public boolean savePassword(String password) {
if (passwordExist()) {
_log.warning(
"[SecondaryPasswordAuth]" + _activeClient.getAccountName() + " forced savePassword");
_activeClient.closeNow();
return false;
}
if (!validatePassword(password)) {
_activeClient.sendPacket(new Ex2ndPasswordAck(0, Ex2ndPasswordAck.WRONG_PATTERN));
return false;
}
password = cryptPassword(password);
try (Connection con = DatabaseFactory.getInstance().getConnection();
PreparedStatement statement = con.prepareStatement(INSERT_PASSWORD)) {
statement.setString(1, _activeClient.getAccountName());
statement.setString(2, VAR_PWD);
statement.setString(3, password);
statement.execute();
} catch (Exception e) {
_log.log(Level.SEVERE, "Error while writing password.", e);
return false;
}
_password = password;
return true;
}
public void openDialog() {
if (passwordExist()) {
_activeClient.sendPacket(new Ex2ndPasswordCheck(Ex2ndPasswordCheck.PASSWORD_PROMPT));
} else {
_activeClient.sendPacket(new Ex2ndPasswordCheck(Ex2ndPasswordCheck.PASSWORD_NEW));
}
}
public boolean changePassword(String oldPassword, String newPassword) {
if (!passwordExist()) {
_log.warning(
"[SecondaryPasswordAuth]" + _activeClient.getAccountName() + " forced changePassword");
_activeClient.closeNow();
return false;
}
if (!checkPassword(oldPassword, true)) {
return false;
}
if (!validatePassword(newPassword)) {
_activeClient.sendPacket(new Ex2ndPasswordAck(2, Ex2ndPasswordAck.WRONG_PATTERN));
return false;
}
newPassword = cryptPassword(newPassword);
try (Connection con = DatabaseFactory.getInstance().getConnection();
PreparedStatement statement = con.prepareStatement(UPDATE_PASSWORD)) {
statement.setString(1, newPassword);
statement.setString(2, _activeClient.getAccountName());
statement.setString(3, VAR_PWD);
statement.execute();
} catch (Exception e) {
_log.log(Level.SEVERE, "Error while reading password.", e);
return false;
}
_password = newPassword;
_authed = false;
return true;
}
public boolean checkPassword(String password, boolean skipAuth) {
password = cryptPassword(password);
if (!password.equals(_password)) {
_wrongAttempts++;
if (_wrongAttempts < SecondaryAuthData.getInstance().getMaxAttempts()) {
_activeClient.sendPacket(
new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_WRONG, _wrongAttempts));
insertWrongAttempt(_wrongAttempts);
} else {
LoginServerThread.getInstance()
.sendTempBan(
_activeClient.getAccountName(),
_activeClient.getConnectionAddress().getHostAddress(),
SecondaryAuthData.getInstance().getBanTime());
LoginServerThread.getInstance()
.sendMail(
_activeClient.getAccountName(),
"SATempBan",
_activeClient.getConnectionAddress().getHostAddress(),
Integer.toString(SecondaryAuthData.getInstance().getMaxAttempts()),
Long.toString(SecondaryAuthData.getInstance().getBanTime()),
SecondaryAuthData.getInstance().getRecoveryLink());
_log.warning(
_activeClient.getAccountName()
+ " - ("
+ _activeClient.getConnectionAddress().getHostAddress()
+ ") has inputted the wrong password "
+ _wrongAttempts
+ " times in row.");
insertWrongAttempt(0);
_activeClient.close(
new Ex2ndPasswordVerify(
Ex2ndPasswordVerify.PASSWORD_BAN,
SecondaryAuthData.getInstance().getMaxAttempts()));
}
return false;
}
if (!skipAuth) {
_authed = true;
_activeClient.sendPacket(
new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_OK, _wrongAttempts));
}
insertWrongAttempt(0);
return true;
}
public boolean insertWrongAttempt(int attempts) {
try (Connection con = DatabaseFactory.getInstance().getConnection();
PreparedStatement statement = con.prepareStatement(INSERT_ATTEMPT)) {
statement.setString(1, _activeClient.getAccountName());
statement.setString(2, VAR_WTE);
statement.setString(3, Integer.toString(attempts));
statement.setString(4, Integer.toString(attempts));
statement.execute();
} catch (Exception e) {
_log.log(Level.SEVERE, "Error while writing wrong attempts.", e);
return false;
}
return true;
}
private void loadPassword() {
String var, value = null;
try (Connection con = DatabaseFactory.getInstance().getConnection();
PreparedStatement statement = con.prepareStatement(SELECT_PASSWORD)) {
statement.setString(1, _activeClient.getAccountName());
try (ResultSet rs = statement.executeQuery()) {
while (rs.next()) {
var = rs.getString("var");
value = rs.getString("value");
if (var.equals(VAR_PWD)) {
_password = value;
} else if (var.equals(VAR_WTE)) {
_wrongAttempts = Integer.parseInt(value);
}
}
}
} catch (Exception e) {
_log.log(Level.SEVERE, "Error while reading password.", e);
}
}
