diff options
Diffstat (limited to 'src/login_sql/login.c')
| -rw-r--r-- | src/login_sql/login.c | 1335 |
1 files changed, 660 insertions, 675 deletions
diff --git a/src/login_sql/login.c b/src/login_sql/login.c index 9411c6fec..bc3c1117a 100644 --- a/src/login_sql/login.c +++ b/src/login_sql/login.c @@ -12,20 +12,13 @@ #include "../common/showmsg.h" #include "../common/version.h" #include "../common/md5calc.h" +#include "../common/sql.h" #include "login.h" #include <stdio.h> #include <stdlib.h> -#include <sys/stat.h> // for stat/lstat/fstat -#include <signal.h> -#include <fcntl.h> #include <string.h> - -//add include for DBMS(mysql) -#ifdef WIN32 -#include <winsock2.h> -#endif -#include <mysql.h> +#include <sys/stat.h> // for stat/lstat/fstat struct Login_Config { @@ -59,7 +52,7 @@ int server_fd[MAX_SERVERS]; // char server sockets struct mmo_char_server server[MAX_SERVERS]; // char server data // Advanced subnet check [LuzZza] -struct _subnet { +struct s_subnet { uint32 subnet; uint32 mask; uint32 char_ip; @@ -78,13 +71,10 @@ int time_allowed = 10; //in seconds int num_regs = 0; unsigned int new_reg_tick = 0; -MYSQL mysql_handle; -MYSQL_RES* sql_res ; -MYSQL_ROW sql_row ; -char tmpsql[65535]; +Sql* sql_handle; // database parameters -int login_server_port = 3306; +uint16 login_server_port = 3306; char login_server_ip[32] = "127.0.0.1"; char login_server_id[32] = "ragnarok"; char login_server_pw[32] = "ragnarok"; @@ -127,19 +117,19 @@ struct online_login_data { //----------------------------------------------------- -struct dbt *online_db; +struct dbt* online_db; static void* create_online_user(DBKey key, va_list args) { - struct online_login_data *p; - p = aCalloc(1, sizeof(struct online_login_data)); + struct online_login_data* p; + CREATE(p, struct online_login_data, 1); p->account_id = key.i; p->char_server = -1; p->waiting_disconnect = -1; - return p; + return p; } -int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len); +int charif_sendallwos(int sfd, uint8* buf, size_t len); static int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data); //----------------------------------------------------- @@ -148,12 +138,12 @@ static int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data void add_online_user(int char_server, int account_id) { - struct online_login_data *p; - if (!login_config.online_check) + struct online_login_data* p; + if( !login_config.online_check ) return; p = idb_ensure(online_db, account_id, create_online_user); p->char_server = char_server; - if (p->waiting_disconnect != -1) + if( p->waiting_disconnect != -1 ) { delete_timer(p->waiting_disconnect, waiting_disconnect_timer); p->waiting_disconnect = -1; @@ -162,19 +152,20 @@ void add_online_user(int char_server, int account_id) void remove_online_user(int account_id) { - if(!login_config.online_check) + if( !login_config.online_check ) return; - if (account_id == 99) { // reset all to offline + if( account_id == 99 ) + {// reset all to offline online_db->clear(online_db, NULL); // purge db return; } - idb_remove(online_db,account_id); + idb_remove(online_db, account_id); } static int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data) { - struct online_login_data *p; - if ((p= idb_get(online_db, id)) != NULL && p->waiting_disconnect == id) + struct online_login_data* p = idb_get(online_db, id); + if( p != NULL && p->waiting_disconnect == id ) { p->waiting_disconnect = -1; remove_online_user(id); @@ -184,7 +175,7 @@ static int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data static int sync_ip_addresses(int tid, unsigned int tick, int id, int data) { - unsigned char buf[2]; + uint8 buf[2]; ShowInfo("IP Sync in progress...\n"); WBUFW(buf,0) = 0x2735; charif_sendallwos(-1, buf, 2); @@ -196,32 +187,30 @@ static int sync_ip_addresses(int tid, unsigned int tick, int id, int data) //----------------------------------------------------- void read_gm_account(void) { - if(!login_config.login_gm_read) - return; - sprintf(tmpsql, "SELECT `%s`,`%s` FROM `%s` WHERE `%s`> '0'",login_db_account_id,login_db_level,login_db,login_db_level); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - return; //Failed to read GM list! - } + if( !login_config.login_gm_read ) + return;// char server's job - if (gm_account_db != NULL) + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `%s`,`%s` FROM `%s` WHERE `%s` > '0'", login_db_account_id, login_db_level, login_db, login_db_level) ) { - aFree(gm_account_db); - gm_account_db = NULL; + Sql_ShowDebug(sql_handle); + return;// Failed to read GM list! } - GM_num = 0; - - sql_res = mysql_store_result(&mysql_handle); - if (sql_res) { - gm_account_db = (struct gm_account*)aCalloc((size_t)mysql_num_rows(sql_res), sizeof(struct gm_account)); - while ((sql_row = mysql_fetch_row(sql_res))) { - gm_account_db[GM_num].account_id = atoi(sql_row[0]); - gm_account_db[GM_num].level = atoi(sql_row[1]); - GM_num++; - } - mysql_free_result(sql_res); + + RECREATE(gm_account_db, struct gm_account, (size_t)Sql_NumRows(sql_handle)); + + for( GM_num = 0; SQL_SUCCESS == Sql_NextRow(sql_handle); ++GM_num ) + { + char* account; + char* level; + + Sql_GetData(sql_handle, 0, &account, NULL); + Sql_GetData(sql_handle, 1, &level, NULL); + + gm_account_db[GM_num].account_id = atoi(account); + gm_account_db[GM_num].level = atoi(level); } + + Sql_FreeResult(sql_handle); } //----------------------------------------------------- @@ -233,27 +222,32 @@ void send_GM_accounts(int fd) uint8 buf[32767]; uint16 len; - if(!login_config.login_gm_read) + if( !login_config.login_gm_read ) return; len = 4; WBUFW(buf,0) = 0x2732; - for(i = 0; i < GM_num; i++) + for( i = 0; i < GM_num; ++i ) + { // send only existing accounts. We can not create a GM account when server is online. - if (gm_account_db[i].level > 0) { + if( gm_account_db[i].level > 0 ) + { WBUFL(buf,len) = gm_account_db[i].account_id; WBUFB(buf,len+4) = (uint8)gm_account_db[i].level; len += 5; - if (len >= 32000) { + if( len >= 32000 ) + { ShowWarning("send_GM_accounts: Too many accounts! Only %d out of %d were sent.\n", i, GM_num); break; } } + } WBUFW(buf,2) = len; - if (fd == -1) // send to all charservers + if( fd == -1 )// send to all charservers charif_sendallwos(-1, buf, len); - else { // send only to target + else + {// send only to target WFIFOHEAD(fd,len); memcpy(WFIFOP(fd,0), buf, len); WFIFOSET(fd,len); @@ -268,27 +262,20 @@ void send_GM_accounts(int fd) int login_sql_ping(int tid, unsigned int tick, int id, int data) { ShowInfo("Pinging SQL server to keep connection alive...\n"); - mysql_ping(&mysql_handle); + Sql_Ping(sql_handle); return 0; } int sql_ping_init(void) { - int connection_timeout, connection_ping_interval; + uint32 connection_timeout, connection_ping_interval; // set a default value first connection_timeout = 28800; // 8 hours // ask the mysql server for the timeout value - if (!mysql_query(&mysql_handle, "SHOW VARIABLES LIKE 'wait_timeout'") - && (sql_res = mysql_store_result(&mysql_handle)) != NULL) { - sql_row = mysql_fetch_row(sql_res); - if (sql_row) - connection_timeout = atoi(sql_row[1]); - if (connection_timeout < 60) - connection_timeout = 60; - mysql_free_result(sql_res); - } + if( SQL_SUCCESS == Sql_GetTimeout(sql_handle, &connection_timeout) && connection_timeout < 60 ) + connection_timeout = 60; // establish keepalive connection_ping_interval = connection_timeout - 30; // 30-second reserve @@ -305,34 +292,26 @@ int mmo_auth_sqldb_init(void) { ShowStatus("Login server init....\n"); - mysql_init(&mysql_handle); + sql_handle = Sql_Malloc(); // DB connection start ShowStatus("Connect Login Database Server....\n"); - if (!mysql_real_connect(&mysql_handle, login_server_ip, login_server_id, login_server_pw, login_server_db, login_server_port, (char *)NULL, 0)) { - ShowFatalError("%s\n", mysql_error(&mysql_handle)); + if( SQL_ERROR == Sql_Connect(sql_handle, login_server_id, login_server_pw, login_server_ip, login_server_port, login_server_db) ) + { + Sql_ShowDebug(sql_handle); + Sql_Free(sql_handle); exit(1); - } else { - ShowStatus("Connect success!