path: root/src/login_sql/login.c

// Copyright (c) Athena Dev Teams - Licensed under GNU GPL
// For more information, see LICENCE in the main folder

#include <sys/types.h>

#ifdef LCCWIN32
#include <winsock.h>
#else
#ifdef __WIN32
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <winsock2.h>
#else
#include <sys/socket.h>
#include <netinet/in.h> 
#include <arpa/inet.h>
#include <netdb.h>
#endif
#endif

#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h> // for stat/lstat/fstat
#include <signal.h>
#include <fcntl.h>
#include <string.h>

//add include for DBMS(mysql)
#include <mysql.h>

#include "../common/core.h"
#include "../common/socket.h"
#include "../common/malloc.h"
#include "../common/db.h"
#include "../common/timer.h"
#include "../common/strlib.h"
#include "../common/mmo.h"
#include "../common/showmsg.h"
#include "../common/version.h"
#include "../common/cbasetypes.h"
#include "login.h"

#ifdef PASSWORDENC
#include "md5calc.h"
#endif

#define J_MAX_MALLOC_SIZE 65535

//-----------------------------------------------------
// global variable
//-----------------------------------------------------
int use_dnsbl=0; // [Zido]
char dnsbl_servs[1024];
int server_num;
int new_account_flag = 0; //Set from config too XD [Sirius]
in_addr_t bind_ip= 0;
char bind_ip_str[128];
int login_port = 6900;

// Advanced subnet check [LuzZza]
struct _subnet {
	long subnet;
	long mask;
	long char_ip;
	long map_ip;
} subnet[16];

int subnet_count = 0;

struct mmo_char_server server[MAX_SERVERS];
int server_fd[MAX_SERVERS];

int login_fd;

//Account flood protection [Kevin]
unsigned int new_reg_tick=0;
int allowed_regs=1;
int num_regs=0;
int time_allowed=10; //Init this to 10 secs, not 10K secs [Skotlex]

char date_format[32] = "%Y-%m-%d %H:%M:%S";
unsigned int auth_num = 0, auth_max = 0;

int min_level_to_connect = 0; // minimum level of player/GM (0: player, 1-99: gm) to connect on the server
int check_ip_flag = 1; // It's to check IP of a player between login-server and char-server (part of anti-hacking system)
int check_client_version = 0; //Client version check ON/OFF .. (sirius)
int client_version_to_connect = 20; //Client version needed to connect ..(sirius)
static int online_check=1; //When set to 1, login server rejects incoming players that are already registered as online. [Skotlex]
static int ip_sync_interval = 0;

MYSQL mysql_handle;

int ipban = 1;
int dynamic_account_ban = 1;
int dynamic_account_ban_class = 0;
int dynamic_pass_failure_ban = 1;
int dynamic_pass_failure_ban_time = 5;
int dynamic_pass_failure_ban_how_many = 3;
int dynamic_pass_failure_ban_how_long = 60;

int login_server_port = 3306;
char login_server_ip[32] = "127.0.0.1";
char login_server_id[32] = "ragnarok";
char login_server_pw[32] = "ragnarok";
char login_server_db[32] = "ragnarok";
char default_codepage[32] = ""; //Feature by irmin.
int use_md5_passwds = 0;
char login_db[256] = "login";
int log_login=1; //Whether to log the logins or not. [Skotlex]
char loginlog_db[256] = "loginlog";
bool login_gm_read = true;
int connection_ping_interval = 0;

// added to help out custom login tables, without having to recompile
// source so options are kept in the login_athena.conf or the inter_athena.conf
char login_db_account_id[256] = "account_id";
char login_db_userid[256] = "userid";
char login_db_user_pass[256] = "user_pass";
char login_db_level[256] = "level";

char gm_db[256] = "gm_accounts";

char reg_db[256] = "global_reg_value";

struct gm_account *gm_account_db;
int GM_num;
char tmpsql[65535], tmp_sql[65535];

int console = 0;

int case_sensitive = 1;

//-----------------------------------------------------

#define AUTH_FIFO_SIZE 256
struct {
	int account_id,login_id1,login_id2;
	int ip,sex,delflag;
} auth_fifo[AUTH_FIFO_SIZE];

int auth_fifo_pos = 0;

struct online_login_data {
	int account_id;
	short char_server;
	short waiting_disconnect;
};

//-----------------------------------------------------

static char md5key[20], md5keylen = 16;

struct dbt *online_db;

static void* create_online_user(DBKey key, va_list args) {
	struct online_login_data *p;
	p = aCalloc(1, sizeof(struct online_login_data));
	p->account_id = key.i;
	p->char_server = -1;
	return p;	
}

int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len);

//-----------------------------------------------------
// Online User Database [Wizputer]
//-----------------------------------------------------

void add_online_user(int char_server, int account_id) {
	struct online_login_data *p;
	if (!online_check)
		return;
	p = idb_ensure(online_db, account_id, create_online_user);
	p->char_server = char_server;
	p->waiting_disconnect = 0;
}

int is_user_online(int account_id) {
	return (idb_get(online_db, account_id) != NULL);
}

void remove_online_user(int account_id) {
	if(!online_check)
		return;
	if (account_id == 99) {	// reset all to offline
		online_db->clear(online_db, NULL);
		return;
	}
	idb_remove(online_db,account_id);
}

int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data)
{
	struct online_login_data *p;
	if ((p= idb_get(online_db, id)) != NULL && p->waiting_disconnect)
		remove_online_user(id);
	return 0;
}

static int sync_ip_addresses(int tid, unsigned int tick, int id, int data){
	unsigned char buf[2];
	ShowInfo("IP Sync in progress...\n");
	WBUFW(buf,0) = 0x2735;
	charif_sendallwos(-1, buf, 2);
	return 0;
}

//-----------------------------------------------------
// Read GM accounts
//-----------------------------------------------------
void read_gm_account(void) {
	MYSQL_RES* sql_res ;
	MYSQL_ROW sql_row;

	if(!login_gm_read)
		return;
	sprintf(tmp_sql, "SELECT `%s`,`%s` FROM `%s` WHERE `%s`> '0'",login_db_account_id,login_db_level,login_db,login_db_level);
	if (mysql_query(&mysql_handle, tmp_sql)) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		return; //Failed to read GM list!
	}

	if (gm_account_db != NULL)
	{
		aFree(gm_account_db);
		gm_account_db = NULL;
	}
	GM_num = 0;

	sql_res = mysql_store_result(&mysql_handle);
	if (sql_res) {
		gm_account_db = (struct gm_account*)aCalloc((size_t)mysql_num_rows(sql_res), sizeof(struct gm_account));
		while ((sql_row = mysql_fetch_row(sql_res))) {
			gm_account_db[GM_num].account_id = atoi(sql_row[0]);
			gm_account_db[GM_num].level = atoi(sql_row[1]);
			GM_num++;
		}
		mysql_free_result(sql_res);
	}
}

//-----------------------------------------------------
// Send GM accounts to all char-server
//-----------------------------------------------------
void send_GM_accounts(int fd) {
	int i;
	unsigned char buf[32767];
	int len;

	if(!login_gm_read)
		return;
	len = 4;
	WBUFW(buf,0) = 0x2732;
	for(i = 0; i < GM_num; i++)
		// send only existing accounts. We can not create a GM account when server is online.
		if (gm_account_db[i].level > 0) {
			WBUFL(buf,len) = gm_account_db[i].account_id;
			WBUFB(buf,len+4) = (unsigned char)gm_account_db[i].level;
			len += 5;
			if (len >= 32000) {
				ShowWarning("send_GM_accounts: Too many accounts! Only %d out of %d were sent.\n", i, GM_num);
				break;
			}
		}
		WBUFW(buf,2) = len;
		if (fd == -1)
			charif_sendallwos(-1, buf, len);
		else
		{
			memcpy(WFIFOP(fd,0), buf, len);
			WFIFOSET(fd,len);
		}
		return;
}

//-----------------------------------------------------
// check user level
//-----------------------------------------------------
/*
int isGM(int account_id) {
	int level;

	MYSQL_RES* 	sql_res;
	MYSQL_ROW	sql_row;
	level = 0;
	sprintf(tmpsql,"SELECT `%s` FROM `%s` WHERE `%s`='%d'", login_db_level, login_db, login_db_account_id, account_id);
	if (mysql_query(&mysql_handle, tmpsql)) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
	}
	sql_res = mysql_store_result(&mysql_handle);
	if (sql_res) {
		sql_row = mysql_fetch_row(sql_res);
		level = atoi(sql_row[0]);
		if (level > 99)
			level = 99;
	}

	if (level == 0) {
		return 0;
		//not GM
	}

	mysql_free_result(sql_res);

	return level;
}
*/

//---------------------------------------------------
// E-mail check: return 0 (not correct) or 1 (valid).
//---------------------------------------------------
int e_mail_check(char *email) {
	char ch;
	char* last_arobas;

	// athena limits
	if (strlen(email) < 3 || strlen(email) > 39)
		return 0;

	// part of RFC limits (official reference of e-mail description)
	if (strchr(email, '@') == NULL || email[strlen(email)-1] == '@')
		return 0;

	if (email[strlen(email)-1] == '.')
		return 0;

	last_arobas = strrchr(email, '@');

	if (strstr(last_arobas, "@.") != NULL ||
		strstr(last_arobas, "..") != NULL)
		return 0;

	for(ch = 1; ch < 32; ch++) {
		if (strchr(last_arobas, ch) != NULL) {
			return 0;
			break;
		}
	}

	if (strchr(last_arobas, ' ') != NULL ||
		strchr(last_arobas, ';') != NULL)
		return 0;

	// all correct
	return 1;
}

/*======================================================
 * Does a mysql_ping to all connection handles. [Skotlex]
 *------------------------------------------------------
 */
int login_sql_ping(int tid, unsigned int tick, int id, int data) 
{
	ShowInfo("Pinging SQL server to keep connection alive...\n");
	mysql_ping(&mysql_handle);
	return 0;
}

//-----------------------------------------------------
// Read Account database - mysql db
//-----------------------------------------------------
int mmo_auth_sqldb_init(void) {

	ShowStatus("Login server init....\n");

	// memory initialize
	ShowStatus("memory initialize....\n");

	mysql_init(&mysql_handle);

	// DB connection start
	ShowStatus("Connect Login Database Server....\n");
	if (!mysql_real_connect(&mysql_handle, login_server_ip, login_server_id, login_server_pw,
	    login_server_db, login_server_port, (char *)NULL, 0)) {
		// pointer check
		ShowFatalError("%s\n", mysql_error(&mysql_handle));
		exit(1);
	} else {
		ShowStatus("Connect success!\n");
	}
	if( strlen(default_codepage) > 0 ) {
		sprintf( tmpsql, "SET NAMES %s", default_codepage );
		if (mysql_query(&mysql_handle, tmpsql)) {
			ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
			ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql);
		}
	}

	if (log_login)
	{
		sprintf(tmpsql, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100','login server started')", loginlog_db);

