Jump to content
This Topic
--> Place your ad text here <--
Get Free Banners - Giveaway MaxCheaters.com
We're Rebuilding – Join Our Staff Team

Pin Code For H5

Napster321

By Napster321
in Server Shares & Files [L2J]

 Share

Recommended Posts

Napster321 Newbie

Napster321

Posted
Posted

I think it will need a small addaption to l2j or the pack that you use..I found that on a russian forum .

39794700.png

 

 

 

SecondaryPasswordAuth.java

package l2p.gameserver.network;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Calendar;
import java.util.logging.Level;
import java.util.logging.Logger;

import jonelo.sugar.util.Base64;
import l2p.commons.dbutils.DbUtils;
import l2p.gameserver.Config;
import l2p.gameserver.database.DatabaseFactory;
import l2p.gameserver.model.Player;
import l2p.gameserver.network.GameClient;
import l2p.gameserver.serverpackets.Ex2ndPasswordAck;
import l2p.gameserver.serverpackets.Ex2ndPasswordCheck;
import l2p.gameserver.serverpackets.Ex2ndPasswordVerify;
import l2p.gameserver.utils.Log;
import l2p.gameserver.utils.Util;

public class SecondaryPasswordAuth
{
private final Logger _log = Logger.getLogger(SecondaryPasswordAuth.class.getName());
private final GameClient _activeClient;

private String _password;
private int _wrongAttempts;
private boolean _authed;

private static final String VAR_PWD = "secauth_pwd";
private static final String VAR_WTE = "secauth_wte";

private static final String SELECT_PASSWORD = "SELECT var, value FROM character_secondary_password WHERE account_name=? AND var LIKE 'secauth_%'";
private static final String INSERT_PASSWORD = "INSERT INTO character_secondary_password VALUES (?, ?, ?)";
private static final String UPDATE_PASSWORD = "UPDATE character_secondary_password SET value=? WHERE account_name=? AND var=?";
private static final String INSERT_ATTEMPT = "INSERT INTO character_secondary_password VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value=?";
// private static final String BAN_ACCOUNT = "UPDATE accounts SET banExpires=? WHERE login=?";

/**
* @param activeClient
*/
public SecondaryPasswordAuth(GameClient activeClient)
{
_activeClient = activeClient;
_password = null;
_wrongAttempts = 0;
_authed = false;
loadPassword();
}

private void loadPassword()
{
String var, value = null;

Connection con = null;
PreparedStatement statement = null;
ResultSet rset = null;
try
{
con = DatabaseFactory.getInstance().getConnection();
statement = con.prepareStatement(SELECT_PASSWORD);
statement.setString(1, _activeClient.getLogin());
ResultSet rs = statement.executeQuery();
while(rs.next())
{
var = rs.getString("var");
value = rs.getString("value");

if(var.equals(VAR_PWD))
_password = value;
else if(var.equals(VAR_WTE))
_wrongAttempts = Integer.parseInt(value);
}
statement.close();
}
catch(Exception e)
{
_log.log(Level.SEVERE, "Error while reading password.", e);
}
finally
{
DbUtils.closeQuietly(con, statement, rset);
}
}

public boolean savePassword(String password)
{
if(passwordExist())
{
_log.warning("[secondaryPasswordAuth]" + _activeClient.getLogin() + " forced savePassword");
_activeClient.closeNow(true);
return false;
}

if(!validatePassword(password))
{
_activeClient.sendPacket(new Ex2ndPasswordAck(Ex2ndPasswordAck.WRONG_PATTERN));
return false;
}

password = cryptPassword(password);

Connection con = null;
PreparedStatement statement = null;
ResultSet rset = null;
try
{
con = DatabaseFactory.getInstance().getConnection();
statement = con.prepareStatement(INSERT_PASSWORD);
statement.setString(1, _activeClient.getLogin());
statement.setString(2, VAR_PWD);
statement.setString(3, password);
statement.execute();
statement.close();
}
catch(Exception e)
{
_log.log(Level.SEVERE, "Error while writing password.", e);
return false;
}
finally
{
DbUtils.closeQuietly(con, statement, rset);
}
_password = password;
return true;
}

