// Copyright (c) Athena Dev Teams - Licensed under GNU GPL // For more information, see LICENCE in the main folder #include "../common/cbasetypes.h" #include "../common/mmo.h" #include "../common/core.h" #include "../common/socket.h" #include "../common/db.h" #include "../common/timer.h" #include "../common/malloc.h" #include "../common/strlib.h" #include "../common/showmsg.h" #include "../common/version.h" #include "../common/md5calc.h" #include "login.h" #include #include #include // for stat/lstat/fstat #include #include #include //add include for DBMS(mysql) #ifdef WIN32 #include #endif #include struct Login_Config { uint32 login_ip; // the address to bind to uint16 login_port; // the port to bind to bool log_login; // whether to log login server actions or not char date_format[32]; // date format used in messages bool console; // console input system enabled? unsigned int ip_sync_interval; // interval (in minutes) to execute a DNS/IP update (for dynamic IPs) int min_level_to_connect; // minimum level of player/GM (0: player, 1-99: gm) to connect bool new_account_flag; // autoregistration via _M/_F ? bool case_sensitive; // are logins case sensitive ? bool use_md5_passwds; // work with password hashes instead of plaintext passwords? bool login_gm_read; // should the login server handle info about gm accounts? bool online_check; // reject incoming players that are already registered as online ? bool check_client_version; // check the clientversion set in the clientinfo ? unsigned int client_version_to_connect; // the client version needed to connect (if checking is enabled) bool ipban; // perform IP blocking (via contents of `ipbanlist`) ? bool dynamic_pass_failure_ban; // automatic IP blocking due to failed login attemps ? unsigned int dynamic_pass_failure_ban_interval; // how far to scan the loginlog for password failures unsigned int dynamic_pass_failure_ban_limit; // number of failures needed to trigger the ipban unsigned int dynamic_pass_failure_ban_duration; // duration of the ipban bool use_dnsbl; // dns blacklist blocking ? char dnsbl_servs[1024]; // comma-separated list of dnsbl servers } login_config; int login_fd; // login server socket int server_num; // number of connected char servers int server_fd[MAX_SERVERS]; // char server sockets struct mmo_char_server server[MAX_SERVERS]; // char server data // Advanced subnet check [LuzZza] struct _subnet { uint32 subnet; uint32 mask; uint32 char_ip; uint32 map_ip; } subnet[16]; int subnet_count = 0; struct gm_account* gm_account_db = NULL; unsigned int GM_num = 0; // number of gm accounts //Account registration flood protection [Kevin] int allowed_regs = 1; int time_allowed = 10; //in seconds int num_regs = 0; unsigned int new_reg_tick = 0; MYSQL mysql_handle; MYSQL_RES* sql_res ; MYSQL_ROW sql_row ; char tmpsql[65535]; // database parameters int login_server_port = 3306; char login_server_ip[32] = "127.0.0.1"; char login_server_id[32] = "ragnarok"; char login_server_pw[32] = "ragnarok"; char login_server_db[32] = "ragnarok"; char default_codepage[32] = ""; char login_db[256] = "login"; char loginlog_db[256] = "loginlog"; char reg_db[256] = "global_reg_value"; // added to help out custom login tables, without having to recompile // source so options are kept in the login_athena.conf or the inter_athena.conf char login_db_account_id[256] = "account_id"; char login_db_userid[256] = "userid"; char login_db_user_pass[256] = "user_pass"; char login_db_level[256] = "level"; //----------------------------------------------------- struct login_session_data { uint16 md5keylen; char md5key[20]; }; #define AUTH_FIFO_SIZE 256 struct { int account_id, login_id1, login_id2; uint32 ip; char sex; bool delflag; } auth_fifo[AUTH_FIFO_SIZE]; int auth_fifo_pos = 0; struct online_login_data { int account_id; int waiting_disconnect; short char_server; }; //----------------------------------------------------- struct dbt *online_db; static void* create_online_user(DBKey key, va_list args) { struct online_login_data *p; p = aCalloc(1, sizeof(struct online_login_data)); p->account_id = key.i; p->char_server = -1; p->waiting_disconnect = -1; return p; } int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len); static int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data); //----------------------------------------------------- // Online User Database [Wizputer] //----------------------------------------------------- void add_online_user(int char_server, int account_id) { struct online_login_data *p; if (!login_config.online_check) return; p = idb_ensure(online_db, account_id, create_online_user); p->char_server = char_server; if (p->waiting_disconnect != -1) { delete_timer(p->waiting_disconnect, waiting_disconnect_timer); p->waiting_disconnect = -1; } } void remove_online_user(int account_id) { if(!login_config.online_check) return; if (account_id == 99) { // reset all to offline online_db->clear(online_db, NULL); // purge db return; } idb_remove(online_db,account_id); } static int waiting_disconnect_timer(int tid, unsigned int tick, int id, int data) { struct online_login_data *p; if ((p= idb_get(online_db, id)) != NULL && p->waiting_disconnect == id) { p->waiting_disconnect = -1; remove_online_user(id); } return 0; } static int sync_ip_addresses(int tid, unsigned int tick, int id, int data) { unsigned char buf[2]; ShowInfo("IP Sync in progress...