\n"); } - if( strlen(default_codepage) > 0 ) { - sprintf( tmpsql, "SET NAMES %s", default_codepage ); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + else + { + ShowStatus("Connect success!\n"); } - if (login_config.log_login) - { - sprintf(tmpsql, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100','login server started')", loginlog_db); + if( default_codepage[0] != '\0' && SQL_ERROR == Sql_SetEncoding(sql_handle, default_codepage) ) + Sql_ShowDebug(sql_handle); - //query - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - } + if( login_config.log_login && SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s` (`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100','login server started')", loginlog_db) ) + Sql_ShowDebug(sql_handle); sql_ping_init(); @@ -348,32 +327,23 @@ void mmo_db_close(void) int i, fd; //set log. - if (login_config.log_login) - { - sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100', 'login server shutdown')", loginlog_db); - - //query - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - } + if( login_config.log_login && SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100', 'login server shutdown')", loginlog_db) ) + Sql_ShowDebug(sql_handle); - for (i = 0; i < MAX_SERVERS; i++) { - if ((fd = server_fd[i]) >= 0) - { //Clean only data related to servers we are connected to. [Skotlex] - sprintf(tmpsql,"DELETE FROM `sstatus` WHERE `index` = '%d'", i); - if (mysql_query(&mysql_handle, tmpsql)) - { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + for( i = 0; i < MAX_SERVERS; ++i ) + { + fd = server_fd[i]; + if( session_isValid(fd) ) + {// Clean only data related to servers we are connected to. [Skotlex] + if( SQL_ERROR == Sql_Query(sql_handle, "DELETE FROM `sstatus` WHERE `index` = '%d'", i) ) + Sql_ShowDebug(sql_handle); do_close(fd); } } - mysql_close(&mysql_handle); + Sql_Free(sql_handle); + sql_handle = NULL; ShowStatus("close DB connect....\n"); - if (login_fd > 0) + if( login_fd > 0 ) do_close(login_fd); } @@ -383,75 +353,66 @@ void mmo_db_close(void) int mmo_auth_new(struct mmo_account* account, char sex) { unsigned int tick = gettick(); - char user_password[256]; + char md5buf[32+1]; + SqlStmt* stmt; + //Account Registration Flood Protection by [Kevin] - if(DIFF_TICK(tick, new_reg_tick) < 0 && num_regs >= allowed_regs) { + if( DIFF_TICK(tick, new_reg_tick) < 0 && num_regs >= allowed_regs ) + { ShowNotice("Account registration denied (registration limit exceeded)\n"); return 3; } - //Check for preexisting account - sprintf(tmpsql, "SELECT `%s` FROM `%s` WHERE `userid` = '%s'", login_db_userid, login_db, account->userid); - if(mysql_query(&mysql_handle, tmpsql)){ - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - return 1; //Return Incorrect user/pass? + // check if the account doesn't exist already + stmt = SqlStmt_Malloc(sql_handle); + if ( SQL_SUCCESS != SqlStmt_Prepare(stmt, "SELECT `%s` FROM `%s` WHERE `userid` = ?", login_db_userid, login_db) + || SQL_SUCCESS != SqlStmt_BindParam(stmt, 0, SQLDT_STRING, account->userid, strnlen(account->userid, NAME_LENGTH)) + || SQL_SUCCESS != SqlStmt_Execute(stmt) + || SqlStmt_NumRows(stmt) > 0 ) + { + SqlStmt_ShowDebug(stmt); + SqlStmt_Free(stmt); + return 1; // incorrect user/pass } - - sql_res = mysql_store_result(&mysql_handle); - if(mysql_num_rows(sql_res) > 0){ - mysql_free_result(sql_res); - return 1; //Already exists, return incorrect user/pass. + SqlStmt_Free(stmt); + + // insert new entry into db + //TODO: error checking + stmt = SqlStmt_Malloc(sql_handle); + SqlStmt_Prepare(stmt, "INSERT INTO `%s` (`%s`, `%s`, `sex`, `email`) VALUES (?, ?, '%c', 'a@a.com')", login_db, login_db_userid, login_db_user_pass, TOUPPER(sex)); + SqlStmt_BindParam(stmt, 0, SQLDT_STRING, account->userid, strnlen(account->userid, NAME_LENGTH)); + if( login_config.use_md5_passwds ) + { + MD5_String(account->passwd, md5buf); + SqlStmt_BindParam(stmt, 1, SQLDT_STRING, md5buf, 32); } - mysql_free_result(sql_res); //Only needed for the already-exists check... - - mysql_real_escape_string(&mysql_handle, account->userid, account->userid, strlen(account->userid)); - mysql_real_escape_string(&mysql_handle, account->passwd, account->passwd, strlen(account->passwd)); - - sex = TOUPPER(sex); - - if (login_config.use_md5_passwds) - MD5_String(account->passwd, user_password); else - jstrescapecpy(user_password, account->passwd); - - ShowInfo("New account: user: %s with passwd: %s sex: %c\n", account->userid, user_password, sex); - - sprintf(tmpsql, "INSERT INTO `%s` (`%s`, `%s`, `sex`, `email`) VALUES ('%s', '%s', '%c', '%s')", login_db, login_db_userid, login_db_user_pass, account->userid, user_password, sex, "a@a.com"); + SqlStmt_BindParam(stmt, 1, SQLDT_STRING, account->passwd, strnlen(account->passwd, NAME_LENGTH)); + SqlStmt_Execute(stmt); + SqlStmt_Free(stmt); - if(mysql_query(&mysql_handle, tmpsql)){ - //Failed to insert new acc :/ - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - return 1; - } + ShowInfo("New account: userid='%s' passwd='%s' sex='%c'\n", account->userid, account->passwd, TOUPPER(sex)); - if(mysql_field_count(&mysql_handle) == 0 && - mysql_insert_id(&mysql_handle) < START_ACCOUNT_NUM) { - //Invalid Account ID! Must update it. - int id = (int)mysql_insert_id(&mysql_handle); - sprintf(tmpsql, "UPDATE `%s` SET `%s`='%d' WHERE `%s`='%d'", login_db, login_db_account_id, START_ACCOUNT_NUM, login_db_account_id, id); - if(mysql_query(&mysql_handle, tmpsql)){ - ShowError("New account %s has an invalid account ID [%d] which could not be updated (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM); - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); + if( Sql_LastInsertId(sql_handle) < START_ACCOUNT_NUM ) + {// Invalid Account ID! Must update it. + uint64 id = Sql_LastInsertId(sql_handle); + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `%s`='%d' WHERE `%s`='%lld'", login_db, login_db_account_id, START_ACCOUNT_NUM, login_db_account_id, id) ) + { + Sql_ShowDebug(sql_handle); + ShowError("New account '%s' has an invalid account ID [%lld] which could not be updated (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM); //Just delete it and fail. - sprintf(tmpsql, "DELETE FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, id); - if(mysql_query(&mysql_handle, tmpsql)){ - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "DELETE FROM `%s` WHERE `%s`='%lld'", login_db, login_db_account_id, id) ) + Sql_ShowDebug(sql_handle); return 1; } - ShowNotice("Updated New account %s's ID %d->%d (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM, START_ACCOUNT_NUM); + ShowNotice("Updated New account '%s' ID %d->%d (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM, START_ACCOUNT_NUM); } - if(DIFF_TICK(tick, new_reg_tick) > 0) - { //Update the registration check. - num_regs=0; - new_reg_tick=tick+time_allowed*1000; + if( DIFF_TICK(tick, new_reg_tick) > 0 ) + {// Update the registration check. + num_regs = 0; + new_reg_tick = tick + time_allowed*1000; } - num_regs++; - + ++num_regs; return 0; } @@ -459,16 +420,19 @@ int mmo_auth_new(struct mmo_account* account, char sex) //-------------------------------------------------------------------- // Packet send to all char-servers, except one (wos: without our self) //-------------------------------------------------------------------- -int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len) +int charif_sendallwos(int sfd, uint8* buf, size_t len) { - int i, c, fd; + int i, c; - for(i = 0, c = 0; i < MAX_SERVERS; i++) { - if ((fd = server_fd[i]) > 0 && fd != sfd) { + for( i = 0, c = 0; i < MAX_SERVERS; ++i ) + { + int fd = server_fd[i]; + if( session_isValid(fd) && fd != sfd ) + { WFIFOHEAD(fd,len); memcpy(WFIFOP(fd,0), buf, len); WFIFOSET(fd,len); - c++; + ++c; } } @@ -482,7 +446,9 @@ int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len) bool check_encrypted(const char* str1, const char* str2, const char* passwd) { char md5str[64], md5bin[32]; - snprintf(md5str, sizeof(md5str), "%s%s", str1, str2); md5str[sizeof(md5str)-1] = '\0'; + + snprintf(md5str, sizeof(md5str), "%s%s", str1, str2); + md5str[sizeof(md5str)-1] = '\0'; MD5_String2binary(md5str, md5bin); return (0==memcmp(passwd, md5bin, 16)); @@ -512,134 +478,144 @@ bool check_password(struct login_session_data* ld, int passwdenc, const char* pa int mmo_auth(struct mmo_account* account, int fd) { time_t ban_until_time; - char t_uid[256]; + char esc_userid[NAME_LENGTH*2+1];// escaped username char user_password[256], password[256]; long connect_until; int state; + size_t len; + char* data; char ip[16]; - uint32 ipl = session[fd]->client_addr; - uint8* sin_addr = (uint8*)&ipl; - sprintf(ip, "%d.