Remove SHA-512 password migration

config.yaml

@@ -193,7 +193,6 @@ server:
     BYPASS_PIN_EXPIRATION: 15           #Enables PIN bypass, which will remain active for that account by that client machine for N minutes. Set 0 to disable.
 
     AUTOMATIC_REGISTER: true        #Automatically register players when they login with a nonexistent username.
-    BCRYPT_MIGRATION: true          #Performs a migration from old SHA-1 and SHA-512 password to bcrypt.
     COLLECTIVE_CHARSLOT: false      #Available character slots are contabilized globally rather than per world server.
     DETERRED_MULTICLIENT: false     #Enables detection of multi-client and suspicious remote IP on the login system.
     #Besides blocking logging in with several client sessions on the same machine, this also blocks suspicious login attempts for players that tries to login on an account using several diferent remote addresses.

src/main/java/client/Client.java

@@ -550,11 +550,8 @@ public class Client extends ChannelInboundHandlerAdapter {
                     if (getLoginState() > LOGIN_NOTLOGGEDIN) { // already loggedin
                         loggedIn = false;
                         loginok = 7;
-                    } else if (passhash.charAt(0) == '$' && passhash.charAt(1) == '2' && BCrypt.checkpw(pwd, passhash)) {
+                    } else if (BCrypt.checkpw(pwd, passhash)) {
                         loginok = (tos == 0) ? 23 : 0;
-                    } else if (pwd.equals(passhash) || checkHash(passhash, "SHA-1", pwd) || checkHash(passhash, "SHA-512", pwd)) {
-                        // thanks GabrielSin for detecting some no-bcrypt inconsistencies here
-                        loginok = (tos == 0) ? (!YamlConfig.config.server.BCRYPT_MIGRATION ? 23 : -23) : (!YamlConfig.config.server.BCRYPT_MIGRATION ? 0 : -10); // migrate to bcrypt
                     } else {
                         loggedIn = false;
                         loginok = 4;

src/main/java/config/ServerConfig.java

@@ -41,7 +41,6 @@ public class ServerConfig {
     public int BYPASS_PIN_EXPIRATION;
 
     public boolean AUTOMATIC_REGISTER;
-    public boolean BCRYPT_MIGRATION;
     public boolean COLLECTIVE_CHARSLOT;
     public boolean DETERRED_MULTICLIENT;
 

src/main/java/net/server/handlers/login/LoginPasswordHandler.java

@@ -39,10 +39,6 @@ import tools.DatabaseConnection;
 import tools.HexTool;
 import tools.PacketCreator;
 
-import java.io.UnsupportedEncodingException;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.sql.Connection;
 import java.sql.Date;
 import java.sql.PreparedStatement;
@@ -65,12 +61,6 @@ public final class LoginPasswordHandler implements PacketHandler {
         return !c.isLoggedIn();
     }
 
-    private static String hashpwSHA512(String pwd) throws NoSuchAlgorithmException, UnsupportedEncodingException {
-        MessageDigest digester = MessageDigest.getInstance("SHA-512");
-        digester.update(pwd.getBytes(StandardCharsets.UTF_8), 0, pwd.length());
-        return HexTool.toHexString(digester.digest()).replace(" ", "").toLowerCase();
-    }
-
     @Override
     public final void handlePacket(InPacket p, Client c) {
         String remoteHost = c.getRemoteAddress();
@@ -93,7 +83,7 @@ public final class LoginPasswordHandler implements PacketHandler {
             try (Connection con = DatabaseConnection.getConnection();
                  PreparedStatement ps = con.prepareStatement("INSERT INTO accounts (name, password, birthday, tempban) VALUES (?, ?, ?, ?);", Statement.RETURN_GENERATED_KEYS)) { //Jayd: Added birthday, tempban
                 ps.setString(1, login);
-                ps.setString(2, YamlConfig.config.server.BCRYPT_MIGRATION ? BCrypt.hashpw(pwd, BCrypt.gensalt(12)) : hashpwSHA512(pwd));
+                ps.setString(2, BCrypt.hashpw(pwd, BCrypt.gensalt(12)));
                 ps.setDate(3, Date.valueOf(DefaultDates.getBirthday()));
                 ps.setTimestamp(4, Timestamp.valueOf(DefaultDates.getTempban()));
                 ps.executeUpdate();
@@ -102,7 +92,7 @@ public final class LoginPasswordHandler implements PacketHandler {
                     rs.next();
                     c.setAccID(rs.getInt(1));
                 }
-            } catch (SQLException | NoSuchAlgorithmException | UnsupportedEncodingException e) {
+            } catch (SQLException e) {
                 c.setAccID(-1);
                 e.printStackTrace();
             } finally {
@@ -110,19 +100,6 @@ public final class LoginPasswordHandler implements PacketHandler {
             }
         }
 
-        if (YamlConfig.config.server.BCRYPT_MIGRATION && (loginok <= -10)) { // -10 means migration to bcrypt, -23 means TOS wasn't accepted
-            try (Connection con = DatabaseConnection.getConnection();
-                 PreparedStatement ps = con.prepareStatement("UPDATE accounts SET password = ? WHERE name = ?;")) {
-                ps.setString(1, BCrypt.hashpw(pwd, BCrypt.gensalt(12)));
-                ps.setString(2, login);
-                ps.executeUpdate();
-            } catch (SQLException e) {
-                e.printStackTrace();
-            } finally {
-                loginok = (loginok == -10) ? 0 : 23;
-            }
-        }
-
         if (c.hasBannedIP() || c.hasBannedMac()) {
             c.sendPacket(PacketCreator.getLoginFailed(3));
             return;