Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public int login(String login, String pwd, boolean ipMacBanned) {
- int loginok = 5;
- try {
- Connection con = DatabaseConnection.getConnection();
- PreparedStatement ps = con.prepareStatement("SELECT * FROM accounts WHERE name = ?");
- ps.setString(1, login);
- ResultSet rs = ps.executeQuery();
- if (rs.next()) {
- final int banned = rs.getInt("banned");
- final String passhash = rs.getString("password");
- final String salt = rs.getString("salt");
- final String oldSession = rs.getString("SessionIP");
- accountName = login;
- accId = rs.getInt("id");
- secondPassword = rs.getString("2ndpassword");
- salt2 = rs.getString("salt2");
- gm = rs.getInt("gm") > 0;
- greason = rs.getByte("greason");
- tempban = getTempBanCalendar(rs);
- gender = rs.getByte("gender");
- final boolean admin = rs.getInt("gm") > 1;
- if (secondPassword != null && salt2 != null) {
- secondPassword = LoginCrypto.rand_r(secondPassword);
- }
- ps.close();
- if (banned > 0 && gm) {
- loginok = 3;
- } else {
- if (banned == -1) {
- unban();
- }
- byte loginstate = getLoginState();
- if (loginstate > MapleClient.LOGIN_NOTLOGGEDIN) { // already loggedin
- loggedIn = false;
- loginok = 7;
- if (pwd.equalsIgnoreCase("fixme")) {
- try {
- ps = con.prepareStatement("UPDATE accounts SET loggedin = 0 WHERE name = ?");
- ps.setString(1, login);
- ps.executeUpdate();
- ps.close();
- } catch (SQLException se) {
- }
- }
- } else {
- boolean updatePasswordHash = false;
- // Check if the passwords are correct here. :B
- if (passhash == null || passhash.isEmpty()) {
- //match by sessionIP
- if (oldSession != null && !oldSession.isEmpty()) {
- loggedIn = getSessionIPAddress().equals(oldSession);
- loginok = loggedIn ? 0 : 4;
- updatePasswordHash = loggedIn;
- } else {
- loginok = 4;
- loggedIn = false;
- }
- } else if (LoginCryptoLegacy.isLegacyPassword(passhash) && LoginCryptoLegacy.checkPassword(pwd, passhash)) {
- // Check if a password upgrade is needed.
- loginok = 0;
- updatePasswordHash = true;
- } else if (salt == null && LoginCrypto.checkSha1Hash(passhash, pwd)) {
- loginok = 0;
- updatePasswordHash = true;
- } else if (salt != null && LoginCrypto.checkSaltedSha1Hash(passhash, pwd, salt)) {
- loginok = 0; //new standard
- } else if (salt != null && LoginCrypto.checkSaltedSha512Hash(passhash, pwd, salt)) {
- updatePasswordHash = true; //migrates away from Sha512, higher bit count but incompatible
- loginok = 0;
- /* Take out to reflect salted SHA1 Redirector
- Java's SHA512 implementation is incompatible
- Enable only if you know what you're doing
- */
- } else {
- loggedIn = false;
- loginok = 4;
- }
- if (updatePasswordHash) {
- try (PreparedStatement pss = con.prepareStatement("UPDATE `accounts` SET `password` = ?, `salt` = ? WHERE id = ?")) {
- final String newSalt = LoginCrypto.makeSalt();
- pss.setString(1, LoginCrypto.makeSaltedSha1Hash(pwd, newSalt));
- pss.setString(2, newSalt);
- pss.setInt(3, accId);
- pss.executeUpdate();
- }
- }
- }
- }
- }
- rs.close();
- ps.close();
- } catch (SQLException e) {
- System.err.println("ERROR" + e);
- }
- return loginok;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement