API tools faq
paste
Advertisement
toko214

MapleClient.login

toko214
Nov 20th, 2017
166
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.96 KB | None | 0 0
raw download clone embed print report
  1. public int login(String login, String pwd, boolean ipMacBanned) {
  2. int loginok = 5;
  3. try {
  4. Connection con = DatabaseConnection.getConnection();
  5. PreparedStatement ps = con.prepareStatement("SELECT * FROM accounts WHERE name = ?");
  6. ps.setString(1, login);
  7. ResultSet rs = ps.executeQuery();
  8.  
  9. if (rs.next()) {
  10. final int banned = rs.getInt("banned");
  11. final String passhash = rs.getString("password");
  12. final String salt = rs.getString("salt");
  13. final String oldSession = rs.getString("SessionIP");
  14.  
  15. accountName = login;
  16. accId = rs.getInt("id");
  17. secondPassword = rs.getString("2ndpassword");
  18. salt2 = rs.getString("salt2");
  19. gm = rs.getInt("gm") > 0;
  20. greason = rs.getByte("greason");
  21. tempban = getTempBanCalendar(rs);
  22. gender = rs.getByte("gender");
  23.  
  24. final boolean admin = rs.getInt("gm") > 1;
  25.  
  26. if (secondPassword != null && salt2 != null) {
  27. secondPassword = LoginCrypto.rand_r(secondPassword);
  28. }
  29. ps.close();
  30.  
  31. if (banned > 0 && gm) {
  32. loginok = 3;
  33. } else {
  34. if (banned == -1) {
  35. unban();
  36. }
  37. byte loginstate = getLoginState();
  38. if (loginstate > MapleClient.LOGIN_NOTLOGGEDIN) { // already loggedin
  39. loggedIn = false;
  40. loginok = 7;
  41. if (pwd.equalsIgnoreCase("fixme")) {
  42. try {
  43. ps = con.prepareStatement("UPDATE accounts SET loggedin = 0 WHERE name = ?");
  44. ps.setString(1, login);
  45. ps.executeUpdate();
  46. ps.close();
  47. } catch (SQLException se) {
  48. }
  49. }
  50. } else {
  51. boolean updatePasswordHash = false;
  52. // Check if the passwords are correct here. :B
  53. if (passhash == null || passhash.isEmpty()) {
  54. //match by sessionIP
  55. if (oldSession != null && !oldSession.isEmpty()) {
  56. loggedIn = getSessionIPAddress().equals(oldSession);
  57. loginok = loggedIn ? 0 : 4;
  58. updatePasswordHash = loggedIn;
  59. } else {
  60. loginok = 4;
  61. loggedIn = false;
  62. }
  63. } else if (LoginCryptoLegacy.isLegacyPassword(passhash) && LoginCryptoLegacy.checkPassword(pwd, passhash)) {
  64. // Check if a password upgrade is needed.
  65. loginok = 0;
  66. updatePasswordHash = true;
  67. } else if (salt == null && LoginCrypto.checkSha1Hash(passhash, pwd)) {
  68. loginok = 0;
  69. updatePasswordHash = true;
  70. } else if (salt != null && LoginCrypto.checkSaltedSha1Hash(passhash, pwd, salt)) {
  71. loginok = 0; //new standard
  72. } else if (salt != null && LoginCrypto.checkSaltedSha512Hash(passhash, pwd, salt)) {
  73. updatePasswordHash = true; //migrates away from Sha512, higher bit count but incompatible
  74. loginok = 0;
  75. /* Take out to reflect salted SHA1 Redirector
  76. Java's SHA512 implementation is incompatible
  77. Enable only if you know what you're doing
  78. */
  79. } else {
  80. loggedIn = false;
  81. loginok = 4;
  82. }
  83. if (updatePasswordHash) {
  84. try (PreparedStatement pss = con.prepareStatement("UPDATE `accounts` SET `password` = ?, `salt` = ? WHERE id = ?")) {
  85. final String newSalt = LoginCrypto.makeSalt();
  86. pss.setString(1, LoginCrypto.makeSaltedSha1Hash(pwd, newSalt));
  87. pss.setString(2, newSalt);
  88. pss.setInt(3, accId);
  89. pss.executeUpdate();
  90. }
  91. }
  92. }
  93. }
  94. }
  95. rs.close();
  96. ps.close();
  97. } catch (SQLException e) {
  98. System.err.println("ERROR" + e);
  99. }
  100. return loginok;
  101. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!