%d.%d.%d", sin_addr[3], sin_addr[2], sin_addr[1], sin_addr[0]); + uint8* sin_addr = (uint8*)&session[fd]->client_addr; + sprintf(ip, "%u.%u.%u.%u", sin_addr[3], sin_addr[2], sin_addr[1], sin_addr[0]); // DNS Blacklist check - if(login_config.use_dnsbl) + if( login_config.use_dnsbl ) { char r_ip[16]; char ip_dnsbl[256]; char *dnsbl_serv; bool matched = false; - sprintf(r_ip, "%d.%d.%d.%d", sin_addr[0], sin_addr[1], sin_addr[2], sin_addr[3]); + sprintf(r_ip, "%u.%u.%u.%u", sin_addr[0], sin_addr[1], sin_addr[2], sin_addr[3]); - for (dnsbl_serv = strtok(login_config.dnsbl_servs,","); dnsbl_serv != NULL; dnsbl_serv = strtok(NULL,",")) + for( dnsbl_serv = strtok(login_config.dnsbl_servs,","); !matched && dnsbl_serv != NULL; dnsbl_serv = strtok(NULL,",") ) { - if (!matched) { - sprintf(ip_dnsbl, "%s.%s", r_ip, dnsbl_serv); - if(host2ip(ip_dnsbl)) - matched = true; - } + sprintf(ip_dnsbl, "%s.%s", r_ip, dnsbl_serv); + if( host2ip(ip_dnsbl) ) + matched = true; } - if (matched) { + if( matched ) + { ShowInfo("DNSBL: (%s) Blacklisted. User Kicked.\n", r_ip); return 3; } } + //Client Version check + if( login_config.check_client_version && account->version != 0 && + account->version != login_config.client_version_to_connect ) + return 5; + + len = strnlen(account->userid, NAME_LENGTH); + // Account creation with _M/_F - if (login_config.new_account_flag) + if( login_config.new_account_flag ) { - int len = strlen(account->userid) - 2; - if (account->passwdenc == 0 && account->userid[len] == '_' && - (account->userid[len+1] == 'F' || account->userid[len+1] == 'M' || - account->userid[len+1] == 'f' || account->userid[len+1] == 'm') && - len >= 4 && strlen(account->passwd) >= 4) + if( len > 2 && strnlen(account->passwd, NAME_LENGTH) >= 4 && // valid user and password lengths + account->passwdenc == 0 &&// unencoded password + account->userid[len-2] == '_' && memchr("FfMm", (unsigned char)account->userid[len-1], 4) ) // _M/_F suffix { int result; - account->userid[len] = '\0'; //Terminating the name. - if ((result = mmo_auth_new(account, account->userid[len+1]))) - return result; //Failed to make account. [Skotlex]. + account->userid[len-2] = '\0';// terminate the name. + result = mmo_auth_new(account, account->userid[len-1]); + if( result ) + return result;// Failed to make account. [Skotlex]. } } - jstrescapecpy(t_uid,account->userid); + // escape username + Sql_EscapeStringLen(sql_handle, esc_userid, account->userid, len); // retrieve login entry for the specified username - sprintf(tmpsql, "SELECT `%s`,`%s`,`lastlogin`,`sex`,`connect_until`,`ban_until`,`state`,`%s`" - " FROM `%s` WHERE `%s`= %s '%s'", login_db_account_id, login_db_user_pass, login_db_level, login_db, login_db_userid, login_config.case_sensitive ? "BINARY" : "", t_uid); + if( SQL_ERROR == Sql_Query(sql_handle, + "SELECT `%s`,`%s`,`lastlogin`,`sex`,`connect_until`,`ban_until`,`state`,`%s` FROM `%s` WHERE `%s`= %s '%s'", + login_db_account_id, login_db_user_pass, login_db_level, + login_db, login_db_userid, (login_config.case_sensitive ? "BINARY" : ""), esc_userid) ) + Sql_ShowDebug(sql_handle); //login {0-account_id/1-user_pass/2-lastlogin/3-sex/4-connect_untl/5-ban_until/6-state/7-level} - // query - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - sql_res = mysql_store_result(&mysql_handle) ; - if (!sql_res) { - ShowError("mmo_auth DB result error ! \n"); - return 0; - } - sql_row = mysql_fetch_row(sql_res); - if (!sql_row) { - //there's no id. - ShowNotice("auth failed: no such account %s\n", account->userid); - mysql_free_result(sql_res); + if( Sql_NumRows(sql_handle) == 0 ) // no such entry + { + ShowNotice("auth failed: no such account '%s'\n", esc_userid); + Sql_FreeResult(sql_handle); return 0; } - account->account_id = atoi(sql_row[0]); - strncpy(password, sql_row[1], sizeof(password)-1); - strncpy(account->lastlogin, sql_row[2], 24); - account->sex = sql_row[3][0] == 'S' ? 2 : sql_row[3][0]=='M' ? 1 : 0; - connect_until = atol(sql_row[4]); - ban_until_time = atol(sql_row[5]); - state = atoi(sql_row[6]); - account->level = atoi(sql_row[7]); - if (account->level > 99) account->level = 99; - - //This function has too many leaks because this is only free'd on the end. - //Better avoid that and free it as soon as possible. [Skotlex] - mysql_free_result(sql_res); + Sql_NextRow(sql_handle); //TODO: error checking? - //Client Version check - if(login_config.check_client_version && account->version != 0 && - account->version != login_config.client_version_to_connect) - return 5; + Sql_GetData(sql_handle, 0, &data, &len); + account->account_id = atoi(data); - switch (state) { - case -3: //id is banned - case -2: //dynamic ban - return state; + Sql_GetData(sql_handle, 1, &data, &len); + if( len > sizeof(password) - 1 ) + { +#if defined(DEBUG) + ShowDebug("mmo_auth: password buffer is too small (len=%u,buflen=%u)\n", len, sizeof(password)); +#endif + len = sizeof(password) - 1; } + memcpy(password, data, len); + password[len] = '\0'; + + Sql_GetData(sql_handle, 2, &data, &len); safestrncpy(account->lastlogin, data, sizeof(account->lastlogin)); + Sql_GetData(sql_handle, 3, &data, &len); account->sex = (*data == 'S' ? 2 : *data == 'M' ? 1 : 0); + Sql_GetData(sql_handle, 4, &data, &len); connect_until = atol(data); + Sql_GetData(sql_handle, 5, &data, &len); ban_until_time = atol(data); + Sql_GetData(sql_handle, 6, &data, &len); state = atoi(data); + Sql_GetData(sql_handle, 7, &data, &len); account->level = atoi(data); + if( account->level > 99 ) + account->level = 99; - if (login_config.use_md5_passwds) + Sql_FreeResult(sql_handle); + + if( login_config.use_md5_passwds ) MD5_String(account->passwd, user_password); else - memcpy(user_password, account->passwd, NAME_LENGTH); + safestrncpy(user_password, account->passwd, NAME_LENGTH); - if (!check_password(session[fd]->session_data, account->passwdenc, user_password, password)) + if( !check_password(session[fd]->session_data, account->passwdenc, user_password, password) ) { - ShowInfo("Invalid password (account: %s, pass: %s, received pass: %s, ip: %s)\n", - account->userid, password, (account->passwdenc) ? "[MD5]" : account->passwd, ip); + ShowInfo("Invalid password (account: '%s', pass: '%s', received pass: '%s', ip: %s)\n", + esc_userid, password, (account->passwdenc) ? "[MD5]" : user_password, ip); return 1; // 1 = Incorrect Password } - if (ban_until_time != 0) { // if account is banned - if (ban_until_time > time(NULL)) // always banned + if( connect_until != 0 && connect_until < time(NULL) ) + return 2; // 2 = This ID is expired + + if( ban_until_time != 0 ) + {// account is banned + if( ban_until_time > time(NULL) )// still banned return 6; // 6 = Your are Prohibited to log in until %s - sprintf(tmpsql, "UPDATE `%s` SET `ban_until`='0' %s WHERE `%s`= '%d'", - login_db, state==7?",state='0'":"", - login_db_account_id, account->account_id); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `ban_until`='0' %s WHERE `%s`= '%d'", + login_db, (state == 7 ? ",state='0'" : ""), login_db_account_id, account->account_id) ) + Sql_ShowDebug(sql_handle); } - if (state) - switch(state) { // packet 0x006a value + 1 + switch( state ) + { + case -3: //id is banned + case -2: //dynamic ban + return state; + } + + switch( state ) + {// packet 0x006a value + 1 + case 0: + break; case 1: // 0 = Unregistered ID case 2: // 1 = Incorrect Password case 3: // 2 = This ID is expired @@ -668,19 +644,18 @@ int mmo_auth(struct mmo_account* account, int fd) return 99; // 99 = ID has been totally erased } - if (connect_until != 0 && connect_until < time(NULL)) - return 2; // 2 = This ID is expired - - if (login_config.online_check) { - struct online_login_data* data = idb_get(online_db,account->account_id); - if (data && data->char_server > -1) { + if( login_config.online_check ) + { + struct online_login_data* data = idb_get(online_db, account->account_id); + if( data && data->char_server > -1 ) + { //Request char servers to kick this account out. [Skotlex] - unsigned char buf[8]; - ShowNotice("User [%s] is already online - Rejected.