From 642a40724bb8032c8fa4e412a0c9400223823edb Mon Sep 17 00:00:00 2001
From: DNx5 <dani.narianto@gmail.com>
Date: Sat, 9 Jan 2016 05:40:03 +0700
Subject: [PATCH 01/14] Used Bukkit API to format color codes.

---
 .../java/fr/xephi/authme/output/MessagesManager.java  | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/output/MessagesManager.java b/src/main/java/fr/xephi/authme/output/MessagesManager.java
index 3221e334f..1308712a0 100644
--- a/src/main/java/fr/xephi/authme/output/MessagesManager.java
+++ b/src/main/java/fr/xephi/authme/output/MessagesManager.java
@@ -2,21 +2,18 @@ package fr.xephi.authme.output;
 
 import fr.xephi.authme.ConsoleLogger;
 import fr.xephi.authme.settings.CustomConfiguration;
+import org.bukkit.ChatColor;
 
 import java.io.File;
 
 /**
  * Class responsible for reading messages from a file and formatting them for Minecraft.
- * <p />
+ * <p>
  * This class is used within {@link Messages}, which offers a high-level interface for accessing
  * or sending messages from a properties file.
  */
 class MessagesManager extends CustomConfiguration {
 
-    /** The section symbol, used in Minecraft for formatting codes. */
-    private static final String SECTION_SIGN = "\u00a7";
-
-
     /**
      * Constructor for Messages.
      *
@@ -49,12 +46,10 @@ class MessagesManager extends CustomConfiguration {
     }
 
     static String[] formatMessage(String message) {
-        // TODO: Check that the codes actually exist, i.e. replace &c but not &y
-        // TODO: Allow '&' to be retained with the code '&&'
         String[] lines = message.split("&n");
         for (int i = 0; i < lines.length; ++i) {
             // We don't initialize a StringBuilder here because mostly we will only have one entry
-            lines[i] = lines[i].replace("&", SECTION_SIGN);
+            lines[i] = ChatColor.translateAlternateColorCodes('&', lines[i]);
         }
         return lines;
     }

From b380893847ef1b434198ac8e652a82fdac29c47f Mon Sep 17 00:00:00 2001
From: DNx5 <dani.narianto@gmail.com>
Date: Sat, 9 Jan 2016 06:13:47 +0700
Subject: [PATCH 02/14] Serialize Xenforo hash before put it into table. - Fix
 #417

---
 src/main/java/fr/xephi/authme/datasource/MySQL.java | 13 ++++++++-----
 .../fr/xephi/authme/security/crypts/XFBCRYPT.java   |  5 +++++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index fd11d9ea8..1e81162a3 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -496,10 +496,12 @@ public class MySQL implements DataSource {
                 rs = pst.executeQuery();
                 if (rs.next()) {
                     int id = rs.getInt(columnID);
-                    pst2 = con.prepareStatement("INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?);");
+                    sql = "INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?)";
+                    pst2 = con.prepareStatement(sql);
                     pst2.setInt(1, id);
-                    pst2.setString(2, "XenForo_Authentication_Core12");
-                    byte[] bytes = auth.getPassword().getHash().getBytes();
+                    pst2.setString(2, XFBCRYPT.SCHEME_CLASS);
+                    String serializedHash = XFBCRYPT.serializeHash(auth.getPassword().getHash());
+                    byte[] bytes = serializedHash.getBytes();
                     Blob blob = con.createBlob();
                     blob.setBytes(1, bytes);
                     pst2.setBlob(3, blob);
@@ -554,7 +556,8 @@ public class MySQL implements DataSource {
                     // Insert password in the correct table
                     sql = "UPDATE xf_user_authenticate SET data=? WHERE " + columnID + "=?;";
                     PreparedStatement pst2 = con.prepareStatement(sql);
-                    byte[] bytes = password.getHash().getBytes();
+                    String serializedHash = XFBCRYPT.serializeHash(password.getHash());
+                    byte[] bytes = serializedHash.getBytes();
                     Blob blob = con.createBlob();
                     blob.setBytes(1, bytes);
                     pst2.setBlob(1, blob);
@@ -564,7 +567,7 @@ public class MySQL implements DataSource {
                     // ...
                     sql = "UPDATE xf_user_authenticate SET scheme_class=? WHERE " + columnID + "=?;";
                     pst2 = con.prepareStatement(sql);
-                    pst2.setString(1, "XenForo_Authentication_Core12");
+                    pst2.setString(1, XFBCRYPT.SCHEME_CLASS);
                     pst2.setInt(2, id);
                     pst2.executeUpdate();
                     pst2.close();
diff --git a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
index 6666a076c..75c6a7911 100644
--- a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java
@@ -4,6 +4,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 public class XFBCRYPT extends BCRYPT {
+    public static final String SCHEME_CLASS = "XenForo_Authentication_Core12";
     private static final Pattern HASH_PATTERN = Pattern.compile("\"hash\";s.*\"(.*)?\"");
 
