Anti-Duplicate Items

[Swarlog]

Código [Seleccionar] Expandir

diff --git a/L2J_Server_BETA/dist/login/config/LoginServer.properties b/L2J_Server_BETA/dist/login/config/LoginServer.properties
index 20f96e8..5e0e33c 100644
--- a/L2J_Server_BETA/dist/login/config/LoginServer.properties
+++ b/L2J_Server_BETA/dist/login/config/LoginServer.properties
@@ -39,10 +39,6 @@ LoginPort = 9014
 # Security
 # ---------------------------------------------------------------------------
 
-# Logs in file the login server events.
-# Default: True
-LogLoginController = True
-
 # How many times you can provide an invalid account/pass before the IP gets banned.
 # Default: 5
 LoginTryBeforeBan = 5
diff --git a/L2J_Server_BETA/java/com/l2jserver/Config.java b/L2J_Server_BETA/java/com/l2jserver/Config.java
index 330e0a3..0135093 100644
--- a/L2J_Server_BETA/java/com/l2jserver/Config.java
+++ b/L2J_Server_BETA/java/com/l2jserver/Config.java
@@ -948,7 +948,6 @@
 	public static int REQUEST_ID;
 	public static boolean RESERVE_HOST_ON_LOGIN = false;
 	public static List<Integer> PROTOCOL_LIST;
-	public static boolean LOG_LOGIN_CONTROLLER;
 	public static boolean LOGIN_SERVER_SCHEDULE_RESTART;
 	public static long LOGIN_SERVER_SCHEDULE_RESTART_TIME;
 	
@@ -2790,8 +2789,6 @@ else if (Server.serverMode == Server.MODE_LOGINSERVER)
 			LOGIN_TRY_BEFORE_BAN = ServerSettings.getInt("LoginTryBeforeBan", 5);
 			LOGIN_BLOCK_AFTER_BAN = ServerSettings.getInt("LoginBlockAfterBan", 900);
 			
-			LOG_LOGIN_CONTROLLER = ServerSettings.getBoolean("LogLoginController", true);
-			
 			LOGIN_SERVER_SCHEDULE_RESTART = ServerSettings.getBoolean("LoginRestartSchedule", false);
 			LOGIN_SERVER_SCHEDULE_RESTART_TIME = ServerSettings.getLong("LoginRestartTime", 24);
 			
diff --git a/L2J_Server_BETA/java/com/l2jserver/gameserver/util/GMAudit.java b/L2J_Server_BETA/java/com/l2jserver/gameserver/util/GMAudit.java
index bac0c6b..6ad5217 100644
--- a/L2J_Server_BETA/java/com/l2jserver/gameserver/util/GMAudit.java
+++ b/L2J_Server_BETA/java/com/l2jserver/gameserver/util/GMAudit.java
@@ -27,14 +27,13 @@
 import java.util.logging.Logger;
 
 import com.l2jserver.Config;
-import com.l2jserver.util.lib.Log;
 
 /**
  * Audits Game Master's actions.
  */
 public class GMAudit
 {
-	private static final Logger _log = Logger.getLogger(Log.class.getName());
+	private static final Logger _log = Logger.getLogger(GMAudit.class.getName());
 	
 	static
 	{
diff --git a/L2J_Server_BETA/java/com/l2jserver/loginserver/LoginController.java b/L2J_Server_BETA/java/com/l2jserver/loginserver/LoginController.java
index 3da9896..3b80a31 100644
--- a/L2J_Server_BETA/java/com/l2jserver/loginserver/LoginController.java
+++ b/L2J_Server_BETA/java/com/l2jserver/loginserver/LoginController.java
@@ -20,6 +20,7 @@
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.KeyPairGenerator;
 import java.security.MessageDigest;
@@ -29,9 +30,9 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
@@ -44,12 +45,12 @@
 import com.l2jserver.Config;
 import com.l2jserver.L2DatabaseFactory;
 import com.l2jserver.loginserver.GameServerTable.GameServerInfo;
+import com.l2jserver.loginserver.model.data.AccountInfo;
 import com.l2jserver.loginserver.network.L2LoginClient;
 import com.l2jserver.loginserver.network.gameserverpackets.ServerStatus;
 import com.l2jserver.loginserver.network.serverpackets.LoginFail.LoginFailReason;
 import com.l2jserver.util.Rnd;
 import com.l2jserver.util.crypt.ScrambledKeyPair;
-import com.l2jserver.util.lib.Log;
 
