/**
* Initialize the SQL connection if not already done
*
* @param pseudo
* @param password
*/
public ManageSQLRequest(String pseudo, String password) {
this.pseudo = pseudo;
this.password = password;
// We initialize the connection
try {
Class.forName("com.mysql.jdbc.Driver");
this.conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
this.preparedStatement = this.conn.prepareStatement(REQUETE);
} catch (Exception e) {
LOGGER.error("Impossible d'initialiser la connexion à la base de donnée", e);
Loki.setStatus(false);
}
}
/**
* Check an user to see if he can connect to the server Only existing user with correct group can
* login
*
* @return the response, send it to the client
*/
public String checkAuth() {
String authResult = new String();
// Get user informations from database
ResultSet result;
try {
this.preparedStatement.setString(1, this.pseudo);
result = this.preparedStatement.executeQuery();
} catch (Exception e) {
authResult = "DATABASE_ERROR";
LOGGER.error("Impossible de communiquer avec la base de donnée", e);
Loki.setStatus(false);
try {
this.preparedStatement.close();
this.conn.close();
} catch (SQLException e1) {
LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
}
return authResult;
}
// We split hash and group id
int groupId;
String passwordHash;
try {
// No user ?
if (!result.next()) {
authResult = "BAD_PSEUDO";
return authResult;
}
groupId = result.getInt(1);
passwordHash = result.getString(2);
result.close();
} catch (Exception e) {
authResult = "UNKNOW_ERROR";
LOGGER.error("Erreur inconnue durant la vérification du login", e);
try {
this.preparedStatement.close();
this.conn.close();
} catch (SQLException e1) {
LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
}
return authResult;
}
// We check the groupId
if (!checkGroup(groupId)) {
authResult = "BAD_GROUP";
return authResult;
}
// We check login
// The hash use an unsupported algo, must re-login on the forum
if (!passwordHash.contains("$2a$")) {
authResult = "PASSWORD_ERROR";
// We test if the password is correct
} else if (BCrypt.checkpw(this.password, passwordHash)) {
authResult = "OK";
} else {
authResult = "BAD_PASSWORD";
}
try {
this.preparedStatement.close();
this.conn.close();
} catch (SQLException e) {
LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e);
}
return authResult;
}
/** @author tutul */
public class ManageSQLRequest {
private static final Logger LOGGER = Loki.getLogger();
/** The MySQL address (IP:PORT/database) */
private static final String DB_URL = "jdbc:mysql://localhost:3306/phpBB";
/** The MySQL user (for the specific database) */
private static final String DB_USER = "******";
/**
* The MySQL user's password (for the specific database) TODO change password for the real
* DATABASE after testing
*/
private static final String DB_PASS = "******";
/**
* The phpBB group authorized to connect on the NaheulCraft server Only administrator, moderator
* and player can connect
*/
private static final String[] GROUPE_AUTORISE = {"4", "5", "9"};
/**
* The SQL request to perform, with these, we get the group and the hashed password for the
* current user
*/
private static final String REQUETE =
"SELECT group_id, user_password FROM phpbb_users WHERE username=?;";
private final String pseudo;
private final String password;
private PreparedStatement preparedStatement;
private Connection conn;
/**
* Initialize the SQL connection if not already done
*
* @param pseudo
* @param password
*/
public ManageSQLRequest(String pseudo, String password) {
this.pseudo = pseudo;
this.password = password;
// We initialize the connection
try {
Class.forName("com.mysql.jdbc.Driver");
this.conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
this.preparedStatement = this.conn.prepareStatement(REQUETE);
} catch (Exception e) {
LOGGER.error("Impossible d'initialiser la connexion à la base de donnée", e);
Loki.setStatus(false);
}
}
/**
* Check an user to see if he can connect to the server Only existing user with correct group can
* login
*
* @return the response, send it to the client
*/
public String checkAuth() {
String authResult = new String();
// Get user informations from database
ResultSet result;
try {
this.preparedStatement.setString(1, this.pseudo);
result = this.preparedStatement.executeQuery();
} catch (Exception e) {
authResult = "DATABASE_ERROR";
LOGGER.error("Impossible de communiquer avec la base de donnée", e);
Loki.setStatus(false);
try {
this.preparedStatement.close();
this.conn.close();
} catch (SQLException e1) {
LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
}
return authResult;
}
// We split hash and group id
int groupId;
String passwordHash;
try {
// No user ?
if (!result.next()) {
authResult = "BAD_PSEUDO";
return authResult;
}
groupId = result.getInt(1);
passwordHash = result.getString(2);
result.close();
} catch (Exception e) {
authResult = "UNKNOW_ERROR";
LOGGER.error("Erreur inconnue durant la vérification du login", e);
try {
this.preparedStatement.close();
this.conn.close();
} catch (SQLException e1) {
LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e1);
}
return authResult;
}
// We check the groupId
if (!checkGroup(groupId)) {
authResult = "BAD_GROUP";
return authResult;
}
// We check login
// The hash use an unsupported algo, must re-login on the forum
if (!passwordHash.contains("$2a$")) {
authResult = "PASSWORD_ERROR";
// We test if the password is correct
} else if (BCrypt.checkpw(this.password, passwordHash)) {
authResult = "OK";
} else {
authResult = "BAD_PASSWORD";
}
try {
this.preparedStatement.close();
this.conn.close();
} catch (SQLException e) {
LOGGER.fatal("Impossible de fermer correctement la connexion avec MySQL", e);
}
return authResult;
}
/**
* Check the user group to see if the current user can login
*
* @param groupId the user group ID
* @return the response (true|false)
*/
private static boolean checkGroup(final int groupId) {
boolean autorized = false;
for (String id : GROUPE_AUTORISE) {
if (groupId == Integer.parseInt(id)) {
autorized = true;
break;
}
}
return autorized;
}
}