     @Override
@@ -19,4 +20,8 @@ public class XFBCRYPT extends BCRYPT {
         }
         return "*"; // what?
     }
+
+    public static String serializeHash(String hash) {
+        return "a:1:{s:4:\"hash\";s:" + hash.length() + ":\""+hash+"\";}";
+    }
 }

From 5187ce152ae4c521b4b7675c58b7ad83373e65a0 Mon Sep 17 00:00:00 2001
From: DNx5 <dani.narianto@gmail.com>
Date: Sat, 9 Jan 2016 06:19:09 +0700
Subject: [PATCH 03/14] Enabled cachePrepStmts properties.

---
 src/main/java/fr/xephi/authme/datasource/MySQL.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index 1e81162a3..185898190 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -104,7 +104,12 @@ public class MySQL implements DataSource {
         ds = new HikariDataSource();
         ds.setPoolName("AuthMeMYSQLPool");
         ds.setDriverClassName("com.mysql.jdbc.Driver");
-        ds.setJdbcUrl("jdbc:mysql://" + this.host + ":" + this.port + "/" + this.database + "?rewriteBatchedStatements=true&jdbcCompliantTruncation=false");
+        ds.setJdbcUrl("jdbc:mysql://" + this.host + ":" + this.port + "/" + this.database);
+        ds.addDataSourceProperty("rewriteBatchedStatements", "true");
+        ds.addDataSourceProperty("jdbcCompliantTruncation", "false");
+        ds.addDataSourceProperty("cachePrepStmts", "true");
+        ds.addDataSourceProperty("prepStmtCacheSize", "250");
+        ds.addDataSourceProperty("prepStmtCacheSqlLimit", "2048");
         ds.setUsername(this.username);
         ds.setPassword(this.password);
         ds.setInitializationFailFast(true); // Don't start the plugin if the database is unavailable

From 7eeabd68e788474378fdaa44c1827552c5bb6ef8 Mon Sep 17 00:00:00 2001
From: DNx5 <dani.narianto@gmail.com>
Date: Sat, 9 Jan 2016 06:26:36 +0700
Subject: [PATCH 04/14] Fix saveAuth method didn't save email.

