[cvs] expresso commit by lhamel: javadoc

Thu Feb 24 06:20:58 UTC 2005

Log Message:
-----------
javadoc

Modified Files:
--------------
    expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller:
        LoginController.java

Revision Data
-------------
Index: LoginController.java
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/LoginController.java,v
retrieving revision 1.62
retrieving revision 1.63
diff -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/LoginController.java -Lexpresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/LoginController.java -u -r1.62 -r1.63

--- expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/LoginController.java
+++ expresso-web/WEB-INF/src/com/jcorporate/expresso/services/controller/LoginController.java
@@ -175,6 +175,7 @@
 
             myUser.setLoginName(loginName);
 
+            // here is the find for login name, right behind the test for useless guest name
             if ("NONE".equalsIgnoreCase(loginName) || !myUser.find()) {
                 errors.addError("error.invalidusername");
 
@@ -190,7 +191,8 @@
 
                 return uid;
             }
-            // evaluate the passwords
+
+            // now that user is retrieved, compare the password
             if (!myUser.passwordEquals(StringUtil.notNull(request.getParameter("Password")))) {
 
                 // Brute forcing login names is often step one in the brute force attack
@@ -206,7 +208,6 @@
             }
 
             uid = myUser.getUid();
-
             String currStatus = myUser.getAccountStatus();
 
             // test for account status