\n",account->userid); + uint8 buf[8]; + ShowNotice("User '%s' is already online - Rejected.\n", account->userid); WBUFW(buf,0) = 0x2734; WBUFL(buf,2) = account->account_id; charif_sendallwos(-1, buf, 6); - if (data->waiting_disconnect == -1) + if( data->waiting_disconnect == -1 ) data->waiting_disconnect = add_timer(gettick()+30000, waiting_disconnect_timer, account->account_id, 0); return 3; // Rejected } @@ -689,30 +664,30 @@ int mmo_auth(struct mmo_account* account, int fd) account->login_id1 = rand(); account->login_id2 = rand(); - if (account->sex != 2 && account->account_id < START_ACCOUNT_NUM) + if( account->sex != 2 && account->account_id < START_ACCOUNT_NUM ) ShowWarning("Account %s has account id %d! Account IDs must be over %d to work properly!\n", account->userid, account->account_id, START_ACCOUNT_NUM); - sprintf(tmpsql, "UPDATE `%s` SET `lastlogin` = NOW(), `logincount`=`logincount` +1, `last_ip`='%s' WHERE `%s` = '%d'", - login_db, ip, login_db_account_id, account->account_id); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - return -1; + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `lastlogin` = NOW(), `logincount`=`logincount`+1, `last_ip`='%s' WHERE `%s` = '%d'", + login_db, ip, login_db_account_id, account->account_id) ) + Sql_ShowDebug(sql_handle); + + return -1; // account OK } static int online_db_setoffline(DBKey key, void* data, va_list ap) { - struct online_login_data *p = (struct online_login_data *)data; + struct online_login_data* p = (struct online_login_data*)data; int server = va_arg(ap, int); - if (server == -1) { + if( server == -1 ) + { p->char_server = -1; - if (p->waiting_disconnect != -1) + if( p->waiting_disconnect != -1 ) { delete_timer(p->waiting_disconnect, waiting_disconnect_timer); p->waiting_disconnect = -1; } - } else if (p->char_server == server) + } + else if( p->char_server == server ) p->char_server = -2; //Char server disconnected. return 0; } @@ -728,44 +703,40 @@ int parse_fromchar(int fd) char ip[16]; ip2str(ipl, ip); - for(id = 0; id < MAX_SERVERS; id++) - if (server_fd[id] == fd) + for( id = 0; id < MAX_SERVERS; ++id ) + if( server_fd[id] == fd ) break; - if (id == MAX_SERVERS) { // not a char server + if( id == MAX_SERVERS ) + {// not a char server set_eof(fd); do_close(fd); return 0; } - if(session[fd]->eof) { + if( session[fd]->eof ) + { ShowStatus("Char-server '%s' has disconnected.\n", server[id].name); server_fd[id] = -1; memset(&server[id], 0, sizeof(struct mmo_char_server)); - online_db->foreach(online_db,online_db_setoffline,id); //Set all chars from this char server to offline. - sprintf(tmpsql, "DELETE FROM `sstatus` WHERE `index`='%d'", id); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + online_db->foreach(online_db, online_db_setoffline, id); //Set all chars from this char server to offline. + if( SQL_ERROR == Sql_Query(sql_handle, "DELETE FROM `sstatus` WHERE `index`='%d'", id) ) + Sql_ShowDebug(sql_handle); do_close(fd); return 0; } - while (RFIFOREST(fd) >= 2) + while( RFIFOREST(fd) >= 2 ) { uint16 command = RFIFOW(fd,0); - switch (command) + switch( command ) { case 0x2709: // request from map-server via char-server to reload GM accounts - if (login_config.log_login) + if( login_config.log_login ) { - sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`log`) VALUES (NOW(), '%u', '%s', 'GM reload request')", loginlog_db, ipl, server[id].name); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`log`) VALUES (NOW(), '%u', '%s', 'GM reload request')", loginlog_db, ipl, server[id].name) ) + Sql_ShowDebug(sql_handle); } read_gm_account(); // send GM accounts to all char-servers @@ -774,12 +745,13 @@ int parse_fromchar(int fd) break; case 0x2712: // request from char-server to authenticate an account - if (RFIFOREST(fd) < 19) + if( RFIFOREST(fd) < 19 ) return 0; { int account_id; account_id = RFIFOL(fd,2); // speed up - for(i = 0; i < AUTH_FIFO_SIZE; i++) { + for( i = 0; i < AUTH_FIFO_SIZE; ++i ) + { if( auth_fifo[i].account_id == account_id && auth_fifo[i].login_id1 == RFIFOL(fd,6) && auth_fifo[i].login_id2 == RFIFOL(fd,10) && @@ -792,30 +764,45 @@ int parse_fromchar(int fd) } } - if (i != AUTH_FIFO_SIZE && account_id > 0) { // send ack - time_t connect_until_time = 0; - char email[40] = ""; - account_id=RFIFOL(fd,2); - sprintf(tmpsql, "SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, account_id); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - sql_res = mysql_store_result(&mysql_handle) ; - if (sql_res) { - sql_row = mysql_fetch_row(sql_res); - connect_until_time = atol(sql_row[1]); - strncpy(email, sql_row[0], 40); email[39] = 0; - mysql_free_result(sql_res); + if( i != AUTH_FIFO_SIZE && account_id > 0 ) + {// send ack + uint32 connect_until_time = 0; + char email[40]; + + memset(email, 0, sizeof(email)); + account_id = RFIFOL(fd,2); + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data = NULL; + size_t len = 0; + + Sql_GetData(sql_handle, 0, &data, &len); + if( len > sizeof(email) ) + { +#if defined(DEBUG) + ShowDebug("parse_fromchar:0x2712: email is too long (len=%u,maxlen=%u)\n", len, sizeof(email)); +#endif + len = sizeof(email); + } + memcpy(email, data, len); + + Sql_GetData(sql_handle, 1, &data, NULL); + connect_until_time = (uint32)strtoul(data, NULL, 10); + + Sql_FreeResult(sql_handle); } WFIFOHEAD(fd,51); WFIFOW(fd,0) = 0x2713; WFIFOL(fd,2) = account_id; WFIFOB(fd,6) = 0; memcpy(WFIFOP(fd, 7), email, 40); - WFIFOL(fd,47) = (unsigned long) connect_until_time; + WFIFOL(fd,47) = connect_until_time; WFIFOSET(fd,51); - } else { + } + else + { WFIFOHEAD(fd,51); WFIFOW(fd,0) = 0x2713; WFIFOL(fd,2) = account_id; @@ -832,17 +819,13 @@ int parse_fromchar(int fd) return 0; // how many users on world? (update) - if (server[id].users != RFIFOL(fd,2)) + if( server[id].users != RFIFOL(fd,2) ) { ShowStatus("set users %s : %d\n", server[id].name, RFIFOL(fd,2)); server[id].users = RFIFOL(fd,2); - sprintf(tmpsql,"UPDATE `sstatus` SET `user` = '%d' WHERE `index` = '%d'", server[id].users, id); - // query - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `sstatus` SET `user` = '%d' WHERE `index` = '%d'", server[id].users, id) ) + Sql_ShowDebug(sql_handle); } // send some answer WFIFOHEAD(fd,6); @@ -853,31 +836,44 @@ int parse_fromchar(int fd) break; case 0x2716: // received an e-mail/limited time request, because a player comes back from a map-server to the char-server - if (RFIFOREST(fd) < 6) + if( RFIFOREST(fd) < 6 ) return 0; { int account_id; - time_t connect_until_time = 0; - char email[40] = ""; + uint32 connect_until_time = 0; + char email[40]; + + memset(email, 0, sizeof(email)); account_id = RFIFOL(fd,2); - sprintf(tmpsql,"SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'",login_db, login_db_account_id, account_id); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - sql_res = mysql_store_result(&mysql_handle) ; - if (sql_res) { - sql_row = mysql_fetch_row(sql_res); - connect_until_time = atol(sql_row[1]); - strcpy(email, sql_row[0]); + + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + else if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; + size_t len; + + Sql_GetData(sql_handle, 0, &data, &len); + if( len > sizeof(email) ) + { +#if defined(DEBUG) + ShowDebug("parse_fromchar:0x2716: email is too