---
 .../fr/xephi/authme/datasource/MySQL.java     |  7 ++---
 .../fr/xephi/authme/datasource/SQLite.java    | 27 ++++++++++---------
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index 185898190..23781e2f7 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -334,17 +334,18 @@ public class MySQL implements DataSource {
             boolean useSalt = !columnSalt.isEmpty() || !StringUtils.isEmpty(auth.getPassword().getSalt());
             sql = "INSERT INTO " + tableName + "("
                 + columnName + "," + columnPassword + "," + columnIp + ","
-                + columnLastLogin + "," + columnRealName
+                + columnLastLogin + "," + columnRealName + "," + columnEmail
                 + (useSalt ? "," + columnSalt : "")
-                + ") VALUES (?,?,?,?,?" + (useSalt ? ",?" : "") + ");";
+                + ") VALUES (?,?,?,?,?,?" + (useSalt ? ",?" : "") + ");";
             pst = con.prepareStatement(sql);
             pst.setString(1, auth.getNickname());
             pst.setString(2, auth.getPassword().getHash());
             pst.setString(3, auth.getIp());
             pst.setLong(4, auth.getLastLogin());
             pst.setString(5, auth.getRealName());
+            pst.setString(6, auth.getEmail());
             if (useSalt) {
-                pst.setString(6, auth.getPassword().getSalt());
+                pst.setString(7, auth.getPassword().getSalt());
             }
             pst.executeUpdate();
             pst.close();
diff --git a/src/main/java/fr/xephi/authme/datasource/SQLite.java b/src/main/java/fr/xephi/authme/datasource/SQLite.java
index 876bbfa18..9b14b1cc0 100644
--- a/src/main/java/fr/xephi/authme/datasource/SQLite.java
+++ b/src/main/java/fr/xephi/authme/datasource/SQLite.java
@@ -1,5 +1,11 @@
 package fr.xephi.authme.datasource;
 
+import fr.xephi.authme.ConsoleLogger;
+import fr.xephi.authme.cache.auth.PlayerAuth;
+import fr.xephi.authme.security.crypts.HashedPassword;
+import fr.xephi.authme.settings.Settings;
+import fr.xephi.authme.util.StringUtils;
+
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.PreparedStatement;
@@ -9,12 +15,6 @@ import java.sql.Statement;
 import java.util.ArrayList;
 import java.util.List;
 
-import fr.xephi.authme.ConsoleLogger;
-import fr.xephi.authme.cache.auth.PlayerAuth;
-import fr.xephi.authme.security.crypts.HashedPassword;
-import fr.xephi.authme.settings.Settings;
-import fr.xephi.authme.util.StringUtils;
-
 /**
  */
 public class SQLite implements DataSource {
@@ -41,7 +41,7 @@ public class SQLite implements DataSource {
      * Constructor for SQLite.
      *
      * @throws ClassNotFoundException Exception
-     * @throws SQLException Exception
+     * @throws SQLException           Exception
      */
     public SQLite() throws ClassNotFoundException, SQLException {
         this.database = Settings.getMySQLDatabase;
@@ -219,23 +219,26 @@ public class SQLite implements DataSource {
                         + "is not set in the config!");
                 }
                 pst = con.prepareStatement("INSERT INTO " + tableName + "(" + columnName + "," + columnPassword +
-                    "," + columnIp + "," + columnLastLogin + "," + columnRealName + ") VALUES (?,?,?,?,?);");
+                    "," + columnIp + "," + columnLastLogin + "," + columnRealName + "," + columnEmail +
+                    ") VALUES (?,?,?,?,?,?);");
                 pst.setString(1, auth.getNickname());
                 pst.setString(2, password.getHash());
                 pst.setString(3, auth.getIp());
                 pst.setLong(4, auth.getLastLogin());
                 pst.setString(5, auth.getRealName());
+                pst.setString(6, auth.getEmail());
                 pst.executeUpdate();
             } else {
                 pst = con.prepareStatement("INSERT INTO " + tableName + "(" + columnName + "," + columnPassword + ","
-                    + columnIp + "," + columnLastLogin + "," + columnSalt + "," + columnRealName
-                    + ") VALUES (?,?,?,?,?,?);");
+                    + columnIp + "," + columnLastLogin + "," + columnRealName + "," + columnEmail + "," + columnSalt
+                    + ") VALUES (?,?,?,?,?,?,?);");
                 pst.setString(1, auth.getNickname());
                 pst.setString(2, password.getHash());
                 pst.setString(3, auth.getIp());
                 pst.setLong(4, auth.getLastLogin());
-                pst.setString(5, password.getSalt());
-                pst.setString(6, auth.getRealName());
+                pst.setString(5, auth.getRealName());
+                pst.setString(6, auth.getEmail());
+                pst.setString(7, password.getSalt());
                 pst.executeUpdate();
             }
         } catch (SQLException ex) {

