BETA: Moved secondary auth properties from Security.properties to !SecondaryAuth.xml

	* Implemented retail like forbidden password list for secondary auth.
	
Reviewed by: !UnAfraid

L2J_Server_BETA/dist/game/config/SecondaryAuth.xml

@@ -0,0 +1,338 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<list xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../data/xsd/SecondaryAuth.xsd">
+	<enabled>false</enabled> <!-- Enable Secondary Authentication on Character Select -->
+	<maxAttempts>5</maxAttempts> <!-- Max Attempts for Second Auth Password (0 to disable) -->
+	<banTime>480</banTime> <!-- Ban time if user reach maxAttempts (in minutes) -->
+	<recoveryLink>http://www.example.com/l2j/charPassRec.php</recoveryLink> <!-- Password Recovery Link -->
+	<forbiddenPasswords> <!-- List of forbidden passwords -->
+		<!-- Client checks for the entries below so you should not remove or edit any of these just add more -->
+		<password>000000</password>
+		<password>111111</password>
+		<password>222222</password>
+		<password>333333</password>
+		<password>444444</password>
+		<password>555555</password>
+		<password>666666</password>
+		<password>777777</password>
+		<password>888888</password>
+		<password>999999</password>
+		<password>123456</password>
+		<password>234567</password>
+		<password>345678</password>
+		<password>456789</password>
+		<password>567890</password>
+		<password>012345</password>
+		<password>098765</password>
+		<password>987654</password>
+		<password>876543</password>
+		<password>765432</password>
+		<password>543210</password>
+		<password>010101</password>
+		<password>020202</password>
+		<password>030303</password>
+		<password>040404</password>
+		<password>050505</password>
+		<password>060606</password>
+		<password>070707</password>
+		<password>080808</password>
+		<password>090909</password>
+		<password>121212</password>
+		<password>131313</password>
+		<password>141414</password>
+		<password>151515</password>
+		<password>161616</password>
+		<password>171717</password>
+		<password>181818</password>
+		<password>191919</password>
+		<password>101010</password>
+		<password>212121</password>
+		<password>232323</password>
+		<password>242424</password>
+		<password>252525</password>
+		<password>262626</password>
+		<password>272727</password>
+		<password>282828</password>
+		<password>292929</password>
+		<password>202020</password>
+		<password>313131</password>
+		<password>323232</password>
+		<password>343434</password>
+		<password>353535</password>
+		<password>363636</password>
+		<password>373737</password>
+		<password>383838</password>
+		<password>393939</password>
+		<password>303030</password>
+		<password>404040</password>
+		<password>414141</password>
+		<password>424242</password>
+		<password>434343</password>
+		<password>454545</password>
+		<password>464646</password>
+		<password>474747</password>
+		<password>484848</password>
+		<password>494949</password>
+		<password>505050</password>
+		<password>515151</password>
+		<password>525252</password>
+		<password>535353</password>
+		<password>545454</password>
+		<password>565656</password>
+		<password>575757</password>
+		<password>585858</password>
+		<password>595959</password>
+		<password>606060</password>
+		<password>616161</password>
+		<password>626262</password>
+		<password>636363</password>
+		<password>646464</password>
+		<password>656565</password>
+		<password>676767</password>
+		<password>686868</password>
+		<password>696969</password>
+		<password>707070</password>
+		<password>717171</password>
+		<password>727272</password>
+		<password>737373</password>
+		<password>747474</password>
+		<password>757575</password>
+		<password>767676</password>
+		<password>787878</password>
+		<password>797979</password>
