Commits

Anonymous committed 6a56c37

Modified error message to conceal PGSQL exceptions on failed logins

  • Participants
  • Parent commits f93a345

Comments (0)

Files changed (1)

File org/nrg/xdat/turbine/modules/actions/XDATLoginUser.java

 import org.nrg.xft.XFTItem;
 import org.nrg.xft.email.EmailUtils;
 import org.nrg.xft.schema.Wrappers.GenericWrapper.GenericWrapperElement;
+import org.postgresql.util.PSQLException;
 /**
  * @author Tim
  *
 			HttpSession session = data.getSession();
 			session.setAttribute("user",user);
             session.setAttribute("loggedin",true);
-            
+
             try{
             	doRedirect(data,context,user);
             }catch(Exception e){
 		catch (Exception e)
 		{
             log.error("",e);
-            
+
             if(username.toLowerCase().contains("script"))
             {
             	e= new Exception("Illegal username <script> usage.");
                 data.getParameters().setString("exception", e.toString());
                 return;
             }
-            
+
 				// Set Error Message and clean out the user.
+            if(e instanceof PSQLException){
+				data.setMessage("An error has occurred.  Please contact a site administrator for assistance.");
+            }else{
 				data.setMessage(e.getMessage());
+            }
 				String loginTemplate =  org.apache.turbine.Turbine.getConfiguration().getString("template.login");
 
 				if (StringUtils.isNotEmpty(loginTemplate))
 				}
 		}
 	}
-	
+
 	public void doRedirect(RunData data, Context context,XDATUser user) throws Exception{
 		String nextPage = data.getParameters().getString("nextPage","");
 		String nextAction = data.getParameters().getString("nextAction","");