		//query
		if (mysql_query(&mysql_handle, tmpsql)) {
			ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
			ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		}
	}

	if (connection_ping_interval) {
		add_timer_func_list(login_sql_ping, "login_sql_ping");
		add_timer_interval(gettick()+connection_ping_interval*60*60*1000,
				login_sql_ping, 0, 0, connection_ping_interval*60*60*1000);
	}
	return 0;
}

//-----------------------------------------------------
// DB server connect check
//-----------------------------------------------------
void mmo_auth_sqldb_sync(void) {
	// db connect check? or close?
	// ping pong DB server -if losted? then connect try. else crash.
}

//-----------------------------------------------------
// close DB
//-----------------------------------------------------
void mmo_db_close(void) {
	int i, fd;

	//set log.
	if (log_login)
	{
		sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100', 'login server shutdown')", loginlog_db);

		//query
		if (mysql_query(&mysql_handle, tmpsql)) {
			ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
			ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		}
	}
/*
	//delete all server status
	sprintf(tmpsql,"DELETE FROM `sstatus`");
	//query
	if (mysql_query(&mysql_handle, tmpsql)) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
	}
	mysql_close(&mysql_handle);
	ShowStatus("close DB connect....\n");
*/

	for (i = 0; i < MAX_SERVERS; i++) {
		if ((fd = server_fd[i]) >= 0)
		{	//Clean only data related to servers we are connected to. [Skotlex]
			sprintf(tmpsql,"DELETE FROM `sstatus` WHERE `index` = '%d'", i);
			if (mysql_query(&mysql_handle, tmpsql))
			{
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			delete_session(fd);
		}
	}
	mysql_close(&mysql_handle);
	ShowStatus("close DB connect....\n");
	delete_session(login_fd);
}

//-----------------------------------------------------
// Make new account
//-----------------------------------------------------
int mmo_auth_new(struct mmo_account* account, char sex)
{
	MYSQL_RES* 	sql_res;
	unsigned int tick = gettick();
	char user_password[256];
	//Account Registration Flood Protection by [Kevin]
	if(tick <= new_reg_tick && num_regs >= allowed_regs) {
		ShowNotice("Account registration denied (registration limit exceeded)\n");
		return 3;
	}

	//Check for preexisting account
	sprintf(tmp_sql, "SELECT `%s` FROM `%s` WHERE `userid` = '%s'", login_db_userid, login_db, account->userid);
	if(mysql_query(&mysql_handle, tmp_sql)){
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		return 1; //Return Incorrect user/pass?
	}

	sql_res = mysql_store_result(&mysql_handle);
	if(mysql_num_rows(sql_res) > 0){
		mysql_free_result(sql_res);
		return 1; //Already exists, return incorrect user/pass.
	}
	mysql_free_result(sql_res); //Only needed for the already-exists check...

	mysql_real_escape_string(&mysql_handle, account->userid, account->userid, strlen(account->userid));
	mysql_real_escape_string(&mysql_handle, account->passwd, account->passwd, strlen(account->passwd));

	if (sex == 'f') sex = 'F';
	else if (sex == 'm') sex = 'M';
	if (use_md5_passwds)
		MD5_String(account->passwd,user_password);
	else
		jstrescapecpy(user_password, account->passwd);

	ShowInfo("New account: user: %s with passwd: %s sex: %c\n", account->userid, user_password, sex);

	sprintf(tmp_sql, "INSERT INTO `%s` (`%s`, `%s`, `sex`, `email`) VALUES ('%s', '%s', '%c', '%s')", login_db, login_db_userid, login_db_user_pass, account->userid, user_password, sex, "a@a.com");

	if(mysql_query(&mysql_handle, tmp_sql)){
		//Failed to insert new acc :/
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		return 1;
	}

	if(mysql_field_count(&mysql_handle) == 0 &&
		mysql_insert_id(&mysql_handle) < START_ACCOUNT_NUM) {
		//Invalid Account ID! Must update it.
		int id = (int)mysql_insert_id(&mysql_handle);
		sprintf(tmp_sql, "UPDATE `%s` SET `%s`='%d' WHERE `%s`='%d'", login_db, login_db_account_id, START_ACCOUNT_NUM, login_db_account_id, id);
		if(mysql_query(&mysql_handle, tmp_sql)){
			ShowError("New account %s has an invalid account ID [%d] which could not be updated (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM);
			ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
			ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			//Just delete it and fail.
			sprintf(tmp_sql, "DELETE FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, id);
			if(mysql_query(&mysql_handle, tmp_sql)){
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			return 1;
		}
		ShowNotice("Updated New account %s's ID %d->%d (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM, START_ACCOUNT_NUM);
	}
	if(tick > new_reg_tick)
	{	//Update the registration check.
		num_regs=0;
		new_reg_tick=gettick()+time_allowed*1000;
	}
	num_regs++;

	return 0;
}

// Send to char
int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len) {
	int i, c;
	int fd;

	c = 0;
	for(i = 0; i < MAX_SERVERS; i++) {
		if ((fd = server_fd[i]) > 0 && fd != sfd) {
			if (WFIFOSPACE(fd) < len) //Increase buffer size.
				realloc_writefifo(fd, len);
			memcpy(WFIFOP(fd,0), buf, len);
			WFIFOSET(fd,len);
			c++;
		}
	}

	return c;
}

//-----------------------------------------------------
// Auth
//-----------------------------------------------------
int mmo_auth( struct mmo_account* account , int fd){
	time_t ban_until_time, raw_time;
	char tmpstr[256];
	char t_uid[256], t_pass[256];
	char user_password[256];
	char *dnsbl_serv;

	//added for account creation _M _F
	int len;

	MYSQL_RES* 	sql_res;
	MYSQL_ROW	sql_row;
	//int sql_fields, sql_cnt;
	char md5str[64], md5bin[32];

	char ip[16];

	unsigned char * sin_addr = (unsigned char *)&session[fd]->client_addr.sin_addr.s_addr;

	char r_ip[16]; // [Zido]
	char ip_dnsbl[256]; // [Zido]

	// Start DNS Blacklist check [Zido]
	if(use_dnsbl) {
		sprintf(r_ip, "%d.%d.%d.%d", sin_addr[3], sin_addr[2], sin_addr[1], sin_addr[0]);

		dnsbl_serv=strtok(dnsbl_servs,",");
		sprintf(ip_dnsbl,"%s.%s",r_ip,dnsbl_serv);
// Using directly gethostbyname should be quicker. [Skotlex]
//		if(resolve_hostbyname(ip_dnsbl, NULL, NULL)) {
		if(gethostbyname(ip_dnsbl)) {
			ShowInfo("DNSBL: (%s) Blacklisted. User Kicked.\n",ip);
			return 3;
		}

		while((dnsbl_serv=strtok(dnsbl_servs,","))!=NULL) {
			sprintf(ip_dnsbl,"%s.%s",r_ip,dnsbl_serv);
// Using directly gethostbyname should be quicker. [Skotlex]
//			if(resolve_hostbyname(ip_dnsbl, NULL, NULL)) {
			if(gethostbyname(ip_dnsbl)) {
				ShowInfo("DNSBL: (%s) Blacklisted. User Kicked.\n",ip);
				return 3;
			}
		}

	}
	// End DNS Blacklist check [Zido]

	sprintf(ip, "%d.%d.%d.%d", sin_addr[0], sin_addr[1], sin_addr[2], sin_addr[3]);
	//ShowInfo("auth start for %s...\n", ip);

	//accountreg with _M/_F .. [Sirius]
	len = strlen(account->userid) -2;

	if (account->passwdenc == 0 && account->userid[len] == '_' &&
		(account->userid[len+1] == 'F' || account->userid[len+1] == 'M' ||
		account->userid[len+1] == 'f' || account->userid[len+1] == 'm') &&
		new_account_flag == 1 && 
		len >= 4 && strlen(account->passwd) >= 4)
	{
		int result;
		account->userid[len] = '\0'; //Terminating the name.
		if ((result = mmo_auth_new(account, account->userid[len+1])))
			return result; //Failed to make account. [Skotlex].
	}

	// auth start : time seed
	// Platform/Compiler dependant clock() for time check is removed. [Lance]
	// clock() is originally used to track processing ticks on program execution.
	time(&raw_time);
	strftime(tmpstr, 24, "%Y-%m-%d %H:%M:%S",localtime(&raw_time));

	jstrescapecpy(t_uid,account->userid);

	if (account->passwdenc==PASSWORDENC) {
		memcpy(t_pass, account->passwd, NAME_LENGTH);
		t_pass[NAME_LENGTH] = '\0';
	} else
		jstrescapecpy(t_pass, account->passwd);


	// make query
	sprintf(tmpsql, "SELECT `%s`,`%s`,`%s`,`lastlogin`,`logincount`,`sex`,`connect_until`,`last_ip`,`ban_until`,`state`,`%s`"
		" FROM `%s` WHERE `%s`= %s '%s'", login_db_account_id, login_db_userid, login_db_user_pass, login_db_level, login_db, login_db_userid, case_sensitive ? "BINARY" : "", t_uid);
	//login {0-account_id/1-userid/2-user_pass/3-lastlogin/4-logincount/5-sex/6-connect_untl/7-last_ip/8-ban_until/9-state/10-level}

	// query
	if (mysql_query(&mysql_handle, tmpsql)) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
	}
	sql_res = mysql_store_result(&mysql_handle) ;
	if (sql_res) {
		sql_row = mysql_fetch_row(sql_res);	//row fetching
		if (!sql_row) {
			//there's no id.
			ShowNotice("auth failed: no such account %s %s %s\n", tmpstr, account->userid, account->passwd);
			mysql_free_result(sql_res);
			return 0;
		}
	} else {
		ShowError("mmo_auth DB result error ! \n");
		return 0;
	}

	//Client Version check[Sirius]
	if(check_client_version == 1 && account->version != 0){
		if(account->version != client_version_to_connect){
			mysql_free_result(sql_res);
			return 5;
		}
	}           

