public void banMacs() {
Connection con = DatabaseConnection.getConnection();
try {
loadMacsIfNescessary();
List<String> filtered = new LinkedList<String>();
PreparedStatement ps = con.prepareStatement("SELECT filter FROM macfilters");
ResultSet rs = ps.executeQuery();
while (rs.next()) {
filtered.add(rs.getString("filter"));
}
rs.close();
ps.close();
ps = con.prepareStatement("INSERT INTO macbans (mac) VALUES (?)");
for (String mac : macs) {
boolean matched = false;
for (String filter : filtered) {
if (mac.matches(filter)) {
matched = true;
break;
}
}
if (!matched) {
ps.setString(1, mac);
try {
ps.executeUpdate();
} catch (SQLException e) {
// can fail because of UNIQUE key, we dont care
}
}
}
ps.close();
} catch (SQLException e) {
}
}
public int login(String login, String pwd, boolean ipMacBanned) {
loginattempt++;
if (loginattempt > 6) {
getSession().close(true);
}
int loginok = 5;
Connection con = DatabaseConnection.getConnection();
try {
PreparedStatement ps =
con.prepareStatement(
"SELECT id, password, salt, banned, gm, pin, greason, tempban FROM accounts WHERE name = ?");
ps.setString(1, login);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
int banned = rs.getInt("banned");
this.accId = rs.getInt("id");
setAccID(rs.getInt("id"));
this.gmlevel = rs.getInt("gm");
pin = rs.getString("pin");
String passhash = rs.getString("password");
String salt = rs.getString("salt");
greason = rs.getByte("greason");
tempban = getTempBanCalendar(rs);
ps.close();
if (banned > 0) {
loginok = 3;
} else {
if (banned == -1) { // unban
int i;
try {
loadMacsIfNescessary();
// StringBuilder sql = new StringBuilder("DELETE FROM macbans WHERE mac IN (");
for (i = 0; i < macs.size(); i++) {
// sql.append("?");
if (i != macs.size() - 1) {
// sql.append(", ");
}
}
// sql.append(")");
// ps = con.prepareStatement(sql.toString());
i = 0;
for (String mac : macs) {
ps.setString(++i, mac);
}
ps.executeUpdate();
ps.close();
ps = con.prepareStatement("DELETE FROM ipbans WHERE ip LIKE CONCAT(?, '%')");
ps.setString(1, getSession().getRemoteAddress().toString().split(":")[0]);
ps.executeUpdate();
ps.close();
ps =
con.prepareStatement(
"UPDATE accounts SET banned = 0, norankupdate = 0 WHERE id = ?");
ps.setInt(1, accId);
ps.executeUpdate();
ps.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (banned == 1) {
loginok = 3;
}
if (getLoginState() > LOGIN_NOTLOGGEDIN) { // already loggedin
loggedIn = false;
loginok = 7;
} else if (pwd.equals(passhash)
|| checkHash(passhash, "SHA-1", pwd)
|| checkHash(passhash, "SHA-512", pwd + salt)) {
loginok = 0;
} else {
loggedIn = false;
loginok = 4;
}
}
}
rs.close();
ps.close();
} catch (Exception e) {
e.printStackTrace();
}
if (loginok == 0) {
loginattempt = 0;
}
return loginok;
}