public boolean savePassword(String password) { if (passwordExist()) { _log.warning( "[SecondaryPasswordAuth]" + _activeClient.getAccountName() + " forced savePassword"); _activeClient.closeNow(); return false; } if (!validatePassword(password)) { _activeClient.sendPacket(new Ex2ndPasswordAck(0, Ex2ndPasswordAck.WRONG_PATTERN)); return false; } password = cryptPassword(password); try (Connection con = DatabaseFactory.getInstance().getConnection(); PreparedStatement statement = con.prepareStatement(INSERT_PASSWORD)) { statement.setString(1, _activeClient.getAccountName()); statement.setString(2, VAR_PWD); statement.setString(3, password); statement.execute(); } catch (Exception e) { _log.log(Level.SEVERE, "Error while writing password.", e); return false; } _password = password; return true; }
public boolean changePassword(String oldPassword, String newPassword) { if (!passwordExist()) { _log.warning( "[SecondaryPasswordAuth]" + _activeClient.getAccountName() + " forced changePassword"); _activeClient.closeNow(); return false; } if (!checkPassword(oldPassword, true)) { return false; } if (!validatePassword(newPassword)) { _activeClient.sendPacket(new Ex2ndPasswordAck(2, Ex2ndPasswordAck.WRONG_PATTERN)); return false; } newPassword = cryptPassword(newPassword); try (Connection con = DatabaseFactory.getInstance().getConnection(); PreparedStatement statement = con.prepareStatement(UPDATE_PASSWORD)) { statement.setString(1, newPassword); statement.setString(2, _activeClient.getAccountName()); statement.setString(3, VAR_PWD); statement.execute(); } catch (Exception e) { _log.log(Level.SEVERE, "Error while reading password.", e); return false; } _password = newPassword; _authed = false; return true; }
public boolean checkPassword(String password, boolean skipAuth) { password = cryptPassword(password); if (!password.equals(_password)) { _wrongAttempts++; if (_wrongAttempts < SecondaryAuthData.getInstance().getMaxAttempts()) { _activeClient.sendPacket( new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_WRONG, _wrongAttempts)); insertWrongAttempt(_wrongAttempts); } else { LoginServerThread.getInstance() .sendTempBan( _activeClient.getAccountName(), _activeClient.getConnectionAddress().getHostAddress(), SecondaryAuthData.getInstance().getBanTime()); LoginServerThread.getInstance() .sendMail( _activeClient.getAccountName(), "SATempBan", _activeClient.getConnectionAddress().getHostAddress(), Integer.toString(SecondaryAuthData.getInstance().getMaxAttempts()), Long.toString(SecondaryAuthData.getInstance().getBanTime()), SecondaryAuthData.getInstance().getRecoveryLink()); _log.warning( _activeClient.getAccountName() + " - (" + _activeClient.getConnectionAddress().getHostAddress() + ") has inputted the wrong password " + _wrongAttempts + " times in row."); insertWrongAttempt(0); _activeClient.close( new Ex2ndPasswordVerify( Ex2ndPasswordVerify.PASSWORD_BAN, SecondaryAuthData.getInstance().getMaxAttempts())); } return false; } if (!skipAuth) { _authed = true; _activeClient.sendPacket( new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_OK, _wrongAttempts)); } insertWrongAttempt(0); return true; }
public boolean insertWrongAttempt(int attempts) { try (Connection con = DatabaseFactory.getInstance().getConnection(); PreparedStatement statement = con.prepareStatement(INSERT_ATTEMPT)) { statement.setString(1, _activeClient.getAccountName()); statement.setString(2, VAR_WTE); statement.setString(3, Integer.toString(attempts)); statement.setString(4, Integer.toString(attempts)); statement.execute(); } catch (Exception e) { _log.log(Level.SEVERE, "Error while writing wrong attempts.", e); return false; } return true; }
private void loadPassword() { String var, value = null; try (Connection con = DatabaseFactory.getInstance().getConnection(); PreparedStatement statement = con.prepareStatement(SELECT_PASSWORD)) { statement.setString(1, _activeClient.getAccountName()); try (ResultSet rs = statement.executeQuery()) { while (rs.next()) { var = rs.getString("var"); value = rs.getString("value"); if (var.equals(VAR_PWD)) { _password = value; } else if (var.equals(VAR_WTE)) { _wrongAttempts = Integer.parseInt(value); } } } } catch (Exception e) { _log.log(Level.SEVERE, "Error while reading password.", e); } }