 /**
  * This class ...
@@ -67,9 +68,8 @@
 	/** Authed Clients on LoginServer */
 	protected FastMap<String, L2LoginClient> _loginServerClients = new FastMap<String, L2LoginClient>().shared();
 	
-	private final Map<String, BanInfo> _bannedIps = new FastMap<String, BanInfo>().shared();
-	
-	private final Map<InetAddress, FailedLoginAttempt> _hackProtection;
+	private final Map<InetAddress, Integer> _failedLoginAttemps = new HashMap<>();
+	private final Map<InetAddress, Long> _bannedIps = new FastMap<InetAddress, Long>().shared();
 	
 	protected ScrambledKeyPair[] _keyPairs;
 	
@@ -79,7 +79,7 @@
 	private static final int BLOWFISH_KEYS = 20;
 	
 	// SQL Queries
-	private static final String USER_INFO_SELECT = "SELECT password, IF(? > value OR value IS NULL, accessLevel, -1) AS accessLevel, lastServer FROM accounts LEFT JOIN (account_data) ON (account_data.account_name=accounts.login AND account_data.var=\"ban_temp\") WHERE login=?";
+	private static final String USER_INFO_SELECT = "SELECT login, password, IF(? > value OR value IS NULL, accessLevel, -1) AS accessLevel, lastServer FROM accounts LEFT JOIN (account_data) ON (account_data.account_name=accounts.login AND account_data.var=\"ban_temp\") WHERE login=?";
 	private static final String AUTOCREATE_ACCOUNTS_INSERT = "INSERT INTO accounts (login, password, lastactive, accessLevel, lastIP) values (?, ?, ?, ?, ?)";
 	private static final String ACCOUNT_INFO_UPDATE = "UPDATE accounts SET lastactive = ?, lastIP = ? WHERE login = ?";
 	private static final String ACCOUNT_LAST_SERVER_UPDATE = "UPDATE accounts SET lastServer = ? WHERE login = ?";
@@ -87,32 +87,10 @@
 	private static final String ACCOUNT_IPS_UPDATE = "UPDATE accounts SET pcIp = ?, hop1 = ?, hop2 = ?, hop3 = ?, hop4 = ? WHERE login = ?";
 	private static final String ACCOUNT_IPAUTH_SELECT = "SELECT * FROM accounts_ipauth WHERE login = ?";
 	
-	public static void load() throws GeneralSecurityException
-	{
-		synchronized (LoginController.class)
-		{
-			if (_instance == null)
-			{
-				_instance = new LoginController();
-			}
-			else
-			{
-				throw new IllegalStateException("LoginController can only be loaded a single time.");
-			}
-		}
-	}
-	
-	public static LoginController getInstance()
-	{
-		return _instance;
-	}
-	
 	private LoginController() throws GeneralSecurityException
 	{
 		_log.info("Loading LoginController...");
 		
-		_hackProtection = new FastMap<>();
-		
 		_keyPairs = new ScrambledKeyPair[10];
 		
 		KeyPairGenerator keygen = null;
@@ -196,57 +174,154 @@ public L2LoginClient getAuthedClient(String account)
 		return _loginServerClients.get(account);
 	}
 	
-	public static enum AuthLoginResult
+	public AccountInfo retriveAccountInfo(InetAddress clientAddr, String login, String password)
 	{
-		INVALID_PASSWORD,
-		ACCOUNT_BANNED,
-		ALREADY_ON_LS,
-		ALREADY_ON_GS,
-		AUTH_SUCCESS
+		return retriveAccountInfo(clientAddr, login, password, true);
 	}
 	