+		<password>808080</password>
+		<password>818181</password>
+		<password>828282</password>
+		<password>838383</password>
+		<password>848484</password>
+		<password>858585</password>
+		<password>868686</password>
+		<password>878787</password>
+		<password>898989</password>
+		<password>909090</password>
+		<password>919191</password>
+		<password>929292</password>
+		<password>939393</password>
+		<password>949494</password>
+		<password>959595</password>
+		<password>969696</password>
+		<password>979797</password>
+		<password>989898</password>
+		<password>0000000</password>
+		<password>1111111</password>
+		<password>2222222</password>
+		<password>3333333</password>
+		<password>4444444</password>
+		<password>5555555</password>
+		<password>6666666</password>
+		<password>7777777</password>
+		<password>8888888</password>
+		<password>9999999</password>
+		<password>0123456</password>
+		<password>1234567</password>
+		<password>2345678</password>
+		<password>3456789</password>
+		<password>4567890</password>
+		<password>0987654</password>
+		<password>9876543</password>
+		<password>8765432</password>
+		<password>7654321</password>
+		<password>6543210</password>
+		<password>0101010</password>
+		<password>0202020</password>
+		<password>0303030</password>
+		<password>0404040</password>
+		<password>0505050</password>
+		<password>0606060</password>
+		<password>0707070</password>
+		<password>0808080</password>
+		<password>0909090</password>
+		<password>1212121</password>
+		<password>1313131</password>
+		<password>1414141</password>
+		<password>1515151</password>
+		<password>1616161</password>
+		<password>1717171</password>
+		<password>1818181</password>
+		<password>1919191</password>
+		<password>1010101</password>
+		<password>2020202</password>
+		<password>2121212</password>
+		<password>2323232</password>
+		<password>2424242</password>
+		<password>2525252</password>
+		<password>2626262</password>
+		<password>2727272</password>
+		<password>2828282</password>
+		<password>2929292</password>
+		<password>3030303</password>
+		<password>3131313</password>
+		<password>3232323</password>
+		<password>3434343</password>
+		<password>3535353</password>
+		<password>3636363</password>
+		<password>3737373</password>
+		<password>3838383</password>
+		<password>3939393</password>
+		<password>4040404</password>
+		<password>4141414</password>
+		<password>4242424</password>
+		<password>4343434</password>
+		<password>4545454</password>
+		<password>4646464</password>
+		<password>4747474</password>
+		<password>4848484</password>
+		<password>4949494</password>
+		<password>5050505</password>
+		<password>5151515</password>
+		<password>5252525</password>
+		<password>5353535</password>
+		<password>5454545</password>
+		<password>5656565</password>
+		<password>5757575</password>
+		<password>5858585</password>
+		<password>5959595</password>
+		<password>6060606</password>
+		<password>6161616</password>
+		<password>6262626</password>
+		<password>6363636</password>
+		<password>6464646</password>
+		<password>6565656</password>
+		<password>6767676</password>
+		<password>6868686</password>
+		<password>6969696</password>
+		<password>7070707</password>
+		<password>7171717</password>
+		<password>7272727</password>
+		<password>7373737</password>
+		<password>7474747</password>
+		<password>7575757</password>
+		<password>7676767</password>
+		<password>7878787</password>
+		<password>7979797</password>
+		<password>8080808</password>
+		<password>8181818</password>
+		<password>8282828</password>
+		<password>8383838</password>
+		<password>8484848</password>
+		<password>8585858</password>
+		<password>8686868</password>
+		<password>8787878</password>
+		<password>8989898</password>
+		<password>9090909</password>
