From 642a40724bb8032c8fa4e412a0c9400223823edb Mon Sep 17 00:00:00 2001 From: DNx5 Date: Sat, 9 Jan 2016 05:40:03 +0700 Subject: [PATCH 1/4] Used Bukkit API to format color codes. --- .../java/fr/xephi/authme/output/MessagesManager.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/main/java/fr/xephi/authme/output/MessagesManager.java b/src/main/java/fr/xephi/authme/output/MessagesManager.java index 3221e334f..1308712a0 100644 --- a/src/main/java/fr/xephi/authme/output/MessagesManager.java +++ b/src/main/java/fr/xephi/authme/output/MessagesManager.java @@ -2,21 +2,18 @@ package fr.xephi.authme.output; import fr.xephi.authme.ConsoleLogger; import fr.xephi.authme.settings.CustomConfiguration; +import org.bukkit.ChatColor; import java.io.File; /** * Class responsible for reading messages from a file and formatting them for Minecraft. - *

+ *

* This class is used within {@link Messages}, which offers a high-level interface for accessing * or sending messages from a properties file. */ class MessagesManager extends CustomConfiguration { - /** The section symbol, used in Minecraft for formatting codes. */ - private static final String SECTION_SIGN = "\u00a7"; - - /** * Constructor for Messages. * @@ -49,12 +46,10 @@ class MessagesManager extends CustomConfiguration { } static String[] formatMessage(String message) { - // TODO: Check that the codes actually exist, i.e. replace &c but not &y - // TODO: Allow '&' to be retained with the code '&&' String[] lines = message.split("&n"); for (int i = 0; i < lines.length; ++i) { // We don't initialize a StringBuilder here because mostly we will only have one entry - lines[i] = lines[i].replace("&", SECTION_SIGN); + lines[i] = ChatColor.translateAlternateColorCodes('&', lines[i]); } return lines; } From b380893847ef1b434198ac8e652a82fdac29c47f Mon Sep 17 00:00:00 2001 From: DNx5 Date: Sat, 9 Jan 2016 06:13:47 +0700 Subject: [PATCH 2/4] Serialize Xenforo hash before put it into table. - Fix #417 --- src/main/java/fr/xephi/authme/datasource/MySQL.java | 13 ++++++++----- .../fr/xephi/authme/security/crypts/XFBCRYPT.java | 5 +++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java index fd11d9ea8..1e81162a3 100644 --- a/src/main/java/fr/xephi/authme/datasource/MySQL.java +++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java @@ -496,10 +496,12 @@ public class MySQL implements DataSource { rs = pst.executeQuery(); if (rs.next()) { int id = rs.getInt(columnID); - pst2 = con.prepareStatement("INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?);"); + sql = "INSERT INTO xf_user_authenticate (user_id, scheme_class, data) VALUES (?,?,?)"; + pst2 = con.prepareStatement(sql); pst2.setInt(1, id); - pst2.setString(2, "XenForo_Authentication_Core12"); - byte[] bytes = auth.getPassword().getHash().getBytes(); + pst2.setString(2, XFBCRYPT.SCHEME_CLASS); + String serializedHash = XFBCRYPT.serializeHash(auth.getPassword().getHash()); + byte[] bytes = serializedHash.getBytes(); Blob blob = con.createBlob(); blob.setBytes(1, bytes); pst2.setBlob(3, blob); @@ -554,7 +556,8 @@ public class MySQL implements DataSource { // Insert password in the correct table sql = "UPDATE xf_user_authenticate SET data=? WHERE " + columnID + "=?;"; PreparedStatement pst2 = con.prepareStatement(sql); - byte[] bytes = password.getHash().getBytes(); + String serializedHash = XFBCRYPT.serializeHash(password.getHash()); + byte[] bytes = serializedHash.getBytes(); Blob blob = con.createBlob(); blob.setBytes(1, bytes); pst2.setBlob(1, blob); @@ -564,7 +567,7 @@ public class MySQL implements DataSource { // ... sql = "UPDATE xf_user_authenticate SET scheme_class=? WHERE " + columnID + "=?;"; pst2 = con.prepareStatement(sql); - pst2.setString(1, "XenForo_Authentication_Core12"); + pst2.setString(1, XFBCRYPT.SCHEME_CLASS); pst2.setInt(2, id); pst2.executeUpdate(); pst2.close(); diff --git a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java index 6666a076c..75c6a7911 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java +++ b/src/main/java/fr/xephi/authme/security/crypts/XFBCRYPT.java @@ -4,6 +4,7 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; public class XFBCRYPT extends BCRYPT { + public static final String SCHEME_CLASS = "XenForo_Authentication_Core12"; private static final Pattern HASH_PATTERN = Pattern.compile("\"hash\";s.*\"(.*)?\""); @Override @@ -19,4 +20,8 @@ public class XFBCRYPT extends BCRYPT { } return "*"; // what? } + + public static String serializeHash(String hash) { + return "a:1:{s:4:\"hash\";s:" + hash.length() + ":\""+hash+"\";}"; + } } From 5187ce152ae4c521b4b7675c58b7ad83373e65a0 Mon Sep 17 00:00:00 2001 From: DNx5 Date: Sat, 9 Jan 2016 06:19:09 +0700 Subject: [PATCH 3/4] Enabled cachePrepStmts properties. --- src/main/java/fr/xephi/authme/datasource/MySQL.