	// Documented by CLOWNISIUS || LLRO || Gunstar lead this one with me
	// IF changed to diferent returns~ you get diferent responses from your msgstringtable.txt
	//Ireturn 2  == line 9
	//Ireturn 5  == line 311
	//Ireturn 6  == line 450
	//Ireturn 7  == line 440
	//Ireturn 8  == line 682
	//Ireturn 9  == line 704
	//Ireturn 10 == line 705
	//Ireturn 11 == line 706
	//Ireturn 12 == line 707
	//Ireturn 13 == line 708
	//Ireturn 14 == line 709
	//Ireturn 15 == line 710
	//Ireturn -1 == line 010
	// Check status
	{
		int encpasswdok = 0;

		if (atoi(sql_row[9]) == -3) {
			//id is banned
			mysql_free_result(sql_res);
			return -3;
		} else if (atoi(sql_row[9]) == -2) { //dynamic ban
			//id is banned
			mysql_free_result(sql_res);
			//add IP list.
			return -2;
		}

		if (use_md5_passwds) {
			MD5_String(account->passwd,user_password);
		} else {
			jstrescapecpy(user_password, account->passwd);
		}
		//ShowInfo("account id ok encval:%d\n",account->passwdenc);
#ifdef PASSWORDENC
		if (account->passwdenc > 0) {
			int j = account->passwdenc;
			//ShowInfo("start md5calc..\n");
			if (j > 2)
				j = 1;
			do {
				if (j == 1) {
					sprintf(md5str, "%s%s", md5key,sql_row[2]);
				} else if (j == 2) {
					sprintf(md5str, "%s%s", sql_row[2], md5key);
				} else
					md5str[0] = 0;
				//ShowDebug("j:%d mdstr:%s\n", j, md5str);
				MD5_String2binary(md5str, md5bin);
				encpasswdok = (memcmp(user_password, md5bin, 16) == 0);
			} while (j < 2 && !encpasswdok && (j++) != account->passwdenc);
			//printf("key[%s] md5 [%s] ", md5key, md5);
			//ShowInfo("client [%s] accountpass [%s]\n", user_password, sql_row[2]);
			//ShowInfo("end md5calc..\n");
		}
#endif
		if ((strcmp(user_password, sql_row[2]) && !encpasswdok)) {
			if (account->passwdenc == 0) {
				ShowNotice("auth failed pass error %s %s %s" RETCODE, tmpstr, account->userid, user_password);
#ifdef PASSWORDENC
			} else {
				char logbuf[1024], *p = logbuf;
				int j;
				p += sprintf(p, "auth failed pass error %s %s recv-md5[", tmpstr, account->userid);
				for(j = 0; j < 16; j++)
					p += sprintf(p, "%02x", ((unsigned char *)user_password)[j]);
				p += sprintf(p, "] calc-md5[");
				for(j = 0; j < 16; j++)
					p += sprintf(p, "%02x", ((unsigned char *)md5bin)[j]);
				p += sprintf(p, "] md5key[");
				for(j = 0; j < md5keylen; j++)
					p += sprintf(p, "%02x", ((unsigned char *)md5key)[j]);
				p += sprintf(p, "]" RETCODE);
				ShowNotice("%s\n", p);
#endif
			}
			return 1;
		}
		//ShowInfo("auth ok %s %s" RETCODE, tmpstr, account->userid);
	}

/*
// do not remove this section. this is meant for future, and current forums usage
// as a login manager and CP for login server. [CLOWNISIUS]
	if (atoi(sql_row[10]) == 1) {
		return 4;
	}

	if (atoi(sql_row[10]) >= 5) {
		switch(atoi(sql_row[10])) {
		case 5:
			return 5;
			break;
		case 6:
			return 7;
			break;
		case 7:
			return 9;
			break;
		case 8:
			return 10;
			break;
		case 9:
			return 11;
			break;
		default:
			return 10;
			break;
		}
	}
*/
	ban_until_time = atol(sql_row[8]);

	//login {0-account_id/1-userid/2-user_pass/3-lastlogin/4-logincount/5-sex/6-connect_untl/7-last_ip/8-ban_until/9-state}
	if (ban_until_time != 0) { // if account is banned
		if (ban_until_time > time(NULL)) // always banned
			return 6; // 6 = Your are Prohibited to log in until %s

		sprintf(tmpsql, "UPDATE `%s` SET `ban_until`='0' WHERE `%s`= %s '%s'", login_db, login_db_userid, case_sensitive ? "BINARY" : "", t_uid);
		if (mysql_query(&mysql_handle, tmpsql)) {
			ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
			ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		}
	}

	if (atoi(sql_row[9])) {
		switch(atoi(sql_row[9])) { // packet 0x006a value + 1
		case 1: // 0 = Unregistered ID
		case 2: // 1 = Incorrect Password
		case 3: // 2 = This ID is expired
		case 4: // 3 = Rejected from Server
		case 5: // 4 = You have been blocked by the GM Team
		case 6: // 5 = Your Game's EXE file is not the latest version
		case 7: // 6 = Your are Prohibited to log in until %s
		case 8: // 7 = Server is jammed due to over populated
		case 9: // 8 = No more accounts may be connected from this company
		case 10: // 9 = MSI_REFUSE_BAN_BY_DBA
		case 11: // 10 = MSI_REFUSE_EMAIL_NOT_CONFIRMED
		case 12: // 11 = MSI_REFUSE_BAN_BY_GM
		case 13: // 12 = MSI_REFUSE_TEMP_BAN_FOR_DBWORK
		case 14: // 13 = MSI_REFUSE_SELF_LOCK
		case 15: // 14 = MSI_REFUSE_NOT_PERMITTED_GROUP
		case 16: // 15 = MSI_REFUSE_NOT_PERMITTED_GROUP
		case 100: // 99 = This ID has been totally erased
		case 101: // 100 = Login information remains at %s.
		case 102: // 101 = Account has been locked for a hacking investigation. Please contact the GM Team for more information
		case 103: // 102 = This account has been temporarily prohibited from login due to a bug-related investigation
		case 104: // 103 = This character is being deleted. Login is temporarily unavailable for the time being
		case 105: // 104 = Your spouse character is being deleted. Login is temporarily unavailable for the time being
			ShowNotice("Auth Error #%d\n", atoi(sql_row[9]));
			return atoi(sql_row[9]) - 1;
			break;
		default:
			return 99; // 99 = ID has been totally erased
			break;
		}
	}

	if (atol(sql_row[6]) != 0 && atol(sql_row[6]) < time(NULL)) {
		return 2; // 2 = This ID is expired
	}

	if (online_check) {
		struct online_login_data* data = idb_get(online_db,atoi(sql_row[0]));
		unsigned char buf[8];
		if (data && data->char_server > -1) {
			//Request char servers to kick this account out. [Skotlex]
			ShowWarning("User [%s] is already online - Rejected.\n",sql_row[1]);
			WBUFW(buf,0) = 0x2734;
			WBUFL(buf,2) = atol(sql_row[0]);
			charif_sendallwos(-1, buf, 6);
			if (!data->waiting_disconnect)
				add_timer(gettick()+30000, waiting_disconnect_timer, atol(sql_row[0]), 0);
			data->waiting_disconnect = 1;
			return 3; // Rejected
		}
	}

	account->account_id = atoi(sql_row[0]);
	account->login_id1 = rand();
	account->login_id2 = rand();
	memcpy(tmpstr, sql_row[3], 19);
	memcpy(account->lastlogin, tmpstr, 24);
	account->sex = sql_row[5][0] == 'S' ? 2 : sql_row[5][0]=='M';
	account->level = atoi(sql_row[10]) > 99 ? 99 : atoi(sql_row[10]); // as was in isGM() [zzo]

	if (account->sex != 2 && account->account_id < START_ACCOUNT_NUM)
		ShowWarning("Account %s has account id %d! Account IDs must be over %d to work properly!\n", account->userid, account->account_id, START_ACCOUNT_NUM);
	sprintf(tmpsql, "UPDATE `%s` SET `lastlogin` = NOW(), `logincount`=`logincount` +1, `last_ip`='%s'  WHERE `%s` = %s '%s'",
		login_db, ip, login_db_userid, case_sensitive ? "BINARY" : "", sql_row[1]);
	mysql_free_result(sql_res) ; //resource free
	if (mysql_query(&mysql_handle, tmpsql)) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
	}

	return -1;
}

static int online_db_setoffline(DBKey key, void* data, va_list ap) {
	struct online_login_data *p = (struct online_login_data *)data;
	int server = va_arg(ap, int);
	if (server == -1) {
		p->char_server = -1;
		p->waiting_disconnect = 0;
	} else if (p->char_server == server)
		p->char_server = -2; //Char server disconnected.
	return 0;
}

//-----------------------------------------------------
// char-server packet parse
//-----------------------------------------------------
int parse_fromchar(int fd){
	int i, id;
	MYSQL_RES* sql_res;
	MYSQL_ROW  sql_row = NULL;

	unsigned char *p = (unsigned char *) &session[fd]->client_addr.sin_addr.s_addr;
	unsigned long ipl = session[fd]->client_addr.sin_addr.s_addr;
	char ip[16];

	sprintf(ip, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);

	for(id = 0; id < MAX_SERVERS; id++)
		if (server_fd[id] == fd)
			break;

	if (id == MAX_SERVERS)
		session[fd]->eof = 1;
	if(session[fd]->eof) {
		if (id < MAX_SERVERS) {
			ShowStatus("Char-server '%s' has disconnected.\n", server[id].name);
			server_fd[id] = -1;
			memset(&server[id], 0, sizeof(struct mmo_char_server));
			online_db->foreach(online_db,online_db_setoffline,id); //Set all chars from this char server to offline.
			// server delete
			sprintf(tmpsql, "DELETE FROM `sstatus` WHERE `index`='%d'", id);
			// query
			if (mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
		}
		do_close(fd);
		return 0;
	}

	while(RFIFOREST(fd) >= 2) {
//		printf("char_parse: %d %d packet case=%x\n", fd, RFIFOREST(fd), RFIFOW(fd, 0));

		switch (RFIFOW(fd,0)) {
		case 0x2709:
			if (log_login)
			{
				sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s','%s', 'GM reload request')", loginlog_db, (unsigned int)ntohl(ipl),server[id].name, RETCODE);
				if (mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
			}
			read_gm_account();
			// send GM accounts to all char-servers
			send_GM_accounts(-1);
			RFIFOSKIP(fd,2);
			break;

		case 0x2712:
			if (RFIFOREST(fd) < 19)
				return 0;
		{
			int account_id;
			account_id = RFIFOL(fd,2); // speed up
			for(i=0;i<AUTH_FIFO_SIZE;i++){
				if (auth_fifo[i].account_id == account_id &&
					auth_fifo[i].login_id1 == RFIFOL(fd,6) &&
#if CMP_AUTHFIFO_LOGIN2 != 0
					auth_fifo[i].login_id2 == RFIFOL(fd,10) && // relate to the versions higher than 18
#endif
					auth_fifo[i].sex == RFIFOB(fd,14) &&
#if CMP_AUTHFIFO_IP != 0
					auth_fifo[i].ip == RFIFOL(fd,15) &&
#endif
					!auth_fifo[i].delflag)
				{
					auth_fifo[i].delflag = 1;
					ShowDebug("auth -> %d\n", i);
					break;
				}
			}

			if (i != AUTH_FIFO_SIZE && account_id > 0) { // send ack 
				time_t connect_until_time = 0;
				char email[40] = "";
				account_id=RFIFOL(fd,2);
				sprintf(tmpsql, "SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, account_id);
				if (mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
				sql_res = mysql_store_result(&mysql_handle) ;
				if (sql_res) {
					sql_row = mysql_fetch_row(sql_res);
					connect_until_time = atol(sql_row[1]);
					strcpy(email, sql_row[0]);
					mysql_free_result(sql_res);
				}
				WFIFOW(fd,0) = 0x2713;
				WFIFOL(fd,2) = account_id;
				WFIFOB(fd,6) = 0;
				memcpy(WFIFOP(fd, 7), email, 40);
				WFIFOL(fd,47) = (unsigned long) connect_until_time;
				WFIFOSET(fd,51);
			} else {
				WFIFOW(fd,0) = 0x2713;
				WFIFOL(fd,2) = account_id;
				WFIFOB(fd,6) = 1;
				WFIFOSET(fd,51);
			}
			RFIFOSKIP(fd,19);
			break;
		}

		case 0x2714:
			if (RFIFOREST(fd) < 6)
				return 0;
			// how many users on world? (update)
			if (server[id].users != RFIFOL(fd,2))
			{
				ShowStatus("set users %s : %d\n", server[id].name, RFIFOL(fd,2));

				server[id].users = RFIFOL(fd,2);
				sprintf(tmpsql,"UPDATE `sstatus` SET `user` = '%d' WHERE `index` = '%d'", server[id].users, id);
				// query
				if (mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
			}