From 18ed62b09636bd7f2cb75e2a3ead90ac382618cc Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 14:45:59 +0100
Subject: [PATCH 05/14] Fix #423

---
 .../xephi/authme/permission/PlayerPermission.java |  7 ++++++-
 .../authme/process/login/AsynchronousLogin.java   | 15 ++++-----------
 src/main/resources/plugin.yml                     |  4 ++++
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/permission/PlayerPermission.java b/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
index 8eddb8028..f889ce6de 100644
--- a/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
+++ b/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
@@ -83,7 +83,12 @@ public enum PlayerPermission implements PermissionNode {
 	/**
 	 * Permission to use all player (non-admin) commands.
 	 */
-	PLAYER_ALL("authme.player.*");
+	PLAYER_ALL("authme.player.*"),
+
+	/**
+	 * Permission to use to see own other accounts.
+	 */
+	SEE_OWN_ACCOUNTS("authme.player.showotheraccounts");
 
     /**
      * The permission node.
diff --git a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
index 9b911da17..564fd89a1 100644
--- a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
+++ b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
@@ -232,8 +232,6 @@ public class AsynchronousLogin {
             return;
         }
         StringBuilder message = new StringBuilder("[AuthMe] ");
-        // String uuidaccounts =
-        // "[AuthMe] PlayerNames has %size% links to this UUID : ";
         int i = 0;
         for (String account : auths) {
             i++;
@@ -244,18 +242,13 @@ public class AsynchronousLogin {
                 message.append('.');
             }
         }
-        /*
-         * TODO: Active uuid system i = 0; for (String account : uuidlist) {
-         * i++; uuidaccounts = uuidaccounts + account; if (i != auths.size()) {
-         * uuidaccounts = uuidaccounts + ", "; } else { uuidaccounts =
-         * uuidaccounts + "."; } }
-         */
+
         for (Player player : Utils.getOnlinePlayers()) {
-            if (plugin.getPermissionsManager().hasPermission(player, PlayerPermission.SEE_OTHER_ACCOUNTS)) {
+            if (plugin.getPermissionsManager().hasPermission(player, PlayerPermission.SEE_OTHER_ACCOUNTS)
+            		|| (player.getName().equals(this.player.getName())
+            				&& plugin.getPermissionsManager().hasPermission(player, PlayerPermission.SEE_OWN_ACCOUNTS))) {
                 player.sendMessage("[AuthMe] The player " + auth.getNickname() + " has " + auths.size() + " accounts");
                 player.sendMessage(message.toString());
-                // player.sendMessage(uuidaccounts.replace("%size%",
-                // ""+uuidlist.size()));
             }
         }
     }
diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml
index 69e954e36..32f601418 100644
--- a/src/main/resources/plugin.yml
+++ b/src/main/resources/plugin.yml
@@ -141,6 +141,7 @@ permissions:
             authme.player.seeotheraccounts: true
             authme.player.unregister: true
             authme.player.vip: true
+            authme.player.showownaccounts: true
     authme.player.bypassantibot:
         description: Permission node to bypass AntiBot protection.
         default: false
@@ -186,3 +187,6 @@ permissions:
     authme.player.seeotheraccounts:
         description: Permission for user to see other accounts.
         default: false
+    authme.player.showownaccounts:
+        description: Permission for user to see own other accounts.
+        default: false

From fd7bdcd3c2679f4b4d32fcd51914bda365a81db7 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 16:21:44 +0100
Subject: [PATCH 06/14] Change node to authme.player.seeownaccounts #423

