...
 
Commits (5)
......@@ -11,5 +11,6 @@
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
<orderEntry type="library" name="Game Server" level="project" />
</component>
</module>
\ No newline at end of file
......@@ -167,7 +167,7 @@
<module fileurl="file://$PROJECT_DIR$/PC_Launcher/PC Launcher.iml" filepath="$PROJECT_DIR$/PC_Launcher/PC Launcher.iml" />
</modules>
</component>
<component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="false" project-jdk-name="13" project-jdk-type="JavaSDK">
<component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="false" project-jdk-name="1.8" project-jdk-type="JavaSDK">
<output url="file://$PROJECT_DIR$/out" />
</component>
<component name="VcsDirectoryMappings">
......
This source diff could not be displayed because it is too large. You can view the blob instead.
package com.openrsc.server.content.achievement;
import com.openrsc.server.Server;
import com.openrsc.server.content.achievement.Achievement.TaskReward;
import com.openrsc.server.content.achievement.Achievement.TaskType;
import com.openrsc.server.database.GameDatabaseException;
import com.openrsc.server.model.container.Item;
import com.openrsc.server.model.entity.Entity;
import com.openrsc.server.model.entity.GameObject;
......@@ -12,9 +12,6 @@ import com.openrsc.server.model.entity.player.Player;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.LinkedList;
......@@ -24,7 +21,7 @@ public class AchievementSystem {
private static final int ACHIEVEMENT_COMPLETED = 2;
private static final int ACHIEVEMENT_STARTED = 1;
private final LinkedList<Achievement> loadedAchievements = new LinkedList<Achievement>();
private LinkedList<Achievement> loadedAchievements = new LinkedList<Achievement>();
private final Server server;
......@@ -36,48 +33,8 @@ public class AchievementSystem {
loadedAchievements.clear();
try {
PreparedStatement fetchAchievement = getServer().getDatabase().getConnection()
.prepareStatement("SELECT `id`, `name`, `description`, `extra`, `added` FROM `" + getServer().getConfig().MYSQL_TABLE_PREFIX + "achievements` ORDER BY `id` ASC");
PreparedStatement fetchRewards = getServer().getDatabase().getConnection()
.prepareStatement("SELECT `item_id`, `amount`, `guaranteed`, `reward_type` FROM `" + getServer().getConfig().MYSQL_TABLE_PREFIX + "achievement_reward` WHERE `achievement_id` = ?");
PreparedStatement fetchTasks = getServer().getDatabase().getConnection()
.prepareStatement("SELECT `type`, `do_id`, `do_amount` FROM `" + getServer().getConfig().MYSQL_TABLE_PREFIX + "achievement_task` WHERE `achievement_id` = ?");
ResultSet result = fetchAchievement.executeQuery();
try {
while (result.next()) {
ArrayList<AchievementReward> rewards = new ArrayList<AchievementReward>();
fetchRewards.setInt(1, result.getInt("id"));
ResultSet rewardResult = fetchRewards.executeQuery();
while (rewardResult.next()) {
TaskReward rewardType = TaskReward.valueOf(TaskReward.class, rewardResult.getString("reward_type"));
rewards.add(new AchievementReward(rewardType, rewardResult.getInt("item_id"), rewardResult.getInt("amount"),
rewardResult.getInt("guaranteed") == 1 ? true : false));
}
rewardResult.close();
ArrayList<AchievementTask> tasks = new ArrayList<AchievementTask>();
fetchTasks.setInt(1, result.getInt("id"));
ResultSet taskResult = fetchTasks.executeQuery();
while (taskResult.next()) {
TaskType type = TaskType.valueOf(TaskType.class, taskResult.getString("type"));
tasks.add(new AchievementTask(type, taskResult.getInt("do_id"), taskResult.getInt("do_amount")));
}
taskResult.close();
Achievement achievement = new Achievement(tasks, rewards, result.getInt("id"),
result.getString("name"), result.getString("description"), result.getString("extra"));
loadedAchievements.add(achievement);
}
} finally {
fetchAchievement.close();
fetchRewards.close();
fetchTasks.close();
result.close();
}
} catch (SQLException e) {
loadedAchievements = getServer().getDatabase().getAchievements();
} catch (GameDatabaseException e) {
LOGGER.catching(e);
}
}
......