public boolean insertWrongAttempt(int attempts)
{
Connection con = null;
PreparedStatement statement = null;
ResultSet rset = null;
try
{
con = DatabaseFactory.getInstance().getConnection();
statement = con.prepareStatement(INSERT_ATTEMPT);
statement.setString(1, _activeClient.getLogin());
statement.setString(2, VAR_WTE);
statement.setString(3, Integer.toString(attempts));
statement.setString(4, Integer.toString(attempts));
statement.execute();
statement.close();
}
catch(Exception e)
{
_log.log(Level.SEVERE, "Error while writing wrong attempts.", e);
return false;
}
finally
{
DbUtils.closeQuietly(con, statement, rset);
}
return true;
}

public boolean changePassword(String oldPassword, String newPassword)
{
if(!passwordExist())
{
_log.warning("[secondaryPasswordAuth]" + _activeClient.getLogin() + " forced changePassword");
_activeClient.closeNow(true);
return false;
}

if(!checkPassword(oldPassword, true))
return false;

if(!validatePassword(newPassword))
{
_activeClient.sendPacket(new Ex2ndPasswordAck(Ex2ndPasswordAck.WRONG_PATTERN));
return false;
}

newPassword = cryptPassword(newPassword);

Connection con = null;
PreparedStatement statement = null;
ResultSet rset = null;
try
{
con = DatabaseFactory.getInstance().getConnection();
statement = con.prepareStatement(UPDATE_PASSWORD);
statement.setString(1, newPassword);
statement.setString(2, _activeClient.getLogin());
statement.setString(3, VAR_PWD);
statement.execute();
statement.close();
}
catch(Exception e)
{
_log.log(Level.SEVERE, "Error while reading password.", e);
return false;
}
finally
{
DbUtils.closeQuietly(con, statement, rset);
}
_password = newPassword;
_authed = false;
return true;
}

public boolean checkPassword(String password, boolean skipAuth)
{
password = cryptPassword(password);

if(!password.equals(_password))
{
_wrongAttempts++;
if(_wrongAttempts < Config.SECOND_AUTH_MAX_ATTEMPTS)
{
_activeClient.sendPacket(new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_WRONG, _wrongAttempts));
insertWrongAttempt(_wrongAttempts);
}
else
{
if(Config.SECOND_AUTH_BAN_ACC)
banAccount(_activeClient.getActiveChar());
Log.add(_activeClient.getLogin() + " - (" + _activeClient.getIpAddr() + ") has inputted the wrong password " + _wrongAttempts + " times in row.", "banned_accounts");
insertWrongAttempt(0);
_activeClient.close(new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_BAN, Config.SECOND_AUTH_MAX_ATTEMPTS));
}
return false;
}
if(!skipAuth)
{
_authed = true;
_activeClient.sendPacket(new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_OK, _wrongAttempts));
}
insertWrongAttempt(0);
return true;
}

private void banAccount(Player plyr)
{
long banTime = Config.SECOND_AUTH_BAN_TIME;

try
{
plyr.setAccessLevel(-100);
ban(plyr, banTime);
plyr.kick();
}
catch(Exception e)
{
_log.log(Level.SEVERE, "Error while banning account.", e);
}
}

private void ban(Player actor, long time)
{
long date = Calendar.getInstance().getTimeInMillis();
long endban = date / 1000 + time * 60;
String msg = "Secondary Password Auth ban Player" + actor.getName() + " on " + time + " sec";

Connection con = null;
PreparedStatement statement = null;
try
{
con = DatabaseFactory.getInstance().getConnection();
statement = con.prepareStatement("INSERT INTO bans (account_name, obj_id, baned, unban, reason, GM, endban) VALUES(?,?,?,?,?,?,?)");
statement.setString(1, actor.getAccountName());
statement.setInt(2, actor.getObjectId());
statement.setString(3, "SU");
statement.setString(4, "SU");
statement.setString(5, msg);
statement.setString(6, "SU");
statement.setLong(7, endban);
statement.execute();
}
catch(Exception e)
{
_log.warning("could not store bans data:" + e);
}
finally
{
DbUtils.closeQuietly(con, statement);
}
}

