help | secure auto register
Hello you,
These days I tried to get better secure auto-register.
I would like to safeguard my login by condition.
I want the password lenght at register will be required 8 characters at least.
Password must be complex by one of @-* symbols, one of 1-9 numbers and other letters.
How can I do it? (CharLoginHandler)
Alot of regards,
Yarin.
Re: help | secure auto register
Re: help | secure auto register
If such a check is added, I will think that it is good.
PHP Code:
import java.util.regex.Pattern;
import java.util.regex.Matcher;
:
/* I don't know check '-' or '*', please change the parameter of p1 and p3 */
Pattern p1 = Pattern.compile("@+"); // one or more symbols('@')
Matcher m1 = p1.matcher(pwd);
Pattern p2 = Pattern.compile("[0-9]+"); // one or more numbers
Matcher m2 = p2.matcher(pwd);
//Pattern p3 = Pattern.compile("[a-zA-Z]+"); // one or more letters
Pattern p3 = Pattern.compile("[^@0-9]+"); // one or more other letters
Matcher m3 = p3.matcher(pwd);
if ((pwd.length() < 8) || !m1.find() || !m2.find() || !m3.find()) {
loginok = 4;
} else {
/* Auto register routine */
}
Re: help | secure auto register
Quote:
Originally Posted by
namazi
If such a check is added, I will think that it is good.
PHP Code:
import java.util.regex.Pattern;
import java.util.regex.Matcher;
:
/* I don't know check '-' or '*', please change the parameter of p1 and p3 */
Pattern p1 = Pattern.compile("@+"); // one or more symbols('@')
Matcher m1 = p1.matcher(pwd);
Pattern p2 = Pattern.compile("[0-9]+"); // one or more numbers
Matcher m2 = p2.matcher(pwd);
//Pattern p3 = Pattern.compile("[a-zA-Z]+"); // one or more letters
Pattern p3 = Pattern.compile("[^@0-9]+"); // one or more other letters
Matcher m3 = p3.matcher(pwd);
if ((pwd.length() < 8) || !m1.find() || !m2.find() || !m3.find()) {
loginok = 4;
} else {
/* Auto register routine */
}
thank you namazi, but, in which line should I put it? under any public line - but which one?
You're very help me. please answer this question.
Re: help | secure auto register
A few was changed...
The example which rewrote CharLoginHandler.java of GMS117 is written. (need AutoRegister.java)
2lines, 11lines, and 1line added. (show "//// added -- " marks)
PHP Code:
package handling.login.handler;
import java.util.List;
import java.util.LinkedHashMap;
import java.util.Calendar;
import java.util.regex.Pattern; //// Added --v
import java.util.regex.Matcher; //// Added --^
import client.inventory.Item;
import client.MapleClient;
import client.MapleCharacter;
import client.MapleCharacterUtil;
and
PHP Code:
public static final void login(final LittleEndianAccessor slea, final MapleClient c) {
String login = c.isLocalhost() ? "admin" : slea.readMapleAsciiString();
String pwd = c.isLocalhost() ? "admin" : slea.readMapleAsciiString();
int loginok = 0;
final boolean ipBan = c.hasBannedIP();
final boolean macBan = c.hasBannedMac();
Pattern p1 = Pattern.compile("[@\\-\\*]+"); // one or more symbols('@' or '-' or '*') //// Added --v
Matcher m1 = p1.matcher(pwd);
Pattern p2 = Pattern.compile("[0-9]+"); // one or more numbers
Matcher m2 = p2.matcher(pwd);
//Pattern p3 = Pattern.compile("[a-zA-Z]+"); // one or more letters
Pattern p3 = Pattern.compile("[^@\\-\\*0-9]+"); // one or more other letters
Matcher m3 = p3.matcher(pwd);
if ((pwd.length() < 8) || !m1.find() || !m2.find() || !m3.find()) {
loginok = 4;
} else { //// Added --^
if (AutoRegister.getAccountExists(login) != false) {
loginok = c.login(login, pwd, ipBan || macBan);
} else if (AutoRegister.autoRegister != false && (!c.hasBannedIP() || !c.hasBannedMac())) {
AutoRegister.createAccount(login, pwd, c.getSession().getRemoteAddress().toString());
if (AutoRegister.success != false) {
loginok = c.login(login, pwd, ipBan || macBan);
}
}
} //// Added --x
final Calendar tempbannedTill = c.getTempBanCalendar();
if (loginok == 0 && (ipBan || macBan) && !c.isGm()) {
loginok = 3;
if (macBan) {
// this is only an ipban o.O" - maybe we should refactor this a bit so it's more readable
MapleCharacter.ban(c.getSession().getRemoteAddress().toString().split(":")[0], "Enforcing account ban, account " + login, false, 4, false);
}
}
if (loginok != 0) {
if (!loginFailCount(c)) {
c.clearInformation();
c.getSession().write(LoginPacket.getLoginFailed(loginok));
} else {
c.getSession().close();
}
} else if (tempbannedTill.getTimeInMillis() != 0) {
if (!loginFailCount(c)) {
c.clearInformation();
c.getSession().write(LoginPacket.getTempBan(PacketHelper.getTime(tempbannedTill.getTimeInMillis()), c.getBanReason()));
} else {
c.getSession().close();
}
} else {
c.loginAttempt = 0;
LoginWorker.registerClient(c);
}
}
Re: help | secure auto register
Quote:
Originally Posted by
namazi
A few was changed...