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java index 1e81162a3..185898190 100644 --- a/src/main/java/fr/xephi/authme/datasource/MySQL.java +++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java @@ -104,7 +104,12 @@ public class MySQL implements DataSource { ds = new HikariDataSource(); ds.setPoolName("AuthMeMYSQLPool"); ds.setDriverClassName("com.mysql.jdbc.Driver"); - ds.setJdbcUrl("jdbc:mysql://" + this.host + ":" + this.port + "/" + this.database + "?rewriteBatchedStatements=true&jdbcCompliantTruncation=false"); + ds.setJdbcUrl("jdbc:mysql://" + this.host + ":" + this.port + "/" + this.database); + ds.addDataSourceProperty("rewriteBatchedStatements", "true"); + ds.addDataSourceProperty("jdbcCompliantTruncation", "false"); + ds.addDataSourceProperty("cachePrepStmts", "true"); + ds.addDataSourceProperty("prepStmtCacheSize", "250"); + ds.addDataSourceProperty("prepStmtCacheSqlLimit", "2048"); ds.setUsername(this.username); ds.setPassword(this.password); ds.setInitializationFailFast(true); // Don't start the plugin if the database is unavailable From 7eeabd68e788474378fdaa44c1827552c5bb6ef8 Mon Sep 17 00:00:00 2001 From: DNx5 Date: Sat, 9 Jan 2016 06:26:36 +0700 Subject: [PATCH 4/4] Fix saveAuth method didn't save email. --- .../fr/xephi/authme/datasource/MySQL.java | 7 ++--- .../fr/xephi/authme/datasource/SQLite.java | 27 ++++++++++--------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java index 185898190..23781e2f7 100644 --- a/src/main/java/fr/xephi/authme/datasource/MySQL.java +++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java @@ -334,17 +334,18 @@ public class MySQL implements DataSource { boolean useSalt = !columnSalt.isEmpty() || !StringUtils.isEmpty(auth.getPassword().getSalt()); sql = "INSERT INTO " + tableName + "(" + columnName + "," + columnPassword + "," + columnIp + "," - + columnLastLogin + "," + columnRealName + + columnLastLogin + "," + columnRealName + "," + columnEmail + (useSalt ? "," + columnSalt : "") - + ") VALUES (?,?,?,?,?" + (useSalt ? ",?" : "") + ");"; + + ") VALUES (?,?,?,?,?,?" + (useSalt ? ",?" : "") + ");"; pst = con.prepareStatement(sql); pst.setString(1, auth.getNickname()); pst.setString(2, auth.getPassword().getHash()); pst.setString(3, auth.getIp()); pst.setLong(4, auth.getLastLogin()); pst.setString(5, auth.getRealName()); + pst.setString(6, auth.getEmail()); if (useSalt) { - pst.setString(6, auth.getPassword().getSalt()); + pst.setString(7, auth.getPassword().getSalt()); } pst.executeUpdate(); pst.close(); diff --git a/src/main/java/fr/xephi/authme/datasource/SQLite.java b/src/main/java/fr/xephi/authme/datasource/SQLite.java index 876bbfa18..9b14b1cc0 100644 --- a/src/main/java/fr/xephi/authme/datasource/SQLite.java +++ b/src/main/java/fr/xephi/authme/datasource/SQLite.java @@ -1,5 +1,11 @@ package fr.xephi.authme.datasource; +import fr.xephi.authme.ConsoleLogger; +import fr.xephi.authme.cache.auth.PlayerAuth; +import fr.xephi.authme.security.crypts.HashedPassword; +import fr.xephi.authme.settings.Settings; +import fr.xephi.authme.util.StringUtils; + import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; @@ -9,12 +15,6 @@ import java.sql.Statement; import java.util.ArrayList; import java.util.List; -import fr.xephi.authme.ConsoleLogger; -import fr.xephi.authme.cache.auth.PlayerAuth; -import fr.xephi.authme.security.crypts.HashedPassword; -import fr.xephi.authme.settings.Settings; -import fr.xephi.authme.util.StringUtils; - /** */ public class SQLite implements DataSource { @@ -41,7 +41,7 @@ public class SQLite implements DataSource { * Constructor for SQLite. * * @throws ClassNotFoundException Exception - * @throws SQLException Exception + * @throws SQLException Exception */ public SQLite() throws ClassNotFoundException, SQLException { this.database = Settings.getMySQLDatabase; @@ -219,23 +219,26 @@ public class SQLite implements DataSource { + "is not set in the config!"); } pst = con.prepareStatement("INSERT INTO " + tableName + "(" + columnName + "," + columnPassword + - "," + columnIp + "," + columnLastLogin + "," + columnRealName + ") VALUES (?,?,?,?,?);"); + "," + columnIp + "," + columnLastLogin + "," + columnRealName + "," + columnEmail + + ") VALUES (?,?,?,?,?,?);"); pst.setString(1, auth.getNickname()); pst.setString(2, password.getHash()); pst.setString(3, auth.getIp()); pst.setLong(4, auth.getLastLogin()); pst.setString(5, auth.getRealName()); + pst.setString(6, auth.getEmail()); pst.executeUpdate(); } else { pst = con.prepareStatement("INSERT INTO " + tableName + "(" + columnName + "," + columnPassword + "," - + columnIp + "," + columnLastLogin + "," + columnSalt + "," + columnRealName - + ") VALUES (?,?,?,?,?,?);"); + + columnIp + "," + columnLastLogin + "," + columnRealName + "," + columnEmail + "," + columnSalt + + ") VALUES (?,?,?,?,?,?,?);"); pst.setString(1, auth.getNickname()); pst.setString(2, password.getHash()); pst.setString(3, auth.getIp()); pst.setLong(4, auth.getLastLogin()); - pst.setString(5, password.getSalt()); - pst.setString(6, auth.getRealName()); + pst.setString(5, auth.getRealName()); + pst.setString(6, auth.getEmail()); + pst.setString(7, password.getSalt()); pst.executeUpdate(); } } catch (SQLException ex) {