package com.openrsc.server.database;
import com.openrsc.server.Server;
import com.openrsc.server.content.achievement.Achievement;
import com.openrsc.server.content.achievement.AchievementReward;
import com.openrsc.server.content.achievement.AchievementTask;
import com.openrsc.server.database.impl.mysql.queries.logging.StaffLog;
import com.openrsc.server.database.struct.*;
import com.openrsc.server.external.GameObjectLoc;
......@@ -22,6 +25,7 @@ import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
......@@ -80,6 +84,9 @@ public abstract class GameDatabase extends GameDatabaseQueries{
protected abstract PlayerSkills[] queryLoadPlayerSkills(Player player) throws GameDatabaseException;
protected abstract PlayerExperience[] queryLoadPlayerExperience(Player player) throws GameDatabaseException;
protected abstract String queryPreviousPassword(int playerId) throws GameDatabaseException;
protected abstract LinkedList<Achievement> queryLoadAchievements() throws GameDatabaseException;
protected abstract ArrayList<AchievementReward> queryLoadAchievementRewards(int achievementId) throws GameDatabaseException;
protected abstract ArrayList<AchievementTask> queryLoadAchievementTasks(int achievementId) throws GameDatabaseException;
protected abstract void querySavePlayerData(int playerId, PlayerData playerData) throws GameDatabaseException;
protected abstract void querySavePlayerInventory(int playerId, PlayerInventory[] inventory) throws GameDatabaseException;
......@@ -294,30 +301,22 @@ public abstract class GameDatabase extends GameDatabaseQueries{
queryBankRemove(player, item);
}
public String getSalt(final Player player) throws GameDatabaseException {
PlayerData playerData = new PlayerData();
playerData = queryLoadPlayerData(player);
return playerData.salt;
}
public String getPassword(final Player player) throws GameDatabaseException {
PlayerData playerData = new PlayerData();
playerData = queryLoadPlayerData(player);
return playerData.pass;
}
public void saveNewPassword(final int playerId, String newPassword) throws GameDatabaseException {
querySavePassword(playerId, newPassword);
}
public void savePreviousPasswords(final int playerId, String newLastPass, String newEarlierPass) throws GameDatabaseException {
querySavePreviousPasswords(playerId, newLastPass, newEarlierPass);
}
public String getPreviousPassword(final int playerId) throws GameDatabaseException {
return queryPreviousPassword(playerId);
}
public LinkedList<Achievement> getAchievements() throws GameDatabaseException {
return queryLoadAchievements();
}
private void loadPlayerData(final Player player) throws GameDatabaseException {
final PlayerData playerData = queryLoadPlayerData(player);
......
package com.openrsc.server.database.impl.mysql;
import com.openrsc.server.Server;
import com.openrsc.server.content.achievement.Achievement;
import com.openrsc.server.content.achievement.AchievementReward;
import com.openrsc.server.content.achievement.AchievementTask;
import com.openrsc.server.database.GameDatabase;
import com.openrsc.server.database.GameDatabaseException;
import com.openrsc.server.database.struct.*;
......@@ -198,6 +201,10 @@ public class MySqlGameDatabase extends GameDatabase {
final PlayerLoginData loginData = new PlayerLoginData();
if (!playerSet.first()) {
return null;
}
try {
loginData.groupId = playerSet.getInt("group_id");
loginData.password = playerSet.getString("pass");
......@@ -611,6 +618,87 @@ public class MySqlGameDatabase extends GameDatabase {
return returnVal;
}
@Override
protected LinkedList<Achievement> queryLoadAchievements() throws GameDatabaseException {
LinkedList<Achievement> loadedAchievements = new LinkedList<Achievement>();
try {
PreparedStatement fetchAchievement = getConnection().prepareStatement(getQueries().achievements);
ResultSet result = fetchAchievement.executeQuery();
try {
while (result.next()) {
ArrayList<AchievementReward> rewards = queryLoadAchievementRewards(result.getInt("id"));
ArrayList<AchievementTask> tasks = queryLoadAchievementTasks(result.getInt("id"));
Achievement achievement = new Achievement(tasks, rewards, result.getInt("id"),
result.getString("name"), result.getString("description"), result.getString("extra"));