+		<password>9191919</password>
+		<password>9292929</password>
+		<password>9393939</password>
+		<password>9494949</password>
+		<password>9595959</password>
+		<password>9696969</password>
+		<password>9797979</password>
+		<password>9898989</password>
+		<password>00000000</password>
+		<password>11111111</password>
+		<password>22222222</password>
+		<password>33333333</password>
+		<password>44444444</password>
+		<password>55555555</password>
+		<password>66666666</password>
+		<password>77777777</password>
+		<password>88888888</password>
+		<password>99999999</password>
+		<password>12345678</password>
+		<password>23456789</password>
+		<password>34567890</password>
+		<password>01234567</password>
+		<password>98765432</password>
+		<password>87654321</password>
+		<password>76543210</password>
+		<password>01010101</password>
+		<password>02020202</password>
+		<password>03030303</password>
+		<password>04040404</password>
+		<password>05050505</password>
+		<password>06060606</password>
+		<password>07070707</password>
+		<password>08080808</password>
+		<password>09090909</password>
+		<password>10101010</password>
+		<password>12121212</password>
+		<password>13131313</password>
+		<password>14141414</password>
+		<password>15151515</password>
+		<password>16161616</password>
+		<password>17171717</password>
+		<password>18181818</password>
+		<password>19191919</password>
+		<password>20202020</password>
+		<password>21212121</password>
+		<password>23232323</password>
+		<password>24242424</password>
+		<password>25252525</password>
+		<password>26262626</password>
+		<password>27272727</password>
+		<password>28282828</password>
+		<password>29292929</password>
+		<password>30303030</password>
+		<password>31313131</password>
+		<password>32323232</password>
+		<password>34343434</password>
+		<password>35353535</password>
+		<password>36363636</password>
+		<password>37373737</password>
+		<password>38383838</password>
+		<password>39393939</password>
+		<password>40404040</password>
+		<password>41414141</password>
+		<password>42424242</password>
+		<password>43434343</password>
+		<password>45454545</password>
+		<password>46464646</password>
+		<password>47474747</password>
+		<password>48484848</password>
+		<password>49494949</password>
+		<password>50505050</password>
+		<password>51515151</password>
+		<password>52525252</password>
+		<password>53535353</password>
+		<password>54545454</password>
+		<password>56565656</password>
+		<password>57575757</password>
+		<password>58585858</password>
+		<password>59595959</password>
+		<password>60606060</password>
+		<password>61616161</password>
+		<password>62626262</password>
+		<password>63636363</password>
+		<password>64646464</password>
+		<password>65656565</password>
+		<password>67676767</password>
+		<password>68686868</password>
+		<password>69696969</password>
+		<password>70707070</password>
+		<password>71717171</password>
+		<password>72727272</password>
+		<password>73737373</password>
+		<password>74747474</password>
+		<password>75757575</password>
+		<password>76767676</password>
+		<password>78787878</password>
+		<password>79797979</password>
+		<password>80808080</password>
+		<password>81818181</password>
+		<password>82828282</password>
+		<password>83838383</password>
+		<password>84848484</password>
+		<password>85858585</password>
+		<password>86868686</password>
+		<password>87878787</password>
+		<password>89898989</password>
+		<password>90909090</password>
+		<password>91919191</password>
+		<password>92929292</password>
+		<password>93939393</password>
+		<password>94949494</password>
+		<password>95959595</password>
+		<password>96969696</password>
+		<password>97979797</password>
+		<password>98989898</password>
+	</forbiddenPasswords>
+</list>

