com.mobshep.mobileshepherd.CSInjection2.java Source code

Java tutorial

Introduction

Here is the source code for com.mobshep.mobileshepherd.CSInjection2.java

Source

package com.mobshep.mobileshepherd;

import java.io.File;
import java.io.IOException;

import net.sqlcipher.database.SQLiteDatabase;

import android.content.Context;
import android.content.Intent;
import android.database.Cursor;
import android.database.sqlite.SQLiteException;
import android.os.Bundle;
import android.support.design.widget.NavigationView;
import android.support.v4.view.GravityCompat;
import android.support.v4.widget.DrawerLayout;
import android.support.v7.app.ActionBarDrawerToggle;
import android.support.v7.widget.Toolbar;
import android.view.MenuItem;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TabHost;
import android.widget.TabHost.TabSpec;
import android.widget.Toast;

/**
 * This file is part of the Security Shepherd Project.
 *
 * The Security Shepherd project is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.<br/>
 *
 * The Security Shepherd project is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.<br/>
 *
 * You should have received a copy of the GNU General Public License
 * along with the Security Shepherd project.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @author Sean Duggan
 */

public class CSInjection2 extends MainActivity
        implements OnClickListener, NavigationView.OnNavigationItemSelectedListener {

    TabHost th;
    Button Login;
    EditText username;
    EditText password;
    EditText key;
    String dbPassword = "n483jd843hyj23kd032kjdw92";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        // TODO Auto-generated method stub
        super.onCreate(savedInstanceState);
        setContentView(R.layout.csi2_layout);
        th = (TabHost) findViewById(R.id.tabhost);
        populateTable(this, dbPassword);

        Toolbar toolbar = (Toolbar) findViewById(R.id.toolbar);
        setSupportActionBar(toolbar);

        DrawerLayout drawer = (DrawerLayout) findViewById(R.id.drawer_layout);
        ActionBarDrawerToggle toggle = new ActionBarDrawerToggle(this, drawer, toolbar,
                R.string.navigation_drawer_open, R.string.navigation_drawer_close);
        drawer.setDrawerListener(toggle);
        toggle.syncState();

        NavigationView navigationView = (NavigationView) findViewById(R.id.nav_view);
        navigationView.setNavigationItemSelectedListener(this);

        referenceXML();
        th.setup();
        generateKey(this, dbPassword);

        TabSpec specs = th.newTabSpec("tag1");
        specs.setContent(R.id.tab1);
        specs.setIndicator("Login");
        th.addTab(specs);

        specs = th.newTabSpec("tag2");
        specs.setContent(R.id.tab2);
        specs.setIndicator("Key");
        th.addTab(specs);
    }

    @Override
    public void onBackPressed() {
        DrawerLayout drawer = (DrawerLayout) findViewById(R.id.drawer_layout);
        if (drawer.isDrawerOpen(GravityCompat.START)) {
            drawer.closeDrawer(GravityCompat.START);
        } else {
            super.onBackPressed();
        }
    }

    private void referenceXML() {
        // TODO Auto-generated method stub
        Login = (Button) findViewById(R.id.bLogin);
        // Login.setFilterTouchesWhenObscured(true);
        username = (EditText) findViewById(R.id.etName);
        password = (EditText) findViewById(R.id.etPass);
        key = (EditText) findViewById(R.id.etKey);
        Login.setOnClickListener(this);

    }

    public void onClick(View arg0) {
        switch (arg0.getId()) {

        case (R.id.bLogin):

            String Name = username.getText().toString();
            String Pass = password.getText().toString();

            Name = sanitizeValue(Name);
            Pass = sanitizeValue(Pass);

            try {
                if (login(Name, Pass) == true) {
                    outputKey(this, dbPassword);
                    Toast toast = Toast.makeText(CSInjection2.this, "Logged in!", Toast.LENGTH_LONG);
                    toast.show();

                }
            } catch (IOException e1) {
                Toast toast = Toast.makeText(CSInjection2.this, "An error occurred!", Toast.LENGTH_LONG);
                toast.show();
            }

            try {
                if (login(Name, Pass) == false) {
                    Toast toast = Toast.makeText(CSInjection2.this, "Invalid Credentials, " + Name,
                            Toast.LENGTH_LONG);
                    toast.show();