loadedAchievements.add(achievement);
}
} finally {
fetchAchievement.close();
result.close();
}
} catch (final SQLException ex) {
// Convert SQLException to a general usage exception
throw new GameDatabaseException(this, ex.getMessage());
}
return loadedAchievements;
}
@Override
protected ArrayList<AchievementReward> queryLoadAchievementRewards(int achievementId) throws GameDatabaseException {
ArrayList<AchievementReward> rewards = new ArrayList<AchievementReward>();
try {
PreparedStatement fetchRewards = getConnection()
.prepareStatement(getQueries().rewards);
fetchRewards.setInt(1, achievementId);
ResultSet rewardResult = fetchRewards.executeQuery();
try {
while (rewardResult.next()) {
Achievement.TaskReward rewardType = Achievement.TaskReward.valueOf(Achievement.TaskReward.class, rewardResult.getString("reward_type"));
rewards.add(new AchievementReward(rewardType, rewardResult.getInt("item_id"), rewardResult.getInt("amount"),
rewardResult.getInt("guaranteed") == 1 ? true : false));
}
} finally {
fetchRewards.close();
rewardResult.close();
}
} catch (final SQLException ex) {
// Convert SQLException to a general usage exception
throw new GameDatabaseException(this, ex.getMessage());
}
return rewards;
}
protected ArrayList<AchievementTask> queryLoadAchievementTasks(int achievementId) throws GameDatabaseException {
ArrayList<AchievementTask> tasks = new ArrayList<AchievementTask>();
try {
PreparedStatement fetchTasks = getConnection().prepareStatement(getQueries().tasks);
fetchTasks.setInt(1, achievementId);
ResultSet taskResult = fetchTasks.executeQuery();
try {
while (taskResult.next()) {
Achievement.TaskType type = Achievement.TaskType.valueOf(Achievement.TaskType.class, taskResult.getString("type"));
tasks.add(new AchievementTask(type, taskResult.getInt("do_id"), taskResult.getInt("do_amount")));
}
} finally {
fetchTasks.close();
taskResult.close();
}
} catch (final SQLException ex) {
// Convert SQLException to a general usage exception
throw new GameDatabaseException(this, ex.getMessage());
}
return tasks;
}
@Override
protected void querySavePlayerData(int playerId, PlayerData playerData) throws GameDatabaseException {
try {
......
......@@ -14,7 +14,7 @@ public class MySqlQueries {
public final String save_DeleteBank, save_DeleteBankPresets, save_BankAdd, save_BankRemove, save_BankPresetAdd, save_BankPresetRemove;
public final String save_DeleteInv, save_InventoryAdd, save_InventoryRemove, save_DeleteEquip, save_EquipmentAdd, save_EquipmentRemove, save_UpdateBasicInfo;
public final String save_DeleteQuests, save_DeleteAchievements, save_DeleteCache, save_AddCache, save_AddQuest, save_AddAchievement;
public final String save_Password, save_PreviousPasswords, previousPassword;
public final String save_Password, save_PreviousPasswords, previousPassword, achievements, rewards, tasks;
public final String playerLoginData, fetchLoginIp, fetchLinkedPlayers, playerPendingRecovery, userToId, initializeOnlineUsers;
public final String npcKillSelectAll, npcKillSelect, npcKillInsert, npcKillUpdate;
public final String dropLogSelect, dropLogInsert, dropLogUpdate, npcDrops, banPlayer, unbanPlayer;
......@@ -102,6 +102,9 @@ public class MySqlQueries {
save_Password = "UPDATE `" + PREFIX + "players` SET `pass`=? WHERE `playerID`=?";
save_PreviousPasswords = "UPDATE `" + PREFIX + "player_recovery` SET `previous_pass`=?, `earlier_pass`=? WHERE `player_ID`=?";
previousPassword = "SELECT `previous_pass` FROM `" + PREFIX + "player_recovery` WHERE `playerID`=?";
achievements = "SELECT `id`, `name`, `description`, `extra`, `added` FROM `" + PREFIX + "achievements` ORDER BY `id` ASC";
rewards = "SELECT `item_id`, `amount`, `guaranteed`, `reward_type` FROM `" + PREFIX + "achievement_reward` WHERE `achievement_id` = ?";
tasks = "SELECT `type`, `do_id`, `do_amount` FROM `" + PREFIX + "achievement_task` WHERE `achievement_id` = ?";
playerLoginData = "SELECT `group_id`, `pass`, `salt`, `banned` FROM `" + PREFIX + "players` WHERE `username`=?";
playerPendingRecovery = "SELECT `username`, `question1`, `answer1`, `question2`, `answer2`, " +
"`question3`, `answer3`, `question4`, `answer4`, `question5`, `answer5`, `date_set`, " +
......