-	public AuthLoginResult tryAuthLogin(String account, String password, L2LoginClient client)
+	private void recordFailedLoginAttemp(InetAddress addr)
 	{
+		// We need to synchronize this!
+		// When multiple connections from the same address fail to login at the
+		// same time, unexpected behavior can happen.
+		Integer failedLoginAttemps;
+		synchronized (_failedLoginAttemps)
+		{
+			failedLoginAttemps = _failedLoginAttemps.get(addr);
+			if (failedLoginAttemps == null)
+			{
+				failedLoginAttemps = 1;
+			}
+			else
+			{
+				++failedLoginAttemps;
+			}
+			
+			_failedLoginAttemps.put(addr, failedLoginAttemps);
+		}
+		
+		if (failedLoginAttemps >= Config.LOGIN_TRY_BEFORE_BAN)
+		{
+			addBanForAddress(addr, Config.LOGIN_BLOCK_AFTER_BAN * 1000);
+			// we need to clear the failed login attemps here, so after the ip ban is over the client has another 5 attemps
+			clearFailedLoginAttemps(addr);
+			_log.warning("Added banned address " + addr.getHostAddress() + "! Too many login attemps.");
+		}
+	}
+	
+	private void clearFailedLoginAttemps(InetAddress addr)
+	{
+		synchronized (_failedLoginAttemps)
+		{
+			_failedLoginAttemps.remove(addr);
+		}
+	}
+	
+	private AccountInfo retriveAccountInfo(InetAddress addr, String login, String password, boolean autoCreateIfEnabled)
+	{
+		try
+		{
+			MessageDigest md = MessageDigest.getInstance("SHA");
+			byte[] raw = password.getBytes(StandardCharsets.UTF_8);
+			String hashBase64 = Base64.getEncoder().encodeToString(md.digest(raw));
+			
+			try (Connection con = L2DatabaseFactory.getInstance().getConnection();
+				PreparedStatement ps = con.prepareStatement(USER_INFO_SELECT))
+			{
+				ps.setString(1, Long.toString(System.currentTimeMillis()));
+				ps.setString(2, login);
+				try (ResultSet rset = ps.executeQuery())
+				{
+					if (rset.next())
+					{
+						if (Config.DEBUG)
+						{
+							_log.fine("Account '" + login + "' exists.");
+						}
+						
+						AccountInfo info = new AccountInfo(rset.getString("login"), rset.getString("password"), rset.getInt("accessLevel"), rset.getInt("lastServer"));
+						if (!info.checkPassHash(hashBase64))
+						{
+							// wrong password
+							recordFailedLoginAttemp(addr);
+							return null;
+						}
+						
+						clearFailedLoginAttemps(addr);
+						return info;
+					}
+				}
+			}
+			
+			if (!autoCreateIfEnabled || !Config.AUTO_CREATE_ACCOUNTS)
+			{
+				// account does not exist and auto create accoutn is not desired
+				recordFailedLoginAttemp(addr);
+				return null;
+			}
+			
+			try (Connection con = L2DatabaseFactory.getInstance().getConnection();
+				PreparedStatement ps = con.prepareStatement(AUTOCREATE_ACCOUNTS_INSERT))
+			{
+				ps.setString(1, login);
+				ps.setString(2, hashBase64);
+				ps.setLong(3, System.currentTimeMillis());
+				ps.setInt(4, 0);
+				ps.setString(5, addr.getHostAddress());
+				ps.execute();
+			}
+			catch (Exception e)
+			{
+				_log.log(Level.WARNING, "Exception while auto creating account for '" + login + "'!", e);
+				return null;
+			}
+			
+			_log.info("Auto created account '" + login + "'.");
+			return retriveAccountInfo(addr, login, password, false);
+		}
+		catch (Exception e)
+		{
+			_log.log(Level.WARNING, "Exception while retriving account info for '" + login + "'!", e);
+			return null;
+		}
+	}
+	
+	public AuthLoginResult tryCheckinAccount(L2LoginClient client, InetAddress address, AccountInfo info)
+	{
+		if (info.getAccessLevel() < 0)
+		{
+			return AuthLoginResult.ACCOUNT_BANNED;
+		}
+		
 		AuthLoginResult ret = AuthLoginResult.INVALID_PASSWORD;
 		// check auth
-		if (loginValid(account, password, client))
+		if (canCheckin(client, address, info))
 		{
 			// login was successful, verify presence on Gameservers
 			ret = AuthLoginResult.ALREADY_ON_GS;
-			if (!isAccountInAnyGameServer(account))
+			if (!isAccountInAnyGameServer(info.getLogin()))
 			{
 				// account isnt on any GS verify LS itself
 				ret = AuthLoginResult.ALREADY_ON_LS;
 				