                }
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

            if (Name.contentEquals("") || Pass.contentEquals("")) {
                Toast toast2 = Toast.makeText(CSInjection2.this, "Empty Fields Detected.", Toast.LENGTH_SHORT);
                toast2.show();

            }

        }

    }

    private boolean login(String username, String password) throws IOException {
        try {
            try {
                String dbPath = this.getDatabasePath("Players.db").getPath();

                SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

                String query = ("SELECT * FROM Players WHERE memName='" + username + " AND memPass = '" + password
                        + ";");

                Cursor cursor = db.rawQuery(query, null);
                if (cursor != null) {
                    if (cursor.getCount() <= 0) {
                        return false;

                    }
                }

            } catch (Exception e) {
                // TODO Auto-generated catch block
                Toast error = Toast.makeText(CSInjection2.this, "An error occurred.", Toast.LENGTH_LONG);
                error.show();
                key.getText().clear();
                key.setHint("The key is only shown to authenticated users.");
                return false;
            }

        } catch (SQLiteException e) {
            Toast error = Toast.makeText(CSInjection2.this, "An database error occurred.", Toast.LENGTH_LONG);
            error.show();
        }

        return true;

    }

    public void populateTable(Context context, String dbPassword) {
        try {

            try {
                SQLiteDatabase.loadLibs(context);

                String dbPath = context.getDatabasePath("Players.db").getPath();

                File dbPathFile = new File(dbPath);
                if (!dbPathFile.exists())
                    dbPathFile.getParentFile().mkdirs();

                SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

                db.execSQL("DROP TABLE IF EXISTS Players");
                db.execSQL(
                        "CREATE TABLE Players(memID INTEGER PRIMARY KEY AUTOINCREMENT, memName TEXT, memAge INTEGER, memPass VARCHAR)");

                db.execSQL("INSERT INTO Players VALUES( 1,'Admin',20,'49c3a17ad8d8ccd93885e6a28661480d')");
            } catch (Exception e) {
                // TODO Auto-generated catch block
                Toast error = Toast.makeText(CSInjection2.this, "An error occurred, table not initialized.",
                        Toast.LENGTH_LONG);
                error.show();

            }

        } catch (SQLiteException e) {
            Toast error = Toast.makeText(CSInjection2.this, "An database error occurred.", Toast.LENGTH_LONG);
            error.show();
        }
    }

    public void outputKey(Context context, String password) {
        SQLiteDatabase.loadLibs(context);

        String dbPath = context.getDatabasePath("key.db").getPath();

        SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

        String query = ("SELECT * FROM key;");

        Cursor cursor = db.rawQuery(query, null);

        if (cursor != null) {

            try {
                if (cursor.moveToFirst())
                    key.setText(cursor.getString(0));
            } finally {
                cursor.close();

            }
        }
    }

    public void generateKey(Context context, String password) {
        try {
            try {
                SQLiteDatabase.loadLibs(context);

                String dbPath = context.getDatabasePath("key.db").getPath();

                File dbPathFile = new File(dbPath);
                if (!dbPathFile.exists())
                    dbPathFile.getParentFile().mkdirs();

                SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath, dbPassword, null);

                db.execSQL("DROP TABLE IF EXISTS key");
                db.execSQL("CREATE TABLE key(key VARCHAR)");

                db.execSQL("INSERT INTO key VALUES('The Key is BurpingChimneys.')");

            } catch (Exception e) {
                // TODO Auto-generated catch block
                Toast error = Toast.makeText(CSInjection2.this, "An error occurred, key was not generated",
                        Toast.LENGTH_LONG);
                error.show();

            }

        } catch (SQLiteException e) {
            Toast error = Toast.makeText(CSInjection2.this, "An database error occurred.", Toast.LENGTH_LONG);
            error.show();
        }
    }

    public String sanitizeValue(String input) {
        input = input.replace("OR", "");
        input = input.replace("or", "");
        input = input.replace("SELECT", "");
        input = input.replace("AND", "");
        input = input.replace("UPDATE", "");
        input = input.replace("DROP", "");
        input = input.replace("0", "");
        input = input.replace("1", "");
        input = input.replace("2", "");
        input = input.replace("3", "");
        input = input.replace("4", "");
        input = input.replace("5", "");
        input = input.replace("6", "");
        input = input.replace("7", "");
        input = input.replace("8", "");
        input = input.replace("9", "");
        input = input.replace("--", "");

        input = input + "'";

        return input;
    }

}