L2J_Server_BETA/dist/game/config/Security.properties

@@ -1,26 +0,0 @@
-# ---------------------------------------------------------------------------
-# Security Settings
-# ---------------------------------------------------------------------------
-# The defaults are set to be retail-like. If you modify any of these settings your server will deviate from being retail-like.
-# Warning: 
-# Please take extreme caution when changing anything. Also please understand what you are changing before you do so on a live server.
-
-# ---------------------------------------------------------------------------
-# Secondary Auth Settings
-# ---------------------------------------------------------------------------
-
-# Enable Secondary Authentication on Character Select
-# Default: False
-SecondAuthEnabled = False
-
-# Max Attempts for Second Auth Password
-# Default: 5
-SecondAuthMaxAttempts = 5
-
-# Ban time if user reach SecondAuthMaxAttempts (in minutes)
-# Default: 480
-SecondAuthBanTime = 480
-
-# Password Recovery Link
-# Default: http://www.example.com/l2j/charPassRec.php
-SecondAuthRecoveryLink = http://www.example.com/l2j/charPassRec.php

L2J_Server_BETA/dist/game/data/xsd/SecondaryAuth.xsd

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<xs:element name="list">
+		<xs:complexType>
+			<xs:sequence minOccurs="1" maxOccurs="1">
+				<xs:element name="enabled" type="xs:boolean" minOccurs="1" maxOccurs="1" />
+				<xs:element name="maxAttempts" type="xs:nonNegativeInteger" minOccurs="1" maxOccurs="1" />
+				<xs:element name="banTime" type="xs:nonNegativeInteger" minOccurs="1" maxOccurs="1" />
+				<xs:element name="recoveryLink" type="xs:string" minOccurs="1" maxOccurs="1" />
+				<xs:element name="forbiddenPasswords" minOccurs="0" maxOccurs="1">
+					<xs:complexType>
+						<xs:sequence minOccurs="1" maxOccurs="1">
+							<xs:element name="password" type="xs:string" minOccurs="1" maxOccurs="unbounded" />
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+</xs:schema>

L2J_Server_BETA/java/com/l2jserver/Config.java

@@ -102,7 +102,6 @@ public final class Config
 	public static final String GRANDBOSS_CONFIG_FILE = "./config/GrandBoss.properties";
 	public static final String GRACIASEEDS_CONFIG_FILE = "./config/GraciaSeeds.properties";
 	public static final String CHAT_FILTER_FILE = "./config/chatfilter.txt";
-	public static final String SECURITY_CONFIG_FILE = "./config/Security.properties";
 	public static final String EMAIL_CONFIG_FILE = "./config/Email.properties";
 	public static final String CH_SIEGE_FILE = "./config/ConquerableHallSiege.properties";
 	// --------------------------------------------------
@@ -1093,12 +1092,6 @@ public final class Config
 	// chatfilter
 	public static ArrayList<String> FILTER_LIST;
 	
-	// Security
-	public static boolean SECOND_AUTH_ENABLED;
-	public static int SECOND_AUTH_MAX_ATTEMPTS;
-	public static long SECOND_AUTH_BAN_TIME;
-	public static String SECOND_AUTH_REC_LINK;
-	
 	// Email
 	public static String EMAIL_SERVERINFO_NAME;
 	public static String EMAIL_SERVERINFO_ADDRESS;
@@ -2763,15 +2756,6 @@ public final class Config
 				_log.log(Level.WARNING, "Error while loading chat filter words!", e);
 			}
 			
-			// Security
-			final PropertiesParser SecuritySettings = new PropertiesParser(SECURITY_CONFIG_FILE);
-			
-			// Second Auth Settings
-			SECOND_AUTH_ENABLED = SecuritySettings.getBoolean("SecondAuthEnabled", false);
-			SECOND_AUTH_MAX_ATTEMPTS = SecuritySettings.getInt("SecondAuthMaxAttempts", 5);
-			SECOND_AUTH_BAN_TIME = SecuritySettings.getInt("SecondAuthBanTime", 480);
-			SECOND_AUTH_REC_LINK = SecuritySettings.getString("SecondAuthRecoveryLink", "");
-			
 			final PropertiesParser ClanHallSiege = new PropertiesParser(CH_SIEGE_FILE);
 			
 			CHS_MAX_ATTACKERS = ClanHallSiege.getInt("MaxAttackers", 500);

L2J_Server_BETA/java/com/l2jserver/gameserver/GameServer.java

@@ -75,6 +75,7 @@ import com.l2jserver.gameserver.datatables.OfflineTradersTable;
 import com.l2jserver.gameserver.datatables.OptionsData;
 import com.l2jserver.gameserver.datatables.PetDataTable;
 import com.l2jserver.gameserver.datatables.RecipeData;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 import com.l2jserver.gameserver.datatables.SkillLearnData;
 import com.l2jserver.gameserver.datatables.SkillTable;
 import com.l2jserver.gameserver.datatables.SkillTreesData;
@@ -217,6 +218,7 @@ public class GameServer
 		
 		printSection("Data");
 		CategoryData.getInstance();
+		SecondaryAuthData.getInstance();
 		
 		printSection("Skills");
 		EffectHandler.getInstance().executeScript();