\n"); WBUFW(buf,0) = 0x2735; charif_sendallwos(-1, buf, 2); return 0; } //----------------------------------------------------- // Read GM accounts //----------------------------------------------------- void read_gm_account(void) { if(!login_config.login_gm_read) return; sprintf(tmpsql, "SELECT `%s`,`%s` FROM `%s` WHERE `%s`> '0'",login_db_account_id,login_db_level,login_db,login_db_level); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); return; //Failed to read GM list! } if (gm_account_db != NULL) { aFree(gm_account_db); gm_account_db = NULL; } GM_num = 0; sql_res = mysql_store_result(&mysql_handle); if (sql_res) { gm_account_db = (struct gm_account*)aCalloc((size_t)mysql_num_rows(sql_res), sizeof(struct gm_account)); while ((sql_row = mysql_fetch_row(sql_res))) { gm_account_db[GM_num].account_id = atoi(sql_row[0]); gm_account_db[GM_num].level = atoi(sql_row[1]); GM_num++; } mysql_free_result(sql_res); } } //----------------------------------------------------- // Send GM accounts to one or all char-servers //----------------------------------------------------- void send_GM_accounts(int fd) { unsigned int i; uint8 buf[32767]; uint16 len; if(!login_config.login_gm_read) return; len = 4; WBUFW(buf,0) = 0x2732; for(i = 0; i < GM_num; i++) // send only existing accounts. We can not create a GM account when server is online. if (gm_account_db[i].level > 0) { WBUFL(buf,len) = gm_account_db[i].account_id; WBUFB(buf,len+4) = (uint8)gm_account_db[i].level; len += 5; if (len >= 32000) { ShowWarning("send_GM_accounts: Too many accounts! Only %d out of %d were sent.\n", i, GM_num); break; } } WBUFW(buf,2) = len; if (fd == -1) // send to all charservers charif_sendallwos(-1, buf, len); else { // send only to target WFIFOHEAD(fd,len); memcpy(WFIFOP(fd,0), buf, len); WFIFOSET(fd,len); } return; } /*============================================= * Does a mysql_ping to all connection handles *---------------------------------------------*/ int login_sql_ping(int tid, unsigned int tick, int id, int data) { ShowInfo("Pinging SQL server to keep connection alive...\n"); mysql_ping(&mysql_handle); return 0; } int sql_ping_init(void) { int connection_timeout, connection_ping_interval; // set a default value first connection_timeout = 28800; // 8 hours // ask the mysql server for the timeout value if (!mysql_query(&mysql_handle, "SHOW VARIABLES LIKE 'wait_timeout'") && (sql_res = mysql_store_result(&mysql_handle)) != NULL) { sql_row = mysql_fetch_row(sql_res); if (sql_row) connection_timeout = atoi(sql_row[1]); if (connection_timeout < 60) connection_timeout = 60; mysql_free_result(sql_res); } // establish keepalive connection_ping_interval = connection_timeout - 30; // 30-second reserve add_timer_func_list(login_sql_ping, "login_sql_ping"); add_timer_interval(gettick() + connection_ping_interval*1000, login_sql_ping, 0, 0, connection_ping_interval*1000); return 0; } //----------------------------------------------------- // Read Account database - mysql db //----------------------------------------------------- int mmo_auth_sqldb_init(void) { ShowStatus("Login server init....\n"); mysql_init(&mysql_handle); // DB connection start ShowStatus("Connect Login Database Server....\n"); if (!mysql_real_connect(&mysql_handle, login_server_ip, login_server_id, login_server_pw, login_server_db, login_server_port, (char *)NULL, 0)) { ShowFatalError("%s\n", mysql_error(&mysql_handle)); exit(1); } else { ShowStatus("Connect success!\n"); } if( strlen(default_codepage) > 0 ) { sprintf( tmpsql, "SET NAMES %s", default_codepage ); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } if (login_config.log_login) { sprintf(tmpsql, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100','login server started')", loginlog_db); //query if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } sql_ping_init(); return 0; } //----------------------------------------------------- // close DB //----------------------------------------------------- void mmo_db_close(void) { int i, fd; //set log. if (login_config.log_login) { sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '0', 'lserver','100', 'login server shutdown')", loginlog_db); //query if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } for (i = 0; i < MAX_SERVERS; i++) { if ((fd = server_fd[i]) >= 0) { //Clean only data related to servers we are connected to. [Skotlex] sprintf(tmpsql,"DELETE FROM `sstatus` WHERE `index` = '%d'", i); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } do_close(fd); } } mysql_close(&mysql_handle); ShowStatus("close DB connect....\n"); if (login_fd > 0) do_close(login_fd); } //----------------------------------------------------- // Make new account //----------------------------------------------------- int mmo_auth_new(struct mmo_account* account, char sex) { unsigned int tick = gettick(); char user_password[256]; //Account Registration Flood Protection by [Kevin] if(DIFF_TICK(tick, new_reg_tick) < 0 && num_regs >= allowed_regs) { ShowNotice("Account registration denied (registration limit exceeded)\n"); return 3; } //Check for preexisting account sprintf(tmpsql, "SELECT `%s` FROM `%s` WHERE `userid` = '%s'", login_db_userid, login_db, account->userid); if(mysql_query(&mysql_handle, tmpsql)){ ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); return 1; //Return Incorrect user/pass? } sql_res = mysql_store_result(&mysql_handle); if(mysql_num_rows(sql_res) > 0){ mysql_free_result(sql_res); return 1; //Already exists, return incorrect user/pass. } mysql_free_result(sql_res); //Only needed for the already-exists check... mysql_real_escape_string(&mysql_handle, account->userid, account->userid, strlen(account->userid)); mysql_real_escape_string(&mysql_handle, account->passwd, account->passwd, strlen(account->passwd)); sex = TOUPPER(sex); if (login_config.use_md5_passwds) MD5_String(account->passwd, user_password); else jstrescapecpy(user_password, account->passwd); ShowInfo("New account: user: %s with passwd: %s sex: %c\n", account->userid, user_password, sex); sprintf(tmpsql, "INSERT INTO `%s` (`%s`, `%s`, `sex`, `email`) VALUES ('%s', '%s', '%c', '%s')", login_db, login_db_userid, login_db_user_pass, account->userid, user_password, sex, "a@a.com"); if(mysql_query(&mysql_handle, tmpsql)){ //Failed to insert new acc :/ ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); return 1; } if(mysql_field_count(&mysql_handle) == 0 && mysql_insert_id(&mysql_handle) < START_ACCOUNT_NUM) { //Invalid Account ID! Must update it. int id = (int)mysql_insert_id(&mysql_handle); sprintf(tmpsql, "UPDATE `%s` SET `%s`='%d' WHERE `%s`='%d'", login_db, login_db_account_id, START_ACCOUNT_NUM, login_db_account_id, id); if(mysql_query(&mysql_handle, tmpsql)){ ShowError("New account %s has an invalid