diff --git a/.gitignore b/.gitignore
index 2047e7ff6..31c3418a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@
/bin/
/.settings/
.classpath
-.project
\ No newline at end of file
+.project
+/target/
diff --git a/pom.xml b/pom.xml
index c0104de8d..fa7080a91 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,6 +4,9 @@
AuthMe
jar
AuthMe
+
+ UTF-8
+
Bukkit
diff --git a/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java b/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java
index 768d3e53f..a071cf743 100644
--- a/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java
+++ b/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java
@@ -52,6 +52,15 @@ public class AsyncronousRegister {
allowRegister = false;
}
+ String lowpass = password.toLowerCase();
+ if ((lowpass.contains("delete") || lowpass.contains("where")
+ || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from")
+ || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null"))
+ || !lowpass.matches(Settings.getPassRegex)) {
+ m._(player, "password_error");
+ allowRegister = false;
+ }
+
if (database.isAuthAvailable(player.getName().toLowerCase())) {
m._(player, "user_regged");
if (plugin.pllog.getStringList("players").contains(player.getName())) {
diff --git a/src/main/java/fr/xephi/authme/settings/Settings.java b/src/main/java/fr/xephi/authme/settings/Settings.java
index 92d35cab0..756a2fbf6 100644
--- a/src/main/java/fr/xephi/authme/settings/Settings.java
+++ b/src/main/java/fr/xephi/authme/settings/Settings.java
@@ -69,7 +69,8 @@ public final class Settings extends YamlConfiguration {
getcUnrestrictedName, getRegisteredGroup, messagesLanguage, getMySQLlastlocX, getMySQLlastlocY, getMySQLlastlocZ,
rakamakUsers, rakamakUsersIp, getmailAccount, getmailPassword, getmailSMTP, getMySQLColumnId, getmailSenderName,
getMailSubject, getMailText, getMySQLlastlocWorld, defaultWorld,
- getPhpbbPrefix, getWordPressPrefix, getMySQLColumnLogged, spawnPriority, crazyloginFileName;
+ getPhpbbPrefix, getWordPressPrefix, getMySQLColumnLogged, spawnPriority, crazyloginFileName,
+ getPassRegex;
public static int getWarnMessageInterval, getSessionTimeout, getRegistrationTimeout, getMaxNickLength,
getMinNickLength, getPasswordMinLen, getMovementRadius, getmaxRegPerIp, getNonActivatedGroup,
@@ -246,6 +247,7 @@ public void loadConfigOptions() {
delayJoinMessage = configFile.getBoolean("settings.delayJoinMessage", false);
noTeleport = configFile.getBoolean("settings.restrictions.noTeleport", false);
crazyloginFileName = configFile.getString("Converter.CrazyLogin.fileName", "accounts.db");
+ getPassRegex = configFile.getString("settings.restrictions.allowedPasswordCharacters","[a-zA-Z0-9_?!@+&-]*");
// Load the welcome message
getWelcomeMessage(plugin);
@@ -407,6 +409,7 @@ public static void reloadConfigOptions(YamlConfiguration newConfig) {
delayJoinMessage = configFile.getBoolean("settings.delayJoinMessage", false);
noTeleport = configFile.getBoolean("settings.restrictions.noTeleport", false);
crazyloginFileName = configFile.getString("Converter.CrazyLogin.fileName", "accounts.db");
+ getPassRegex = configFile.getString("settings.restrictions.allowedPasswordCharacters","[a-zA-Z0-9_?!@+&-]*");
// Reload the welcome message
getWelcomeMessage(AuthMe.getInstance());
@@ -523,6 +526,9 @@ public static void reloadConfigOptions(YamlConfiguration newConfig) {
set("Converter.CrazyLogin.fileName", "accounts.db");
changes = true;
}
+ if(!contains("settings.restrictions.allowedPasswordCharacters")) {
+ set("settings.restrictions.allowedPasswordCharacters", "[a-zA-Z0-9_?!@+&-]*");
+ }
if (changes) {
plugin.getLogger().warning("Merge new Config Options - I'm not an error, please don't report me");
diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml
index b5867608b..71e34ac7c 100644
--- a/src/main/resources/config.yml
+++ b/src/main/resources/config.yml
@@ -164,6 +164,8 @@ settings:
maxJoinPerIp: 0
# AuthMe will NEVER teleport players !
noTeleport: false
+ # Regex sintax for allowed Char in player name.
+ allowedPasswordCharacters: '[a-zA-Z0-9_?!@+&-]*'
GameMode:
# ForceSurvivalMode to player when join ?
ForceSurvivalMode: false