			// send some answer
			WFIFOW(fd,0) = 0x2718;
			WFIFOSET(fd,2);

			RFIFOSKIP(fd,6);
			break;

		// We receive an e-mail/limited time request, because a player comes back from a map-server to the char-server
		case 0x2716:
			if (RFIFOREST(fd) < 6)
				return 0;
		{
			int account_id;
			time_t connect_until_time = 0;
			char email[40] = "";
			account_id=RFIFOL(fd,2);
			sprintf(tmpsql,"SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'",login_db, login_db_account_id, account_id);
			if(mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			sql_res = mysql_store_result(&mysql_handle) ;
			if (sql_res) {
				sql_row = mysql_fetch_row(sql_res);
				connect_until_time = atol(sql_row[1]);
				strcpy(email, sql_row[0]);
			}
			mysql_free_result(sql_res);
			//printf("parse_fromchar: E-mail/limited time request from '%s' server (concerned account: %d)\n", server[id].name, RFIFOL(fd,2));
			WFIFOW(fd,0) = 0x2717;
			WFIFOL(fd,2) = RFIFOL(fd,2);
			memcpy(WFIFOP(fd, 6), email, 40);
			WFIFOL(fd,46) = (unsigned long) connect_until_time;
			WFIFOSET(fd,50);
		}
			RFIFOSKIP(fd,6);
			break;

		case 0x2720:	// GM
			if (RFIFOREST(fd) < 4)
				return 0;
			if (RFIFOREST(fd) < RFIFOW(fd,2))
				return 0;
			//oldacc = RFIFOL(fd,4);
			ShowWarning("change GM isn't supported in this login server version.\n");
			ShowError("change GM error 0 %s\n", RFIFOP(fd, 8));

			RFIFOSKIP(fd, RFIFOW(fd, 2));
			WFIFOW(fd, 0) = 0x2721;
			WFIFOL(fd, 2) = RFIFOL(fd,4); // oldacc;
			WFIFOL(fd, 6) = 0; // newacc;
			WFIFOSET(fd, 10);
			return 0;

		// Map server send information to change an email of an account via char-server
		case 0x2722:	// 0x2722 <account_id>.L <actual_e-mail>.40B <new_e-mail>.40B
			if (RFIFOREST(fd) < 86)
				return 0;
		{
			int acc;
			char actual_email[40], new_email[40];
			acc = RFIFOL(fd,2);
			memcpy(actual_email, RFIFOP(fd,6), 40);
			memcpy(new_email, RFIFOP(fd,46), 40);
			if (e_mail_check(actual_email) == 0)
				ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command), but actual email is invalid (account: %d, ip: %s)" RETCODE,
				server[id].name, acc, ip);
			else if (e_mail_check(new_email) == 0)
				ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command) with a invalid new e-mail (account: %d, ip: %s)" RETCODE,
				server[id].name, acc, ip);
			else if (strcmpi(new_email, "a@a.com") == 0)
				ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command) with a default e-mail (account: %d, ip: %s)" RETCODE,
				server[id].name, acc, ip);
			else {
				sprintf(tmpsql, "SELECT `%s`,`email` FROM `%s` WHERE `%s` = '%d'", login_db_userid, login_db, login_db_account_id, acc);
				if (mysql_query(&mysql_handle, tmpsql))
				{
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
				sql_res = mysql_store_result(&mysql_handle);
				if (sql_res) {
					sql_row = mysql_fetch_row(sql_res);	//row fetching

					if (strcmpi(sql_row[1], actual_email) == 0) {
						sprintf(tmpsql, "UPDATE `%s` SET `email` = '%s' WHERE `%s` = '%d'", login_db, new_email, login_db_account_id, acc);
						// query
						if (mysql_query(&mysql_handle, tmpsql)) {
							ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
							ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
						}
						ShowInfo("Char-server '%s': Modify an e-mail on an account (@email GM command) (account: %d (%s), new e-mail: %s, ip: %s)." RETCODE,
							server[id].name, acc, sql_row[0], actual_email, ip);
					}
				}

			}
			RFIFOSKIP(fd, 86);
			break;
		}

		case 0x2724:	// Receiving of map-server via char-server a status change resquest (by Yor)
			if (RFIFOREST(fd) < 10)
				return 0;
		{
			int acc, statut;
			acc = RFIFOL(fd,2);
			statut = RFIFOL(fd,6);
			sprintf(tmpsql, "SELECT `state` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, acc);
			if (mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			sql_res = mysql_store_result(&mysql_handle);
			if (sql_res) {
				sql_row = mysql_fetch_row(sql_res); // row fetching
			}
			if (atoi(sql_row[0]) != statut && statut != 0) {
				unsigned char buf[16];
				WBUFW(buf,0) = 0x2731;
				WBUFL(buf,2) = acc;
				WBUFB(buf,6) = 0; // 0: change of statut, 1: ban
				WBUFL(buf,7) = statut; // status or final date of a banishment
				charif_sendallwos(-1, buf, 11);
			}
			sprintf(tmpsql,"UPDATE `%s` SET `state` = '%d' WHERE `%s` = '%d'", login_db, statut,login_db_account_id,acc);
			//query
			if(mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			RFIFOSKIP(fd,10);
			break;
		}

		case 0x2725: // Receiving of map-server via char-server a ban resquest (by Yor)
			if (RFIFOREST(fd) < 18)
				return 0;
		{
			int acc;
			struct tm *tmtime;
			time_t timestamp, tmptime;
			acc = RFIFOL(fd,2);
			sprintf(tmpsql, "SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc);
			if (mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			sql_res = mysql_store_result(&mysql_handle);
			if (sql_res) {
				sql_row = mysql_fetch_row(sql_res); // row fetching
			}
			tmptime = atol(sql_row[0]);
			if (tmptime == 0 || tmptime < time(NULL))
				timestamp = time(NULL);
			else
				timestamp = tmptime;
			tmtime = localtime(&timestamp);
			tmtime->tm_year = tmtime->tm_year + (short)RFIFOW(fd,6);
			tmtime->tm_mon = tmtime->tm_mon + (short)RFIFOW(fd,8);
			tmtime->tm_mday = tmtime->tm_mday + (short)RFIFOW(fd,10);
			tmtime->tm_hour = tmtime->tm_hour + (short)RFIFOW(fd,12);
			tmtime->tm_min = tmtime->tm_min + (short)RFIFOW(fd,14);
			tmtime->tm_sec = tmtime->tm_sec + (short)RFIFOW(fd,16);
			timestamp = mktime(tmtime);
			if (timestamp != -1) {
				if (timestamp <= time(NULL))
					timestamp = 0;
				if (tmptime != timestamp) {
					if (timestamp != 0) {
						unsigned char buf[16];
						WBUFW(buf,0) = 0x2731;
						WBUFL(buf,2) = acc;
						WBUFB(buf,6) = 1; // 0: change of statut, 1: ban
						WBUFL(buf,7) = (unsigned int)timestamp; // status or final date of a banishment
						charif_sendallwos(-1, buf, 11);
					}
					ShowNotice("Account: %d Banned until: %ld\n", acc, timestamp);
					sprintf(tmpsql, "UPDATE `%s` SET `ban_until` = '%ld' WHERE `%s` = '%d'", login_db, (unsigned long)timestamp, login_db_account_id, acc);
					// query
					if (mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
				}
			}
			RFIFOSKIP(fd,18);
			break;
		}

		case 0x2727:
			if (RFIFOREST(fd) < 6)
				return 0;
		{
			int acc,sex;
			unsigned char buf[16];
			acc=RFIFOL(fd,2);
			sprintf(tmpsql,"SELECT `sex` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc);

			if(mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				return 0;
			}

			sql_res = mysql_store_result(&mysql_handle) ;

			if (sql_res)	{
				if (mysql_num_rows(sql_res) == 0) {
					mysql_free_result(sql_res);
					return 0;
				}
				sql_row = mysql_fetch_row(sql_res);	//row fetching
			}

			if (strcmpi(sql_row[0], "M") == 0)
				sex = 0; //Change to female
			else
				sex = 1; //Change to make
			sprintf(tmpsql,"UPDATE `%s` SET `sex` = '%c' WHERE `%s` = '%d'", login_db, (sex?'M':'F'), login_db_account_id, acc);
			//query
			if(mysql_query(&mysql_handle, tmpsql)) {
				ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
				ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
			}
			WBUFW(buf,0) = 0x2723;
			WBUFL(buf,2) = acc;
			WBUFB(buf,6) = sex;
			charif_sendallwos(-1, buf, 7);
			RFIFOSKIP(fd,6);
			break;
		}

		case 0x2728:	// save account_reg2
			if (RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2))
				return 0;
			if (RFIFOL(fd,4) > 0) {
				int acc,p,j,len;
				char str[32];
				char temp_str[64]; //Needs twice as much space as the original string.
				char temp_str2[512];
				char value[256];
				unsigned char *buf;
				acc=RFIFOL(fd,4);
				buf = (unsigned char*)aCalloc(RFIFOW(fd,2)+1, sizeof(unsigned char));
				//Delete all global account variables....
				sprintf(tmpsql,"DELETE FROM `%s` WHERE `type`='1' AND `account_id`='%d';",reg_db,acc);
				if(mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
				//Proceed to insert them....
				for(j=0,p=13;j<ACCOUNT_REG2_NUM && p<RFIFOW(fd,2);j++){
					sscanf(RFIFOP(fd,p), "%31c%n",str,&len);
					str[len]='\0';
					p +=len+1; //+1 to skip the '\0' between strings.
					sscanf(RFIFOP(fd,p), "%255c%n",value,&len);
					value[len]='\0';
					p +=len+1;

					sprintf(tmpsql,"INSERT INTO `%s` (`type`, `account_id`, `str`, `value`) VALUES ( 1 , '%d' , '%s' , '%s');",  reg_db, acc, jstrescapecpy(temp_str,str), jstrescapecpy(temp_str2,value));
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
				}

