From a409c23679afac5c96c9921141ea389b9f9752e4 Mon Sep 17 00:00:00 2001 From: Xephi Date: Fri, 25 Jul 2014 01:30:52 +0200 Subject: [PATCH] Add Password Regex --- .gitignore | 3 ++- pom.xml | 3 +++ .../authme/process/register/AsyncronousRegister.java | 9 +++++++++ src/main/java/fr/xephi/authme/settings/Settings.java | 8 +++++++- src/main/resources/config.yml | 2 ++ 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2047e7ff6..31c3418a5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ /bin/ /.settings/ .classpath -.project \ No newline at end of file +.project +/target/ diff --git a/pom.xml b/pom.xml index c0104de8d..fa7080a91 100644 --- a/pom.xml +++ b/pom.xml @@ -4,6 +4,9 @@ AuthMe jar AuthMe + + UTF-8 + Bukkit diff --git a/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java b/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java index 768d3e53f..a071cf743 100644 --- a/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java +++ b/src/main/java/fr/xephi/authme/process/register/AsyncronousRegister.java @@ -52,6 +52,15 @@ public class AsyncronousRegister { allowRegister = false; } + String lowpass = password.toLowerCase(); + if ((lowpass.contains("delete") || lowpass.contains("where") + || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") + || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) + || !lowpass.matches(Settings.getPassRegex)) { + m._(player, "password_error"); + allowRegister = false; + } + if (database.isAuthAvailable(player.getName().toLowerCase())) { m._(player, "user_regged"); if (plugin.pllog.getStringList("players").contains(player.getName())) { diff --git a/src/main/java/fr/xephi/authme/settings/Settings.java b/src/main/java/fr/xephi/authme/settings/Settings.java index 92d35cab0..756a2fbf6 100644 --- a/src/main/java/fr/xephi/authme/settings/Settings.java +++ b/src/main/java/fr/xephi/authme/settings/Settings.java @@ -69,7 +69,8 @@ public final class Settings extends YamlConfiguration { getcUnrestrictedName, getRegisteredGroup, messagesLanguage, getMySQLlastlocX, getMySQLlastlocY, getMySQLlastlocZ, rakamakUsers, rakamakUsersIp, getmailAccount, getmailPassword, getmailSMTP, getMySQLColumnId, getmailSenderName, getMailSubject, getMailText, getMySQLlastlocWorld, defaultWorld, - getPhpbbPrefix, getWordPressPrefix, getMySQLColumnLogged, spawnPriority, crazyloginFileName; + getPhpbbPrefix, getWordPressPrefix, getMySQLColumnLogged, spawnPriority, crazyloginFileName, + getPassRegex; public static int getWarnMessageInterval, getSessionTimeout, getRegistrationTimeout, getMaxNickLength, getMinNickLength, getPasswordMinLen, getMovementRadius, getmaxRegPerIp, getNonActivatedGroup, @@ -246,6 +247,7 @@ public void loadConfigOptions() { delayJoinMessage = configFile.getBoolean("settings.delayJoinMessage", false); noTeleport = configFile.getBoolean("settings.restrictions.noTeleport", false); crazyloginFileName = configFile.getString("Converter.CrazyLogin.fileName", "accounts.db"); + getPassRegex = configFile.getString("settings.restrictions.allowedPasswordCharacters","[a-zA-Z0-9_?!@+&-]*"); // Load the welcome message getWelcomeMessage(plugin); @@ -407,6 +409,7 @@ public static void reloadConfigOptions(YamlConfiguration newConfig) { delayJoinMessage = configFile.getBoolean("settings.delayJoinMessage", false); noTeleport = configFile.getBoolean("settings.restrictions.noTeleport", false); crazyloginFileName = configFile.getString("Converter.CrazyLogin.fileName", "accounts.db"); + getPassRegex = configFile.getString("settings.restrictions.allowedPasswordCharacters","[a-zA-Z0-9_?!@+&-]*"); // Reload the welcome message getWelcomeMessage(AuthMe.getInstance()); @@ -523,6 +526,9 @@ public static void reloadConfigOptions(YamlConfiguration newConfig) { set("Converter.CrazyLogin.fileName", "accounts.db"); changes = true; } + if(!contains("settings.restrictions.allowedPasswordCharacters")) { + set("settings.restrictions.allowedPasswordCharacters", "[a-zA-Z0-9_?!@+&-]*"); + } if (changes) { plugin.getLogger().warning("Merge new Config Options - I'm not an error, please don't report me"); diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index b5867608b..71e34ac7c 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -164,6 +164,8 @@ settings: maxJoinPerIp: 0 # AuthMe will NEVER teleport players ! noTeleport: false + # Regex sintax for allowed Char in player name. + allowedPasswordCharacters: '[a-zA-Z0-9_?!@+&-]*' GameMode: # ForceSurvivalMode to player when join ? ForceSurvivalMode: false