long (len=%u,maxlen=%u)\n", len, sizeof(email)); +#endif + len = sizeof(email); + } + memcpy(email, data, len); + + Sql_GetData(sql_handle, 1, &data, NULL); + connect_until_time = (uint32)strtoul(data, NULL, 10); + + Sql_FreeResult(sql_handle); } - mysql_free_result(sql_res); //printf("parse_fromchar: E-mail/limited time request from '%s' server (concerned account: %d)\n", server[id].name, RFIFOL(fd,2)); WFIFOHEAD(fd,50); WFIFOW(fd,0) = 0x2717; WFIFOL(fd,2) = RFIFOL(fd,2); memcpy(WFIFOP(fd, 6), email, 40); - WFIFOL(fd,46) = (unsigned long) connect_until_time; + WFIFOL(fd,46) = connect_until_time; WFIFOSET(fd,50); RFIFOSKIP(fd,6); @@ -905,43 +901,58 @@ int parse_fromchar(int fd) if (RFIFOREST(fd) < 86) return 0; { - int acc; + int account_id; char actual_email[40], new_email[40]; - acc = RFIFOL(fd,2); + + account_id = RFIFOL(fd,2); memcpy(actual_email, RFIFOP(fd,6), 40); memcpy(new_email, RFIFOP(fd,46), 40); - if (e_mail_check(actual_email) == 0) + if( e_mail_check(actual_email) == 0 ) ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command), but actual email is invalid (account: %d, ip: %s)\n", - server[id].name, acc, ip); - else if (e_mail_check(new_email) == 0) + server[id].name, account_id, ip); + else if( e_mail_check(new_email) == 0 ) ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command) with a invalid new e-mail (account: %d, ip: %s)\n", - server[id].name, acc, ip); - else if (strcmpi(new_email, "a@a.com") == 0) + server[id].name, account_id, ip); + else if( strcmpi(new_email, "a@a.com") == 0 ) ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command) with a default e-mail (account: %d, ip: %s)\n", - server[id].name, acc, ip); - else { - sprintf(tmpsql, "SELECT `%s`,`email` FROM `%s` WHERE `%s` = '%d'", login_db_userid, login_db, login_db_account_id, acc); - if (mysql_query(&mysql_handle, tmpsql)) + server[id].name, account_id, ip); + else if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `%s`,`email` FROM `%s` WHERE `%s` = '%d'", login_db_userid, login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + else if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; + size_t len; + + Sql_GetData(sql_handle, 1, &data, &len); + if( len > sizeof(actual_email) ) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); +#if defined(DEBUG) + ShowDebug("parse_fromchar:0x2722: email is too long (len=%u,maxlen=%u)\n", len, sizeof(actual_email)); +#endif + len = sizeof(actual_email); } - sql_res = mysql_store_result(&mysql_handle); - if (sql_res) { - sql_row = mysql_fetch_row(sql_res); //row fetching - - if (strcmpi(sql_row[1], actual_email) == 0) { - sprintf(tmpsql, "UPDATE `%s` SET `email` = '%s' WHERE `%s` = '%d'", login_db, new_email, login_db_account_id, acc); - // query - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - ShowInfo("Char-server '%s': Modify an e-mail on an account (@email GM command) (account: %d (%s), new e-mail: %s, ip: %s).\n", - server[id].name, acc, sql_row[0], actual_email, ip); + if( strncasecmp(data, actual_email, sizeof(actual_email)) == 0 ) + { + char esc_user_id[NAME_LENGTH*2+1]; + char esc_new_email[sizeof(new_email)*2+1]; + + Sql_GetData(sql_handle, 0, &data, &len); + if( len > NAME_LENGTH ) + { +#if defined(DEBUG) + ShowDebug("parse_fromchar:0x2722: userid is too long (len=%u,maxlen=%u)\n", len, NAME_LENGTH); +#endif + len = NAME_LENGTH; } - } + Sql_EscapeStringLen(sql_handle, esc_user_id, data, len); + Sql_EscapeStringLen(sql_handle, esc_new_email, new_email, strnlen(new_email, sizeof(new_email))); + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `email` = '%s' WHERE `%s` = '%d'", login_db, esc_new_email, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + ShowInfo("Char-server '%s': Modify an e-mail on an account (@email GM command) (account: %d ('%s'), new e-mail: '%s', ip: %s).\n", + server[id].name, account_id, esc_user_id, esc_new_email, ip); + } + Sql_FreeResult(sql_handle); } RFIFOSKIP(fd, 86); @@ -952,33 +963,31 @@ int parse_fromchar(int fd) if (RFIFOREST(fd) < 10) return 0; { - int acc, statut; - acc = RFIFOL(fd,2); - statut = RFIFOL(fd,6); - sprintf(tmpsql, "SELECT `state` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, acc); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - sql_res = mysql_store_result(&mysql_handle); - if (sql_res) { - sql_row = mysql_fetch_row(sql_res); // row fetching - } - if (atoi(sql_row[0]) != statut && statut != 0) { - unsigned char buf[16]; - WBUFW(buf,0) = 0x2731; - WBUFL(buf,2) = acc; - WBUFB(buf,6) = 0; // 0: change of statut, 1: ban - WBUFL(buf,7) = statut; // status or final date of a banishment - charif_sendallwos(-1, buf, 11); - } - sprintf(tmpsql,"UPDATE `%s` SET `state` = '%d' WHERE `%s` = '%d'", login_db, statut,login_db_account_id,acc); - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); + int account_id, state; + account_id = RFIFOL(fd,2); + state = RFIFOL(fd,6); + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `state` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + else if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; + + Sql_GetData(sql_handle, 0, &data, NULL); + if( atoi(data) != state && state != 0 ) + { + uint8 buf[11]; + WBUFW(buf,0) = 0x2731; + WBUFL(buf,2) = account_id; + WBUFB(buf,6) = 0; // 0: change of state, 1: ban + WBUFL(buf,7) = state; // status or final date of a banishment + charif_sendallwos(-1, buf, 11); + } + Sql_FreeResult(sql_handle); } + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `state` = '%d' WHERE `%s` = '%d'", login_db, state, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + RFIFOSKIP(fd,10); } break; @@ -987,51 +996,49 @@ int parse_fromchar(int fd) if (RFIFOREST(fd) < 18) return 0; { - int acc; + int account_id; struct tm *tmtime; - time_t timestamp, tmptime; - acc = RFIFOL(fd,2); - sprintf(tmpsql, "SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - sql_res = mysql_store_result(&mysql_handle); - if (sql_res) { - sql_row = mysql_fetch_row(sql_res); // row fetching + time_t tmptime = 0; + time_t timestamp = time(NULL); + + account_id = RFIFOL(fd,2); + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + else if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; + + Sql_GetData(sql_handle, 0, &data, NULL); + tmptime = (time_t)strtoul(data, NULL, 10); + if( tmptime > time(NULL) ) + timestamp = tmptime; } - tmptime = atol(sql_row[0]); - if (tmptime == 0 || tmptime < time(NULL)) - timestamp = time(NULL); - else - timestamp = tmptime; tmtime = localtime(×tamp); - tmtime->tm_year = tmtime->tm_year + (short)RFIFOW(fd,6); - tmtime->tm_mon = tmtime->tm_mon + (short)RFIFOW(fd,8); - tmtime->tm_mday = tmtime->tm_mday + (short)RFIFOW(fd,10); - tmtime->tm_hour = tmtime->tm_hour + (short)RFIFOW(fd,12); - tmtime->tm_min = tmtime->tm_min + (short)RFIFOW(fd,14); - tmtime->tm_sec = tmtime->tm_sec + (short)RFIFOW(fd,16); + tmtime->tm_year = tmtime->tm_year + (int16)RFIFOW(fd,6); + tmtime->tm_mon = tmtime->tm_mon + (int16)RFIFOW(fd,8); + tmtime->tm_mday = tmtime->tm_mday + (int16)RFIFOW(fd,10); + tmtime->tm_hour = tmtime->tm_hour + (int16)RFIFOW(fd,12); + tmtime->tm_min = tmtime->tm_min + (int16)RFIFOW(fd,14); + tmtime->tm_sec = tmtime->tm_sec + (int16)RFIFOW(fd,16); timestamp = mktime(tmtime); - if (timestamp != -1) { - if (timestamp <= time(NULL)) + if( timestamp != (time_t)-1 ) + { + if( timestamp <= time(NULL) ) timestamp = 0; - if (tmptime != timestamp) { - if (timestamp != 0) { - unsigned char buf[16]; + if( tmptime != timestamp ) + { + if( timestamp != 0 ) + { + uint8 buf[11]; WBUFW(buf,0) = 0x2731; - WBUFL(buf,2) = acc; + WBUFL(buf,2) = account_id; WBUFB(buf,6) = 1; // 0: change of statut, 1: ban - WBUFL(buf,7) = (unsigned int)timestamp; // status or final date of a banishment + WBUFL(buf,7) = (uint32)timestamp; // status or final date of a banishment charif_sendallwos(-1, buf, 11); } - ShowNotice("Account: %d Banned until: %ld\n", acc, timestamp); - sprintf(tmpsql, "UPDATE `%s` SET `ban_until` = '%ld' WHERE `%s` = '%d'", login_db, (unsigned long)timestamp, login_db_account_id, acc); - // query - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + ShowNotice("Account: %d Banned until: %lu\n", account_id, (unsigned long)timestamp); + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `ban_until` = '%lu' WHERE `%s` = '%d'", login_db, (unsigned long)timestamp, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); } } @@ -1043,110 +1050,106 @@ int parse_fromchar(int fd) if (RFIFOREST(fd) < 6) return 0; { - int acc,sex; - unsigned char buf[16]; - acc = RFIFOL(fd,2); - sprintf(tmpsql,"SELECT `sex` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc); - - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - return 0; - } + int account_id; + int sex; + uint8 buf[16]; + + account_id = RFIFOL(fd,2); + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `sex` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + else if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; - sql_res = mysql_store_result(&mysql_handle) ; + Sql_GetData(sql_handle, 0, &data, NULL); + if( *data == 'M' || *data == 'm' ) + sex = 0; //Change to female + else + sex = 1; //Change to male - if (sql_res) { - if (mysql_num_rows(sql_res) == 0) { - mysql_free_result(sql_res); - return 0; - } - sql_row = mysql_fetch_row(sql_res); //row fetching - } + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `sex` = '%c' WHERE `%s` = '%d'", login_db, (sex ? 'M' : 'F'), login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); - if (strcmpi(sql_row[0], "M") == 0) - sex = 0; //Change to female - else - sex = 1; //Change to make - sprintf(tmpsql,"UPDATE `%s` SET `sex` = '%c' WHERE `%s` = '%d'", login_db, (sex?'M':'F'), login_db_account_id, acc); - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); + WBUFW(buf,0) = 0x2723; + WBUFL(buf,2) = account_id; + WBUFB(buf,6) = sex; + charif_sendallwos(-1, buf, 7); } - WBUFW(buf,0) = 0x2723; - WBUFL(buf,2) = acc; - WBUFB(buf,6) = sex; - charif_sendallwos(-1, buf, 7); RFIFOSKIP(fd,6); } break; case 0x2728: // save account_reg2 - if (RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2)) + if( RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2) ) return 0; - if (RFIFOL(fd,4) > 0) { - int acc,p,j,len; - char str[32]; - char temp_str[64]; //Needs twice as much space as the original string. - char temp_str2[512]; - char value[256]; - unsigned char *buf; - acc = RFIFOL(fd,4); - buf = (unsigned char*)aCalloc(RFIFOW(fd,2)+1, sizeof(unsigned char)); + if( RFIFOL(fd,4) > 0 ) + { + SqlStmt* stmt; + int account_id; + size_t off; + + account_id = RFIFOL(fd,4); + //Delete all global account variables.... - sprintf(tmpsql,"DELETE FROM `%s` WHERE `type`='1' AND `account_id`='%d';",reg_db,acc); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "DELETE FROM `%s` WHERE `type`='1' AND `account_id`='%d';", reg_db, account_id) ) + Sql_ShowDebug(sql_handle); + //Proceed to insert them.... - for(j=0,p=13;j<ACCOUNT_REG2_NUM && p<RFIFOW(fd,2);j++){ - sscanf(RFIFOP(fd,p), "%31c%n",str,&len); - str[len]='\0'; - p +=len+1; //+1 to skip the '\0' between strings. - sscanf(RFIFOP(fd,p), "%255c%n",value,&len); - value[len]='\0'; - p +=len+1; - - sprintf(tmpsql,"INSERT INTO `%s` (`type`, `account_id`, `str`, `value`) VALUES ( 1 , '%d' , '%s' , '%s');", reg_db, acc, jstrescapecpy(temp_str,str), jstrescapecpy(temp_str2,value)); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + stmt = SqlStmt_Malloc(sql_handle); + if( SQL_ERROR == SqlStmt_Prepare(stmt, "INSERT INTO `%s` (`type`, `account_id`, `str`, `value`) VALUES ( 1 , '%d' , ? , ?);", reg_db, account_id) ) + SqlStmt_ShowDebug(stmt); + for( i = 0, off = 13; i < ACCOUNT_REG2_NUM && off < RFIFOW(fd,2); ++i ) + { + uint8* p; + size_t len; + + // str + p = (uint8*)RFIFOP(fd,off); + len = strlen(p); + SqlStmt_BindParam(stmt, 0, SQLDT_STRING, p, len); + off += len + 1; + + // value + p = (uint8*)RFIFOP(fd,off); + len = strlen(p); + SqlStmt_BindParam(stmt, 1, SQLDT_STRING, p, len); + off += len + 1; + + if( SQL_ERROR == SqlStmt_Execute(stmt) ) + SqlStmt_ShowDebug(stmt); + } + SqlStmt_Free(stmt); + + {// Send to char + //uint8* buf; + //CREATE(buf, uint8, RFIFOW(fd,2)); + //memcpy(WBUFP(buf,0), RFIFOP(fd,0), RFIFOW(fd,2)); + //WBUFW(buf,0)=0x2729; + //charif_sendallwos(fd, buf, WBUFW(buf,2)); + //aFree(buf); + + RFIFOW(fd,0) = 0x2729;// reusing read buffer + charif_sendallwos(fd, RFIFOP(fd,0), RFIFOW(fd,2)); } - - // Send to char - memcpy(WBUFP(buf,0),RFIFOP(fd,0),RFIFOW(fd,2)); - WBUFW(buf,0)=0x2729; - charif_sendallwos(fd,buf,WBUFW(buf,2)); - if (buf) aFree(buf); } RFIFOSKIP(fd,RFIFOW(fd,2)); break; case 0x272a: // Receiving of map-server via char-server an unban request - if (RFIFOREST(fd) < 6) + if( RFIFOREST(fd) < 6 ) return 0; { - int acc; - acc = RFIFOL(fd,2); - sprintf(tmpsql,"SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - sql_res = mysql_store_result(&mysql_handle) ; - if (sql_res && mysql_num_rows(sql_res) > 0) { //Found a match - sprintf(tmpsql,"UPDATE `%s` SET `ban_until` = '0' WHERE `%s` = '%d'", login_db,login_db_account_id,acc); - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + int account_id; + + account_id = RFIFOL(fd,2); + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); + else if( Sql_NumRows(sql_handle) > 0 ) + {// Found a match + if( SQL_ERROR == Sql_Query(sql_handle, "UPDATE `%s` SET `ban_until` = '0' WHERE `%s` = '%d'", login_db, login_db_account_id, account_id) ) + Sql_ShowDebug(sql_handle); } - if (sql_res) mysql_free_result(sql_res); RFIFOSKIP(fd,6); return 0; @@ -1194,33 +1197,36 @@ int parse_fromchar(int fd) { int account_id = RFIFOL(fd, 2); int char_id = RFIFOL(fd, 6); - int p; - sprintf(tmpsql, "SELECT `str`,`value` FROM `%s` WHERE `type`='1' AND `account_id`='%d'",reg_db, account_id); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - break; - } - sql_res = mysql_store_result(&mysql_handle) ; - if (!sql_res) { - break; - } + size_t off; + + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `str`,`value` FROM `%s` WHERE `type`='1' AND `account_id`='%d'", reg_db, account_id) ) + Sql_ShowDebug(sql_handle); + WFIFOHEAD(fd,10000); WFIFOW(fd,0) = 0x2729; WFIFOL(fd,4) = account_id; WFIFOL(fd,8) = char_id; WFIFOB(fd,12) = 1; //Type 1 for Account2 registry - p = 13; - while ((sql_row = mysql_fetch_row(sql_res)) && p < 9000) { - if (sql_row[0][0]) { - p+= sprintf(WFIFOP(fd,p), "%s", sql_row[0])+1; //We add 1 to consider the '\0' in place. - p+= sprintf(WFIFOP(fd,p), "%s", sql_row[1])+1; + off = 13; + while( SQL_SUCCESS == Sql_NextRow(sql_handle) && off < 9000 ) + { + char* data; + + // str + Sql_GetData(sql_handle, 0, &data, NULL); + if( *data != '\0' ) + { + off += sprintf(WFIFOP(fd,off), "%s", data)+1; //We add 1 to consider the '\0' in place. + + // value + Sql_GetData(sql_handle, 1, &data, NULL); + off += sprintf(WFIFOP(fd,off), "%s", data)+1; } } - mysql_free_result(sql_res); - if (p >= 9000) + Sql_FreeResult(sql_handle); + if( off >= 9000 ) ShowWarning("Too many account2 registries for AID %d. Some registries were not sent.\n", account_id); - WFIFOW(fd,2) = p; + WFIFOW(fd,2) = (uint16)off; WFIFOSET(fd,WFIFOW(fd,2)); RFIFOSKIP(fd,10); @@ -1258,53 +1264,39 @@ int parse_fromchar(int fd) int lan_subnetcheck(uint32 ip) { int i; - - for(i = 0; i < subnet_count; i++) { - if(subnet[i].subnet == (ip & subnet[i].mask)) { - return subnet[i].char_ip; - } - } - - return 0; + ARR_FIND( 0, subnet_count, i, subnet[i].subnet == (ip & subnet[i].mask) ); + return ( i < subnet_count ) ? subnet[i].char_ip : 0; } int login_ip_ban_check(uint32 ip) { uint8* p = (uint8*)&ip; - sprintf(tmpsql, "SELECT count(*) FROM `ipbanlist` WHERE `list` = '%d.*.*.*' OR `list` = '%d.%d.*.*' OR `list` = '%d.%d.%d.*' OR `list` = '%d.%d.%d.%d'", - p[3], p[3], p[2], p[3], p[2], p[1], p[3], p[2], p[1], p[0]); - if (mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); + char* data = NULL; + int matches; + + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT count(*) FROM `ipbanlist` WHERE `list` = '%u.*.*.*' OR `list` = '%u.%u.*.*' OR `list` = '%u.%u.%u.*' OR `list` = '%u.%u.%u.