---
 src/main/java/fr/xephi/authme/permission/PlayerPermission.java | 2 +-
 src/main/resources/plugin.yml                                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/permission/PlayerPermission.java b/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
index f889ce6de..9b8fdf60e 100644
--- a/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
+++ b/src/main/java/fr/xephi/authme/permission/PlayerPermission.java
@@ -88,7 +88,7 @@ public enum PlayerPermission implements PermissionNode {
 	/**
 	 * Permission to use to see own other accounts.
 	 */
-	SEE_OWN_ACCOUNTS("authme.player.showotheraccounts");
+	SEE_OWN_ACCOUNTS("authme.player.seeownaccounts");
 
     /**
      * The permission node.
diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml
index 32f601418..e0819fb76 100644
--- a/src/main/resources/plugin.yml
+++ b/src/main/resources/plugin.yml
@@ -187,6 +187,6 @@ permissions:
     authme.player.seeotheraccounts:
         description: Permission for user to see other accounts.
         default: false
-    authme.player.showownaccounts:
+    authme.player.seeownaccounts:
         description: Permission for user to see own other accounts.
         default: false

From 2f1338b08b707db6c5f1f37c26fb4b855e9055f5 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 17:16:14 +0100
Subject: [PATCH 07/14] little forgot

---
 .../java/fr/xephi/authme/process/login/AsynchronousLogin.java   | 2 --
 src/main/resources/plugin.yml                                   | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
index 564fd89a1..7109840f4 100644
--- a/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
+++ b/src/main/java/fr/xephi/authme/process/login/AsynchronousLogin.java
@@ -223,8 +223,6 @@ public class AsynchronousLogin {
             return;
         }
         List<String> auths = this.database.getAllAuthsByName(auth);
-        // List<String> uuidlist =
-        // plugin.otherAccounts.getAllPlayersByUUID(player.getUniqueId());
         if (auths.isEmpty()) {
             return;
         }
diff --git a/src/main/resources/plugin.yml b/src/main/resources/plugin.yml
index e0819fb76..e5c28b153 100644
--- a/src/main/resources/plugin.yml
+++ b/src/main/resources/plugin.yml
@@ -141,7 +141,7 @@ permissions:
             authme.player.seeotheraccounts: true
             authme.player.unregister: true
             authme.player.vip: true
-            authme.player.showownaccounts: true
+            authme.player.seeownaccounts: true
     authme.player.bypassantibot:
         description: Permission node to bypass AntiBot protection.
         default: false

From 663e3063d7be9deaa94fbe3f66e90d682a717e0c Mon Sep 17 00:00:00 2001
From: games647 <games@tsprivat.de>
Date: Sat, 9 Jan 2016 21:15:56 +0100
Subject: [PATCH 08/14] Use Low priority for join events in order to allow
 plugins

to change the delayed join message.
---
 .../java/fr/xephi/authme/listener/AuthMePlayerListener.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java
index 2e365e932..f672250c7 100644
--- a/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java
+++ b/src/main/java/fr/xephi/authme/listener/AuthMePlayerListener.java
@@ -185,7 +185,7 @@ public class AuthMePlayerListener implements Listener {
         }
     }
 
-    @EventHandler(priority = EventPriority.LOWEST)
+    @EventHandler(priority = EventPriority.LOW)
     public void onPlayerJoin(PlayerJoinEvent event) {
         final Player player = event.getPlayer();
         if (player == null) {

From 607380e59c681fff26ff08b671ebd8b26bbbfad6 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 21:30:13 +0100
Subject: [PATCH 09/14] Use PreparedStatement in all case needed it - #308

