diff options
Diffstat (limited to 'src/char/char.c')
-rw-r--r-- | src/char/char.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/src/char/char.c b/src/char/char.c index 8d7ff1ab4..82206cbd9 100644 --- a/src/char/char.c +++ b/src/char/char.c @@ -2270,7 +2270,7 @@ int parse_fromlogin(int fd) { // acknowledgement of account authentication request case 0x2713: - if (RFIFOREST(fd) < 29) + if (RFIFOREST(fd) < 33) return 0; { int account_id = RFIFOL(fd,2); @@ -2282,7 +2282,8 @@ int parse_fromlogin(int fd) { uint32 version = RFIFOL(fd,20); uint8 clienttype = RFIFOB(fd,24); int group_id = RFIFOL(fd,25); - RFIFOSKIP(fd,29); + unsigned int expiration_time = RFIFOL(fd, 29); + RFIFOSKIP(fd,33); if( session_isActive(request_id) && (sd=(struct char_session_data*)session[request_id]->session_data) && !sd->auth && sd->account_id == account_id && sd->login_id1 == login_id1 && sd->login_id2 == login_id2 && sd->sex == sex ) @@ -2300,6 +2301,14 @@ int parse_fromlogin(int fd) { WFIFOSET(client_fd,3); break; } + /* the client will already deny this request, this check is to avoid someone bypassing. */ + if( char_server_type == CST_PAYING && (time_t)expiration_time < time(NULL) ) { + WFIFOHEAD(client_fd,3); + WFIFOW(client_fd,0) = 0x6c; + WFIFOB(client_fd,2) = 0;// rejected from server + WFIFOSET(client_fd,3); + break; + } char_auth_ok(client_fd, sd); break; case 1:// auth failed @@ -3070,6 +3079,7 @@ int parse_frommap(int fd) node->login_id2 = login_id2; //node->sex = 0; node->ip = ntohl(ip); + /* sounds troublesome. */ //node->expiration_time = 0; // unlimited/unknown time by default (not display in map-server) //node->gmlevel = 0; idb_put(auth_db, account_id, node); @@ -4004,6 +4014,14 @@ int parse_char(int fd) WFIFOSET(fd,3); break; } + /* the client will already deny this request, this check is to avoid someone bypassing. */ + if( char_server_type == CST_PAYING && (time_t)node->expiration_time < time(NULL) ) { + WFIFOHEAD(fd,3); + WFIFOW(fd,0) = 0x6c; + WFIFOB(fd,2) = 0;// rejected from server + WFIFOSET(fd,3); + break; + } idb_remove(auth_db, account_id); char_auth_ok(fd, sd); } |