Beispiel #1
0
  /**
   * Initialize the SQL connection if not already done
   *
   * @param pseudo
   * @param password
   */
  public ManageSQLRequest(String pseudo, String password) {
    this.pseudo = pseudo;
    this.password = password;

    // We initialize the connection
    try {
      Class.forName("com.mysql.jdbc.Driver");
      this.conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
      this.preparedStatement = this.conn.prepareStatement(REQUETE);
    } catch (Exception e) {
      LOGGER.error("Impossible d'initialiser la connexion à la base de donnée", e);
      Loki.setStatus(false);
    }
  }
Beispiel #2
0
  /**
   * Check an user to see if he can connect to the server Only existing user with correct group can
   * login
   *
   * @return the response, send it to the client
   */
  public String checkAuth() {
    String authResult = new String();

    // Get user informations from database
    ResultSet result;
    try {
      this.preparedStatement.setString(1, this.pseudo);
      result = this.preparedStatement.executeQuery();
    } catch (Exception e) {
      authResult = "DATABASE_ERROR";
      LOGGER.error("Impossible de communiquer avec la base de donnée", e);
      Loki.setStatus(false);
      try {
        this.preparedStatement.close();
        this.conn.close();
      } catch (SQLException e1) {
        LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
      }
      return authResult;
    }

    // We split hash and group id
    int groupId;
    String passwordHash;
    try {
      // No user ?
      if (!result.next()) {
        authResult = "BAD_PSEUDO";
        return authResult;
      }

      groupId = result.getInt(1);
      passwordHash = result.getString(2);
      result.close();
    } catch (Exception e) {
      authResult = "UNKNOW_ERROR";
      LOGGER.error("Erreur inconnue durant la vérification du login", e);
      try {
        this.preparedStatement.close();
        this.conn.close();
      } catch (SQLException e1) {
        LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
      }
      return authResult;
    }

    // We check the groupId
    if (!checkGroup(groupId)) {
      authResult = "BAD_GROUP";
      return authResult;
    }

    // We check login
    // The hash use an unsupported algo, must re-login on the forum
    if (!passwordHash.contains("$2a$")) {
      authResult = "PASSWORD_ERROR";
      // We test if the password is correct
    } else if (BCrypt.checkpw(this.password, passwordHash)) {
      authResult = "OK";
    } else {
      authResult = "BAD_PASSWORD";
    }

    try {
      this.preparedStatement.close();
      this.conn.close();
    } catch (SQLException e) {
      LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e);
    }

    return authResult;
  }
Beispiel #3
0
/** @author tutul */
public class ManageSQLRequest {

  private static final Logger LOGGER = Loki.getLogger();

  /** The MySQL address (IP:PORT/database) */
  private static final String DB_URL = "jdbc:mysql://localhost:3306/phpBB";

  /** The MySQL user (for the specific database) */
  private static final String DB_USER = "phpBB";

  /**
   * The MySQL user's password (for the specific database) TODO change password for the real
   * DATABASE after testing
   */
  private static final String DB_PASS = "Zf9Ch5Di1";

  /**
   * The phpBB group authorized to connect on the NaheulCraft server Only administrator, moderator
   * and player can connect
   */
  private static final String[] GROUPE_AUTORISE = {"4", "5", "9"};

  /**
   * The SQL request to perform, with these, we get the group and the hashed password for the
   * current user
   */
  private static final String REQUETE =
      "SELECT group_id, user_password FROM phpbb_users WHERE username=?;";

  private final String pseudo;
  private final String password;
  private PreparedStatement preparedStatement;
  private Connection conn;

  /**
   * Initialize the SQL connection if not already done
   *
   * @param pseudo
   * @param password
   */
  public ManageSQLRequest(String pseudo, String password) {
    this.pseudo = pseudo;
    this.password = password;

    // We initialize the connection
    try {
      Class.forName("com.mysql.jdbc.Driver");
      this.conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
      this.preparedStatement = this.conn.prepareStatement(REQUETE);
    } catch (Exception e) {
      LOGGER.error("Impossible d'initialiser la connexion à la base de donnée", e);
      Loki.setStatus(false);
    }
  }

  /**
   * Check an user to see if he can connect to the server Only existing user with correct group can
   * login
   *
   * @return the response, send it to the client
   */
  public String checkAuth() {
    String authResult = new String();

    // Get user informations from database
    ResultSet result;
    try {
      this.preparedStatement.setString(1, this.pseudo);
      result = this.preparedStatement.executeQuery();
    } catch (Exception e) {
      authResult = "DATABASE_ERROR";
      LOGGER.error("Impossible de communiquer avec la base de donnée", e);
      Loki.setStatus(false);
      try {
        this.preparedStatement.close();
        this.conn.close();
      } catch (SQLException e1) {
        LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
      }
      return authResult;
    }

    // We split hash and group id
    int groupId;
    String passwordHash;
    try {
      // No user ?
      if (!result.next()) {
        authResult = "BAD_PSEUDO";
        return authResult;
      }

      groupId = result.getInt(1);
      passwordHash = result.getString(2);
      result.close();
    } catch (Exception e) {
      authResult = "UNKNOW_ERROR";
      LOGGER.error("Erreur inconnue durant la vérification du login", e);
      try {
        this.preparedStatement.close();
        this.conn.close();
      } catch (SQLException e1) {
        LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
      }
      return authResult;
    }

    // We check the groupId
    if (!checkGroup(groupId)) {
      authResult = "BAD_GROUP";
      return authResult;
    }

    // We check login
    // The hash use an unsupported algo, must re-login on the forum
    if (!passwordHash.contains("$2a$")) {
      authResult = "PASSWORD_ERROR";
      // We test if the password is correct
    } else if (BCrypt.checkpw(this.password, passwordHash)) {
      authResult = "OK";
    } else {
      authResult = "BAD_PASSWORD";
    }

    try {
      this.preparedStatement.close();
      this.conn.close();
    } catch (SQLException e) {
      LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e);
    }

    return authResult;
  }

  /**
   * Check the user group to see if the current user can login
   *
   * @param groupId the user group ID
   * @return the response (true|false)
   */
  private static boolean checkGroup(final int groupId) {
    boolean autorized = false;

    for (String id : GROUPE_AUTORISE) {
      if (groupId == Integer.parseInt(id)) {
        autorized = true;
        break;
      }
    }

    return autorized;
  }
}