package com.openrsc.server.login;
import com.openrsc.server.Server;
import com.openrsc.server.database.GameDatabaseException;
import com.openrsc.server.database.struct.PlayerLoginData;
import com.openrsc.server.event.rsc.ImmediateEvent;
import com.openrsc.server.model.entity.player.Group;
import com.openrsc.server.model.entity.player.Player;
......@@ -11,9 +13,6 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.net.InetSocketAddress;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public abstract class LoginRequest extends LoginExecutorProcess{
/**
......@@ -112,87 +111,77 @@ public abstract class LoginRequest extends LoginExecutorProcess{
}
public byte validateLogin() {
PreparedStatement statement = null;
ResultSet playerSet = null;
PlayerLoginData playerData;
int groupId = Group.USER;
try {
if(!getServer().getPacketFilter().shouldAllowLogin(getIpAddress(), false)) {
return (byte) LoginResponse.LOGIN_ATTEMPTS_EXCEEDED;
}
statement = getServer().getDatabase().getConnection().prepareStatement(
getServer().getDatabase().getQueries().playerLoginData
);
statement.setString(1, getUsername());
playerSet = statement.executeQuery();
try {
boolean isAdmin = getServer().getPacketFilter().isHostAdmin(getIpAddress());
if(playerSet.first()) {
groupId = playerSet.getInt("group_id");
isAdmin = isAdmin || groupId == Group.OWNER || groupId == Group.ADMIN;
}
playerData = getServer().getDatabase().getPlayerLoginData(username);
if(getServer().getPacketFilter().getPasswordAttemptsCount(getIpAddress()) >= getServer().getConfig().MAX_PASSWORD_GUESSES_PER_FIVE_MINUTES && !isAdmin) {
return (byte) LoginResponse.LOGIN_ATTEMPTS_EXCEEDED;
}
boolean isAdmin = getServer().getPacketFilter().isHostAdmin(getIpAddress());
if (playerData != null) {
groupId = playerData.groupId;
isAdmin = isAdmin || groupId == Group.OWNER || groupId == Group.ADMIN;
}
if (getServer().getPacketFilter().isHostIpBanned(getIpAddress()) && !isAdmin) {
return (byte) LoginResponse.ACCOUNT_TEMP_DISABLED;
}
if(getServer().getPacketFilter().getPasswordAttemptsCount(getIpAddress()) >= getServer().getConfig().MAX_PASSWORD_GUESSES_PER_FIVE_MINUTES && !isAdmin) {
return (byte) LoginResponse.LOGIN_ATTEMPTS_EXCEEDED;
}
if (getClientVersion() != getServer().getConfig().CLIENT_VERSION && !isAdmin) {
return (byte) LoginResponse.CLIENT_UPDATED;
}
if (getServer().getPacketFilter().isHostIpBanned(getIpAddress()) && !isAdmin) {
return (byte) LoginResponse.ACCOUNT_TEMP_DISABLED;
}
final long i = getServer().timeTillShutdown();
if (i > 0 && i < 30000 && !isAdmin) {
return (byte) LoginResponse.WORLD_DOES_NOT_ACCEPT_NEW_PLAYERS;
}
if (getClientVersion() != getServer().getConfig().CLIENT_VERSION && !isAdmin) {
return (byte) LoginResponse.CLIENT_UPDATED;
}
if (!playerSet.first()) {
server.getPacketFilter().addPasswordAttempt(getIpAddress());
return (byte) LoginResponse.INVALID_CREDENTIALS;
}
final long i = getServer().timeTillShutdown();
if (i > 0 && i < 30000 && !isAdmin) {
return (byte) LoginResponse.WORLD_DOES_NOT_ACCEPT_NEW_PLAYERS;
}
if(getServer().getWorld().getPlayers().size() >= getServer().getConfig().MAX_PLAYERS && !isAdmin) {
return (byte) LoginResponse.WORLD_IS_FULL;
}
if (playerData == null) {
server.getPacketFilter().addPasswordAttempt(getIpAddress());
return (byte) LoginResponse.INVALID_CREDENTIALS;
}
if (getServer().getWorld().getPlayer(getUsernameHash()) != null) {
return (byte) LoginResponse.ACCOUNT_LOGGEDIN;
}
if(getServer().getWorld().getPlayers().size() >= getServer().getConfig().MAX_PLAYERS && !isAdmin) {
return (byte) LoginResponse.WORLD_IS_FULL;
}
if(getServer().getPacketFilter().getPlayersCount(getIpAddress()) >= getServer().getConfig().MAX_PLAYERS_PER_IP && !isAdmin) {
return (byte) LoginResponse.IP_IN_USE;
}
if (getServer().getWorld().getPlayer(getUsernameHash()) != null) {
return (byte) LoginResponse.ACCOUNT_LOGGEDIN;
}
final long banExpires = playerSet.getLong("banned");
if (banExpires == -1 && !isAdmin) {
return (byte) LoginResponse.ACCOUNT_PERM_DISABLED;
}
if(getServer().getPacketFilter().getPlayersCount(getIpAddress()) >= getServer().getConfig().MAX_PLAYERS_PER_IP && !isAdmin) {
return (byte) LoginResponse.IP_IN_USE;
}
final double timeBanLeft = (double) (banExpires - System.currentTimeMillis());
if (timeBanLeft >= 1 && !isAdmin) {
return (byte) LoginResponse.ACCOUNT_TEMP_DISABLED;
}
final long banExpires = playerData.banned;
if (banExpires == -1 && !isAdmin) {
return (byte) LoginResponse.ACCOUNT_PERM_DISABLED;
}
if (!DataConversions.checkPassword(getPassword(), playerSet.getString("salt"), playerSet.getString("pass"))) {
server.getPacketFilter().addPasswordAttempt(getIpAddress());
return (byte) LoginResponse.INVALID_CREDENTIALS;
}
final double timeBanLeft = (double) (banExpires - System.currentTimeMillis());
if (timeBanLeft >= 1 && !isAdmin) {
return (byte) LoginResponse.ACCOUNT_TEMP_DISABLED;
}
// Doing this at end because we only want to flag the host as an admin _IF_ they know the password.