account ID [%d] which could not be updated (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM); ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); //Just delete it and fail. sprintf(tmpsql, "DELETE FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, id); if(mysql_query(&mysql_handle, tmpsql)){ ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } return 1; } ShowNotice("Updated New account %s's ID %d->%d (account_id must be %d or higher).", account->userid, id, START_ACCOUNT_NUM, START_ACCOUNT_NUM); } if(DIFF_TICK(tick, new_reg_tick) > 0) { //Update the registration check. num_regs=0; new_reg_tick=tick+time_allowed*1000; } num_regs++; return 0; } //-------------------------------------------------------------------- // Packet send to all char-servers, except one (wos: without our self) //-------------------------------------------------------------------- int charif_sendallwos(int sfd, unsigned char *buf, unsigned int len) { int i, c, fd; for(i = 0, c = 0; i < MAX_SERVERS; i++) { if ((fd = server_fd[i]) > 0 && fd != sfd) { WFIFOHEAD(fd,len); memcpy(WFIFOP(fd,0), buf, len); WFIFOSET(fd,len); c++; } } return c; } //----------------------------------------------------- // encrypted/unencrypted password check //----------------------------------------------------- bool check_encrypted(const char* str1, const char* str2, const char* passwd) { char md5str[64], md5bin[32]; snprintf(md5str, sizeof(md5str), "%s%s", str1, str2); md5str[sizeof(md5str)-1] = '\0'; MD5_String2binary(md5str, md5bin); return (0==memcmp(passwd, md5bin, 16)); } bool check_password(struct login_session_data* ld, int passwdenc, const char* passwd, const char* refpass) { if(passwdenc == 0) { return (0==strcmp(passwd, refpass)); } else if (ld) { // password mode set to 1 -> (md5key, refpass) enable with // password mode set to 2 -> (refpass, md5key) enable with return ((passwdenc&0x01) && check_encrypted(ld->md5key, refpass, passwd)) || ((passwdenc&0x02) && check_encrypted(refpass, ld->md5key, passwd)); } return false; } //----------------------------------------------------- // Check/authentication of a connection //----------------------------------------------------- int mmo_auth(struct mmo_account* account, int fd) { time_t ban_until_time; char t_uid[256]; char user_password[256], password[256]; long connect_until; int state; char ip[16]; uint32 ipl = session[fd]->client_addr; uint8* sin_addr = (uint8*)&ipl; sprintf(ip, "%d.%d.%d.%d", sin_addr[3], sin_addr[2], sin_addr[1], sin_addr[0]); // DNS Blacklist check if(login_config.use_dnsbl) { char r_ip[16]; char ip_dnsbl[256]; char *dnsbl_serv; bool matched = false; sprintf(r_ip, "%d.%d.%d.%d", sin_addr[0], sin_addr[1], sin_addr[2], sin_addr[3]); for (dnsbl_serv = strtok(login_config.dnsbl_servs,","); dnsbl_serv != NULL; dnsbl_serv = strtok(NULL,",")) { if (!matched) { sprintf(ip_dnsbl, "%s.%s", r_ip, dnsbl_serv); if(host2ip(ip_dnsbl)) matched = true; } } if (matched) { ShowInfo("DNSBL: (%s) Blacklisted. User Kicked.\n", r_ip); return 3; } } // Account creation with _M/_F if (login_config.new_account_flag) { int len = strlen(account->userid) - 2; if (account->passwdenc == 0 && account->userid[len] == '_' && (account->userid[len+1] == 'F' || account->userid[len+1] == 'M' || account->userid[len+1] == 'f' || account->userid[len+1] == 'm') && len >= 4 && strlen(account->passwd) >= 4) { int result; account->userid[len] = '\0'; //Terminating the name. if ((result = mmo_auth_new(account, account->userid[len+1]))) return result; //Failed to make account. [Skotlex]. } } jstrescapecpy(t_uid,account->userid); // retrieve login entry for the specified username sprintf(tmpsql, "SELECT `%s`,`%s`,`lastlogin`,`sex`,`connect_until`,`ban_until`,`state`,`%s`" " FROM `%s` WHERE `%s`= %s '%s'", login_db_account_id, login_db_user_pass, login_db_level, login_db, login_db_userid, login_config.case_sensitive ? "BINARY" : "", t_uid); //login {0-account_id/1-user_pass/2-lastlogin/3-sex/4-connect_untl/5-ban_until/6-state/7-level} // query if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle) ; if (!sql_res) { ShowError("mmo_auth DB result error ! \n"); return 0; } sql_row = mysql_fetch_row(sql_res); if (!sql_row) { //there's no id. ShowNotice("auth failed: no such account %s\n", account->userid); mysql_free_result(sql_res); return 0; } account->account_id = atoi(sql_row[0]); strncpy(password, sql_row[1], sizeof(password)-1); strncpy(account->lastlogin, sql_row[2], 24); account->sex = sql_row[3][0] == 'S' ? 2 : sql_row[3][0]=='M' ? 1 : 0; connect_until = atol(sql_row[4]); ban_until_time = atol(sql_row[5]); state = atoi(sql_row[6]); account->level = atoi(sql_row[7]); if (account->level > 99) account->level = 99; //This function has too many leaks because this is only free'd on the end. //Better avoid that and free it as soon as possible. [Skotlex] mysql_free_result(sql_res); //Client Version check if(login_config.check_client_version && account->version != 0 && account->version != login_config.client_version_to_connect) return 5; switch (state) { case -3: //id is banned case -2: //dynamic ban return state; } if (login_config.use_md5_passwds) MD5_String(account->passwd, user_password); else memcpy(user_password, account->passwd, NAME_LENGTH); if (!check_password(session[fd]->session_data, account->passwdenc, user_password, password)) { ShowInfo("Invalid password (account: %s, pass: %s, received pass: %s, ip: %s)" RETCODE, account->userid, password, (account->passwdenc) ? "[MD5]" : account->passwd, ip); return 1; // 1 = Incorrect Password } if (ban_until_time != 0) { // if account is banned if (ban_until_time > time(NULL)) // always banned return 6; // 6 = Your are Prohibited to log in until %s sprintf(tmpsql, "UPDATE `%s` SET `ban_until`='0' %s WHERE `%s`= '%d'", login_db, state==7?",state='0'":"", login_db_account_id, account->account_id); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } if (state) switch(state) { // packet 0x006a value + 1 case 1: // 0 = Unregistered ID case 2: // 1 = Incorrect Password case 3: // 2 = This ID is expired case 4: // 3 = Rejected from Server case 5: // 4 = You have been blocked by the GM Team case 6: // 5 = Your Game's EXE file is not the latest version case 7: // 6 = Your are Prohibited to log in until %s case 8: // 7 = Server is jammed due to over populated case 9: // 8 = No more accounts may be connected from this company case 10: // 9 = MSI_REFUSE_BAN_BY_DBA case 11: // 10 = MSI_REFUSE_EMAIL_NOT_CONFIRMED case 12: // 11 = MSI_REFUSE_BAN_BY_GM case 13: // 12 = MSI_REFUSE_TEMP_BAN_FOR_DBWORK case 14: // 13 = MSI_REFUSE_SELF_LOCK case 15: // 14 = MSI_REFUSE_NOT_PERMITTED_GROUP case 16: // 15 = MSI_REFUSE_NOT_PERMITTED_GROUP case 100: // 99 = This ID has been totally erased case 101: // 100 = Login information remains at %s. case 102: // 101 = Account has been locked for a hacking investigation. Please contact the GM Team for more information case 103: // 102 = This account has been temporarily prohibited from login due to a bug-related investigation case 104: // 103 = This character is being deleted. Login is temporarily unavailable for the time being case 105: // 104 = Your spouse character is being deleted. Login is temporarily unavailable for the time being ShowInfo("Auth Error #%d\n", state); return state - 1; default: return 99; // 99 = ID has been totally erased } if (connect_until != 0 && connect_until < time(NULL)) return 2; // 2 = This ID is expired if (login_config.online_check) { struct online_login_data* data = idb_get(online_db,account->account_id); if (data && data->char_server > -1) { //Request char servers to kick this account out. [Skotlex] unsigned char buf[8]; ShowNotice("User [%s] is already online - Rejected.\n",account->userid); WBUFW(buf,0) = 0x2734; WBUFL(buf,2) = account->account_id; charif_sendallwos(-1, buf, 6); if (data->waiting_disconnect == -1) data->waiting_disconnect = add_timer(gettick()+30000, waiting_disconnect_timer, account->account_id, 0); return 3; // Rejected } } account->login_id1 = rand(); account->login_id2 = rand(); if (account->sex != 2 && account->account_id < START_ACCOUNT_NUM) ShowWarning("Account %s has account id %d! Account IDs must be over %d to work properly!\n", account->userid, account->account_id, START_ACCOUNT_NUM); sprintf(tmpsql, "UPDATE `%s` SET `lastlogin` = NOW(), `logincount`=`logincount` +1, `last_ip`='%s' WHERE `%s` = '%d'", login_db, ip, login_db_account_id, account->account_id); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } return -1; } static int online_db_setoffline(DBKey key, void* data, va_list ap) { struct online_login_data *p = (struct online_login_data *)data; int server = va_arg(ap, int); if (server == -1) { p->char_server = -1; if (p->waiting_disconnect != -1) { delete_timer(p->waiting_disconnect, waiting_disconnect_timer); p->waiting_disconnect = -1; } } else if (p->char_server == server) p->char_server = -2; //Char server disconnected. return 0; } //-------------------------------- // Packet parsing for char-servers //-------------------------------- int parse_fromchar(int fd) { int i, id; uint32 ipl = session[fd]->client_addr; char ip[16]; ip2str(ipl, ip); for(id = 0; id < MAX_SERVERS; id++) if (server_fd[id] == fd) break; if (id == MAX_SERVERS) { // not a char server set_eof(fd); do_close(fd); return 0; } if(session[fd]->eof) { ShowStatus("Char-server '%s' has disconnected.\n", server[id].name); server_fd[id] = -1; memset(&server[id], 0, sizeof(struct mmo_char_server)); online_db->foreach(online_db,online_db_setoffline,id); //Set all chars from this char server to offline. sprintf(tmpsql, "DELETE FROM `sstatus` WHERE `index`='%d'", id); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } do_close(fd); return 0; } while (RFIFOREST(fd) >= 2) { uint16 command = RFIFOW(fd,0); switch (command) { case 0x2709: // request from map-server via char-server to reload GM accounts if (login_config.log_login) { sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`log`) VALUES (NOW(), '%u', '%s', 'GM reload request')", loginlog_db, ipl, server[id].name); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } read_gm_account(); // send GM accounts to all char-servers send_GM_accounts(-1); RFIFOSKIP(fd,2); break; case 0x2712: // request from char-server to authenticate an account if (RFIFOREST(fd) < 19) return 0; { int account_id; account_id = RFIFOL(fd,2); // speed up for(i = 0; i < AUTH_FIFO_SIZE; i++) { if( auth_fifo[i].account_id == account_id && auth_fifo[i].login_id1 == RFIFOL(fd,6) && auth_fifo[i].login_id2 == RFIFOL(fd,10) && auth_fifo[i].sex == RFIFOB(fd,14) && auth_fifo[i].ip == ntohl(RFIFOL(fd,15)) && !auth_fifo[i].delflag) { auth_fifo[i].delflag = 1; break; } } if (i != AUTH_FIFO_SIZE && account_id > 0) { // send ack time_t connect_until_time = 0; char email[40] = ""; account_id=RFIFOL(fd,2); sprintf(tmpsql, "SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'", login_db, login_db_account_id, account_id); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle) ; if (sql_res) { sql_row = mysql_fetch_row(sql_res); connect_until_time = atol(sql_row[1]); strncpy(email, sql_row[0], 40); email[39] = 0; mysql_free_result(sql_res); } WFIFOHEAD(fd,51); WFIFOW(fd,0) = 0x2713; WFIFOL(fd,2) = account_id; WFIFOB(fd,6) = 0; memcpy(WFIFOP(fd, 7), email, 40); WFIFOL(fd,47) = (unsigned long) connect_until_time; WFIFOSET(fd,51); } else { WFIFOHEAD(fd,51); WFIFOW(fd,0) = 0x2713; WFIFOL(fd,2) = account_id; WFIFOB(fd,6) = 1; WFIFOSET(fd,51); } RFIFOSKIP(fd,19); } break; case 0x2714: if (RFIFOREST(fd) < 6) return 0; // how many users on world? (update) if (server[id].users != RFIFOL(fd,2)) { ShowStatus("set users %s : %d\n", server[id].name, RFIFOL(fd,2)); server[id].users = RFIFOL(fd,2); sprintf(tmpsql,"UPDATE `sstatus` SET `user` = '%d' WHERE `index` = '%d'", server[id].users, id); // query if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } // send some answer WFIFOHEAD(fd,6); WFIFOW(fd,0) = 0x2718; WFIFOSET(fd,2); RFIFOSKIP(fd,6); break; case 0x2716: // received an e-mail/limited time request, because a player comes back from a map-server to the char-server if (RFIFOREST(fd) < 6) return 0; { int account_id; time_t