Login problems

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

Laxika
Posts: 10
Joined: 14 Jun 2010, 12:41

Login problems

Postby Laxika » 12 Apr 2011, 16:37

Sry guys about another stupid 'login problems' topic, but I can't figure this out alone, and SFS just looks too cool to stop trying. :)

I have this class to check my login stuff:

Code: Select all

package sfsext;

import com.smartfoxserver.v2.core.ISFSEvent;
import com.smartfoxserver.v2.core.SFSEventParam;
import com.smartfoxserver.v2.db.IDBManager;
import com.smartfoxserver.v2.entities.data.ISFSArray;
import com.smartfoxserver.v2.exceptions.SFSErrorCode;
import com.smartfoxserver.v2.exceptions.SFSErrorData;
import com.smartfoxserver.v2.exceptions.SFSException;
import com.smartfoxserver.v2.exceptions.SFSLoginException;
import com.smartfoxserver.v2.extensions.BaseServerEventHandler;
import java.sql.SQLException;

public class LoginEventHandler extends BaseServerEventHandler {

    @Override
    public void handleServerEvent(ISFSEvent event) throws SFSException {
        try {
            trace("New player login!");
            String name = (String) event.getParameter(SFSEventParam.LOGIN_NAME);
            String pass = (String) event.getParameter(SFSEventParam.LOGIN_PASSWORD);
           
            trace("NAME: " + name + " PASS: "+pass);

            IDBManager dbManager = getParentExtension().getParentZone().getDBManager();
            String sql = "SELECT userPass,userId FROM users WHERE userName='" + name + "'";
            ISFSArray res = dbManager.executeQuery(sql);

            if (!getApi().checkSecurePassword(session, res.getUtfString(20), pass)) {
                SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);
                data.addParameter(name);

                throw new SFSLoginException("Login failed for user: " + name, data);
            }

            trace("Value of the array: " + res.getDump());
        } catch (SQLException ex) {
            trace(ex);
        }
    }
}


Database is ok, but I get a hash from the client. I figured it out that the server send the pass in a hash form becouse of some security stuff.

I tired to compare the pass in the database with the pass i get, but firstly I can't get the session variable. Compiler says smthing like no such a variable in my class. Secondly I can't figure out what integer should I use in the res.getUtfString(20) method. (I just randomly wroted 20)

I hope you can help me out.

~ Laxi
Democre
Posts: 77
Joined: 16 Sep 2010, 17:58

Postby Democre » 12 Apr 2011, 17:42

The checkSecurePassword() which takes the session, the password from db, and hashed password from client, is the only way to check that the hash received from the client is expected for the one in your database.

In your case you would need something like

Code: Select all

...
IDBManager dbManager = getParentExtension().getParentZone().getDBManager();
String sql = "SELECT userPass,userId FROM users WHERE userName='" + name + "'";
ISFSArray res = dbManager.executeQuery(sql);

if(res != null && res.size() >0){
   //only get first result
   ISFSObject rowObj = res.getSFSObject(0);
   String dbPass = rowObj.getUtfString("userPass");

   if (!getApi().checkSecurePassword(session, dbPass, pass)) {
      SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);
      data.addParameter(name);

      throw new SFSLoginException("Login failed for user: " + name, data);
   }
}
...
Laxika
Posts: 10
Joined: 14 Jun 2010, 12:41

Postby Laxika » 12 Apr 2011, 18:17

Thanks for the reply. Your code looks clear for me. I have only one problem left, I get this error:


C:\SFSExt\src\sfsext\LoginEventHandler.java:34: cannot find symbol
symbol : variable session
location: class sfsext.LoginEventHandler
if (!getApi().checkSecurePassword(session, dbPass, pass)) {

I know what this means, but don't know how to get the session object.

Thanks a lot, Laxi
Democre
Posts: 77
Joined: 16 Sep 2010, 17:58

Postby Democre » 12 Apr 2011, 18:26

Code: Select all

...
ISession session = (ISession) event.getParameter(SFSEventParam.SESSION);
...


Add this line where you're declaring name and pass, also you would need the correct import at the top.

If you're trying to get the session after login, you would get it from the user passed into your handlers rather than from the event (the event parameter session appears not to be filled in subsequent events).
Laxika
Posts: 10
Joined: 14 Jun 2010, 12:41

Postby Laxika » 12 Apr 2011, 18:33

Thank you very much! Finally everything works as I want, and I can work on it. Thanks a lot!!

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 74 guests