public boolean passwordExist()
{
return _password == null ? false : true;
}

public void openDialog()
{
if(passwordExist())
_activeClient.sendPacket(new Ex2ndPasswordCheck(Ex2ndPasswordCheck.PASSWORD_PROMPT));
else
_activeClient.sendPacket(new Ex2ndPasswordCheck(Ex2ndPasswordCheck.PASSWORD_NEW));
}

public boolean isAuthed()
{
return _authed;
}

private String cryptPassword(String password)
{
try
{
MessageDigest md = MessageDigest.getInstance("SHA");
byte[] raw = password.getBytes("UTF-8");
byte[] hash = md.digest(raw);
return Base64.encodeBytes(hash);
}
catch(NoSuchAlgorithmException e)
{
_log.severe("[secondaryPasswordAuth]Unsupported Algorythm");
}
catch(UnsupportedEncodingException e)
{
_log.severe("[secondaryPasswordAuth]Unsupported Encoding");
}
return null;
}

private boolean validatePassword(String password)
{
if(!Util.isDigit(password))
return false;

if(password.length() < 6 || password.length() > 
return false;

if(Config.SECOND_AUTH_STRONG_PASS)
{
for(int i = 0; i < password.length() - 1; i++)
{
char curCh = password.charAt(i);
char nxtCh = password.charAt(i + 1);

if(curCh + 1 == nxtCh)
return false;
else if(curCh - 1 == nxtCh)
return false;
else if(curCh == nxtCh)
return false;
}
for(int i = 0; i < password.length() - 2; i++)
{
String toChk = password.substring(i + 1);
StringBuffer chkEr = new StringBuffer(password.substring(i, i + 2));

if(toChk.contains(chkEr))
return false;
else if(toChk.contains(chkEr.reverse()))
return false;
}
}
_wrongAttempts = 0;
return true;
}
}

 

Config.java

 

find that

 

HTM_CACHE_MODE

 

and add bellow

public static boolean SECOND_AUTH_ENABLED;
public static boolean SECOND_AUTH_BAN_ACC;
public static boolean SECOND_AUTH_STRONG_PASS;
public static int SECOND_AUTH_MAX_ATTEMPTS;
public static long SECOND_AUTH_BAN_TIME;
public static String SECOND_AUTH_REC_LINK;

 

after find that

 

HTM_CACHE_MODE = serverSettings.getProperty("HtmCacheMode", HtmCache.LAZY);

 

 

and add bellow

SECOND_AUTH_ENABLED = serverSettings.getProperty("SAEnabled", false);
SECOND_AUTH_BAN_ACC = serverSettings.getProperty("SABanAccEnabled", false);
SECOND_AUTH_STRONG_PASS = serverSettings.getProperty("SAStrongPass", false);
SECOND_AUTH_MAX_ATTEMPTS = serverSettings.getProperty("SAMaxAttemps", 5);
SECOND_AUTH_BAN_TIME = serverSettings.getProperty("SABanTime", 480);
SECOND_AUTH_REC_LINK = serverSettings.getProperty("SARecoveryLink", "http://www.my-domain...harPassRec.php");

 

 

open Util.java go to the bottom and insert

 

Public static Boolean isdigit (String text) 
{ 
if (text == null | | text.isEmpty ()) 
return false; 
for (char C: text.toCharArray ()) 
if (! Character.isDigit ©) 
return false; 
return true ; 
} 
}

 

 

open server.properties and add

 

# ============================ ============ 
# Settings to set a password on your character SA (Secondary Auth) 
# Pre-include this option in the client (UseSecondaryAuth = true) 
# ============== ========================== 
# include whether the system SA 
SAEnabled = True 
# ban account after a user has exceeded the number of password attempts? 
SABanAccEnabled = True 
# Enhanced password system, combined with the odd even sure! 
SAStrongPass = False 
# The maximum number of password attempts 
SAMaxAttemps = 5 
# Banlength Chara for failure password (min) 
SABanTime = 480
# link to the password recovery page 
SARecoveryLink = http://www . My-Domain ... charPassRec.php
# ======================================= =

 

 

SQL Part

 

DROP TABLE IF EXISTS `character_secondary_password`; 
CREATE TABLE `character_secondary_password` ( 
  `account_name` VARCHAR (45) NOT NULL DEFAULT'', 
  `var` VARCHAR (20) NOT NULL DEFAULT'', 
  `value` VARCHAR (255), 
  PRIMARY KEY (account_name ``, `var`) 
) ENGINE = MyISAM DEFAULT CHARSET = utf8;

