smartfoxserver.com

SmartFoxServer support forums
https://www.smartfoxserver.com/forums/

Login problems

https://www.smartfoxserver.com/forums/viewtopic.php?f=18&t=10776

Page 1 of 1

Login problems

Posted: 12 Apr 2011, 16:37
by Laxika
Sry guys about another stupid 'login problems' topic, but I can't figure this out alone, and SFS just looks too cool to stop trying. :)

I have this class to check my login stuff:

Code: Select all

package sfsext;

import com.smartfoxserver.v2.core.ISFSEvent;
import com.smartfoxserver.v2.core.SFSEventParam;
import com.smartfoxserver.v2.db.IDBManager;
import com.smartfoxserver.v2.entities.data.ISFSArray;
import com.smartfoxserver.v2.exceptions.SFSErrorCode;
import com.smartfoxserver.v2.exceptions.SFSErrorData;
import com.smartfoxserver.v2.exceptions.SFSException;
import com.smartfoxserver.v2.exceptions.SFSLoginException;
import com.smartfoxserver.v2.extensions.BaseServerEventHandler;
import java.sql.SQLException;

public class LoginEventHandler extends BaseServerEventHandler {

    @Override
    public void handleServerEvent(ISFSEvent event) throws SFSException {
        try {
            trace("New player login!");
            String name = (String) event.getParameter(SFSEventParam.LOGIN_NAME);
            String pass = (String) event.getParameter(SFSEventParam.LOGIN_PASSWORD);
           
            trace("NAME: " + name + " PASS: "+pass);

            IDBManager dbManager = getParentExtension().getParentZone().getDBManager();
            String sql = "SELECT userPass,userId FROM users WHERE userName='" + name + "'";
            ISFSArray res = dbManager.executeQuery(sql);

            if (!getApi().checkSecurePassword(session, res.getUtfString(20), pass)) {
                SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);
                data.addParameter(name);

                throw new SFSLoginException("Login failed for user: " + name, data);
            }

            trace("Value of the array: " + res.getDump());
        } catch (SQLException ex) {
            trace(ex);
        }
    }
}


Database is ok, but I get a hash from the client. I figured it out that the server send the pass in a hash form becouse of some security stuff.

I tired to compare the pass in the database with the pass i get, but firstly I can't get the session variable. Compiler says smthing like no such a variable in my class. Secondly I can't figure out what integer should I use in the res.getUtfString(20) method. (I just randomly wroted 20)

I hope you can help me out.

~ Laxi

Posted: 12 Apr 2011, 17:42
by Democre
The checkSecurePassword() which takes the session, the password from db, and hashed password from client, is the only way to check that the hash received from the client is expected for the one in your database.

In your case you would need something like

Code: Select all

...
IDBManager dbManager = getParentExtension().getParentZone().getDBManager();
String sql = "SELECT userPass,userId FROM users WHERE userName='" + name + "'";
ISFSArray res = dbManager.executeQuery(sql);

if(res != null && res.size() >0){
   //only get first result
   ISFSObject rowObj = res.getSFSObject(0);
   String dbPass = rowObj.getUtfString("userPass");

   if (!getApi().checkSecurePassword(session, dbPass, pass)) {
      SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);
      data.addParameter(name);

      throw new SFSLoginException("Login failed for user: " + name, data);
   }
}
...

Posted: 12 Apr 2011, 18:17
by Laxika
Thanks for the reply. Your code looks clear for me. I have only one problem left, I get this error:


C:\SFSExt\src\sfsext\LoginEventHandler.java:34: cannot find symbol
symbol : variable session
location: class sfsext.LoginEventHandler
if (!getApi().checkSecurePassword(session, dbPass, pass)) {

I know what this means, but don't know how to get the session object.

Thanks a lot, Laxi

Posted: 12 Apr 2011, 18:26
by Democre

Code: Select all

...
ISession session = (ISession) event.getParameter(SFSEventParam.SESSION);
...


Add this line where you're declaring name and pass, also you would need the correct import at the top.

If you're trying to get the session after login, you would get it from the user passed into your handlers rather than from the event (the event parameter session appears not to be filled in subsequent events).

Posted: 12 Apr 2011, 18:33
by Laxika
Thank you very much! Finally everything works as I want, and I can work on it. Thanks a lot!!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/