connect_until_time = 0; char email[40] = ""; account_id = RFIFOL(fd,2); sprintf(tmpsql,"SELECT `email`,`connect_until` FROM `%s` WHERE `%s`='%d'",login_db, login_db_account_id, account_id); if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle) ; if (sql_res) { sql_row = mysql_fetch_row(sql_res); connect_until_time = atol(sql_row[1]); strcpy(email, sql_row[0]); } mysql_free_result(sql_res); //printf("parse_fromchar: E-mail/limited time request from '%s' server (concerned account: %d)\n", server[id].name, RFIFOL(fd,2)); WFIFOHEAD(fd,50); WFIFOW(fd,0) = 0x2717; WFIFOL(fd,2) = RFIFOL(fd,2); memcpy(WFIFOP(fd, 6), email, 40); WFIFOL(fd,46) = (unsigned long) connect_until_time; WFIFOSET(fd,50); RFIFOSKIP(fd,6); } break; case 0x2720: // Request to become a GM (TXT only!) if (RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2)) return 0; //oldacc = RFIFOL(fd,4); ShowWarning("change GM isn't supported in this login server version.\n"); ShowError("change GM error 0 %s\n", RFIFOP(fd, 8)); WFIFOHEAD(fd,10); WFIFOW(fd,0) = 0x2721; WFIFOL(fd,2) = RFIFOL(fd,4); // oldacc; WFIFOL(fd,6) = 0; // newacc; WFIFOSET(fd,10); RFIFOSKIP(fd, RFIFOW(fd, 2)); return 0; // Map server send information to change an email of an account via char-server case 0x2722: // 0x2722 .L .40B .40B if (RFIFOREST(fd) < 86) return 0; { int acc; char actual_email[40], new_email[40]; acc = RFIFOL(fd,2); memcpy(actual_email, RFIFOP(fd,6), 40); memcpy(new_email, RFIFOP(fd,46), 40); if (e_mail_check(actual_email) == 0) ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command), but actual email is invalid (account: %d, ip: %s)" RETCODE, server[id].name, acc, ip); else if (e_mail_check(new_email) == 0) ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command) with a invalid new e-mail (account: %d, ip: %s)" RETCODE, server[id].name, acc, ip); else if (strcmpi(new_email, "a@a.com") == 0) ShowWarning("Char-server '%s': Attempt to modify an e-mail on an account (@email GM command) with a default e-mail (account: %d, ip: %s)" RETCODE, server[id].name, acc, ip); else { sprintf(tmpsql, "SELECT `%s`,`email` FROM `%s` WHERE `%s` = '%d'", login_db_userid, login_db, login_db_account_id, acc); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle); if (sql_res) { sql_row = mysql_fetch_row(sql_res); //row fetching if (strcmpi(sql_row[1], actual_email) == 0) { sprintf(tmpsql, "UPDATE `%s` SET `email` = '%s' WHERE `%s` = '%d'", login_db, new_email, login_db_account_id, acc); // query if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } ShowInfo("Char-server '%s': Modify an e-mail on an account (@email GM command) (account: %d (%s), new e-mail: %s, ip: %s)." RETCODE, server[id].name, acc, sql_row[0], actual_email, ip); } } } RFIFOSKIP(fd, 86); } break; case 0x2724: // Receiving an account state update request from a map-server (relayed via char-server) if (RFIFOREST(fd) < 10) return 0; { int acc, statut; acc = RFIFOL(fd,2); statut = RFIFOL(fd,6); sprintf(tmpsql, "SELECT `state` FROM `%s` WHERE `%s` = '%d'", login_db, login_db_account_id, acc); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle); if (sql_res) { sql_row = mysql_fetch_row(sql_res); // row fetching } if (atoi(sql_row[0]) != statut && statut != 0) { unsigned char buf[16]; WBUFW(buf,0) = 0x2731; WBUFL(buf,2) = acc; WBUFB(buf,6) = 0; // 0: change of statut, 1: ban WBUFL(buf,7) = statut; // status or final date of a banishment charif_sendallwos(-1, buf, 11); } sprintf(tmpsql,"UPDATE `%s` SET `state` = '%d' WHERE `%s` = '%d'", login_db, statut,login_db_account_id,acc); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } RFIFOSKIP(fd,10); } break; case 0x2725: // Receiving of map-server via char-server a ban request if (RFIFOREST(fd) < 18) return 0; { int acc; struct tm *tmtime; time_t timestamp, tmptime; acc = RFIFOL(fd,2); sprintf(tmpsql, "SELECT `ban_until` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle); if (sql_res) { sql_row = mysql_fetch_row(sql_res); // row fetching } tmptime = atol(sql_row[0]); if (tmptime == 0 || tmptime < time(NULL)) timestamp = time(NULL); else timestamp = tmptime; tmtime = localtime(×tamp); tmtime->tm_year = tmtime->tm_year + (short)RFIFOW(fd,6); tmtime->tm_mon = tmtime->tm_mon + (short)RFIFOW(fd,8); tmtime->tm_mday = tmtime->tm_mday + (short)RFIFOW(fd,10); tmtime->tm_hour = tmtime->tm_hour + (short)RFIFOW(fd,12); tmtime->tm_min = tmtime->tm_min + (short)RFIFOW(fd,14); tmtime->tm_sec = tmtime->tm_sec + (short)RFIFOW(fd,16); timestamp = mktime(tmtime); if (timestamp != -1) { if (timestamp <= time(NULL)) timestamp = 0; if (tmptime != timestamp) { if (timestamp != 0) { unsigned char buf[16]; WBUFW(buf,0) = 0x2731; WBUFL(buf,2) = acc; WBUFB(buf,6) = 1; // 0: change of statut, 1: ban WBUFL(buf,7) = (unsigned int)timestamp; // status or final date of a banishment charif_sendallwos(-1, buf, 11); } ShowNotice("Account: %d Banned until: %ld\n", acc, timestamp); sprintf(tmpsql, "UPDATE `%s` SET `ban_until` = '%ld' WHERE `%s` = '%d'", login_db, (unsigned long)timestamp, login_db_account_id, acc); // query if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } } RFIFOSKIP(fd,18); } break; case 0x2727: // Change of sex (sex is reversed) if (RFIFOREST(fd) < 6) return 0; { int acc,sex; unsigned char buf[16]; acc = RFIFOL(fd,2); sprintf(tmpsql,"SELECT `sex` FROM `%s` WHERE `%s` = '%d'",login_db,login_db_account_id,acc); if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); return 0; } sql_res = mysql_store_result(&mysql_handle) ; if (sql_res) { if (mysql_num_rows(sql_res) == 0) { mysql_free_result(sql_res); return 0; } sql_row = mysql_fetch_row(sql_res); //row fetching } if (strcmpi(sql_row[0], "M") == 0) sex = 0; //Change to female else sex = 1; //Change to make sprintf(tmpsql,"UPDATE `%s` SET `sex` = '%c' WHERE `%s` = '%d'", login_db, (sex?'M':'F'), login_db_account_id, acc); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } WBUFW(buf,0) = 0x2723; WBUFL(buf,2) = acc; WBUFB(buf,6) = sex; charif_sendallwos(-1, buf, 7); RFIFOSKIP(fd,6); } break; case 0x2728: // save account_reg2 if (RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2)) return 0; if (RFIFOL(fd,4) > 0) { int acc,p,j,len; char str[32]; char temp_str[64]; //Needs twice as much space as the original string. char temp_str2[512]; char value[256]; unsigned char *buf; acc = RFIFOL(fd,4); buf = (unsigned char*)aCalloc(RFIFOW(fd,2)+1, sizeof(unsigned char)); //Delete all global account variables.... sprintf(tmpsql,"DELETE FROM `%s` WHERE `type`='1' AND `account_id`='%d';",reg_db,acc); if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } //Proceed to insert them.... for(j=0,p=13;j 0) { //Found a match sprintf(tmpsql,"UPDATE `%s` SET `ban_until` = '0' WHERE `%s` = '%d'", login_db,login_db_account_id,acc); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } if (sql_res) mysql_free_result(sql_res); RFIFOSKIP(fd,6); return 0; } case 0x272b: // Set account_id to online [Wizputer] if (RFIFOREST(fd) < 6) return 0; add_online_user(id, RFIFOL(fd,2)); RFIFOSKIP(fd,6); break; case 0x272c: // Set account_id to offline [Wizputer] if (RFIFOREST(fd) < 6) return 0; remove_online_user(RFIFOL(fd,2)); RFIFOSKIP(fd,6); break; case 0x272d: // Receive list of all online accounts. [Skotlex] if (RFIFOREST(fd) < 4 || RFIFOREST(fd) < RFIFOW(fd,2)) return 0; if (login_config.online_check) { struct online_login_data *p; int aid, users; online_db->foreach(online_db,online_db_setoffline,id); //Set all chars from this char-server offline first users = RFIFOW(fd,4); for (i = 0; i < users; i++) { aid = RFIFOL(fd,6+i*4); p = idb_ensure(online_db, aid, create_online_user); p->char_server = id; if (p->waiting_disconnect != -1) { delete_timer(p->waiting_disconnect, waiting_disconnect_timer); p->waiting_disconnect = -1; } } } RFIFOSKIP(fd,RFIFOW(fd,2)); break; case 0x272e: //Request account_reg2 for a character. if (RFIFOREST(fd) < 10) return 0; { int account_id = RFIFOL(fd, 2); int char_id = RFIFOL(fd, 6); int p; sprintf(tmpsql, "SELECT `str`,`value` FROM `%s` WHERE `type`='1' AND `account_id`='%d'",reg_db, account_id); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); break; } sql_res = mysql_store_result(&mysql_handle) ; if (!sql_res) { break; } WFIFOHEAD(fd,10000); WFIFOW(fd,0) = 0x2729; WFIFOL(fd,4) = account_id; WFIFOL(fd,8) = char_id; WFIFOB(fd,12) = 1; //Type 1 for Account2 registry p = 13; while ((sql_row = mysql_fetch_row(sql_res)) && p < 9000) { if (sql_row[0][0]) { p+= sprintf(WFIFOP(fd,p), "%s", sql_row[0])+1; //We add 1 to consider the '\0' in place. p+= sprintf(WFIFOP(fd,p), "%s", sql_row[1])+1; } } mysql_free_result(sql_res); if (p >= 9000) ShowWarning("Too many account2 registries for AID %d. Some registries were not sent.\n", account_id); WFIFOW(fd,2) = p; WFIFOSET(fd,WFIFOW(fd,2)); RFIFOSKIP(fd,10); } break; case 0x2736: // WAN IP update from char-server if (RFIFOREST(fd) < 6) return 0; server[id].ip = ntohl(RFIFOL(fd,2)); ShowInfo("Updated IP of Server #%d to %d.%d.%d.%d.\n",id, CONVIP(server[id].ip)); RFIFOSKIP(fd,6); break; case 0x2737: //Request to set all offline. ShowInfo("Setting accounts from char-server %d offline.\n", id); online_db->foreach(online_db,online_db_setoffline,id); RFIFOSKIP(fd,2); break; default: ShowError("parse_fromchar: Unknown packet 0x%x from a char-server! Disconnecting!\n", RFIFOW(fd,0)); set_eof(fd); return 0; } // switch } // while RFIFOSKIP(fd,RFIFOREST(fd)); return 0; } //-------------------------------------------- // Test to know if an IP come from LAN or WAN. //-------------------------------------------- int lan_subnetcheck(uint32 ip) { int i; for(i = 0; i < subnet_count; i++) { if(subnet[i].subnet == (ip & subnet[i].mask)) { return subnet[i].char_ip; } } return 0; } int login_ip_ban_check(uint32 ip) { uint8* p = (uint8*)&ip; sprintf(tmpsql, "SELECT count(*) FROM `ipbanlist` WHERE `list` = '%d.*.*.*' OR `list` = '%d.%d.*.*' OR `list` = '%d.%d.%d.*' OR `list` = '%d.%d.%d.%d'", p[3], p[3], p[2], p[3], p[2], p[1], p[3], p[2], p[1], p[0]); if (mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); // close connection because we can't verify their connectivity. return 1; } sql_res = mysql_store_result(&mysql_handle) ; sql_row = sql_res?mysql_fetch_row(sql_res):NULL; if(!sql_row) { //Shouldn't happen, but just in case... mysql_free_result(sql_res); return 1; } if (atoi(sql_row[0]) == 0) { //No ban mysql_free_result(sql_res); return 0; } // ip ban ok. ShowInfo("Packet from banned ip : %d.%d.%d.%d\n" RETCODE, CONVIP(ip)); if (login_config.log_login) { sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', 'unknown','-3', 'ip banned')", loginlog_db, ip); // query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } mysql_free_result(sql_res); return 1; } //---------------------------------------------------------------------------------------- // Default packet parsing (normal players or administation/char-server connection requests) //---------------------------------------------------------------------------------------- int parse_login(int fd) { char t_uid[100]; struct mmo_account account; int result, i; uint32 ipl = session[fd]->client_addr; char ip[16]; ip2str(ipl, ip); if (session[fd]->eof) { do_close(fd); return 0; } while (RFIFOREST(fd) >= 2) { uint16 command = RFIFOW(fd,0); switch(command) { case 0x0200: // New alive packet: structure: 0x200 .24B. used to verify if client is always alive. if (RFIFOREST(fd) < 26) return 0; RFIFOSKIP(fd,26); break; case 0x0204: // New alive packet: structure: 0x204 .16B. (new ragexe from 22 june 2004) if (RFIFOREST(fd) < 18) return 0; RFIFOSKIP(fd,18); break; case 0x0064: // request client login case 0x0277: // New login packet (layout is same as 0x64 but different length) case 0x01dd: // request client login (encryption mode) { int packet_len = RFIFOREST(fd); //Perform ip-ban check if (login_config.ipban && login_ip_ban_check(ipl)) { WFIFOHEAD(fd,23); WFIFOW(fd,0) = 0x6a; WFIFOB(fd,2) = 3; // 3 = Rejected from Server WFIFOSET(fd,23); RFIFOSKIP(fd,packet_len); set_eof(fd); break; } if ((command == 0x0064 && packet_len < 55) || (command == 0x0277 && packet_len < 84) || (command == 0x01dd && packet_len < 47)) return 0; // S 0064 .l .24B .24B .B // S 0277 ?? // S 01dd .l .24B .16B .B memset(&account, 0, sizeof(account)); account.version = RFIFOL(fd,2); if (!account.version) account.version = 1; //Force some version... memcpy(account.userid,RFIFOP(fd,6),NAME_LENGTH); account.userid[23] = '\0'; memcpy(account.passwd,RFIFOP(fd,30),NAME_LENGTH); account.passwd[23] = '\0'; account.passwdenc = (command != 0x01dd) ? 