if(isAdmin) {
getServer().getPacketFilter().addAdminHost(getIpAddress());
}
} finally {
statement.close();
playerSet.close();
if (!DataConversions.checkPassword(getPassword(), playerData.salt, playerData.password)) {
server.getPacketFilter().addPasswordAttempt(getIpAddress());
return (byte) LoginResponse.INVALID_CREDENTIALS;
}
// Doing this at end because we only want to flag the host as an admin _IF_ they know the password.
if(isAdmin) {
getServer().getPacketFilter().addAdminHost(getIpAddress());
}
} catch (SQLException e) {
} catch (GameDatabaseException e) {
LOGGER.catching(e);
return (byte) LoginResponse.LOGIN_INSUCCESSFUL;
}
......
......@@ -2,6 +2,7 @@ package com.openrsc.server.login;
import com.openrsc.server.Server;
import com.openrsc.server.database.impl.mysql.queries.logging.SecurityChangeLog;
import com.openrsc.server.database.struct.PlayerLoginData;
import com.openrsc.server.model.entity.player.Player;
import com.openrsc.server.net.rsc.ActionSender;
import com.openrsc.server.util.rsc.DataConversions;
......@@ -71,8 +72,9 @@ public class PasswordChangeRequest extends LoginExecutorProcess {
LOGGER.info("Password change attempt from: " + getPlayer().getCurrentIP());
try {
String lastDBPass = getPlayer().getWorld().getServer().getDatabase().getPassword(player);
String DBsalt = getPlayer().getWorld().getServer().getDatabase().getSalt(player);
PlayerLoginData playerData = getServer().getDatabase().getPlayerLoginData(player.getUsername());
String lastDBPass = playerData.password;
String DBsalt = playerData.salt;
String newDBPass;
int playerID = getPlayer().getID();
if (!DataConversions.checkPassword(getOldPassword(), DBsalt, lastDBPass)) {
......@@ -81,19 +83,19 @@ public class PasswordChangeRequest extends LoginExecutorProcess {
return;
}
newDBPass = DataConversions.hashPassword(getNewPassword(), DBsalt);
getPlayer().getWorld().getServer().getDatabase().saveNewPassword(playerID, newDBPass);
getServer().getDatabase().saveNewPassword(playerID, newDBPass);
String lastPw, earlierPw;
try {
earlierPw = getPlayer().getWorld().getServer().getDatabase().getPreviousPassword(playerID);
earlierPw = getServer().getDatabase().getPreviousPassword(playerID);
} catch (Exception e) {
earlierPw = "";
}
lastPw = lastDBPass;
getPlayer().getWorld().getServer().getDatabase().savePreviousPasswords(playerID, lastPw, earlierPw);
getServer().getDatabase().savePreviousPasswords(playerID, lastPw, earlierPw);
getPlayer().getWorld().getServer().getGameLogger().addQuery(new SecurityChangeLog(getPlayer(), SecurityChangeLog.ChangeEvent.PASSWORD_CHANGE,
getServer().getGameLogger().addQuery(new SecurityChangeLog(getPlayer(), SecurityChangeLog.ChangeEvent.PASSWORD_CHANGE,
"From: " + lastDBPass + ", To: " + newDBPass));
ActionSender.sendMessage(getPlayer(), "Your password was successfully changed!");
LOGGER.info(getPlayer().getCurrentIP() + " - Password change successful");
......