private boolean validatePassword(String password) {
if (!Util.isDigit(password)) {
return false;
}
if ((password.length() < 6) || (password.length() > 8)) {
return false;
}
return !SecondaryAuthData.getInstance().isForbiddenPassword(password);
}
public boolean checkPassword(String password, boolean skipAuth) {
password = cryptPassword(password);
if (!password.equals(_password)) {
_wrongAttempts++;
if (_wrongAttempts < SecondaryAuthData.getInstance().getMaxAttempts()) {
_activeClient.sendPacket(
new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_WRONG, _wrongAttempts));
insertWrongAttempt(_wrongAttempts);
} else {
LoginServerThread.getInstance()
.sendTempBan(
_activeClient.getAccountName(),
_activeClient.getConnectionAddress().getHostAddress(),
SecondaryAuthData.getInstance().getBanTime());
LoginServerThread.getInstance()
.sendMail(
_activeClient.getAccountName(),
"SATempBan",
_activeClient.getConnectionAddress().getHostAddress(),
Integer.toString(SecondaryAuthData.getInstance().getMaxAttempts()),
Long.toString(SecondaryAuthData.getInstance().getBanTime()),
SecondaryAuthData.getInstance().getRecoveryLink());
_log.warning(
_activeClient.getAccountName()
+ " - ("
+ _activeClient.getConnectionAddress().getHostAddress()
+ ") has inputted the wrong password "
+ _wrongAttempts
+ " times in row.");
insertWrongAttempt(0);
_activeClient.close(
new Ex2ndPasswordVerify(
Ex2ndPasswordVerify.PASSWORD_BAN,
SecondaryAuthData.getInstance().getMaxAttempts()));
}
return false;
}
if (!skipAuth) {
_authed = true;
_activeClient.sendPacket(
new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_OK, _wrongAttempts));
}
insertWrongAttempt(0);
return true;
}