				// Send to char
				memcpy(WBUFP(buf,0),RFIFOP(fd,0),RFIFOW(fd,2));
				WBUFW(buf,0)=0x2729;
				charif_sendallwos(fd,buf,WBUFW(buf,2));
				if (buf) aFree(buf);
			}
			RFIFOSKIP(fd,RFIFOW(fd,2));
			//printf("login: save account_reg (from char)\n");
			break;

		case 0x272a:	// Receiving of map-server via char-server a unban resquest (by Yor)
			if (RFIFOREST(fd) < 6)
				return 0;
			{
				int acc;
				acc = RFIFOL(fd,2);
				sprintf(tmpsql,"SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc);
				if(mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
				sql_res = mysql_store_result(&mysql_handle) ;
				if (sql_res && mysql_num_rows(sql_res) > 0) { //Found a match
					sprintf(tmpsql,"UPDATE `%s` SET `ban_until` = '0' WHERE `%s` = '%d'", login_db,login_db_account_id,acc);
					//query
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
				}
				if (sql_res) mysql_free_result(sql_res);
				RFIFOSKIP(fd,6);
			}
			return 0;

		case 0x272b:    // Set account_id to online [Wizputer]
			if (RFIFOREST(fd) < 6)
				return 0;
			add_online_user(id, RFIFOL(fd,2));
			RFIFOSKIP(fd,6);
			break;

		case 0x272c:   // Set account_id to offline [Wizputer]
			if (RFIFOREST(fd) < 6)
				return 0;
			remove_online_user(RFIFOL(fd,2));
			RFIFOSKIP(fd,6);
			break;
		case 0x272d:	// Receive list of all online accounts. [Skotlex]
			if (RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2))
				return 0;
			if (!online_check) {
				RFIFOSKIP(fd,RFIFOW(fd,2));
				break;	
			}
			{
				struct online_login_data *p;
				int aid, users;
				online_db->foreach(online_db,online_db_setoffline,id); //Set all chars from this char-server offline first
				users = RFIFOW(fd,4);
				for (i = 0; i < users; i++) {
					aid = RFIFOL(fd,6+i*4);
					p = idb_ensure(online_db, aid, create_online_user);
					p->char_server = id;
				}
				RFIFOSKIP(fd,RFIFOW(fd,2));
				break;
			}
		case 0x272e: //Request account_reg2 for a character.
			if (RFIFOREST(fd) < 10)
				return 0;
			{
				int account_id = RFIFOL(fd, 2);
				int char_id = RFIFOL(fd, 6);
				int p;
				RFIFOSKIP(fd,10);
				sprintf(tmpsql, "SELECT `str`,`value` FROM `%s` WHERE `type`='1' AND `account_id`='%d'",reg_db, account_id);
				if (mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					break;
				}
				sql_res = mysql_store_result(&mysql_handle) ;
				if (!sql_res) {
					break;
				}
				WFIFOW(fd,0) = 0x2729;
				WFIFOL(fd,4) = account_id;
				WFIFOL(fd,8) = char_id;
				WFIFOB(fd,12) = 1; //Type 1 for Account2 registry
				for(p = 13; (sql_row = mysql_fetch_row(sql_res));){
					if (sql_row[0][0]) {
						p+= sprintf(WFIFOP(fd,p), "%s", sql_row[0])+1; //We add 1 to consider the '\0' in place.
						p+= sprintf(WFIFOP(fd,p), "%s", sql_row[1])+1;
					}
				}
				WFIFOW(fd,2) = p;
				WFIFOSET(fd,WFIFOW(fd,2));
				mysql_free_result(sql_res);
			}
			break;

		case 0x2736: // WAN IP update from char-server
			if (RFIFOREST(fd) < 6)
				return 0;
			ShowInfo("Updated IP of Server #%d to %d.%d.%d.%d.\n",id,
			(int)RFIFOB(fd,2),(int)RFIFOB(fd,3),
			(int)RFIFOB(fd,4),(int)RFIFOB(fd,5));
			server[id].ip = RFIFOL(fd,2);
			RFIFOSKIP(fd,6);
			break;

		case 0x2737: //Request to set all offline.
			ShowInfo("Setting accounts from char-server %d offline.\n", id);
			online_db->foreach(online_db,online_db_setoffline,id);
			RFIFOSKIP(fd,2);
			break;

		default:
			ShowError("login: unknown packet %x! (from char).\n", RFIFOW(fd,0));
			session[fd]->eof = 1;
			return 0;
		}
	}

	RFIFOSKIP(fd,RFIFOREST(fd));
	return 0;
}

//--------------------------------------------
// Test to know if an IP come from LAN or WAN.
// Rewrote: Adnvanced subnet check [LuzZza]
//--------------------------------------------
int lan_subnetcheck(long p) {

	int i;
	unsigned char *sbn, *msk, *src = (unsigned char *)&p;

	for(i=0; i<subnet_count; i++) {

		if(subnet[i].subnet == (p & subnet[i].mask)) {

			sbn = (unsigned char *)&subnet[i].subnet;
			msk = (unsigned char *)&subnet[i].mask;

			ShowInfo("Subnet check [%u.%u.%u.%u]: Matches "CL_CYAN"%u.%u.%u.%u/%u.%u.%u.%u"CL_RESET"\n",
				src[0], src[1], src[2], src[3], sbn[0], sbn[1], sbn[2], sbn[3], msk[0], msk[1], msk[2], msk[3]);

			return subnet[i].char_ip;
		}
	}

	ShowInfo("Subnet check [%u.%u.%u.%u]: "CL_CYAN"WAN"CL_RESET"\n", src[0], src[1], src[2], src[3]);
	return 0;
}

int login_ip_ban_check(unsigned char *p, unsigned long ipl)
{
	MYSQL_RES* sql_res;
	MYSQL_ROW  sql_row;
	//ip ban
	//p[0], p[1], p[2], p[3]
	//request DB connection
	//check
	sprintf(tmpsql, "SELECT count(*) FROM `ipbanlist` WHERE `list` = '%d.*.*.*' OR `list` = '%d.%d.*.*' OR `list` = '%d.%d.%d.*' OR `list` = '%d.%d.%d.%d'",
		p[0], p[0], p[1], p[0], p[1], p[2], p[0], p[1], p[2], p[3]);
	if (mysql_query(&mysql_handle, tmpsql)) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		// close connection because we can't verify their connectivity.
		return 1;
	}
	sql_res = mysql_store_result(&mysql_handle) ;
	sql_row = sql_res?mysql_fetch_row(sql_res):NULL;	//row fetching

	if(!sql_row) return 1; //Shouldn't happen, but just in case...

	if (atoi(sql_row[0]) == 0) { //No ban
		mysql_free_result(sql_res);
		return 0;
	}
		
	// ip ban ok.
	ShowWarning("packet from banned ip : %d.%d.%d.%d\n" RETCODE, p[0], p[1], p[2], p[3]);

	if (log_login)
	{
		sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', 'unknown','-3', 'ip banned')", loginlog_db, (unsigned int)ntohl(ipl));
		// query
		if(mysql_query(&mysql_handle, tmpsql)) {
			ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
			ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
		}
	}
	mysql_free_result(sql_res);
	return 1;
}
//----------------------------------------------------------------------------------------
// Default packet parsing (normal players or administation/char-server connection requests)
//----------------------------------------------------------------------------------------
int parse_login(int fd) {
	//int len;

	MYSQL_RES* sql_res ;
	MYSQL_ROW  sql_row = NULL;

	char t_uid[100];
	struct mmo_account account;
	long subnet_char_ip;
	int packet_len;

	int result, i;
	unsigned char *p = (unsigned char *) &session[fd]->client_addr.sin_addr.s_addr;
	unsigned long ipl = session[fd]->client_addr.sin_addr.s_addr;
	char ip[16];

	sprintf(ip, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);

	memset(&account, 0, sizeof(account));

	if (session[fd]->eof) {
		for(i = 0; i < MAX_SERVERS; i++)
			if (server_fd[i] == fd)
				server_fd[i] = -1;
		do_close(fd);
		return 0;
	}

	while(RFIFOREST(fd)>=2 && !session[fd]->eof){
//		ShowDebug("parse_login : %d %d packet case=%x\n", fd, RFIFOREST(fd), RFIFOW(fd,0));

		switch(RFIFOW(fd,0)){
		case 0x200:		// New alive packet: structure: 0x200 <account.userid>.24B. used to verify if client is always alive.
			if (RFIFOREST(fd) < 26)
				return 0;
			RFIFOSKIP(fd,26);
			break;

		case 0x204:		// New alive packet: structure: 0x204 <encrypted.account.userid>.16B. (new ragexe from 22 june 2004)
			if (RFIFOREST(fd) < 18)
				return 0;
			RFIFOSKIP(fd,18);
			break;

		case 0x277: // New login packet
		case 0x64:		// request client login
		case 0x01dd:	// request client login with encrypt

			packet_len = RFIFOREST(fd);

			//Perform ip-ban check ONLY on login packets
			if (ipban > 0 && login_ip_ban_check(p,ipl))
			{
				RFIFOSKIP(fd,packet_len);
				session[fd]->eof = 1;
				break;
			}

			switch(RFIFOW(fd,0)){
				case 0x64:
					if(packet_len < 55)
						return 0;
					break;
				case 0x01dd:
					if(packet_len < 47)
						return 0;
					break;
				case 0x277:
					if(packet_len < 84)
						return 0;
					break;
			}

			account.version = RFIFOL(fd, 2);
			if (!account.version) account.version = 1; //Force some version...
			memcpy(account.userid,RFIFOP(fd, 6),NAME_LENGTH);
			account.userid[23] = '\0';
			memcpy(account.passwd,RFIFOP(fd, 30),NAME_LENGTH);
			account.passwd[23] = '\0';