 

credits : kick

Fizo Newbie

Fizo

Posted
Posted

thats looks great i will test it right now man ! thanks for share

 

also fix this line in your config's

 

# Banlength Chara for failure password (min)

= 480 SABanTime

 

i think this must be like

 

# Banlength Chara for failure password (min)

SABanTime = 480

Napster321 Newbie

Napster321

Posted
  • Author
Posted
  On 1/17/2013 at 1:40 AM, Fizo said:

thats looks great i will test it right now man ! thanks for share

 

also fix this line in your config's

 

# Banlength Chara for failure password (min)

= 480 SABanTime

 

i think this must be like

 

# Banlength Chara for failure password (min)

SABanTime = 480

fixed topic updated
  • 9 months later...
xdem Proficient

xdem

Posted
Posted
  On 11/4/2013 at 12:41 PM, yukselkasayka123 said:

make it for interlude and send me from message :P

 

OKAY BOSS, NOW IM GONNA DECOMPILE INTERLUDE CLIENT AND CREATE THIS PACKET FOR YOU, GIMME A SEC PLZ

Napster321 Newbie

Napster321

Posted
  • Author
Posted
  On 11/4/2013 at 12:41 PM, yukselkasayka123 said:

make it for interlude and send me from message :P

i can via email only i can't send messages in mxc, xdem don't do it i will do it :D

Guest
This topic is now closed to further replies.
 Share
Go to topic listing


  • Posts

    • Celestine
      ⚜ Custom UPDATER / LAUNCHER ⚜

      By Celestine · Posted

      It's not because I'm an admin that he treated me differently. I actually gave him several clients from my side without him even knowing they came from me, and most of them had no issues. I was also waiting 3–4 weeks at times for things I bought from AvE, even when I was in a rush. He still delivered in the end. That said, I'm not defending him blindly. I'm just saying it's unlikely he’d risk scamming someone over 60–100€, especially knowing how quickly word spreads here.
    • Ave
      ⚜ Custom UPDATER / LAUNCHER ⚜

      By Ave · Posted

      For exact same reason - there were accusation that I scammed. When was it? 2016? But in that time, admins actually didn't listen. I got banned, then unbaned (when I prooved I've refunded) but I was trash talking to mods. When few months later same shit happened, Grisom (?) old global mod, banned me anyway. You can read somewhere on forum how I was shitting on him for doing that (from other account because original account was banned) - which was banned too. He is not here anymore I think. Back in the days I was well know for not carring that much if I was talking to mod or admin, I didn't hold my tongue. Now You know. Just like You know - if I delay, I deliver or refund. I'm not a scammer, even if my old time haterz love to repeat themselfs like mantra. I don't care.
    • Splicho
      ⚜ Custom UPDATER / LAUNCHER ⚜

      By Splicho · Posted

      Okay I respect that but why is your other account banned?   I don't think this happened just because you delayed somebodys work even in 2012
    • Ave
      ⚜ Custom UPDATER / LAUNCHER ⚜

      By Ave · Posted

      Do You understand the fact, I won't scam anyone? Can You grasp such idea?  Second of all, if a random restaurant on Google Maps has 599 positive reviews and few negative ones with 4,8* score, do You ask Google to block it's profile and burn the place down? No? Then why the fuck You are crying about my random delays? If someone can't get a CUSTOM DESIGN on time, I refund. I'm not 16  y.o. anymore. I don't make living out of this L2 bullshit. Never did. Since 2012 I've made shit tons of projects. How many delays did I have? 12? 15? Out of hundrets of projects. Calm Your tits please. If I would actually take 4k euro and NOT deliver and NOT refund - admins can ban me. So don't compare me to Simple. And just so You know, Celestine sent me customers, so it's not like I've worked with him on his account all the time. That's another thing You won't understand. I won't waste anymore time on You and any other cunt who never was my customer but is bitching just because he has nothing better to do in his life. You don't like my work? Hove along, I don't give a shit. 
    • Litch
      We're Rebuilding MaxCheaters – Join Our Staff Team

      By Litch · Posted

      MMGA 🥰

  • Topics

×
×
  • Create New...