In UserFactory.validateUser it is possible that password could be null in
the visitor table PASSWORD_VALUE field. This causes a null pointer
exception at
if ( user.getPassword().equals(password) )
I assume the following is the correct implementation with a boolean short
circuit. Of course this will allow a user to login without a password which
may or not be desirable.
if (user.getPassword() == null && password == null ||
user.getPassword().equals(password))
Here's the context of the change.....
============================================
/**
0: username and password is valid<br>
1: username is not valid<br>
2: password is not valid
*/
static int validateUser(User user, String password)
{
if ( user != null )
{
if ( user.getPassword().equals(password) )
{
return 0;
}
else
{
return 2;
}
}
return 1;
}
=========================================
cheers,
christopher
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