			ShowInfo("client connection request %s from %d.%d.%d.%d\n", RFIFOP(fd, 6), p[0], p[1], p[2], p[3]);
#ifdef PASSWORDENC
			account.passwdenc= (RFIFOW(fd,0)!=0x01dd)?0:PASSWORDENC;
#else
			account.passwdenc=0;
#endif
			result=mmo_auth(&account, fd);


			jstrescapecpy(t_uid,account.userid);
			if(result==-1){
				// as we have queried account level earlier in mmo_auth anyway, no need to do this again [zzo]
				//		    int gm_level = isGM(account.account_id); // removed by [zzo]

				if (min_level_to_connect > account.level) {
					WFIFOW(fd,0) = 0x81;
					WFIFOB(fd,2) = 1; // 01 = Server closed
					WFIFOSET(fd,3);
				} else {

					if (p[0] != 127 && log_login) {
						sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s','100', 'login ok')", loginlog_db, (unsigned int)ntohl(ipl), t_uid);
						//query
						if(mysql_query(&mysql_handle, tmpsql)) {
							ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
							ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
						}
					}
					if (account.level)
						ShowStatus("Connection of the GM (level:%d) account '%s' accepted.\n", account.level, account.userid);
					else
						ShowStatus("Connection of the account '%s' accepted.\n", account.userid);
					server_num=0;
					for(i = 0; i < MAX_SERVERS; i++) {
						if (server_fd[i] >= 0) {
							// Advanced subnet check [LuzZza]
							if((subnet_char_ip = lan_subnetcheck(ipl)))
								WFIFOL(fd,47+server_num*32) = subnet_char_ip;
							else
								WFIFOL(fd,47+server_num*32) = server[i].ip;
							WFIFOW(fd,47+server_num*32+4) = server[i].port;
							memcpy(WFIFOP(fd,47+server_num*32+6), server[i].name, 20);
							WFIFOW(fd,47+server_num*32+26) = server[i].users;
							WFIFOW(fd,47+server_num*32+28) = server[i].maintenance;
							WFIFOW(fd,47+server_num*32+30) = server[i].new_;
							server_num++;
						}
					}
					// if at least 1 char-server
					if (server_num > 0) {
						WFIFOW(fd,0)=0x69;
						WFIFOW(fd,2)=47+32*server_num;
						WFIFOL(fd,4)=account.login_id1;
						WFIFOL(fd,8)=account.account_id;
						WFIFOL(fd,12)=account.login_id2;
						WFIFOL(fd,16)=0;
						memcpy(WFIFOP(fd,20),account.lastlogin,24);
						WFIFOB(fd,46)=account.sex;
						WFIFOSET(fd,47+32*server_num);
						if(auth_fifo_pos>=AUTH_FIFO_SIZE)
							auth_fifo_pos=0;
						auth_fifo[auth_fifo_pos].account_id=account.account_id;
						auth_fifo[auth_fifo_pos].login_id1=account.login_id1;
						auth_fifo[auth_fifo_pos].login_id2=account.login_id2;
						auth_fifo[auth_fifo_pos].sex=account.sex;
						auth_fifo[auth_fifo_pos].delflag=0;
						auth_fifo[auth_fifo_pos].ip = session[fd]->client_addr.sin_addr.s_addr;
						auth_fifo_pos++;
					} else {
						WFIFOW(fd,0) = 0x81;
						WFIFOB(fd,2) = 1; // 01 = Server closed
						WFIFOSET(fd,3);
					}
				}
			} else {
				char tmp_sql[512];
				char error[64];
				if (log_login)
				{
					sprintf(tmp_sql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s', '%d','login failed : %%s')", loginlog_db, (unsigned int)ntohl(ipl), t_uid, result);
					switch((result + 1)) {
					case -2:	//-3 = Account Banned
						sprintf(tmpsql,tmp_sql,"Account banned.");
						sprintf(error,"Account banned.");
						break;
					case -1:	//-2 = Dynamic Ban
						sprintf(tmpsql,tmp_sql,"dynamic ban (ip and account).");
						sprintf(error,"dynamic ban (ip and account).");
						break;
					case 1:	// 0 = Unregistered ID
						sprintf(tmpsql,tmp_sql,"Unregisterd ID.");
						sprintf(error,"Unregisterd ID.");
						break;
					case 2:	// 1 = Incorrect Password
						sprintf(tmpsql,tmp_sql,"Incorrect Password.");
						sprintf(error,"Incorrect Password.");
						break;
					case 3:	// 2 = This ID is expired
						sprintf(tmpsql,tmp_sql,"Account Expired.");
						sprintf(error,"Account Expired.");
						break;
					case 4:	// 3 = Rejected from Server
						sprintf(tmpsql,tmp_sql,"Rejected from server.");
						sprintf(error,"Rejected from server.");
						break;
					case 5:	// 4 = You have been blocked by the GM Team
						sprintf(tmpsql,tmp_sql,"Blocked by GM.");
						sprintf(error,"Blocked by GM.");
						break;
					case 6:	// 5 = Your Game's EXE file is not the latest version
						sprintf(tmpsql,tmp_sql,"Not latest game EXE.");
						sprintf(error,"Not latest game EXE.");
						break;
					case 7:	// 6 = Your are Prohibited to log in until %s
						sprintf(tmpsql,tmp_sql,"Banned.");
						sprintf(error,"Banned.");
						break;
					case 8:	// 7 = Server is jammed due to over populated
						sprintf(tmpsql,tmp_sql,"Server Over-population.");
						sprintf(error,"Server Over-population.");
						break;
					case 9:	// 8 = No more accounts may be connected from this company
						sprintf(tmpsql,tmp_sql,"Account limit from company");
						sprintf(error,"Account limit from company");
						break;
					case 10:  // 9 = MSI_REFUSE_BAN_BY_DBA
						sprintf(tmpsql,tmp_sql,"Ban by DBA");
						sprintf(error,"Ban by DBA");
						break;
					case 11:  // 10 = MSI_REFUSE_EMAIL_NOT_CONFIRMED
						sprintf(tmpsql,tmp_sql,"Email not confirmed");
						sprintf(error,"Email not confirmed");
						break;
					case 12:  // 11 = MSI_REFUSE_BAN_BY_GM
						sprintf(tmpsql,tmp_sql,"Ban by GM");
						sprintf(error,"Ban by GM");
						break;
					case 13:  // 12 = MSI_REFUSE_TEMP_BAN_FOR_DBWORK
						sprintf(tmpsql,tmp_sql,"Working in DB");
						sprintf(error,"Working in DB");
						break;
					case 14:  // 13 = MSI_REFUSE_SELF_LOCK
						sprintf(tmpsql,tmp_sql,"Self Lock");
						sprintf(error,"Self Lock");
						break;
					case 15:  // 14 = MSI_REFUSE_NOT_PERMITTED_GROUP
						sprintf(tmpsql,tmp_sql,"Not Permitted Group");
						sprintf(error,"Not Permitted Group");
						break;
					case 16:  // 15 = MSI_REFUSE_NOT_PERMITTED_GROUP
						sprintf(tmpsql,tmp_sql,"Not Permitted Group");
						sprintf(error,"Not Permitted Group");
						break;
					case 100: // 99 = This ID has been totally erased
						sprintf(tmpsql,tmp_sql,"Account gone.");
						sprintf(error,"Account gone.");
						break;
					case 101: // 100 = Login information remains at %s
						sprintf(tmpsql,tmp_sql,"Login info remains.");
						sprintf(error,"Login info remains.");
						break;
					case 102: // 101 = Account has been locked for a hacking investigation. Please contact the GM Team for more information
						sprintf(tmpsql,tmp_sql,"Hacking investigation.");
						sprintf(error,"Hacking investigation.");
						break;
					case 103: // 102 = This account has been temporarily prohibited from login due to a bug-related investigation
						sprintf(tmpsql,tmp_sql,"Bug investigation.");
						sprintf(error,"Bug investigation.");
						break;
					case 104: // 103 = This character is being deleted. Login is temporarily unavailable for the time being
						sprintf(tmpsql,tmp_sql,"Deleting char.");
						sprintf(error,"Deleting char.");
						break;
					case 105: // 104 = This character is being deleted. Login is temporarily unavailable for the time being
						sprintf(tmpsql,tmp_sql,"Deleting spouse char.");
						sprintf(error,"Deleting spouse char.");
						break;
					default:
						sprintf(tmpsql,tmp_sql,"Unknown Error.");
						sprintf(error,"Unknown Error.");
						break;
					}
					//query
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
				} //End login log of error.
				if ((result == 1) && (dynamic_pass_failure_ban != 0) && log_login){	// failed password
					sprintf(tmpsql,"SELECT count(*) FROM `%s` WHERE `ip` = '%u' AND `rcode` = '1' AND `time` > NOW() - INTERVAL %d MINUTE",
						loginlog_db,(unsigned int)ntohl(ipl), dynamic_pass_failure_ban_time);	//how many times filed account? in one ip.
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
					//check query result
					sql_res = mysql_store_result(&mysql_handle) ;
					sql_row = sql_res?mysql_fetch_row(sql_res):NULL;	//row fetching

					if (sql_row && atoi(sql_row[0]) >= dynamic_pass_failure_ban_how_many ) {
						sprintf(tmpsql,"INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() +  INTERVAL %d MINUTE ,'Password error ban: %s')", p[0], p[1], p[2], dynamic_pass_failure_ban_how_long, t_uid);
						if(mysql_query(&mysql_handle, tmpsql)) {
							ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
							ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
						}
					}
					if(sql_res) mysql_free_result(sql_res);
				}
				else if (result == -2){	//dynamic banned - add ip to ban list.
					sprintf(tmpsql,"INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() +  INTERVAL 1 MONTH ,'Dynamic banned user id : %s')", p[0], p[1], p[2], t_uid);
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
					result = -3;
				}else if(result == 6){ //not lastet version ..
					//result = 5;
				}

				sprintf(tmpsql,"SELECT `ban_until` FROM `%s` WHERE `%s` = %s '%s'",login_db, login_db_userid, case_sensitive ? "BINARY" : "", t_uid);
				if(mysql_query(&mysql_handle, tmpsql)) {
					ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
					ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
				}
				sql_res = mysql_store_result(&mysql_handle) ;
				sql_row = sql_res?mysql_fetch_row(sql_res):NULL;	//row fetching
				//cannot connect login failed
				memset(WFIFOP(fd,0),'\0',23);
				WFIFOW(fd,0)=0x6a;
				WFIFOB(fd,2)=result;
				if (result == 6) { // 6 = Your are Prohibited to log in until %s
					if (sql_row && atol(sql_row[0]) != 0) { // if account is banned, we send ban timestamp
						char tmpstr[256];
						time_t ban_until_time;
						ban_until_time = atol(sql_row[0]);
						strftime(tmpstr, 20, date_format, localtime(&ban_until_time));
						tmpstr[19] = '\0';
						memcpy(WFIFOP(fd,3), tmpstr, 20);
					} else { // we send error message
						memcpy(WFIFOP(fd,3), error, 20);
					}
				}
				WFIFOSET(fd,23);
			}
			RFIFOSKIP(fd,packet_len);
			break;

		case 0x01db:	// request password key
			if (session[fd]->session_data) {
				ShowWarning("login: abnormal request of MD5 key (already opened session).\n");
				session[fd]->eof = 1;
				return 0;
			}
			ShowDebug("Request Password key -%s\n",md5key);
			RFIFOSKIP(fd,2);
			WFIFOW(fd,0)=0x01dc;
			WFIFOW(fd,2)=4+md5keylen;
			memcpy(WFIFOP(fd,4),md5key,md5keylen);
			WFIFOSET(fd,WFIFOW(fd,2));
			break;

		case 0x2710:	// request Char-server connection
			if(RFIFOREST(fd)<86)
				return 0;
			{
				unsigned char* server_name;
				if (log_login)
				{
					sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s@%s','100', 'charserver - %s@%d.%d.%d.%d:%d')", loginlog_db, (unsigned int)ntohl(ipl), RFIFOP(fd, 2),RFIFOP(fd, 60),RFIFOP(fd, 60), RFIFOB(fd, 54), RFIFOB(fd, 55), RFIFOB(fd, 56), RFIFOB(fd, 57), RFIFOW(fd, 58));