L2J_Server_BETA/java/com/l2jserver/gameserver/datatables/SecondaryAuthData.java

@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2004-2013 L2J Server
+ * 
+ * This file is part of L2J Server.
+ * 
+ * L2J Server is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * L2J Server is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.l2jserver.gameserver.datatables;
+
+import java.io.File;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.logging.Level;
+
+import org.w3c.dom.Node;
+
+import com.l2jserver.gameserver.engines.DocumentParser;
+
+/**
+ * @author Nos
+ */
+public class SecondaryAuthData extends DocumentParser
+{
+	private boolean _enabled = false;
+	private int _maxAttempts = 5;
+	private int _banTime = 480;
+	private String _recoveryLink = "";
+	private final Set<String> _forbiddenPasswords = new HashSet<>();
+	
+	protected SecondaryAuthData()
+	{
+		load();
+	}
+	
+	@Override
+	public synchronized void load()
+	{
+		_forbiddenPasswords.clear();
+		parseFile(new File("config/SecondaryAuth.xml"));
+		_log.info(getClass().getSimpleName() + ": Loaded " + _forbiddenPasswords.size() + " forbidden passwords.");
+	}
+	
+	@Override
+	protected void parseDocument()
+	{
+		try
+		{
+			for (Node node = getCurrentDocument().getFirstChild(); node != null; node = node.getNextSibling())
+			{
+				if ("list".equalsIgnoreCase(node.getNodeName()))
+				{
+					for (Node list_node = node.getFirstChild(); list_node != null; list_node = list_node.getNextSibling())
+					{
+						if ("enabled".equalsIgnoreCase(list_node.getNodeName()))
+						{
+							_enabled = Boolean.parseBoolean(list_node.getTextContent());
+						}
+						else if ("maxAttempts".equalsIgnoreCase(list_node.getNodeName()))
+						{
+							_maxAttempts = Integer.parseInt(list_node.getTextContent());
+						}
+						else if ("banTime".equalsIgnoreCase(list_node.getNodeName()))
+						{
+							_banTime = Integer.parseInt(list_node.getTextContent());
+						}
+						else if ("recoveryLink".equalsIgnoreCase(list_node.getNodeName()))
+						{
+							_recoveryLink = list_node.getTextContent();
+						}
+						else if ("forbiddenPasswords".equalsIgnoreCase(list_node.getNodeName()))
+						{
+							for (Node forbiddenPasswords_node = list_node.getFirstChild(); forbiddenPasswords_node != null; forbiddenPasswords_node = forbiddenPasswords_node.getNextSibling())
+							{
+								if ("password".equalsIgnoreCase(forbiddenPasswords_node.getNodeName()))
+								{
+									_forbiddenPasswords.add(forbiddenPasswords_node.getTextContent());
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+		catch (Exception e)
+		{
+			_log.log(Level.WARNING, "Failed to load secondary auth data from xml.", e);
+		}
+	}
+	
+	public boolean isEnabled()
+	{
+		return _enabled;
+	}
+	
+	public int getMaxAttempts()
+	{
+		return _maxAttempts;
+	}
+	
+	public int getBanTime()
+	{
+		return _banTime;
+	}
+	
+	public String getRecoveryLink()
+	{
+		return _recoveryLink;
+	}
+	
+	public Set<String> getForbiddenPasswords()
+	{
+		return _forbiddenPasswords;
+	}
+	
+	public boolean isForbiddenPassword(String password)
+	{
+		return _forbiddenPasswords.contains(password);
+	}
+	
+	public static SecondaryAuthData getInstance()
+	{
+		return SingletonHolder._instance;
+	}
+	
+	private static class SingletonHolder
+	{
+		protected static final SecondaryAuthData _instance = new SecondaryAuthData();
+	}
+}

