Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * User name is not case sensitive any more.
- * @param user
- * @param password
- * @param client
- * @return
- */
- public boolean loginValid(String user, String password, L2LoginClient client)// throws HackingException
- {
- boolean ok = false;
- InetAddress address = client.getConnection().getInetAddress();
- // player disconnected meanwhile
- if ((address == null) || (user == null))
- {
- return false;
- }
- try
- {
- MessageDigest md = MessageDigest.getInstance("SHA");
- byte[] raw = password.getBytes("UTF-8");
- byte[] hash = md.digest(raw);
- //Après avoir appliquer le SHA-1, on applique le SHA512 - CHANGEMENT ICI
- md = MessageDigest.getInstance("SHA-512");
- byte[] hash_2 = md.digest(hash);
- byte[] expected = null;
- int access = 0;
- int lastServer = 1;
- List<InetAddress> ipWhiteList = new ArrayList<>();
- List<InetAddress> ipBlackList = new ArrayList<>();
- try (Connection con = L2DatabaseFactory.getInstance().getConnection();
- PreparedStatement ps = con.prepareStatement(USER_INFO_SELECT))
- {
- ps.setString(1, Long.toString(System.currentTimeMillis()));
- ps.setString(2, user);
- try (ResultSet rset = ps.executeQuery())
- {
- if (rset.next())
- {
- exp
- expected = Base64.decode(rset.getString("password"));
- access = rset.getInt("accessLevel");
- lastServer = rset.getInt("lastServer");
- if (lastServer <= 0)
- {
- lastServer = 1; // minServerId is 1 in Interlude
- }
- if (Config.DEBUG)
- {
- _log.fine("account exists");
- }
- }
- }
- }
- try (Connection con = L2DatabaseFactory.getInstance().getConnection();
- PreparedStatement ps = con.prepareStatement(ACCOUNT_IPAUTH_SELECT))
- {
- ps.setString(1, user);
- try (ResultSet rset = ps.executeQuery())
- {
- String ip, type;
- while (rset.next())
- {
- ip = rset.getString("ip");
- type = rset.getString("type");
- if (!isValidIPAddress(ip))
- {
- continue;
- }
- else if (type.equals("allow"))
- {
- ipWhiteList.add(InetAddress.getByName(ip));
- }
- else if (type.equals("deny"))
- {
- ipBlackList.add(InetAddress.getByName(ip));
- }
- }
- }
- }
- // if account doesn't exists
- if (expected == null)
- {
- if (Config.AUTO_CREATE_ACCOUNTS)
- {
- if ((user.length() >= 2) && (user.length() <= 14))
- {
- try (Connection con = L2DatabaseFactory.getInstance().getConnection();
- PreparedStatement ps = con.prepareStatement(AUTOCREATE_ACCOUNTS_INSERT))
- {
- ps.setString(1, user);
- ps.setString(2, Base64.encodeBytes(hash));
- ps.setLong(3, System.currentTimeMillis());
- ps.setInt(4, 0);
- ps.setString(5, address.getHostAddress());
- ps.execute();
- }
- if (Config.LOG_LOGIN_CONTROLLER)
- {
- Log.add("'" + user + "' " + address.getHostAddress() + " - OK : AccountCreate", "loginlog");
- }
- _log.info("Created new account for " + user);
- return true;
- }
- if (Config.LOG_LOGIN_CONTROLLER)
- {
- Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : ErrCreatingACC", "loginlog");
- }
- _log.warning("Invalid username creation/use attempt: " + user);
- }
- else
- {
- if (Config.LOG_LOGIN_CONTROLLER)
- {
- Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : AccountMissing", "loginlog");
- }
- _log.warning("Account missing for user " + user);
- FailedLoginAttempt failedAttempt = _hackProtection.get(address);
- int failedCount;
- if (failedAttempt == null)
- {
- _hackProtection.put(address, new FailedLoginAttempt(address, password));
- failedCount = 1;
- }
- else
- {
- failedAttempt.increaseCounter();
- failedCount = failedAttempt.getCount();
- }
- if (failedCount >= Config.LOGIN_TRY_BEFORE_BAN)
- {
- _log.info("Banning '" + address.getHostAddress() + "' for " + Config.LOGIN_BLOCK_AFTER_BAN + " seconds due to " + failedCount + " invalid user name attempts");
- this.addBanForAddress(address, Config.LOGIN_BLOCK_AFTER_BAN * 1000);
- }
- }
- return false;
- }
- // is this account banned?
- if (access < 0)
- {
- if (Config.LOG_LOGIN_CONTROLLER)
- {
- Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : AccountBanned", "loginlog");
- }
- client.setAccessLevel(access);
- return false;
- }
- // Check IP
- if (!ipWhiteList.isEmpty() || !ipBlackList.isEmpty())
- {
- if (!ipWhiteList.isEmpty() && !ipWhiteList.contains(address))
- {
- if (Config.LOG_LOGIN_CONTROLLER)
- Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : INCORRECT IP", "loginlog");
- return false;
- }
- if (!ipBlackList.isEmpty() && ipBlackList.contains(address))
- {
- if (Config.LOG_LOGIN_CONTROLLER)
- Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : BLACKLISTED IP", "loginlog");
- return false;
- }
- }
- // check password hash
- ok = Arrays.equals(hash2, expected); //CHANGEMENT ICI
- if (ok)
- {
- client.setAccessLevel(access);
- client.setLastServer(lastServer);
- try (Connection con = L2DatabaseFactory.getInstance().getConnection();
- PreparedStatement ps = con.prepareStatement(ACCOUNT_INFO_UPDATE))
- {
- ps.setLong(1, System.currentTimeMillis());
- ps.setString(2, address.getHostAddress());
- ps.setString(3, user);
- ps.execute();
- }
- }
- }
- catch (Exception e)
- {
- _log.log(Level.WARNING, "Could not check password:" + e.getMessage(), e);
- ok = false;
- }
- if (!ok)
- {
- if (Config.LOG_LOGIN_CONTROLLER)
- {
- Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : LoginFailed", "loginlog");
- }
- FailedLoginAttempt failedAttempt = _hackProtection.get(address);
- int failedCount;
- if (failedAttempt == null)
- {
- _hackProtection.put(address, new FailedLoginAttempt(address, password));
- failedCount = 1;
- }
- else
- {
- failedAttempt.increaseCounter(password);
- failedCount = failedAttempt.getCount();
- }
- if (failedCount >= Config.LOGIN_TRY_BEFORE_BAN)
- {
- _log.info("Banning '" + address.getHostAddress() + "' for " + Config.LOGIN_BLOCK_AFTER_BAN + " seconds due to " + failedCount + " invalid user/pass attempts");
- this.addBanForAddress(address, Config.LOGIN_BLOCK_AFTER_BAN * 1000);
- }
- }
- else
- {
- _hackProtection.remove(address);
- if (Config.LOG_LOGIN_CONTROLLER)
- {
- Log.add("'" + user + "' " + address.getHostAddress() + " - OK : LoginOk", "loginlog");
- }
- }
- return ok;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement