From 60f60de8aefeebd1de0bf6c940558902226d7747 Mon Sep 17 00:00:00 2001
From: Guillaume Melquiond <guillaume.melquiond@gmail.com>
Date: Fri, 31 Aug 2007 10:02:36 +0000
Subject: Plugged several account leaks on error. Prevented banned players from
 logging in.

---
 ChangeLog                             |  6 ++++++
 src/account-server/accounthandler.cpp | 15 ++++++++++++---
 src/account-server/dalstorage.cpp     | 20 ++++++++++++++++++++
 src/account-server/dalstorage.hpp     | 10 ++++++++--
 src/defines.h                         |  3 ++-
 5 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1f3ffe5b..65fdf719 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,12 @@
 	src/account-server/accounthandler.cpp,
 	src/account-server/accountclient.cpp: Removed selected character from
 	client data. Cleaned account handler.
+	* src/account-server/dalstorage.cpp, src/account-server/dalstorage.hpp:
+	Added helper for querying existence of usernames.
+	* src/account-server/accounthandler.cpp: Plugged several account leaks
+	on error.
+	* src/defines.h, src/account-server/accounthandler.cpp: Prevented
+	banned users from logging in.
 
 2007-08-30  Guillaume Melquiond  <guillaume.melquiond@gmail.com>
 
diff --git a/src/account-server/accounthandler.cpp b/src/account-server/accounthandler.cpp
index 8c69b066..e7fc2ceb 100644
--- a/src/account-server/accounthandler.cpp
+++ b/src/account-server/accounthandler.cpp
@@ -180,7 +180,7 @@ AccountHandler::handleLoginMessage(AccountClient &computer, MessageIn &msg)
         return;
     }
 
-    unsigned long clientVersion = msg.readLong();
+    int clientVersion = msg.readLong();
 
     if (clientVersion < config.getValue("clientVersion", 0))
     {
@@ -213,6 +213,15 @@ AccountHandler::handleLoginMessage(AccountClient &computer, MessageIn &msg)
     {
         reply.writeByte(ERRMSG_INVALID_ARGUMENT);
         computer.send(reply);
+        delete acc;
+        return;
+    }
+
+    if (acc->getLevel() == AL_BANNED)
+    {
+        reply.writeByte(LOGIN_BANNED);
+        computer.send(reply);
+        delete acc;
         return;
     }
 
@@ -231,7 +240,6 @@ AccountHandler::handleLoginMessage(AccountClient &computer, MessageIn &msg)
     {
         sendCharacterData(computer, i, *chars[i]);
     }
-    return;
 }
 
 void
@@ -320,7 +328,7 @@ AccountHandler::handleRegisterMessage(AccountClient &computer, MessageIn &msg)
         reply.writeByte(ERRMSG_INVALID_ARGUMENT);
     }
     // Check whether the account already exists.
-    else if (storage->getAccount(username))
+    else if (storage->doesUserNameExist(username))
     {
         reply.writeByte(REGISTER_EXISTS_USERNAME);
     }
@@ -379,6 +387,7 @@ AccountHandler::handleUnregisterMessage(AccountClient &computer,
     {
         reply.writeByte(ERRMSG_INVALID_ARGUMENT);
         computer.send(reply);
+        delete acc;
         return;
     }
 
diff --git a/src/account-server/dalstorage.cpp b/src/account-server/dalstorage.cpp
index 31606e8f..70b1cdfb 100644
--- a/src/account-server/dalstorage.cpp
+++ b/src/account-server/dalstorage.cpp
@@ -429,6 +429,26 @@ DALStorage::getEmailList()
 }
 #endif
 
+bool DALStorage::doesUserNameExist(std::string const &name)
+{
+    try {
+        std::ostringstream sql;
+        sql << "select count(username) from " << ACCOUNTS_TBL_NAME
+            << " where username = \"" << name << "\";";
+        dal::RecordSet const &accountInfo = mDb->execSql(sql.str());
+
+        std::istringstream ssStream(accountInfo(0, 0));
+        unsigned int iReturn = 1;
+        ssStream >> iReturn;
+        return iReturn != 0;
+    } catch (std::exception const &e) {
+        // TODO: throw an exception.
+        LOG_ERROR("(DALStorage::doesUserNameExist) SQL query failure: " << e.what());
+    }
+
+    return true;
+}
+
 /**
  * Tells if the email address already exists
  * @return true if the email address exists.
diff --git a/src/account-server/dalstorage.hpp b/src/account-server/dalstorage.hpp
index aa9ad7f0..abc9d314 100644
--- a/src/account-server/dalstorage.hpp
+++ b/src/account-server/dalstorage.hpp
@@ -128,6 +128,12 @@ class DALStorage
         getEmailList();
 #endif
 
+        /**
+         * Tells if the user name already exists.
+         * @return true if the user name exists.
+         */
+        bool doesUserNameExist(std::string const &name);
+
         /**
          * Tells if the email address already exists.
          * @return true if the email address exists.
@@ -135,8 +141,8 @@ class DALStorage
         bool doesEmailAddressExist(std::string const &email);
 
         /**
-         * Tells if the character's name already exists
-         * @return true if character's name exists.
+         * Tells if the character name already exists.
+         * @return true if the character name exists.
          */
         bool doesCharacterNameExist(std::string const &name);
 
diff --git a/src/defines.h b/src/defines.h
index fff197c5..cf1db301 100644
--- a/src/defines.h
+++ b/src/defines.h
@@ -270,7 +270,8 @@ enum {
 // Login specific return values
 enum {
     LOGIN_INVALID_VERSION = 0x40,       // the user is using an incompatible protocol
-    LOGIN_SERVER_FULL                   // the server is overloaded
+    LOGIN_SERVER_FULL,                  // the server is overloaded
+    LOGIN_BANNED                        // the user is currently banned
 };
 
 // Account register specific return values
-- 
cgit v1.2.3-70-g09d2