The example which rewrote CharLoginHandler.java of GMS117 is written. (need AutoRegister.java)
2lines, 11lines, and 1line added. (show "//// added -- " marks)
PHP Code:
package handling.login.handler;
import java.util.List;
import java.util.LinkedHashMap;
import java.util.Calendar;
import java.util.regex.Pattern; //// Added --v
import java.util.regex.Matcher; //// Added --^
import client.inventory.Item;
import client.MapleClient;
import client.MapleCharacter;
import client.MapleCharacterUtil;
and
PHP Code:
public static final void login(final LittleEndianAccessor slea, final MapleClient c) {
String login = c.isLocalhost() ? "admin" : slea.readMapleAsciiString();
String pwd = c.isLocalhost() ? "admin" : slea.readMapleAsciiString();
int loginok = 0;
final boolean ipBan = c.hasBannedIP();
final boolean macBan = c.hasBannedMac();
Pattern p1 = Pattern.compile("[@\\-\\*]+"); // one or more symbols('@' or '-' or '*') //// Added --v
Matcher m1 = p1.matcher(pwd);
Pattern p2 = Pattern.compile("[0-9]+"); // one or more numbers
Matcher m2 = p2.matcher(pwd);
//Pattern p3 = Pattern.compile("[a-zA-Z]+"); // one or more letters
Pattern p3 = Pattern.compile("[^@\\-\\*0-9]+"); // one or more other letters
Matcher m3 = p3.matcher(pwd);
if ((pwd.length() < 8) || !m1.find() || !m2.find() || !m3.find()) {
loginok = 4;
} else { //// Added --^
if (AutoRegister.getAccountExists(login) != false) {
loginok = c.login(login, pwd, ipBan || macBan);
} else if (AutoRegister.autoRegister != false && (!c.hasBannedIP() || !c.hasBannedMac())) {
AutoRegister.createAccount(login, pwd, c.getSession().getRemoteAddress().toString());
if (AutoRegister.success != false) {
loginok = c.login(login, pwd, ipBan || macBan);
}
}
} //// Added --x
final Calendar tempbannedTill = c.getTempBanCalendar();
if (loginok == 0 && (ipBan || macBan) && !c.isGm()) {
loginok = 3;
if (macBan) {
// this is only an ipban o.O" - maybe we should refactor this a bit so it's more readable
MapleCharacter.ban(c.getSession().getRemoteAddress().toString().split(":")[0], "Enforcing account ban, account " + login, false, 4, false);
}
}
if (loginok != 0) {
if (!loginFailCount(c)) {
c.clearInformation();
c.getSession().write(LoginPacket.getLoginFailed(loginok));
} else {
c.getSession().close();
}
} else if (tempbannedTill.getTimeInMillis() != 0) {
if (!loginFailCount(c)) {
c.clearInformation();
c.getSession().write(LoginPacket.getTempBan(PacketHelper.getTime(tempbannedTill.getTimeInMillis()), c.getBanReason()));
} else {
c.getSession().close();
}
} else {
c.loginAttempt = 0;
LoginWorker.registerClient(c);
}
}
thank you so much.
works great!
add me to skype if you got: secure00x