-				if (_loginServerClients.putIfAbsent(account, client) == null)
+				if (_loginServerClients.putIfAbsent(info.getLogin(), client) == null)
 				{
 					ret = AuthLoginResult.AUTH_SUCCESS;
 				}
 			}
 		}
-		else
-		{
-			if (client.getAccessLevel() < 0)
-			{
-				ret = AuthLoginResult.ACCOUNT_BANNED;
-			}
-		}
 		return ret;
 	}
 	
 	/**
-	 * Adds the address to the ban list of the login server, with the given duration.
+	 * Adds the address to the ban list of the login server, with the given end tiem in millis.
 	 * @param address The Address to be banned.
 	 * @param expiration Timestamp in miliseconds when this ban expires
 	 * @throws UnknownHostException if the address is invalid.
 	 */
 	public void addBanForAddress(String address, long expiration) throws UnknownHostException
 	{
-		InetAddress netAddress = InetAddress.getByName(address);
-		if (!_bannedIps.containsKey(netAddress.getHostAddress()))
-		{
-			_bannedIps.put(netAddress.getHostAddress(), new BanInfo(netAddress, expiration));
-		}
+		_bannedIps.putIfAbsent(InetAddress.getByName(address), expiration);
 	}
 	
 	/**
@@ -256,16 +331,13 @@ public void addBanForAddress(String address, long expiration) throws UnknownHost
 	 */
 	public void addBanForAddress(InetAddress address, long duration)
 	{
-		if (!_bannedIps.containsKey(address.getHostAddress()))
-		{
-			_bannedIps.put(address.getHostAddress(), new BanInfo(address, System.currentTimeMillis() + duration));
-		}
+		_bannedIps.putIfAbsent(address, System.currentTimeMillis() + duration);
 	}
 	
 	public boolean isBannedAddress(InetAddress address)
 	{
 		String[] parts = address.getHostAddress().split("\\.");
-		BanInfo bi = _bannedIps.get(address.getHostAddress());
+		Long bi = _bannedIps.get(address);
 		if (bi == null)
 		{
 			bi = _bannedIps.get(parts[0] + "." + parts[1] + "." + parts[2] + ".0");
@@ -280,9 +352,10 @@ public boolean isBannedAddress(InetAddress address)
 		}
 		if (bi != null)
 		{
-			if (bi.hasExpired())
+			if ((bi > 0) && (bi < System.currentTimeMillis()))
 			{
-				_bannedIps.remove(address.getHostAddress());
+				_bannedIps.remove(address);
+				_log.info("Removed expired ip address ban " + address.getHostAddress() + ".");
 				return false;
 			}
 			return true;
@@ -290,7 +363,7 @@ public boolean isBannedAddress(InetAddress address)
 		return false;
 	}
 	
-	public Map<String, BanInfo> getBannedIps()
+	public Map<InetAddress, Long> getBannedIps()
 	{
 		return _bannedIps;
 	}
@@ -470,61 +543,21 @@ public ScrambledKeyPair getScrambledRSAKeyPair()
 	}
 	
 	/**
-	 * User name is not case sensitive any more.
-	 * @param user
-	 * @param password
-	 * @param client
-	 * @return
+	 * @param client the client
+	 * @param address client host address
+	 * @param info the account info to checkin
+	 * @return true when ok to checkin, false otherwise
 	 */
-	public boolean loginValid(String user, String password, L2LoginClient client)// throws HackingException
+	public boolean canCheckin(L2LoginClient client, InetAddress address, AccountInfo info)
 	{
-		boolean ok = false;
-		InetAddress address = client.getConnection().getInetAddress();
-		
-		// player disconnected meanwhile
-		if ((address == null) || (user == null))
-		{
-			return false;
-		}
-		
 		try
 		{
-			MessageDigest md = MessageDigest.getInstance("SHA");
-			byte[] raw = password.getBytes("UTF-8");
-			byte[] hash = md.digest(raw);
-			
-			byte[] expected = null;
-			int access = 0;
-			int lastServer = 1;
 			List<InetAddress> ipWhiteList = new ArrayList<>();
 			List<InetAddress> ipBlackList = new ArrayList<>();
 			try (Connection con = L2DatabaseFactory.getInstance().getConnection();
-				PreparedStatement ps = con.prepareStatement(USER_INFO_SELECT))
-			{
-				ps.setString(1, Long.toString(System.currentTimeMillis()));
-				ps.setString(2, user);
-				try (ResultSet rset = ps.executeQuery())
-				{
-					if (rset.next())
-					{
-						expected = Base64.getDecoder().decode(rset.getString("password"));
-						access = rset.getInt("accessLevel");
-						lastServer = rset.getInt("lastServer");
-						if (lastServer <= 0)
-						{
-							lastServer = 1; // minServerId is 1 in Interlude
-						}
-						if (Config.DEBUG)
-						{
-							_log.fine("account exists");
-						}
-					}
-				}
-			}
-			try (Connection con = L2DatabaseFactory.getInstance().getConnection();
 				PreparedStatement ps = con.prepareStatement(ACCOUNT_IPAUTH_SELECT))
 			{
-				ps.setString(1, user);
+				ps.setString(1, info.getLogin());
 				try (ResultSet rset = ps.executeQuery())
 				{
 					String ip, type;
@@ -549,162 +582,40 @@ else if (type.equals("deny"))
 				}
 			}
 			
-			// if account doesn't exists
-			if (expected == null)
-			{
-				if (Config.AUTO_CREATE_ACCOUNTS)
-				{
-					if ((user.length() >= 2) && (user.length() <= 14))
-					{
-						try (Connection con = L2DatabaseFactory.getInstance().getConnection();
-							PreparedStatement ps = con.prepareStatement(AUTOCREATE_ACCOUNTS_INSERT))
-						{
-							ps.setString(1, user);
-							ps.setString(2, Base64.getEncoder().encodeToString(hash));
-							ps.setLong(3, System.currentTimeMillis());
-							ps.setInt(4, 0);
-							ps.setString(5, address.getHostAddress());
-							ps.execute();
-						}
-						
-						if (Config.LOG_LOGIN_CONTROLLER)
-						{
-							Log.add("'" + user + "' " + address.getHostAddress() + " - OK : AccountCreate", "loginlog");
-						}
-						
-						_log.info("Created new account for " + user);
-						return true;
-						
-					}
-					if (Config.LOG_LOGIN_CONTROLLER)
-					{
-						Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : ErrCreatingACC", "loginlog");
-					}
-					
-					_log.warning("Invalid username creation/use attempt: " + user);
-				}
-				else
-				{
-					if (Config.LOG_LOGIN_CONTROLLER)
-					{
-						Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : AccountMissing", "loginlog");
-					}
-					
-					_log.warning("Account missing for user " + user);
-					FailedLoginAttempt failedAttempt = _hackProtection.get(address);
-					int failedCount;
-					if (failedAttempt == null)
-					{
-						_hackProtection.put(address, new FailedLoginAttempt(address, password));
-						failedCount = 1;
-					}
-					else
-					{
-						failedAttempt.increaseCounter();
-						failedCount = failedAttempt.getCount();
-					}
-					
-					if (failedCount >= Config.LOGIN_TRY_BEFORE_BAN)
-					{
-						_log.info("Banning '" + address.getHostAddress() + "' for " + Config.LOGIN_BLOCK_AFTER_BAN + " seconds due to " + failedCount + " invalid user name attempts");
-						this.addBanForAddress(address, Config.LOGIN_BLOCK_AFTER_BAN * 1000);
-					}
-				}
-				return false;
-			}
-			
-			// is this account banned?
-			if (access < 0)
-			{
-				if (Config.LOG_LOGIN_CONTROLLER)
-				{
-					Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : AccountBanned", "loginlog");
-				}
-				
-				client.setAccessLevel(access);
-				return false;
-			}
-			
 			// Check IP
 			if (!ipWhiteList.isEmpty() || !ipBlackList.isEmpty())
 			{
 				if (!ipWhiteList.isEmpty() && !ipWhiteList.contains(address))
 				{
-					if (Config.LOG_LOGIN_CONTROLLER)
-					{
-						Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : INCORRECT IP", "loginlog");
-					}
+					_log.warning("Account checkin attemp from address(" + address.getHostAddress() + ") not present on whitelist for account '" + info.getLogin() + "'.");
 					return false;
 				}
 				
 				if (!ipBlackList.isEmpty() && ipBlackList.contains(address))
 				{
-					if (Config.LOG_LOGIN_CONTROLLER)
-					{
-						Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : BLACKLISTED IP", "loginlog");
-					}
+					_log.warning("Account checkin attemp from address(" + address.getHostAddress() + ") on blacklist for account '" + info.getLogin() + "'.");
 					return false;
 				}
 			}
 			