L2J_Server_BETA/java/com/l2jserver/gameserver/network/L2GameClient.java

@@ -44,6 +44,7 @@ import com.l2jserver.gameserver.LoginServerThread.SessionKey;
 import com.l2jserver.gameserver.ThreadPoolManager;
 import com.l2jserver.gameserver.datatables.CharNameTable;
 import com.l2jserver.gameserver.datatables.ClanTable;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 import com.l2jserver.gameserver.instancemanager.AntiFeedManager;
 import com.l2jserver.gameserver.model.CharSelectInfoPackage;
 import com.l2jserver.gameserver.model.L2Clan;
@@ -240,7 +241,7 @@ public final class L2GameClient extends MMOClient<MMOConnection<L2GameClient>> i
 	{
 		_accountName = pAccountName;
 		
-		if (Config.SECOND_AUTH_ENABLED)
+		if (SecondaryAuthData.getInstance().isEnabled())
 		{
 			_secondaryAuth = new SecondaryPasswordAuth(this);
 		}

L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/CharacterSelect.java

@@ -27,6 +27,7 @@ import javolution.util.FastList;
 
 import com.l2jserver.Config;
 import com.l2jserver.gameserver.datatables.CharNameTable;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 import com.l2jserver.gameserver.instancemanager.AntiFeedManager;
 import com.l2jserver.gameserver.instancemanager.PunishmentManager;
 import com.l2jserver.gameserver.model.CharSelectInfoPackage;
@@ -83,7 +84,7 @@ public class CharacterSelect extends L2GameClientPacket
 			return;
 		}
 		
-		if (Config.SECOND_AUTH_ENABLED && !client.getSecondaryAuth().isAuthed())
+		if (SecondaryAuthData.getInstance().isEnabled() && !client.getSecondaryAuth().isAuthed())
 		{
 			client.getSecondaryAuth().openDialog();
 			return;

L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/RequestEx2ndPasswordCheck.java

@@ -18,7 +18,7 @@
  */
 package com.l2jserver.gameserver.network.clientpackets;
 
-import com.l2jserver.Config;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 import com.l2jserver.gameserver.network.serverpackets.Ex2ndPasswordCheck;
 
 /**
@@ -38,7 +38,7 @@ public class RequestEx2ndPasswordCheck extends L2GameClientPacket
 	@Override
 	protected void runImpl()
 	{
-		if (!Config.SECOND_AUTH_ENABLED || getClient().getSecondaryAuth().isAuthed())
+		if (!SecondaryAuthData.getInstance().isEnabled() || getClient().getSecondaryAuth().isAuthed())
 		{
 			sendPacket(new Ex2ndPasswordCheck(Ex2ndPasswordCheck.PASSWORD_OK));
 			return;

L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/RequestEx2ndPasswordReq.java

@@ -18,7 +18,7 @@
  */
 package com.l2jserver.gameserver.network.clientpackets;
 
-import com.l2jserver.Config;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 import com.l2jserver.gameserver.network.serverpackets.Ex2ndPasswordAck;
 import com.l2jserver.gameserver.security.SecondaryPasswordAuth;
 
@@ -47,7 +47,7 @@ public class RequestEx2ndPasswordReq extends L2GameClientPacket
 	@Override
 	protected void runImpl()
 	{
-		if (!Config.SECOND_AUTH_ENABLED)
+		if (!SecondaryAuthData.getInstance().isEnabled())
 		{
 			return;
 		}

L2J_Server_BETA/java/com/l2jserver/gameserver/network/clientpackets/RequestEx2ndPasswordVerify.java

@@ -18,7 +18,7 @@
  */
 package com.l2jserver.gameserver.network.clientpackets;
 
-import com.l2jserver.Config;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 
 /**
  * Format: (ch)S S: numerical password
@@ -39,7 +39,7 @@ public class RequestEx2ndPasswordVerify extends L2GameClientPacket
 	@Override
 	protected void runImpl()
 	{
-		if (!Config.SECOND_AUTH_ENABLED)
+		if (!SecondaryAuthData.getInstance().isEnabled())
 		{
 			return;
 		}