---
 .../fr/xephi/authme/datasource/MySQL.java     | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index 23781e2f7..d2ef3b1f5 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -627,15 +627,18 @@ public class MySQL implements DataSource {
     public synchronized List<String> autoPurgeDatabase(long until) {
         List<String> list = new ArrayList<>();
         try (Connection con = getConnection()) {
-            String sql = "SELECT " + columnName + " FROM " + tableName + " WHERE " + columnLastLogin + "<" + until;
-            Statement st = con.createStatement();
-            ResultSet rs = st.executeQuery(sql);
+            String sql = "SELECT " + columnName + " FROM " + tableName + " WHERE " + columnLastLogin + "<?;";
+            PreparedStatement st = con.prepareStatement(sql);
+            st.setLong(1, until);
+            ResultSet rs = st.executeQuery();
             while (rs.next()) {
                 list.add(rs.getString(columnName));
             }
             rs.close();
-            sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<" + until;
-            st.executeUpdate(sql);
+            sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<?:";
+            st = con.prepareStatement(sql);
+            st.setLong(1, until);
+            st.executeUpdate();
             st.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
@@ -657,9 +660,10 @@ public class MySQL implements DataSource {
                 ResultSet rs = pst.executeQuery();
                 if (rs.next()) {
                     int id = rs.getInt(columnID);
-                    sql = "DELETE FROM xf_user_authenticate WHERE " + columnID + "=" + id;
-                    Statement st = con.createStatement();
-                    st.executeUpdate(sql);
+                    sql = "DELETE FROM xf_user_authenticate WHERE " + columnID + "=?;";
+                    PreparedStatement st = con.prepareStatement(sql);
+                    st.setInt(1, id);
+                    st.executeUpdate();
                     st.close();
                 }
                 rs.close();

From 5cc5ee8caed8021628d5f53b482896154fcfbc87 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 21:39:27 +0100
Subject: [PATCH 10/14] Little fail

---
 src/main/java/fr/xephi/authme/datasource/MySQL.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index d2ef3b1f5..9e459ad71 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -635,7 +635,7 @@ public class MySQL implements DataSource {
                 list.add(rs.getString(columnName));
             }
             rs.close();
-            sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<?:";
+            sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<?;";
             st = con.prepareStatement(sql);
             st.setLong(1, until);
             st.executeUpdate();

From 6ac51d97f54757b3da349fd5a7a2fd1642c56138 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 22:04:05 +0100
Subject: [PATCH 11/14] Remove checks - #308

---
 .../java/fr/xephi/authme/process/register/AsyncRegister.java | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java b/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
index 0aaa3a734..38c001856 100644
--- a/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
+++ b/src/main/java/fr/xephi/authme/process/register/AsyncRegister.java
@@ -44,10 +44,7 @@ public class AsyncRegister {
         } else if (!Settings.isRegistrationEnabled) {
             m.send(player, MessageKey.REGISTRATION_DISABLED);
             return false;
-        } else if (passLow.contains("delete") || passLow.contains("where") || passLow.contains("insert")
-            || passLow.contains("modify") || passLow.contains("from") || passLow.contains("select")
-            || passLow.contains(";") || passLow.contains("null") || !passLow.matches(Settings.getPassRegex)) {
-            // TODO #308: Remove check for SQL keywords
+        } else if (!passLow.matches(Settings.getPassRegex)) {
             m.send(player, MessageKey.PASSWORD_MATCH_ERROR);
             return false;
         } else if (passLow.equalsIgnoreCase(player.getName())) {

From e5bd73d899ea681d1663da1378b1667ee3e637c8 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Sat, 9 Jan 2016 22:12:55 +0100
Subject: [PATCH 12/14] Remove Checks for #308

---
 .../executable/authme/ChangePasswordAdminCommand.java      | 7 +------
 .../command/executable/authme/RegisterAdminCommand.java    | 7 +------
 .../executable/changepassword/ChangePasswordCommand.java   | 7 +------
 3 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java b/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java
index a446a4e9e..ec2b7d98d 100644
--- a/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java
+++ b/src/main/java/fr/xephi/authme/command/executable/authme/ChangePasswordAdminCommand.java
@@ -27,12 +27,7 @@ public class ChangePasswordAdminCommand implements ExecutableCommand {
 