-			// check password hash
-			ok = Arrays.equals(hash, expected);
-			if (ok)
-			{
-				client.setAccessLevel(access);
-				client.setLastServer(lastServer);
-				try (Connection con = L2DatabaseFactory.getInstance().getConnection();
-					PreparedStatement ps = con.prepareStatement(ACCOUNT_INFO_UPDATE))
-				{
-					ps.setLong(1, System.currentTimeMillis());
-					ps.setString(2, address.getHostAddress());
-					ps.setString(3, user);
-					ps.execute();
-				}
-			}
-		}
-		catch (Exception e)
-		{
-			_log.log(Level.WARNING, "Could not check password:" + e.getMessage(), e);
-			ok = false;
-		}
-		
-		if (!ok)
-		{
-			if (Config.LOG_LOGIN_CONTROLLER)
-			{
-				Log.add("'" + user + "' " + address.getHostAddress() + " - ERR : LoginFailed", "loginlog");
-			}
-			
-			FailedLoginAttempt failedAttempt = _hackProtection.get(address);
-			int failedCount;
-			if (failedAttempt == null)
-			{
-				_hackProtection.put(address, new FailedLoginAttempt(address, password));
-				failedCount = 1;
-			}
-			else
+			client.setAccessLevel(info.getAccessLevel());
+			client.setLastServer(info.getLastServer());
+			try (Connection con = L2DatabaseFactory.getInstance().getConnection();
+				PreparedStatement ps = con.prepareStatement(ACCOUNT_INFO_UPDATE))
 			{
-				failedAttempt.increaseCounter(password);
-				failedCount = failedAttempt.getCount();
+				ps.setLong(1, System.currentTimeMillis());
+				ps.setString(2, address.getHostAddress());
+				ps.setString(3, info.getLogin());
+				ps.execute();
 			}
 			
-			if (failedCount >= Config.LOGIN_TRY_BEFORE_BAN)
-			{
-				_log.info("Banning '" + address.getHostAddress() + "' for " + Config.LOGIN_BLOCK_AFTER_BAN + " seconds due to " + failedCount + " invalid user/pass attempts");
-				this.addBanForAddress(address, Config.LOGIN_BLOCK_AFTER_BAN * 1000);
-			}
+			return true;
 		}
-		else
+		catch (Exception e)
 		{
-			_hackProtection.remove(address);
-			if (Config.LOG_LOGIN_CONTROLLER)
-			{
-				Log.add("'" + user + "' " + address.getHostAddress() + " - OK : LoginOk", "loginlog");
-			}
+			_log.log(Level.WARNING, "Could not finish login process!", e);
+			return false;
 		}
-		
-		return ok;
 	}
 	
 	public boolean isValidIPAddress(String ipAddress)
@@ -726,79 +637,24 @@ public boolean isValidIPAddress(String ipAddress)
 		return true;
 	}
 	
-	class FailedLoginAttempt
+	public static void load() throws GeneralSecurityException
 	{
-		// private InetAddress _ipAddress;
-		private int _count;
-		private long _lastAttempTime;
-		private String _lastPassword;
-		
-		public FailedLoginAttempt(InetAddress address, String lastPassword)
-		{
-			// _ipAddress = address;
-			_count = 1;
-			_lastAttempTime = System.currentTimeMillis();
-			_lastPassword = lastPassword;
-		}
-		
-		public void increaseCounter(String password)
+		synchronized (LoginController.class)
 		{
-			if (!_lastPassword.equals(password))
+			if (_instance == null)
 			{
-				// check if theres a long time since last wrong try
-				if ((System.currentTimeMillis() - _lastAttempTime) < (300 * 1000))
-				{
-					_count++;
-				}
-				else
-				{
-					// restart the status
-					_count = 1;
-					
-				}
-				_lastPassword = password;
-				_lastAttempTime = System.currentTimeMillis();
+				_instance = new LoginController();
 			}
 			else
-			// trying the same password is not brute force
 			{
-				_lastAttempTime = System.currentTimeMillis();
+				throw new IllegalStateException("LoginController can only be loaded a single time.");
 			}
 		}
-		
-		public int getCount()
-		{
-			return _count;
-		}
-		
-		public void increaseCounter()
-		{
-			_count++;
-		}
-		
 	}
 	
