public function testPassword(HereAuth $main, $password)
{
$hash = HereAuth::hash($password, $this->name);
if (strlen($this->passwordHash) === strlen($hash)) {
return $hash === $this->passwordHash;
}
$salt = strtolower($this->name);
if (isset($this->multiHash["nonhash:salt"])) {
$salt = $this->multiHash["nonhash:salt"];
}
foreach ($this->multiHash as $type => $value) {
if ($type === "nonhash:salt") {
continue;
}
$array = explode(";", $type);
$name = $array[0];
$suffix = isset($array[1]) ? $array[1] : "";
$iHash = $main->getImportedHash($name);
if ($iHash === null) {
continue;
}
if ($iHash->hash($password, $salt, $suffix) === $value) {
$this->multiHash = [];
$this->passwordHash = $hash;
return true;
}
}
return false;
}
public function onSubmit($value)
{
if ($this->validatePassword($this->user, $value)) {
$this->user->getRegistration()->setTempHash(HereAuth::hash($value, $this->user->getPlayer()));
return true;
}
return false;
}
public function onSubmit($value)
{
$hash = HereAuth::hash($value, $this->user->getPlayer());
$tempHash = $this->user->getRegistration()->getTempHash();
$this->user->getRegistration()->setTempHash("");
if ($hash !== $tempHash) {
$this->user->getRegistration()->rewind();
return false;
}
$this->user->getAccountInfo()->passwordHash = $hash;
return true;
}
public function onSubmit($value)
{
$hash = HereAuth::hash($value, $this->user->getPlayer());
$tempHash = $this->user->getRegistration()->getTempHash();
$this->user->getRegistration()->setTempHash("");
if ($hash !== $tempHash) {
$this->user->getPlayer()->sendMessage($this->user->getMain()->getConfig()->getNested("Messages.Register.PasswordMismatch", "Incorrect password"));
$this->user->getRegistration()->rewind();
return false;
}
$this->user->getAccountInfo()->passwordHash = $hash;
return true;
}
protected function onRun(array $args, User $user)
{
if (!isset($args[0])) {
return "Usage: " . $this->getUsage();
}
$password = $args[0];
$hash = HereAuth::hash($password, $user->getPlayer());
$firstHash = $user->getChangepwHash();
if ($firstHash !== null) {
$user->setChangepwHash(null);
if ($firstHash === $hash) {
$user->getAccountInfo()->passwordHash = $hash;
return $this->getMessage("Commands.ChangePassword.Success", "Your password has been changed.");
}
return $this->getMessage("Commands.ChangePassword.DoubleCheckFailure", "Your password is different this time! Aborted.");
}
if (!PasswordInputRegistrationStep::validatePassword($user, $password)) {
return false;
}
$user->setChangepwHash($hash);
return $this->getMessage("Commands.ChangePassword.RequestRepeat", "Please run this command again to confirm.");
}
public function onMessage(PlayerCommandPreprocessEvent $event)
{
$message = $event->getMessage();
$hash = HereAuth::hash($message, $this->getPlayer());
if ($this->state === self::STATE_PENDING_LOGIN) {
if ($hash === $this->accountInfo->passwordHash) {
$this->onAuth();
} else {
$this->loginAttempts++;
$chances = $this->main->getConfig()->getNested("Login.MaxAttempts", 5);
$left = $chances - $this->loginAttempts;
if ($left <= 0) {
$this->getPlayer()->kick("Failed to login in {$chances} attempts", false);
}
$msg = $this->getMain()->getConfig()->getNested("Messages.Login.WrongPass", "wrong pass");
$msg = str_replace('$CHANCES', $left, $msg);
$this->getPlayer()->sendMessage($msg);
}
$event->setCancelled();
$event->setMessage("");
} elseif ($this->state === self::STATE_PLAYING) {
if ($hash === $this->accountInfo->passwordHash and $this->getMain()->getConfig()->getNested("BlockPasswordChat", true)) {
$event->setCancelled();
$event->setMessage("");
}
} elseif ($this->state === self::STATE_REGISTERING) {
$this->registration->handle($message);
$event->setCancelled();
$event->setMessage("");
}
}
public function hash($password, $salt, $suffix)
{
return HereAuth::hash($password, $suffix);
}
public function onMessage(PlayerCommandPreprocessEvent $event)
{
$message = $event->getMessage();
$hash = HereAuth::hash($message, $this->getPlayer());
if ($this->state === self::STATE_PENDING_LOGIN) {
if ($this->accountInfo->testPassword($this->main, $message) and $this->callLogin(HereAuthLoginEvent::METHOD_PASSWORD)) {
$this->main->getAuditLogger()->logLogin(strtolower($this->player->getName()), $this->player->getAddress(), "password");
$this->onAuth();
} else {
$this->main->getAuditLogger()->logInvalid(strtolower($this->player->getName()), $this->player->getAddress());
$this->loginAttempts++;
$chances = $this->main->getConfig()->getNested("Login.MaxAttempts", 5);
$left = $chances - $this->loginAttempts;
if ($left <= 0) {
$this->getPlayer()->kick("Failed to login in {$chances} attempts", false);
$event->setCancelled();
$event->setMessage("");
$blockSecs = $this->main->getConfig()->getNested("Login.MaxAttemptsBlock", 600);
if ($blockSecs > 0) {
$this->main->getServer()->getNetwork()->blockAddress($this->player->getAddress(), $blockSecs);
}
return;
}
$msg = $this->getMain()->getMessages()->getNested("Login.WrongPass", "wrong pass");
$msg = str_replace('$CHANCES', $left, $msg);
$this->getPlayer()->sendMessage($msg);
}
$event->setCancelled();
$event->setMessage("");
} elseif ($this->state === self::STATE_PLAYING) {
if ($hash === $this->accountInfo->passwordHash and $this->getMain()->getConfig()->getNested("BlockPasswordChat", true)) {
$event->setCancelled();
$event->setMessage("");
$this->getPlayer()->sendMessage($this->getMain()->getMessages()->getNested("Chat.DirectPass", "Don't tell your password"));
}
} elseif ($this->state === self::STATE_REGISTERING) {
$this->registration->handle($message);
$event->setCancelled();
$event->setMessage("");
}
}
public function hash($password, $salt, $suffix)
{
return bin2hex(HereAuth::hash($password, $salt));
}
public function handle($value)
{
/** @noinspection PhpInternalEntityUsedInspection */
if (!$this->current() instanceof PasswordRegistrationStep) {
if (HereAuth::hash($value, $this->user->getPlayer()) === $this->user->getAccountInfo()->passwordHash) {
$this->user->getPlayer()->sendMessage("[HereAuth] If the message above is asking you to enter your password, it is not a message from HereAuth! Please beware your password being stolen!");
return;
}
}
if ($this->current()->onSubmit($value)) {
if ($this->next()) {
return;
}
}
$this->user->getPlayer()->sendMessage($this->current()->getMessage());
}
public function handle($value)
{
/** @noinspection PhpInternalEntityUsedInspection */
if (!$this->current() instanceof PasswordRegistrationStep) {
if (HereAuth::hash($value, $this->user->getPlayer()) === $this->user->getAccountInfo()->passwordHash) {
if ($this->current()->onSubmit($value)) {
if ($this->next()) {
return;
}
}
}
}
$this->user->getPlayer()->sendMessage($this->current()->getMessage());
}