0 : PASSWORDENC; jstrescapecpy(t_uid, account.userid); result = mmo_auth(&account, fd); if (result == -1) { // auth success if (login_config.min_level_to_connect > account.level) { WFIFOHEAD(fd,3); WFIFOW(fd,0) = 0x81; WFIFOB(fd,2) = 1; // 01 = Server closed WFIFOSET(fd,3); } else { if (login_config.log_login) { sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s','100', 'login ok')", loginlog_db, ipl, t_uid); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } if (account.level) ShowStatus("Connection of the GM (level:%d) account '%s' accepted.\n", account.level, account.userid); else ShowStatus("Connection of the account '%s' accepted.\n", account.userid); server_num = 0; WFIFOHEAD(fd,47+32*MAX_SERVERS); for(i = 0; i < MAX_SERVERS; i++) { if (server_fd[i] >= 0) { // Advanced subnet check [LuzZza] uint32 subnet_char_ip = lan_subnetcheck(ipl); WFIFOL(fd,47+server_num*32) = htonl((subnet_char_ip) ? subnet_char_ip : server[i].ip); WFIFOW(fd,47+server_num*32+4) = ntows(htons(server[i].port)); // [!] LE byte order here [!] memcpy(WFIFOP(fd,47+server_num*32+6), server[i].name, 20); WFIFOW(fd,47+server_num*32+26) = server[i].users; WFIFOW(fd,47+server_num*32+28) = server[i].maintenance; WFIFOW(fd,47+server_num*32+30) = server[i].new_; server_num++; } } if (server_num > 0) { // if at least 1 char-server WFIFOW(fd,0) = 0x69; WFIFOW(fd,2) = 47+32*server_num; WFIFOL(fd,4) = account.login_id1; WFIFOL(fd,8) = account.account_id; WFIFOL(fd,12) = account.login_id2; WFIFOL(fd,16) = 0; // in old version, that was for ip (not more used) //memcpy(WFIFOP(fd,20), account.lastlogin, 24); // in old version, that was for name (not more used) WFIFOB(fd,46) = account.sex; WFIFOSET(fd,47+32*server_num); if (auth_fifo_pos >= AUTH_FIFO_SIZE) auth_fifo_pos = 0; auth_fifo[auth_fifo_pos].account_id = account.account_id; auth_fifo[auth_fifo_pos].login_id1 = account.login_id1; auth_fifo[auth_fifo_pos].login_id2 = account.login_id2; auth_fifo[auth_fifo_pos].sex = account.sex; auth_fifo[auth_fifo_pos].delflag = 0; auth_fifo[auth_fifo_pos].ip = session[fd]->client_addr; auth_fifo_pos++; } else { // if no char-server, don't send void list of servers, just disconnect the player with proper message WFIFOW(fd,0) = 0x81; WFIFOB(fd,2) = 1; // 01 = Server closed WFIFOSET(fd,3); } } } else { // auth failed if (login_config.log_login) { const char* error; switch ((result + 1)) { case -2: error = "Account banned."; break; //-3 = Account Banned case -1: error = "dynamic ban (ip and account)."; break; //-2 = Dynamic Ban case 1: error = "Unregistered ID."; break; // 0 = Unregistered ID case 2: error = "Incorrect Password."; break; // 1 = Incorrect Password case 3: error = "Account Expired."; break; // 2 = This ID is expired case 4: error = "Rejected from server."; break; // 3 = Rejected from Server case 5: error = "Blocked by GM."; break; // 4 = You have been blocked by the GM Team case 6: error = "Not latest game EXE."; break; // 5 = Your Game's EXE file is not the latest version case 7: error = "Banned."; break; // 6 = Your are Prohibited to log in until %s case 8: error = "Server Over-population."; break; // 7 = Server is jammed due to over populated case 9: error = "Account limit from company"; break; // 8 = No more accounts may be connected from this company case 10: error = "Ban by DBA"; break; // 9 = MSI_REFUSE_BAN_BY_DBA case 11: error = "Email not confirmed"; break; // 10 = MSI_REFUSE_EMAIL_NOT_CONFIRMED case 12: error = "Ban by GM"; break; // 11 = MSI_REFUSE_BAN_BY_GM case 13: error = "Working in DB"; break; // 12 = MSI_REFUSE_TEMP_BAN_FOR_DBWORK case 14: error = "Self Lock"; break; // 13 = MSI_REFUSE_SELF_LOCK case 15: error = "Not Permitted Group"; break; // 14 = MSI_REFUSE_NOT_PERMITTED_GROUP case 16: error = "Not Permitted Group"; break; // 15 = MSI_REFUSE_NOT_PERMITTED_GROUP case 100: error = "Account gone."; break; // 99 = This ID has been totally erased case 101: error = "Login info remains."; break; // 100 = Login information remains at %s case 102: error = "Hacking investigation."; break; // 101 = Account has been locked for a hacking investigation. Please contact the GM Team for more information case 103: error = "Bug investigation."; break; // 102 = This account has been temporarily prohibited from login due to a bug-related investigation case 104: error = "Deleting char."; break; // 103 = This character is being deleted. Login is temporarily unavailable for the time being case 105: error = "Deleting spouse char."; break; // 104 = This character is being deleted. Login is temporarily unavailable for the time being default : error = "Unknown Error."; break; } sprintf(tmpsql, "INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s', '%d','login failed : %s')", loginlog_db, ipl, t_uid, result, error); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } if ((result == 1) && login_config.dynamic_pass_failure_ban && login_config.log_login) { // failed password sprintf(tmpsql,"SELECT count(*) FROM `%s` WHERE `ip` = '%u' AND `rcode` = '1' AND `time` > NOW() - INTERVAL %d MINUTE", loginlog_db, ipl, login_config.dynamic_pass_failure_ban_interval); //how many times filed account? in one ip. if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } //check query result sql_res = mysql_store_result(&mysql_handle) ; sql_row = sql_res?mysql_fetch_row(sql_res):NULL; //row fetching if (sql_row && (unsigned int)atoi(sql_row[0]) >= login_config.dynamic_pass_failure_ban_limit ) { uint8* p = (uint8*)&ipl; sprintf(tmpsql,"INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() + INTERVAL %d MINUTE ,'Password error ban: %s')", (uint8)p[3], (uint8)p[2], (uint8)p[1], login_config.dynamic_pass_failure_ban_duration, t_uid); if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } if(sql_res) mysql_free_result(sql_res); } else if (result == -2){ //dynamic banned - add ip to ban list. uint8* p = (uint8*)&ipl; sprintf(tmpsql,"INSERT INTO `ipbanlist`(`list`,`btime`,`rtime`,`reason`) VALUES ('%d.