         // Validate the password
         String playerPassLowerCase = playerPass.toLowerCase();
-        // TODO #308: Remove this check
-        if (playerPassLowerCase.contains("delete") || playerPassLowerCase.contains("where")
-            || playerPassLowerCase.contains("insert") || playerPassLowerCase.contains("modify")
-            || playerPassLowerCase.contains("from") || playerPassLowerCase.contains("select")
-            || playerPassLowerCase.contains(";") || playerPassLowerCase.contains("null")
-            || !playerPassLowerCase.matches(Settings.getPassRegex)) {
+        if (!playerPassLowerCase.matches(Settings.getPassRegex)) {
             commandService.send(sender, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }
diff --git a/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java b/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java
index 640cdb8b0..46916b7b8 100644
--- a/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java
+++ b/src/main/java/fr/xephi/authme/command/executable/authme/RegisterAdminCommand.java
@@ -27,12 +27,7 @@ public class RegisterAdminCommand implements ExecutableCommand {
         final String playerPassLowerCase = playerPass.toLowerCase();
 
         // Command logic
-        // TODO #308: Remove the check for SQL keywords
-        if (playerPassLowerCase.contains("delete") || playerPassLowerCase.contains("where")
-            || playerPassLowerCase.contains("insert") || playerPassLowerCase.contains("modify")
-            || playerPassLowerCase.contains("from") || playerPassLowerCase.contains("select")
-            || playerPassLowerCase.contains(";") || playerPassLowerCase.contains("null")
-            || !playerPassLowerCase.matches(Settings.getPassRegex)) {
+        if (!playerPassLowerCase.matches(Settings.getPassRegex)) {
             commandService.send(sender, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }
diff --git a/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java b/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java
index ca3639c07..0d1cdc481 100644
--- a/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java
+++ b/src/main/java/fr/xephi/authme/command/executable/changepassword/ChangePasswordCommand.java
@@ -32,12 +32,7 @@ public class ChangePasswordCommand extends PlayerCommand {
 
         // Make sure the password is allowed
         String playerPassLowerCase = newPassword.toLowerCase();
-        // TODO #308: Remove SQL keywords check
-        if (playerPassLowerCase.contains("delete") || playerPassLowerCase.contains("where")
-            || playerPassLowerCase.contains("insert") || playerPassLowerCase.contains("modify")
-            || playerPassLowerCase.contains("from") || playerPassLowerCase.contains("select")
-            || playerPassLowerCase.contains(";") || playerPassLowerCase.contains("null")
-            || !playerPassLowerCase.matches(Settings.getPassRegex)) {
+        if (!playerPassLowerCase.matches(Settings.getPassRegex)) {
             commandService.send(player, MessageKey.PASSWORD_MATCH_ERROR);
             return;
         }

From d426a1c47a3fd617118d0fa36af8af2e7e4834bf Mon Sep 17 00:00:00 2001
From: Gabriele C <sgdc3.mail@gmail.com>
Date: Sat, 9 Jan 2016 22:30:22 +0100
Subject: [PATCH 13/14] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index f98ce8bb2..16f8b7f23 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
   <li>Supported alternative registration methods:<br>
   <ul>
     <li>PHPBB, VBulletin: MD5VB - PHPBB</li>
+    <li>Xenforo: XENFORO</li>
     <li>MyBB: MYBB</li>
     <li>IPB3: IPB3</li>
     <li>PhpFusion: PHPFUSION</li>

From 811c1456f18adc7305479e5f51bdda4c50416876 Mon Sep 17 00:00:00 2001
From: Gabriele C <sgdc3.mail@gmail.com>
Date: Sat, 9 Jan 2016 22:37:44 +0100
Subject: [PATCH 14/14] I really need to read the entire commits log xD

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 16f8b7f23..da3267fbe 100644
--- a/README.md
+++ b/README.md
@@ -79,7 +79,7 @@ typing commands or using the inventory. It can also kick players with uncommonly
   <li>Supported alternative registration methods:<br>
   <ul>
     <li>PHPBB, VBulletin: MD5VB - PHPBB</li>
-    <li>Xenforo: XENFORO</li>
+    <li>Xenforo: XFBCRYPT</li>
     <li>MyBB: MYBB</li>
     <li>IPB3: IPB3</li>
     <li>PhpFusion: PHPFUSION</li>