Upstream/AuthMeReloaded
1
0
Fork 0
mirror of https://github.com/AuthMe/AuthMeReloaded.git synced 2025-01-11 18:37:35 +01:00
Code Issues Projects Releases Wiki Activity

PW lenght and unsafe PW check to ChangePassword

Browse Source 
I told you, you missed it! Also, unified "lowpass.equalsIgnoreCase(name)" to the previous group of checks.
This, however, still provides "Password doesn't match" error, instead of one proper error.
This commit is contained in:
Maxetto 2015-07-04 22:57:43 +02:00
parent f3c2967e83
commit 0b1490bd65
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java
View File

@ -54,14 +54,20 @@ public class ChangePasswordCommand implements CommandExecutor {
}
String lowpass = args[1].toLowerCase();
if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex)) {
if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex) || lowpass.equalsIgnoreCase(name)) {
m.send(player, "password_error");
return true;
}
if (lowpass.equalsIgnoreCase(name)) {
m.send(player, "password_error");
if (lowpass.length() < Settings.getPasswordMinLen || lowpass.length() > Settings.passwordMaxLength) {
m.send(player, "pass_len");
return true;
}
if (!Settings.unsafePasswords.isEmpty()) {
if (Settings.unsafePasswords.contains(lowpass)) {
m.send(player, "password_error");
return true;
}
}
try {
String hashnew = PasswordSecurity.getHash(Settings.getPasswordHash, args[1], name);