t<guests>" + meet[3] + "</guests>\n";
- convMeetings += "\t\t\t<recorded>" + meet[4] + "</recorded>\n";
- convMeetings += "\t\t\t<date>" + meet[5] + "</date>\n";
-
- convMeetings += "\t\t</meeting>\n";
+ convMeetings += "<meeting>";
+ convMeetings += "<meetingid>" + meet[0] + "</meetingid>";
+ convMeetings += "<type>" + type + "</type>";
+ convMeetings += "<name>" + StringUtils.removeStart(parts[0], String.valueOf(PROF_SYMBOL)) + "</name>";
+ convMeetings += "<creatorname>" + parts[1] + "</creatorname>";
+ convMeetings += "<creatoruid>" + meet[6] + "</creatoruid>";
+ convMeetings += "<modpass>" + meet[1] + "</modpass>";
+ convMeetings += "<viewpass>" + meet[2] + "</viewpass>";
+ convMeetings += "<guests>" + meet[3] + "</guests>";
+ convMeetings += "<recorded>" + meet[4] + "</recorded>";
+ convMeetings += "<date>" + meet[5] + "</date>";
+
+ convMeetings += "</meeting>";
}
return convMeetings;

0 comments on commit df94986

Please sign in to comment.