%u'", + p[3], p[3], p[2], p[3], p[2], p[1], p[3], p[2], p[1], p[0]) ) + { + Sql_ShowDebug(sql_handle); // close connection because we can't verify their connectivity. return 1; } - sql_res = mysql_store_result(&mysql_handle) ; - sql_row = sql_res?mysql_fetch_row(sql_res):NULL; - if(!sql_row) { //Shouldn't happen, but just in case... - mysql_free_result(sql_res); - return 1; - } + if( SQL_ERROR == Sql_NextRow(sql_handle) ) + return 1;// Shouldn't happen, but just in case... + + Sql_GetData(sql_handle, 0, &data, NULL); + matches = atoi(data); + Sql_FreeResult(sql_handle); + + if( matches == 0 ) + return 0;// No ban - if (atoi(sql_row[0]) == 0) { //No ban - mysql_free_result(sql_res); - return 0; - } - // ip ban ok. - ShowInfo("Packet from banned ip : %d.%d.%d.%d\n", CONVIP(ip)); + ShowInfo("Packet from banned ip : %u.%u.%u.%u\n", CONVIP(ip)); - if (login_config.log_login) - { - sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', 'unknown','-3', 'ip banned')", loginlog_db, ip); - // query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - } - mysql_free_result(sql_res); + if( login_config.log_login && SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', 'unknown','-3', 'ip banned')", loginlog_db, ip) ) + Sql_ShowDebug(sql_handle); return 1; } @@ -1313,7 +1305,7 @@ int login_ip_ban_check(uint32 ip) //---------------------------------------------------------------------------------------- int parse_login(int fd) { - char t_uid[100]; + char esc_userid[NAME_LENGTH*2+1];// escaped username struct mmo_account account; int result, i; uint32 ipl = session[fd]->client_addr; @@ -1321,16 +1313,17 @@ int parse_login(int fd) ip2str(ipl, ip); - if (session[fd]->eof) { + if( session[fd]->eof ) + { do_close(fd); return 0; } - while (RFIFOREST(fd) >= 2) + while( RFIFOREST(fd) >= 2 ) { uint16 command = RFIFOW(fd,0); - switch(command) + switch( command ) { case 0x0200: // New alive packet: structure: 0x200 <account.userid>.24B. used to verify if client is always alive. if (RFIFOREST(fd) < 26) @@ -1349,10 +1342,10 @@ int parse_login(int fd) case 0x0277: // New login packet (kRO 2006-04-24aSakexe langtype 0) case 0x02b0: // New login packet (kRO 2007-05-14aSakexe langtype 0) { - int packet_len = RFIFOREST(fd); + size_t packet_len = RFIFOREST(fd); - //Perform ip-ban check - if (login_config.ipban && login_ip_ban_check(ipl)) + // Perform ip-ban check + if( login_config.ipban && login_ip_ban_check(ipl) ) { WFIFOHEAD(fd,23); WFIFOW(fd,0) = 0x6a; @@ -1376,37 +1369,38 @@ int parse_login(int fd) memset(&account, 0, sizeof(account)); account.version = RFIFOL(fd,2); - if (!account.version) account.version = 1; //Force some version... - memcpy(account.userid,RFIFOP(fd,6),NAME_LENGTH); account.userid[23] = '\0'; - memcpy(account.passwd,RFIFOP(fd,30),NAME_LENGTH); account.passwd[23] = '\0'; + if( !account.version ) + account.version = 1; //Force some version... + safestrncpy(account.userid, RFIFOP(fd,6), NAME_LENGTH);//## does it have to be nul-terminated? + safestrncpy(account.passwd, RFIFOP(fd,30), NAME_LENGTH);//## does it have to be nul-terminated? account.passwdenc = (command != 0x01dd) ? 0 : PASSWORDENC; - jstrescapecpy(t_uid, account.userid); + Sql_EscapeStringLen(sql_handle, esc_userid, account.userid, strlen(account.userid)); result = mmo_auth(&account, fd); - if (result == -1) { // auth success - if (login_config.min_level_to_connect > account.level) { + if( result == -1 ) + { // auth success + if( login_config.min_level_to_connect > account.level ) + { WFIFOHEAD(fd,3); WFIFOW(fd,0) = 0x81; WFIFOB(fd,2) = 1; // 01 = Server closed WFIFOSET(fd,3); - } else { - if (login_config.log_login) { - sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s','100', 'login ok')", loginlog_db, ipl, t_uid); - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - } - if (account.level) + } + else + { + if( login_config.log_login && SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s','100', 'login ok')", loginlog_db, ipl, esc_userid) ) + Sql_ShowDebug(sql_handle); + if( account.level ) ShowStatus("Connection of the GM (level:%d) account '%s' accepted.\n", account.level, account.userid); else ShowStatus("Connection of the account '%s' accepted.\n", account.userid); server_num = 0; - WFIFOHEAD(fd,47+32*MAX_SERVERS); - for(i = 0; i < MAX_SERVERS; i++) { - if (server_fd[i] >= 0) { + WFIFOHEAD(fd, 47+32*MAX_SERVERS); + for( i = 0; i < MAX_SERVERS; ++i ) + { + if( session_isValid(server_fd[i]) ) + { // Advanced subnet check [LuzZza] uint32 subnet_char_ip = lan_subnetcheck(ipl); WFIFOL(fd,47+server_num*32) = htonl((subnet_char_ip) ? subnet_char_ip : server[i].ip); @@ -1443,7 +1437,9 @@ int parse_login(int fd) WFIFOSET(fd,3); } } - } else { // auth failed + } + else + { // auth failed if (login_config.log_login) { const char* error; @@ -1475,70 +1471,66 @@ int parse_login(int fd) default : error = "Unknown Error."; break; } - sprintf(tmpsql, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s', '%d','login failed : %s')", loginlog_db, ipl, t_uid, result, error); - - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s', '%d','login failed : %s')", loginlog_db, ipl, esc_userid, result, error) ) + Sql_ShowDebug(sql_handle); } - if ((result == 1) && login_config.dynamic_pass_failure_ban && login_config.log_login) { // failed password - sprintf(tmpsql,"SELECT count(*) FROM `%s` WHERE `ip` = '%u' AND `rcode` = '1' AND `time` > NOW() - INTERVAL %d MINUTE", - loginlog_db, ipl, login_config.dynamic_pass_failure_ban_interval); //how many times filed account? in one ip. - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - //check query result - sql_res = mysql_store_result(&mysql_handle) ; - sql_row = sql_res?mysql_fetch_row(sql_res):NULL; //row fetching + if( result == 1 && login_config.dynamic_pass_failure_ban && login_config.log_login ) // failed password + { + unsigned long failures = 0; + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT count(*) FROM `%s` WHERE `ip` = '%u' AND `rcode` = '1' AND `time` > NOW() - INTERVAL %d MINUTE", + loginlog_db, ipl, login_config.dynamic_pass_failure_ban_interval) )// how many times failed account? in one ip. + Sql_ShowDebug(sql_handle); - if (sql_row && (unsigned int)atoi(sql_row[0]) >= login_config.dynamic_pass_failure_ban_limit ) { + //check query result + if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; + Sql_GetData(sql_handle, 0, &data, NULL); + failures = strtoul(data, NULL, 10); + Sql_FreeResult(sql_handle); + } + if( failures >= login_config.dynamic_pass_failure_ban_limit ) + { uint8* p = (uint8*)&ipl; - sprintf(tmpsql,"INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() + INTERVAL %d MINUTE ,'Password error ban: %s')", (uint8)p[3], (uint8)p[2], (uint8)p[1], login_config.dynamic_pass_failure_ban_duration, t_uid); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%u.%u.%u.*', NOW() , NOW() + INTERVAL %d MINUTE ,'Password error ban: %s')", p[3], p[2], p[1], login_config.dynamic_pass_failure_ban_duration, esc_userid) ) + Sql_ShowDebug(sql_handle); } - if(sql_res) mysql_free_result(sql_res); } - else if (result == -2){ //dynamic banned - add ip to ban list. + else if( result == -2 ) + {// dynamic banned - add ip to ban list. uint8* p = (uint8*)&ipl; - sprintf(tmpsql,"INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() + INTERVAL 1 MONTH ,'Dynamic banned user id : %s')", (uint8)p[3], (uint8)p[2], (uint8)p[1], t_uid); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + if( SQL_ERROR == Sql_Query(sql_handle, "INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() + INTERVAL 1 MONTH ,'Dynamic banned user id : %s')", p[3], p[2], p[1], esc_userid) ) + Sql_ShowDebug(sql_handle); result = -3; - }else if(result == 6){ //not lastet version .. - //result = 5; } - - sprintf(tmpsql,"SELECT `ban_until` FROM `%s` WHERE `%s` = %s '%s'",login_db, login_db_userid, login_config.case_sensitive ? "BINARY" : "", t_uid); - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); + else if( result == 6 ) + {// not lastet version .. + //result = 5; } - sql_res = mysql_store_result(&mysql_handle) ; - sql_row = sql_res?mysql_fetch_row(sql_res):NULL; //cannot connect login failed WFIFOHEAD(fd,23); memset(WFIFOP(fd,0), '\0', 23); WFIFOW(fd,0) = 0x6a; WFIFOB(fd,2) = (uint8)result; - if (result == 6) { // 6 = Your are Prohibited to log in until %s - char tmpstr[20]; - time_t ban_until_time = (sql_row) ? atol(sql_row[0]) : 0; - strftime(tmpstr, 20, login_config.date_format, localtime(&ban_until_time)); tmpstr[19] = '\0'; - strncpy(WFIFOP(fd,3), tmpstr, 20); // ban timestamp goes here + if( result == 6 ) + {// 6 = Your are Prohibited to log in until %s + if( SQL_ERROR == Sql_Query(sql_handle, "SELECT `ban_until` FROM `%s` WHERE `%s` = %s '%s'", login_db, login_db_userid, (login_config.case_sensitive ? "BINARY" : ""), esc_userid) ) + Sql_ShowDebug(sql_handle); + else if( SQL_SUCCESS == Sql_NextRow(sql_handle) ) + { + char* data; + time_t ban_until_time; + + Sql_GetData(sql_handle, 0, &data, NULL); + ban_until_time = (time_t)strtoul(data, NULL, 10); + Sql_FreeResult(sql_handle); + + strftime(WFIFOP(fd,3), 20, login_config.date_format, localtime(&ban_until_time)); + } } WFIFOSET(fd,23); - - if (sql_res) mysql_free_result(sql_res); } RFIFOSKIP(fd,packet_len); @@ -1548,19 +1540,20 @@ int parse_login(int fd) case 0x01db: // Sending request of the coding key { struct login_session_data* ld; - if (session[fd]->session_data) { + if( session[fd]->session_data ) + { ShowWarning("login: abnormal request of MD5 key (already opened session).\n"); set_eof(fd); return 0; } - ld = (struct login_session_data*)aCalloc(1, sizeof(struct login_session_data)); + CREATE(ld, struct login_session_data, 1); session[fd]->session_data = ld; // Creation of the coding key memset(ld->md5key, '\0', sizeof(ld->md5key)); ld->md5keylen = (uint16)(12 + rand() % 4); - for(i = 0; i < ld->md5keylen; i++) + for( i = 0; i < ld->md5keylen; ++i ) ld->md5key[i] = (char)(1 + rand() % 255); WFIFOHEAD(fd,4 + ld->md5keylen); @@ -1577,37 +1570,32 @@ int parse_login(int fd) if (RFIFOREST(fd) < 86) return 0; { + char esc_server_name[20*2+1]; char* server_name; uint32 server_ip; uint16 server_port; memset(&account, 0, sizeof(account)); - memcpy(account.userid,RFIFOP(fd,2),NAME_LENGTH); account.userid[23] = '\0'; - memcpy(account.passwd,RFIFOP(fd,26),NAME_LENGTH); account.passwd[23] = '\0'; + safestrncpy(account.userid, RFIFOP(fd,2), NAME_LENGTH); + safestrncpy(account.passwd, RFIFOP(fd,26), NAME_LENGTH); account.passwdenc = 0; - server_name = (char*)RFIFOP(fd,60); server_name[20] = '\0'; server_ip = ntohl(RFIFOL(fd,54)); server_port = ntohs(RFIFOW(fd,58)); - ShowInfo("Connection request of the char-server '%s' @ %d.%d.%d.%d:%d (ip: %s)\n", - server_name, CONVIP(server_ip), server_port, ip); - jstrescapecpy(t_uid, server_name); - if (login_config.log_login) - { - char t_login[50]; - jstrescapecpy(t_login,account.userid); - sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s@%s','100', 'charserver - %s@%u.%u.%u.%u:%d')", - loginlog_db, ipl, t_login, t_uid, t_uid, CONVIP(server_ip), server_port); - - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - } + server_name = (char*)RFIFOP(fd,60); + + Sql_EscapeStringLen(sql_handle, esc_server_name, server_name, strnlen(server_name, 20)); + Sql_EscapeStringLen(sql_handle, esc_userid, account.userid, strnlen(account.userid, NAME_LENGTH)); + + ShowInfo("Connection request of the char-server '%s' @ %d.%d.%d.%d:%d (account: '%s', pass: '%s', ip: '%s')\n", esc_server_name, CONVIP(server_ip), server_port, account.userid, account.passwd, ip); + + if( login_config.log_login && SQL_ERROR == Sql_Query(sql_handle, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s@%s','100', 'charserver - %s@%u.%u.%u.%u:%d')", + loginlog_db, ipl, esc_userid, esc_server_name, esc_server_name, CONVIP(server_ip), server_port) ) + Sql_ShowDebug(sql_handle); result = mmo_auth(&account, fd); - if (result == -1 && account.sex == 2 && account.account_id < MAX_SERVERS && server_fd[account.account_id] == -1) { - ShowStatus("Connection of the char-server '%s' accepted.\n", server_name); + if( result == -1 && account.sex == 2 && account.account_id < MAX_SERVERS && server_fd[account.account_id] == -1 ) + { + ShowStatus("Connection of the char-server '%s' accepted.\n", esc_server_name); memset(&server[account.account_id], 0, sizeof(struct mmo_char_server)); server[account.account_id].ip = ntohl(RFIFOL(fd,54)); server[account.account_id].port = ntohs(RFIFOW(fd,58)); @@ -1616,29 +1604,23 @@ int parse_login(int fd) server[account.account_id].maintenance = RFIFOW(fd,82); server[account.account_id].new_ = RFIFOW(fd,84); server_fd[account.account_id] = fd; - sprintf(tmpsql,"DELETE FROM `sstatus` WHERE `index`='%d'", account.account_id); - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } - - sprintf(tmpsql,"INSERT INTO `sstatus`(`index`,`name`,`user`) VALUES ( '%d', '%s', '%d')", - account.account_id, t_uid,0); - //query - if(mysql_query(&mysql_handle, tmpsql)) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); - } + WFIFOHEAD(fd,3); WFIFOW(fd,0) = 0x2711; WFIFOB(fd,2) = 0; WFIFOSET(fd,3); + session[fd]->func_parse = parse_fromchar; realloc_fifo(fd, FIFOSIZE_SERVERLINK, FIFOSIZE_SERVERLINK); - + send_GM_accounts(fd); // send GM account to char-server - } else { + + if( SQL_ERROR == Sql_Query(sql_handle, "REPLACE INTO `sstatus`(`index`,`name`,`user`) VALUES ( '%d', '%s', '%d')", account.account_id, esc_server_name, 0) ) + Sql_ShowDebug(sql_handle); + } + else + { + ShowNotice("Connection of the char-server '%s' REFUSED.\n", esc_server_name); WFIFOHEAD(fd,3); WFIFOW(fd,0) = 0x2711; WFIFOB(fd,2) = 3; @@ -1668,12 +1650,12 @@ int parse_login(int fd) break; case 0x7532: // Request to end connection - ShowStatus ("End of connection (ip: %s)\n", ip); + ShowStatus("End of connection (ip: %s)\n", ip); set_eof(fd); break; default: - ShowStatus ("Abnormal end of connection (ip: %s): Unknown packet 0x%x\n", ip, RFIFOW(fd,0)); + ShowStatus("Abnormal end of connection (ip: %s): Unknown packet 0x%x\n", ip, RFIFOW(fd,0)); set_eof(fd); return 0; } @@ -1683,6 +1665,9 @@ int parse_login(int fd) return 0; } +//----------------------- +// Console Command Parser [Wizputer] +//----------------------- int parse_console(char* buf) { char command[256]; @@ -1691,20 +1676,22 @@ int parse_console(char* buf) sscanf(buf, "%[^\n]", command); - //login_log("Console command :%s\n", command); + ShowInfo("Console command :%s", command); if( strcmpi("shutdown", command) == 0 || strcmpi("exit", command) == 0 || strcmpi("quit", command) == 0 || strcmpi("end", command) == 0 ) runflag = 0; - else if( strcmpi("alive", command) == 0 || - strcmpi("status", command) == 0 ) + else + if( strcmpi("alive", command) == 0 || + strcmpi("status", command) == 0 ) ShowInfo(CL_CYAN"Console: "CL_BOLD"I'm Alive."CL_RESET"\n"); - else if( strcmpi("help", command) == 0 ){ + else + if( strcmpi("help", command) == 0 ) { printf(CL_BOLD"Help of commands:"CL_RESET"\n"); printf(" To shutdown the server:\n"); - printf(" 'shutdown|exit|qui|end'\n"); + printf(" 'shutdown|exit|quit|end'\n"); printf(" To know if server is alive:\n"); printf(" 'alive|status'\n"); } @@ -1788,10 +1775,8 @@ int login_lan_config_read(const char *lancfgName) //----------------------------------------------------- int ip_ban_flush(int tid, unsigned int tick, int id, int data) { - if(mysql_query(&mysql_handle, "DELETE FROM `ipbanlist` WHERE `rtime` <= NOW()")) { - ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); - ShowDebug("at %s:%d - DELETE FROM `ipbanlist` WHERE `rtime` <= NOW()\n", __FILE__,__LINE__); - } + if( SQL_ERROR == Sql_Query(sql_handle, "DELETE FROM `ipbanlist` WHERE `rtime` <= NOW()") ) + Sql_ShowDebug(sql_handle); return 0; } @@ -1909,7 +1894,7 @@ void sql_config_read(const char* cfgName) else if (!strcmpi(w1, "login_server_ip")) strcpy(login_server_ip, w2); else if (!strcmpi(w1, "login_server_port")) - login_server_port = atoi(w2); + login_server_port = (uint16)atoi(w2); else if (!strcmpi(w1, "login_server_id")) strcpy(login_server_id, w2); else if (!strcmpi(w1, "login_server_pw")) |