-	class BanInfo
+	public static LoginController getInstance()
 	{
-		private final InetAddress _ipAddress;
-		// Expiration
-		private final long _expiration;
-		
-		public BanInfo(InetAddress ipAddress, long expiration)
-		{
-			_ipAddress = ipAddress;
-			_expiration = expiration;
-		}
-		
-		public InetAddress getAddress()
-		{
-			return _ipAddress;
-		}
-		
-		public boolean hasExpired()
-		{
-			return (System.currentTimeMillis() > _expiration) && (_expiration > 0);
-		}
+		return _instance;
 	}
 	
 	class PurgeThread extends Thread
@@ -836,4 +692,13 @@ public void run()
 			}
 		}
 	}
+	
+	public static enum AuthLoginResult
+	{
+		INVALID_PASSWORD,
+		ACCOUNT_BANNED,
+		ALREADY_ON_LS,
+		ALREADY_ON_GS,
+		AUTH_SUCCESS
+	}
 }
diff --git a/L2J_Server_BETA/java/com/l2jserver/loginserver/model/data/AccountInfo.java b/L2J_Server_BETA/java/com/l2jserver/loginserver/model/data/AccountInfo.java
new file mode 100644
index 0000000..55f9f2e
--- /dev/null
+++ b/L2J_Server_BETA/java/com/l2jserver/loginserver/model/data/AccountInfo.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2004-2014 L2J Server
+ * 
+ * This file is part of L2J Server.
+ * 
+ * L2J Server is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * L2J Server is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.l2jserver.loginserver.model.data;
+
+/**
+ * @author FBIagent
+ */
+public final class AccountInfo
+{
+	private final String _login;
+	private final String _passHash;
+	private final int _accessLevel;
+	private final int _lastServer;
+	
+	public AccountInfo(String login, String passHash, int accessLevel, int lastServer)
+	{
+		if (login == null)
+		{
+			throw new NullPointerException("login");
+		}
+		if (passHash == null)
+		{
+			throw new NullPointerException("passHash");
+		}
+		
+		if (login.isEmpty())
+		{
+			throw new IllegalArgumentException("login");
+		}
+		if (passHash.isEmpty())
+		{
+			throw new IllegalArgumentException("passHash");
+		}
+		
+		_login = login;
+		_passHash = passHash;
+		_accessLevel = accessLevel;
+		_lastServer = lastServer;
+	}
+	
+	public boolean checkPassHash(String passHash)
+	{
+		return _passHash.equals(passHash);
+	}
+	
+	public String getLogin()
+	{
+		return _login;
+	}
+	
+	public int getAccessLevel()
+	{
+		return _accessLevel;
+	}
+	
+	public int getLastServer()
+	{
+		return _lastServer;
+	}
+}
diff --git a/L2J_Server_BETA/java/com/l2jserver/loginserver/network/clientpackets/RequestAuthLogin.java b/L2J_Server_BETA/java/com/l2jserver/loginserver/network/clientpackets/RequestAuthLogin.java
index 79e78c4..46f3fc6 100644
--- a/L2J_Server_BETA/java/com/l2jserver/loginserver/network/clientpackets/RequestAuthLogin.java
+++ b/L2J_Server_BETA/java/com/l2jserver/loginserver/network/clientpackets/RequestAuthLogin.java
@@ -18,6 +18,7 @@
  */
 package com.l2jserver.loginserver.network.clientpackets;
 
+import java.net.InetAddress;
 import java.security.GeneralSecurityException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -28,6 +29,7 @@
 import com.l2jserver.loginserver.GameServerTable.GameServerInfo;
 import com.l2jserver.loginserver.LoginController;
 import com.l2jserver.loginserver.LoginController.AuthLoginResult;
+import com.l2jserver.loginserver.model.data.AccountInfo;
 import com.l2jserver.loginserver.network.L2LoginClient;
 import com.l2jserver.loginserver.network.L2LoginClient.LoginClientState;
 import com.l2jserver.loginserver.network.serverpackets.AccountKicked;
@@ -118,15 +120,25 @@ public void run()
 			return;
 		}
 		