L2J_Server_BETA/java/com/l2jserver/gameserver/security/SecondaryPasswordAuth.java

@@ -27,9 +27,9 @@ import java.sql.ResultSet;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import com.l2jserver.Config;
 import com.l2jserver.L2DatabaseFactory;
 import com.l2jserver.gameserver.LoginServerThread;
+import com.l2jserver.gameserver.datatables.SecondaryAuthData;
 import com.l2jserver.gameserver.network.L2GameClient;
 import com.l2jserver.gameserver.network.serverpackets.Ex2ndPasswordAck;
 import com.l2jserver.gameserver.network.serverpackets.Ex2ndPasswordCheck;
@@ -202,18 +202,18 @@ public class SecondaryPasswordAuth
 		if (!password.equals(_password))
 		{
 			_wrongAttempts++;
-			if (_wrongAttempts < Config.SECOND_AUTH_MAX_ATTEMPTS)
+			if (_wrongAttempts < SecondaryAuthData.getInstance().getMaxAttempts())
 			{
 				_activeClient.sendPacket(new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_WRONG, _wrongAttempts));
 				insertWrongAttempt(_wrongAttempts);
 			}
 			else
 			{
-				LoginServerThread.getInstance().sendTempBan(_activeClient.getAccountName(), _activeClient.getConnectionAddress().getHostAddress(), Config.SECOND_AUTH_BAN_TIME);
-				LoginServerThread.getInstance().sendMail(_activeClient.getAccountName(), "SATempBan", _activeClient.getConnectionAddress().getHostAddress(), Integer.toString(Config.SECOND_AUTH_MAX_ATTEMPTS), Long.toString(Config.SECOND_AUTH_BAN_TIME), Config.SECOND_AUTH_REC_LINK);
+				LoginServerThread.getInstance().sendTempBan(_activeClient.getAccountName(), _activeClient.getConnectionAddress().getHostAddress(), SecondaryAuthData.getInstance().getBanTime());
+				LoginServerThread.getInstance().sendMail(_activeClient.getAccountName(), "SATempBan", _activeClient.getConnectionAddress().getHostAddress(), Integer.toString(SecondaryAuthData.getInstance().getMaxAttempts()), Long.toString(SecondaryAuthData.getInstance().getBanTime()), SecondaryAuthData.getInstance().getRecoveryLink());
 				_log.warning(_activeClient.getAccountName() + " - (" + _activeClient.getConnectionAddress().getHostAddress() + ") has inputted the wrong password " + _wrongAttempts + " times in row.");
 				insertWrongAttempt(0);
-				_activeClient.close(new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_BAN, Config.SECOND_AUTH_MAX_ATTEMPTS));
+				_activeClient.close(new Ex2ndPasswordVerify(Ex2ndPasswordVerify.PASSWORD_BAN, SecondaryAuthData.getInstance().getMaxAttempts()));
 			}
 			return false;
 		}
@@ -280,40 +280,6 @@ public class SecondaryPasswordAuth
 			return false;
 		}
 		
-		for (int i = 0; i < (password.length() - 1); i++)
-		{
-			char curCh = password.charAt(i);
-			char nxtCh = password.charAt(i + 1);
-			
-			if ((curCh + 1) == nxtCh)
-			{
-				return false;
-			}
-			else if ((curCh - 1) == nxtCh)
-			{
-				return false;
-			}
-			else if (curCh == nxtCh)
-			{
-				return false;
-			}
-		}
-		
-		for (int i = 0; i < (password.length() - 2); i++)
-		{
-			String toChk = password.substring(i + 1);
-			StringBuffer chkEr = new StringBuffer(password.substring(i, i + 2));
-			
-			if (toChk.contains(chkEr))
-			{
-				return false;
-			}
-			else if (toChk.contains(chkEr.reverse()))
-			{
-				return false;
-			}
-		}
-		_wrongAttempts = 0;
-		return true;
+		return !SecondaryAuthData.getInstance().isForbiddenPassword(password);
 	}
 }