					//query
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
				}
				ShowInfo("server connection request %s @ %d.%d.%d.%d:%d (%d.%d.%d.%d)\n",
					RFIFOP(fd, 60), RFIFOB(fd, 54), RFIFOB(fd, 55), RFIFOB(fd, 56), RFIFOB(fd, 57), RFIFOW(fd, 58),
					p[0], p[1], p[2], p[3]);
				memcpy(account.userid,RFIFOP(fd, 2),NAME_LENGTH);
				account.userid[23] = '\0';
				memcpy(account.passwd,RFIFOP(fd, 26),NAME_LENGTH);
				account.passwd[23] = '\0';
				account.passwdenc = 0;
				server_name = RFIFOP(fd,60);
				result = mmo_auth(&account, fd);
				//printf("Result: %d - Sex: %d - Account ID: %d\n",result,account.sex,(int) account.account_id);

				if(result == -1 && account.sex==2 && account.account_id<MAX_SERVERS && server_fd[account.account_id]==-1){
					ShowStatus("Connection of the char-server '%s' accepted.\n", server_name);
					memset(&server[account.account_id], 0, sizeof(struct mmo_char_server));
					server[account.account_id].ip=RFIFOL(fd,54);
					server[account.account_id].port=RFIFOW(fd,58);
					memcpy(server[account.account_id].name,RFIFOP(fd,60),20);
					server[account.account_id].users=0;
					server[account.account_id].maintenance=RFIFOW(fd,82);
					server[account.account_id].new_=RFIFOW(fd,84);
					server_fd[account.account_id]=fd;
					sprintf(tmpsql,"DELETE FROM `sstatus` WHERE `index`='%ld'", account.account_id);
					//query
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}

					jstrescapecpy(t_uid,server[account.account_id].name);
					sprintf(tmpsql,"INSERT INTO `sstatus`(`index`,`name`,`user`) VALUES ( '%ld', '%s', '%d')",
						account.account_id, server[account.account_id].name,0);
					//query
					if(mysql_query(&mysql_handle, tmpsql)) {
						ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
						ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
					}
					WFIFOW(fd,0)=0x2711;
					WFIFOB(fd,2)=0;
					WFIFOSET(fd,3);
					session[fd]->func_parse=parse_fromchar;
					realloc_fifo(fd,FIFOSIZE_SERVERLINK,FIFOSIZE_SERVERLINK);
					// send GM account to char-server
					send_GM_accounts(fd);
				} else {
					WFIFOW(fd, 0) =0x2711;
					WFIFOB(fd, 2)=3;
					WFIFOSET(fd, 3);
				}
			}
			RFIFOSKIP(fd, 86);
			return 0;

		case 0x7530:	// request Athena information
			WFIFOW(fd,0)=0x7531;
			WFIFOB(fd,2)=ATHENA_MAJOR_VERSION;
			WFIFOB(fd,3)=ATHENA_MINOR_VERSION;
			WFIFOB(fd,4)=ATHENA_REVISION;
			WFIFOB(fd,5)=ATHENA_RELEASE_FLAG;
			WFIFOB(fd,6)=ATHENA_OFFICIAL_FLAG;
			WFIFOB(fd,7)=ATHENA_SERVER_LOGIN;
			WFIFOW(fd,8)=ATHENA_MOD_VERSION;
			WFIFOSET(fd,10);
			RFIFOSKIP(fd,2);
			ShowInfo ("Athena version check...\n");
			break;

		case 0x7532:
			ShowStatus ("End of connection (ip: %s)" RETCODE, ip);
			session[fd]->eof = 1;
			break;
		default:
			ShowStatus ("Abnormal end of connection (ip: %s): Unknown packet 0x%x " RETCODE, ip, RFIFOW(fd,0));
			session[fd]->eof = 1;
			return 0;
		}
	}

	RFIFOSKIP(fd,RFIFOREST(fd));
	return 0;
}

// Console Command Parser [Wizputer]
int parse_console(char *buf) {
	char *type,*command;

	type = (char *)aMalloc(64);
	command = (char *)aMalloc(64);

	memset(type,0,64);
	memset(command,0,64);

	ShowInfo("Console: %s\n",buf);

	if ( sscanf(buf, "%[^:]:%[^\n]", type , command ) < 2 )
		sscanf(buf,"%[^\n]",type);

	ShowInfo("Type of command: %s || Command: %s \n",type,command);

	if(buf) aFree(buf);
	if(type) aFree(type);
	if(command) aFree(command);

	return 0;
}

static int online_data_cleanup_sub(DBKey key, void *data, va_list ap)
{
	struct online_login_data *character= (struct online_login_data*)data;
	if (character->char_server == -2) //Unknown server.. set them offline
		remove_online_user(character->account_id);
	else if (character->char_server < 0)
		//Free data from players that have not been online for a while.
		db_remove(online_db, key);
	return 0;
}

static int online_data_cleanup(int tid, unsigned int tick, int id, int data)
{
	online_db->foreach(online_db, online_data_cleanup_sub);
	return 0;
} 

//-------------------------------------------------
// Return numerical value of a switch configuration
// on/off, english, fran�ais, deutsch, espa�ol
//-------------------------------------------------
int config_switch(const char *str) {
	if (strcmpi(str, "on") == 0 || strcmpi(str, "yes") == 0 || strcmpi(str, "oui") == 0 || strcmpi(str, "ja") == 0 || strcmpi(str, "si") == 0)
		return 1;
	if (strcmpi(str, "off") == 0 || strcmpi(str, "no") == 0 || strcmpi(str, "non") == 0 || strcmpi(str, "nein") == 0)
		return 0;

	return atoi(str);
}


//----------------------------------
// Reading Lan Support configuration
// Rewrote: Anvanced subnet check [LuzZza]
//----------------------------------
int login_lan_config_read(const char *lancfgName) {

	FILE *fp;
	int line_num = 0;
	char line[1024], w1[64], w2[64], w3[64], w4[64];

	if((fp = fopen(lancfgName, "r")) == NULL) {
		ShowWarning("LAN Support configuration file is not found: %s\n", lancfgName);
		return 1;
	}

	ShowInfo("Reading the configuration file %s...\n", lancfgName);

	while(fgets(line, sizeof(line)-1, fp)) {

		line_num++;		
		if ((line[0] == '/' && line[1] == '/') || line[0] == '\n' || line[1] == '\n')
			continue;

		line[sizeof(line)-1] = '\0';
		if(sscanf(line,"%[^:]: %[^:]:%[^:]:%[^\r\n]", w1, w2, w3, w4) != 4) {

			ShowWarning("Error syntax of configuration file %s in line %d.\n", lancfgName, line_num);	
			continue;
		}

		remove_control_chars((unsigned char *)w1);
		remove_control_chars((unsigned char *)w2);
		remove_control_chars((unsigned char *)w3);
		remove_control_chars((unsigned char *)w4);

		if(strcmpi(w1, "subnet") == 0) {

			subnet[subnet_count].mask = inet_addr(w2);
			subnet[subnet_count].char_ip = inet_addr(w3);
			subnet[subnet_count].map_ip = inet_addr(w4);
			subnet[subnet_count].subnet = subnet[subnet_count].char_ip&subnet[subnet_count].mask;
			if (subnet[subnet_count].subnet != (subnet[subnet_count].map_ip&subnet[subnet_count].mask)) {
				ShowError("%s: Configuration Error: The char server (%s) and map server (%s) belong to different subnetworks!\n", lancfgName, w3, w4);
				continue;
			}

			subnet_count++;
		}

		ShowStatus("Read information about %d subnetworks.\n", subnet_count);
	}

	fclose(fp);
	return 0;
}

//-----------------------------------------------------
//BANNED IP CHECK.
//-----------------------------------------------------
int ip_ban_check(int tid, unsigned int tick, int id, int data){

	//query
	if(mysql_query(&mysql_handle, "DELETE FROM `ipbanlist` WHERE `rtime` <= NOW()")) {
		ShowSQL("DB error - %s\n",mysql_error(&mysql_handle));
		ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmp_sql);
	}

	return 0;
}

//-----------------------------------------------------
// reading configuration
//-----------------------------------------------------
int login_config_read(const char *cfgName){
	int i;
	char line[1024], w1[1024], w2[1024];
	FILE *fp;

	fp=fopen(cfgName,"r");

	if(fp==NULL){
		ShowError("Configuration file (%s) not found.\n", cfgName);
		return 1;
	}
	ShowInfo("reading configuration file %s...\n", cfgName);
	while(fgets(line, sizeof(line)-1, fp)){
		if(line[0] == '/' && line[1] == '/')
			continue;

		i=sscanf(line,"%[^:]: %[^\r\n]",w1,w2);
		if(i!=2)
			continue;