+		InetAddress clientAddr = getClient().getConnection().getInetAddress();
+		
 		final LoginController lc = LoginController.getInstance();
-		AuthLoginResult result = lc.tryAuthLogin(_user, _password, client);
+		AccountInfo info = lc.retriveAccountInfo(clientAddr, _user, _password);
+		if (info == null)
+		{
+			// user or pass wrong
+			client.close(LoginFailReason.REASON_USER_OR_PASS_WRONG);
+			return;
+		}
+		
+		AuthLoginResult result = lc.tryCheckinAccount(client, clientAddr, info);
 		switch (result)
 		{
 			case AUTH_SUCCESS:
-				client.setAccount(_user);
+				client.setAccount(info.getLogin());
 				client.setState(LoginClientState.AUTHED_LOGIN);
-				client.setSessionKey(lc.assignSessionKeyToClient(_user, client));
-				lc.getCharactersOnAccount(_user);
+				client.setSessionKey(lc.assignSessionKeyToClient(info.getLogin(), client));
+				lc.getCharactersOnAccount(info.getLogin());
 				if (Config.SHOW_LICENCE)
 				{
 					client.sendPacket(new LoginOk(getClient().getSessionKey()));
@@ -141,28 +153,28 @@ public void run()
 				break;
 			case ACCOUNT_BANNED:
 				client.close(new AccountKicked(AccountKickedReason.REASON_PERMANENTLY_BANNED));
-				break;
+				return;
 			case ALREADY_ON_LS:
 				L2LoginClient oldClient;
-				if ((oldClient = lc.getAuthedClient(_user)) != null)
+				if ((oldClient = lc.getAuthedClient(info.getLogin())) != null)
 				{
 					// kick the other client
 					oldClient.close(LoginFailReason.REASON_ACCOUNT_IN_USE);
-					lc.removeAuthedLoginClient(_user);
+					lc.removeAuthedLoginClient(info.getLogin());
 				}
 				// kick also current client
 				client.close(LoginFailReason.REASON_ACCOUNT_IN_USE);
 				break;
 			case ALREADY_ON_GS:
 				GameServerInfo gsi;
-				if ((gsi = lc.getAccountOnGameServer(_user)) != null)
+				if ((gsi = lc.getAccountOnGameServer(info.getLogin())) != null)
 				{
 					client.close(LoginFailReason.REASON_ACCOUNT_IN_USE);
 					
 					// kick from there
 					if (gsi.isAuthed())
 					{
-						gsi.getGameServerThread().kickPlayer(_user);
+						gsi.getGameServerThread().kickPlayer(info.getLogin());
 					}
 				}
 				break;
diff --git a/L2J_Server_BETA/java/com/l2jserver/util/lib/Log.java b/L2J_Server_BETA/java/com/l2jserver/util/lib/Log.java
deleted file mode 100644
index ddfdac6..0000000
--- a/L2J_Server_BETA/java/com/l2jserver/util/lib/Log.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2004-2014 L2J Server
- * 
- * This file is part of L2J Server.
- * 
- * L2J Server is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * 
- * L2J Server is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-package com.l2jserver.util.lib;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import com.l2jserver.Config;
-
-/**
- * @version 0.1, 2005-06-06
- * @author Balancer
- */
-public class Log
-{
-	private static final Logger _log = Logger.getLogger(Log.class.getName());
-	
-	public static final void add(String text, String cat)
-	{
-		String date = (new SimpleDateFormat("yy.MM.dd H:mm:ss")).format(new Date());
-		String curr = (new SimpleDateFormat("yyyy-MM-dd-")).format(new Date());
-		new File("log/game").mkdirs();
-		
-		final File file = new File("log/game/" + (curr != null ? curr : "") + (cat != null ? cat : "unk") + ".txt");
-		try (FileWriter save = new FileWriter(file, true))
-		{
-			save.write("[" + date + "] " + text + Config.EOL);
-		}
-		catch (IOException e)
-		{
-			_log.log(Level.WARNING, "Error saving logfile: ", e);
-		}
-	}
-}