diff --git a/config.yaml b/config.yaml index f1617342ca..4993f38d62 100644 --- a/config.yaml +++ b/config.yaml @@ -193,7 +193,6 @@ server: BYPASS_PIN_EXPIRATION: 15 #Enables PIN bypass, which will remain active for that account by that client machine for N minutes. Set 0 to disable. AUTOMATIC_REGISTER: true #Automatically register players when they login with a nonexistent username. - BCRYPT_MIGRATION: true #Performs a migration from old SHA-1 and SHA-512 password to bcrypt. COLLECTIVE_CHARSLOT: false #Available character slots are contabilized globally rather than per world server. DETERRED_MULTICLIENT: false #Enables detection of multi-client and suspicious remote IP on the login system. #Besides blocking logging in with several client sessions on the same machine, this also blocks suspicious login attempts for players that tries to login on an account using several diferent remote addresses. diff --git a/src/main/java/client/Client.java b/src/main/java/client/Client.java index 8876437e01..361b7724f1 100644 --- a/src/main/java/client/Client.java +++ b/src/main/java/client/Client.java @@ -550,11 +550,8 @@ public class Client extends ChannelInboundHandlerAdapter { if (getLoginState() > LOGIN_NOTLOGGEDIN) { // already loggedin loggedIn = false; loginok = 7; - } else if (passhash.charAt(0) == '$' && passhash.charAt(1) == '2' && BCrypt.checkpw(pwd, passhash)) { + } else if (BCrypt.checkpw(pwd, passhash)) { loginok = (tos == 0) ? 23 : 0; - } else if (pwd.equals(passhash) || checkHash(passhash, "SHA-1", pwd) || checkHash(passhash, "SHA-512", pwd)) { - // thanks GabrielSin for detecting some no-bcrypt inconsistencies here - loginok = (tos == 0) ? (!YamlConfig.config.server.BCRYPT_MIGRATION ? 23 : -23) : (!YamlConfig.config.server.BCRYPT_MIGRATION ? 0 : -10); // migrate to bcrypt } else { loggedIn = false; loginok = 4; diff --git a/src/main/java/config/ServerConfig.java b/src/main/java/config/ServerConfig.java index 3e0bf8d74a..eb814ee25e 100644 --- a/src/main/java/config/ServerConfig.java +++ b/src/main/java/config/ServerConfig.java @@ -41,7 +41,6 @@ public class ServerConfig { public int BYPASS_PIN_EXPIRATION; public boolean AUTOMATIC_REGISTER; - public boolean BCRYPT_MIGRATION; public boolean COLLECTIVE_CHARSLOT; public boolean DETERRED_MULTICLIENT; diff --git a/src/main/java/net/server/handlers/login/LoginPasswordHandler.java b/src/main/java/net/server/handlers/login/LoginPasswordHandler.java index 66a8ce23d5..fdfe826179 100644 --- a/src/main/java/net/server/handlers/login/LoginPasswordHandler.java +++ b/src/main/java/net/server/handlers/login/LoginPasswordHandler.java @@ -39,10 +39,6 @@ import tools.DatabaseConnection; import tools.HexTool; import tools.PacketCreator; -import java.io.UnsupportedEncodingException; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.sql.Connection; import java.sql.Date; import java.sql.PreparedStatement; @@ -65,12 +61,6 @@ public final class LoginPasswordHandler implements PacketHandler { return !c.isLoggedIn(); } - private static String hashpwSHA512(String pwd) throws NoSuchAlgorithmException, UnsupportedEncodingException { - MessageDigest digester = MessageDigest.getInstance("SHA-512"); - digester.update(pwd.getBytes(StandardCharsets.UTF_8), 0, pwd.length()); - return HexTool.toHexString(digester.digest()).replace(" ", "").toLowerCase(); - } - @Override public final void handlePacket(InPacket p, Client c) { String remoteHost = c.getRemoteAddress(); @@ -93,7 +83,7 @@ public final class LoginPasswordHandler implements PacketHandler { try (Connection con = DatabaseConnection.getConnection(); PreparedStatement ps = con.prepareStatement("INSERT INTO accounts (name, password, birthday, tempban) VALUES (?, ?, ?, ?);", Statement.RETURN_GENERATED_KEYS)) { //Jayd: Added birthday, tempban ps.setString(1, login); - ps.setString(2, YamlConfig.config.server.BCRYPT_MIGRATION ? BCrypt.hashpw(pwd, BCrypt.gensalt(12)) : hashpwSHA512(pwd)); + ps.setString(2, BCrypt.hashpw(pwd, BCrypt.gensalt(12))); ps.setDate(3, Date.valueOf(DefaultDates.getBirthday())); ps.setTimestamp(4, Timestamp.valueOf(DefaultDates.getTempban())); ps.executeUpdate(); @@ -102,7 +92,7 @@ public final class LoginPasswordHandler implements PacketHandler { rs.next(); c.setAccID(rs.getInt(1)); } - } catch (SQLException | NoSuchAlgorithmException | UnsupportedEncodingException e) { + } catch (SQLException e) { c.setAccID(-1); e.printStackTrace(); } finally { @@ -110,19 +100,6 @@ public final class LoginPasswordHandler implements PacketHandler { } } - if (YamlConfig.config.server.BCRYPT_MIGRATION && (loginok <= -10)) { // -10 means migration to bcrypt, -23 means TOS wasn't accepted - try (Connection con = DatabaseConnection.getConnection(); - PreparedStatement ps = con.prepareStatement("UPDATE accounts SET password = ? WHERE name = ?;")) { - ps.setString(1, BCrypt.hashpw(pwd, BCrypt.gensalt(12))); - ps.setString(2, login); - ps.executeUpdate(); - } catch (SQLException e) { - e.printStackTrace(); - } finally { - loginok = (loginok == -10) ? 0 : 23; - } - } - if (c.hasBannedIP() || c.hasBannedMac()) { c.sendPacket(PacketCreator.getLoginFailed(3)); return;