		remove_control_chars((unsigned char *) w1);
		remove_control_chars((unsigned char *) w2);
		if(strcmpi(w1,"timestamp_format") == 0) {
			strncpy(timestamp_format, w2, 20);
		} else if(strcmpi(w1,"console_silent")==0){
			msg_silent = 0; //To always allow the next line to show up.
			ShowInfo("Console Silent Setting: %d\n", atoi(w2));
			msg_silent = atoi(w2);
		} else if (strcmpi(w1, "bind_ip") == 0) {
			bind_ip = resolve_hostbyname(w2, NULL, bind_ip_str);
			if (bind_ip)
				ShowStatus("Login server binding IP address : %s -> %s\n", w2, bind_ip_str);
		} else if(strcmpi(w1,"login_port")==0){
			login_port=atoi(w2);
			ShowStatus("set login_port : %s\n",w2);
		}
		else if(strcmpi(w1,"ipban")==0){
			ipban=atoi(w2);
			ShowStatus("set ipban : %d\n",ipban);
		}
		//account ban -> ip ban
		else if(strcmpi(w1,"dynamic_account_ban")==0){
			dynamic_account_ban=atoi(w2);
			ShowStatus("set dynamic_account_ban : %d\n",dynamic_account_ban);
		}
		else if(strcmpi(w1,"dynamic_account_ban_class")==0){
			dynamic_account_ban_class=atoi(w2);
			ShowStatus("set dynamic_account_ban_class : %d\n",dynamic_account_ban_class);
		}
		//dynamic password error ban
		else if(strcmpi(w1,"dynamic_pass_failure_ban")==0){
			dynamic_pass_failure_ban=atoi(w2);
			ShowStatus("set dynamic_pass_failure_ban : %d\n",dynamic_pass_failure_ban);
		}
		else if(strcmpi(w1,"dynamic_pass_failure_ban_time")==0){
			dynamic_pass_failure_ban_time=atoi(w2);
			ShowStatus("set dynamic_pass_failure_ban_time : %d\n",dynamic_pass_failure_ban_time);
		}
		else if(strcmpi(w1,"dynamic_pass_failure_ban_how_many")==0){
			dynamic_pass_failure_ban_how_many=atoi(w2);
			ShowStatus("set dynamic_pass_failure_ban_how_many : %d\n",dynamic_pass_failure_ban_how_many);
		}
		else if(strcmpi(w1,"dynamic_pass_failure_ban_how_long")==0){
			dynamic_pass_failure_ban_how_long=atoi(w2);
			ShowStatus("set dynamic_pass_failure_ban_how_long : %d\n",dynamic_pass_failure_ban_how_long);
		} else if(strcmpi(w1, "new_account") == 0){ 	//Added by Sirius for new account _M/_F
			new_account_flag = atoi(w2);		//Added by Sirius for new account _M/_F		
		} else if(strcmpi(w1, "check_client_version") == 0){ 		//Added by Sirius for client version check
			//check_client_version = config_switch(w2); 		//Added by Sirius for client version check
			if(strcmpi(w2,"on") == 0 || strcmpi(w2,"yes") == 0 ){
				check_client_version = 1;
			} else if(strcmpi(w2,"off") == 0 || strcmpi(w2,"no") == 0 ){
				check_client_version = 0;
			}                                                                                          
		} else if(strcmpi(w1, "client_version_to_connect") == 0){	//Added by Sirius for client version check
			client_version_to_connect = atoi(w2);			//Added by SIrius for client version check
		} else if(strcmpi(w1,"use_MD5_passwords")==0){
			if (!strcmpi(w2,"yes")) {
				use_md5_passwds=1;
			} else if (!strcmpi(w2,"no")){
				use_md5_passwds=0;
			}
			ShowStatus("Using MD5 Passwords: %s \n",w2);
		}
		else if (strcmpi(w1, "date_format") == 0) { // note: never have more than 19 char for the date!
			switch (atoi(w2)) {
				case 0:
					strcpy(date_format, "%d-%m-%Y %H:%M:%S"); // 31-12-2004 23:59:59
					break;
				case 1:
					strcpy(date_format, "%m-%d-%Y %H:%M:%S"); // 12-31-2004 23:59:59
					break;
				case 2:
					strcpy(date_format, "%Y-%d-%m %H:%M:%S"); // 2004-31-12 23:59:59
					break;
				case 3:
					strcpy(date_format, "%Y-%m-%d %H:%M:%S"); // 2004-12-31 23:59:59
					break;
			}
		}
		else if (strcmpi(w1, "min_level_to_connect") == 0) {
			min_level_to_connect = atoi(w2);
		}
		else if (strcmpi(w1, "check_ip_flag") == 0) {
			check_ip_flag = config_switch(w2);
		}
		else if (strcmpi(w1, "console") == 0) {
			if(strcmpi(w2,"on") == 0 || strcmpi(w2,"yes") == 0 )
				console = 1;
		}
		else if (strcmpi(w1, "case_sensitive") == 0) {
			if(strcmpi(w2,"on") == 0 || strcmpi(w2,"yes") == 0 )
				case_sensitive = 1;
			if(strcmpi(w2,"off") == 0 || strcmpi(w2,"no") == 0 )
				case_sensitive = 0;
			else
				case_sensitive = atoi(w2);
		} else if (strcmpi(w1, "allowed_regs") == 0) { //account flood protection system [Kevin]
			allowed_regs = atoi(w2);
		} else if (strcmpi(w1, "time_allowed") == 0) {
			time_allowed = atoi(w2);
		} else if (strcmpi(w1, "online_check") == 0) {
			if(strcmpi(w2,"on") == 0 || strcmpi(w2,"yes") == 0 )
				online_check = 1;
			else if(strcmpi(w2,"off") == 0 || strcmpi(w2,"no") == 0 )
				online_check = 0;
			else
				online_check = atoi(w2);
		} else if (strcmpi(w1, "log_login") == 0) {
			if(strcmpi(w2,"on") == 0 || strcmpi(w2,"yes") == 0 )
				log_login = 1;
			else if(strcmpi(w2,"off") == 0 || strcmpi(w2,"no") == 0 )
				log_login = 0;
			else
				log_login = atoi(w2);
		} else if (strcmpi(w1, "import") == 0) {
			login_config_read(w2);
		} else if(strcmpi(w1,"use_dnsbl")==0) { // [Zido]
			use_dnsbl=atoi(w2);
		} else if(strcmpi(w1,"dnsbl_servers")==0) { // [Zido]
			strcpy(dnsbl_servs,w2);
		} else if(strcmpi(w1,"ip_sync_interval")==0) {
			ip_sync_interval = 1000*60*atoi(w2); //w2 comes in minutes.
		}
	}
	fclose(fp);
	ShowInfo("done reading %s.\n", cfgName);
	return 0;
}

void sql_config_read(const char *cfgName){ /* Kalaspuff, to get login_db */
	int i;
	char line[1024], w1[1024], w2[1024];
	FILE *fp=fopen(cfgName,"r");
	if(fp==NULL){
		ShowFatalError("file not found: %s\n",cfgName);
		exit(1);
	}
	ShowInfo("reading configuration file %s...\n", cfgName);
	while(fgets(line, sizeof(line)-1, fp)){
		if(line[0] == '/' && line[1] == '/')
			continue;
		i=sscanf(line,"%[^:]: %[^\r\n]",w1,w2);
		if(i!=2)
			continue;
		if(strcmpi(w1, "gm_read_method") == 0) {
			if(atoi(w2) == 0)
				login_gm_read = true;
			else
				login_gm_read = false;
		} else if(strcmpi(w1, "gm_db") == 0) {
			strcpy(gm_db, w2);
		} else if (strcmpi(w1, "login_db") == 0) {
			strcpy(login_db, w2);
		}
		//add for DB connection
		else if(strcmpi(w1,"login_server_ip")==0){
			strcpy(login_server_ip, w2);
			ShowStatus ("set login_server_ip : %s\n",w2);
		}
		else if(strcmpi(w1,"login_server_port")==0){
			login_server_port=atoi(w2);
			ShowStatus ("set login_server_port : %s\n",w2);
		}
		else if(strcmpi(w1,"login_server_id")==0){
			strcpy(login_server_id, w2);
			ShowStatus ("set login_server_id : %s\n",w2);
		}
		else if(strcmpi(w1,"login_server_pw")==0){
			strcpy(login_server_pw, w2);
			ShowStatus ("set login_server_pw : %s\n",w2);
		}
		else if(strcmpi(w1,"login_server_db")==0){
			strcpy(login_server_db, w2);
			ShowStatus ("set login_server_db : %s\n",w2);
		} 
		else if(strcmpi(w1,"connection_ping_interval")==0) {
			connection_ping_interval = atoi(w2);
		}
		else if(strcmpi(w1,"default_codepage")==0){
			strcpy(default_codepage, w2);
			ShowStatus ("set default_codepage : %s\n",w2);
		}
		//added for custom column names for custom login table
		else if(strcmpi(w1,"login_db_account_id")==0){
			strcpy(login_db_account_id, w2);
		}
		else if(strcmpi(w1,"login_db_userid")==0){
			strcpy(login_db_userid, w2);
		}
		else if(strcmpi(w1,"login_db_user_pass")==0){
			strcpy(login_db_user_pass, w2);
		}
		else if(strcmpi(w1,"login_db_level")==0){
			strcpy(login_db_level, w2);
		}
		else if (strcmpi(w1, "loginlog_db") == 0) {
			strcpy(loginlog_db, w2);
		}
		else if (strcmpi(w1, "reg_db") == 0) {
			strcpy(reg_db, w2);
		}
		//support the import command, just like any other config
		else if(strcmpi(w1,"import")==0){
			sql_config_read(w2);
		}
	}
	fclose(fp);
	ShowInfo("done reading %s.\n", cfgName);
}

//--------------------------------------
// Function called at exit of the server
//--------------------------------------
void do_final(void) {
	//sync account when terminating.
	//but no need when you using DBMS (mysql)
	ShowStatus("Terminating...\n");
	mmo_db_close();
	online_db->destroy(online_db, NULL);
	if (gm_account_db)
		aFree(gm_account_db);
}

void set_server_type(void)
{
	SERVER_TYPE = ATHENA_SERVER_LOGIN;
}
int do_init(int argc,char **argv){
	//initialize login server
	int i;

	//read login configue
	login_config_read( (argc>1)?argv[1]:LOGIN_CONF_NAME );
	sql_config_read(SQL_CONF_NAME);
	login_lan_config_read((argc > 2) ? argv[2] : LAN_CONF_NAME);
	//Generate Passworded Key.
	ShowInfo("Initializing md5key...\n");
	memset(md5key, 0, sizeof(md5key));
	md5keylen=rand()%4+12;
	for(i=0;i<md5keylen;i++)
		md5key[i]=rand()%255+1;
	ShowInfo("md5key setup complete\n");


	ShowInfo("set FIFO Size\n");
	for(i=0;i<AUTH_FIFO_SIZE;i++)
		auth_fifo[i].delflag=1;
	ShowInfo("set FIFO Size complete\n");

	ShowInfo("set max servers\n");
	for(i=0;i<MAX_SERVERS;i++)
		server_fd[i]=-1;
	ShowInfo("set max servers complete\n");
	//server port open & binding

	// Online user database init
	online_db = db_alloc(__FILE__,__LINE__,DB_INT,DB_OPT_RELEASE_DATA,sizeof(int));	// reinitialise
	add_timer_func_list(waiting_disconnect_timer, "waiting_disconnect_timer");

	login_fd = make_listen_bind(bind_ip?bind_ip:INADDR_ANY,login_port);

	//Auth start
	ShowInfo("Running mmo_auth_sqldb_init()\n");
	mmo_auth_sqldb_init();
	ShowInfo("finished mmo_auth_sqldb_init()\n");

	if(login_gm_read)
		//Read account information.
		read_gm_account();

	//set default parser as parse_login function
	set_defaultparse(parse_login);

	// ban deleter timer - 1 minute term
	ShowStatus("add interval tic (ip_ban_check)....\n");
	add_timer_func_list(ip_ban_check,"ip_ban_check");
	add_timer_interval(gettick()+10, ip_ban_check,0,0,60*1000);

	add_timer_func_list(online_data_cleanup, "online_data_cleanup");
	add_timer_interval(gettick() + 600*1000, online_data_cleanup, 0, 0, 600*1000); // every 10 minutes cleanup online account db.

	if (ip_sync_interval) {
		add_timer_func_list(sync_ip_addresses, "sync_ip_addresses");
		add_timer_interval(gettick() + ip_sync_interval, sync_ip_addresses, 0, 0, ip_sync_interval);
	}

	if (console) {
		set_defaultconsoleparse(parse_console);
		start_console();
	}

	ShowStatus("The login-server is "CL_GREEN"ready"CL_RESET" (Server is listening on the port %d).\n\n", login_port);

	return 0;
}