%d.%d.*', NOW() , NOW() + INTERVAL 1 MONTH ,'Dynamic banned user id : %s')", (uint8)p[3], (uint8)p[2], (uint8)p[1], t_uid); if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } result = -3; }else if(result == 6){ //not lastet version .. //result = 5; } sprintf(tmpsql,"SELECT `ban_until` FROM `%s` WHERE `%s` = %s '%s'",login_db, login_db_userid, login_config.case_sensitive ? "BINARY" : "", t_uid); if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sql_res = mysql_store_result(&mysql_handle) ; sql_row = sql_res?mysql_fetch_row(sql_res):NULL; //cannot connect login failed WFIFOHEAD(fd,23); memset(WFIFOP(fd,0), '\0', 23); WFIFOW(fd,0) = 0x6a; WFIFOB(fd,2) = (uint8)result; if (result == 6) { // 6 = Your are Prohibited to log in until %s char tmpstr[20]; time_t ban_until_time = (sql_row) ? atol(sql_row[0]) : 0; strftime(tmpstr, 20, login_config.date_format, localtime(&ban_until_time)); tmpstr[19] = '\0'; strncpy(WFIFOP(fd,3), tmpstr, 20); // ban timestamp goes here } WFIFOSET(fd,23); if (sql_res) mysql_free_result(sql_res); } RFIFOSKIP(fd,packet_len); } break; case 0x01db: // Sending request of the coding key { struct login_session_data* ld; if (session[fd]->session_data) { ShowWarning("login: abnormal request of MD5 key (already opened session).\n"); set_eof(fd); return 0; } ld = (struct login_session_data*)aCalloc(1, sizeof(struct login_session_data)); session[fd]->session_data = ld; // Creation of the coding key memset(ld->md5key, '\0', sizeof(ld->md5key)); ld->md5keylen = (uint16)(12 + rand() % 4); for(i = 0; i < ld->md5keylen; i++) ld->md5key[i] = (char)(1 + rand() % 255); WFIFOHEAD(fd,4 + ld->md5keylen); WFIFOW(fd,0) = 0x01dc; WFIFOW(fd,2) = 4 + ld->md5keylen; memcpy(WFIFOP(fd,4), ld->md5key, ld->md5keylen); WFIFOSET(fd,WFIFOW(fd,2)); RFIFOSKIP(fd,2); } break; case 0x2710: // Connection request of a char-server if (RFIFOREST(fd) < 86) return 0; { char* server_name; uint32 server_ip; uint16 server_port; memset(&account, 0, sizeof(account)); memcpy(account.userid,RFIFOP(fd,2),NAME_LENGTH); account.userid[23] = '\0'; memcpy(account.passwd,RFIFOP(fd,26),NAME_LENGTH); account.passwd[23] = '\0'; account.passwdenc = 0; server_name = (char*)RFIFOP(fd,60); server_name[20] = '\0'; server_ip = ntohl(RFIFOL(fd,54)); server_port = ntohs(RFIFOW(fd,58)); ShowInfo("Connection request of the char-server '%s' @ %d.%d.%d.%d:%d (ip: %s)\n", server_name, CONVIP(server_ip), server_port, ip); jstrescapecpy(t_uid, server_name); if (login_config.log_login) { char t_login[50]; jstrescapecpy(t_login,account.userid); sprintf(tmpsql,"INSERT DELAYED INTO `%s`(`time`,`ip`,`user`,`rcode`,`log`) VALUES (NOW(), '%u', '%s@%s','100', 'charserver - %s@%u.%u.%u.%u:%d')", loginlog_db, ipl, t_login, t_uid, t_uid, CONVIP(server_ip), server_port); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } } result = mmo_auth(&account, fd); if (result == -1 && account.sex == 2 && account.account_id < MAX_SERVERS && server_fd[account.account_id] == -1) { ShowStatus("Connection of the char-server '%s' accepted.\n", server_name); memset(&server[account.account_id], 0, sizeof(struct mmo_char_server)); server[account.account_id].ip = ntohl(RFIFOL(fd,54)); server[account.account_id].port = ntohs(RFIFOW(fd,58)); memcpy(server[account.account_id].name, server_name, 20); server[account.account_id].users = 0; server[account.account_id].maintenance = RFIFOW(fd,82); server[account.account_id].new_ = RFIFOW(fd,84); server_fd[account.account_id] = fd; sprintf(tmpsql,"DELETE FROM `sstatus` WHERE `index`='%d'", account.account_id); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } sprintf(tmpsql,"INSERT INTO `sstatus`(`index`,`name`,`user`) VALUES ( '%d', '%s', '%d')", account.account_id, t_uid,0); //query if(mysql_query(&mysql_handle, tmpsql)) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - %s\n", __FILE__,__LINE__,tmpsql); } WFIFOHEAD(fd,3); WFIFOW(fd,0) = 0x2711; WFIFOB(fd,2) = 0; WFIFOSET(fd,3); session[fd]->func_parse = parse_fromchar; realloc_fifo(fd, FIFOSIZE_SERVERLINK, FIFOSIZE_SERVERLINK); send_GM_accounts(fd); // send GM account to char-server } else { WFIFOHEAD(fd,3); WFIFOW(fd,0) = 0x2711; WFIFOB(fd,2) = 3; WFIFOSET(fd,3); } RFIFOSKIP(fd,86); return 0; } case 0x7530: // Server version information request { ShowInfo ("Athena version check...\n"); WFIFOHEAD(fd,10); WFIFOW(fd,0) = 0x7531; WFIFOB(fd,2) = ATHENA_MAJOR_VERSION; WFIFOB(fd,3) = ATHENA_MINOR_VERSION; WFIFOB(fd,4) = ATHENA_REVISION; WFIFOB(fd,5) = ATHENA_RELEASE_FLAG; WFIFOB(fd,6) = ATHENA_OFFICIAL_FLAG; WFIFOB(fd,7) = ATHENA_SERVER_LOGIN; WFIFOW(fd,8) = ATHENA_MOD_VERSION; WFIFOSET(fd,10); RFIFOSKIP(fd,2); } break; case 0x7532: // Request to end connection ShowStatus ("End of connection (ip: %s)" RETCODE, ip); set_eof(fd); break; default: ShowStatus ("Abnormal end of connection (ip: %s): Unknown packet 0x%x " RETCODE, ip, RFIFOW(fd,0)); set_eof(fd); return 0; } } RFIFOSKIP(fd,RFIFOREST(fd)); return 0; } int parse_console(char* buf) { char command[256]; memset(command, 0, sizeof(command)); sscanf(buf, "%[^\n]", command); //login_log("Console command :%s" RETCODE, command); if( strcmpi("shutdown", command) == 0 || strcmpi("exit", command) == 0 || strcmpi("quit", command) == 0 || strcmpi("end", command) == 0 ) runflag = 0; else if( strcmpi("alive", command) == 0 || strcmpi("status", command) == 0 ) ShowInfo(CL_CYAN"Console: "CL_BOLD"I'm Alive."CL_RESET"\n"); else if( strcmpi("help", command) == 0 ){ printf(CL_BOLD"Help of commands:"CL_RESET"\n"); printf(" To shutdown the server:\n"); printf(" 'shutdown|exit|qui|end'\n"); printf(" To know if server is alive:\n"); printf(" 'alive|status'\n"); } return 0; } static int online_data_cleanup_sub(DBKey key, void *data, va_list ap) { struct online_login_data *character= (struct online_login_data*)data; if (character->char_server == -2) //Unknown server.. set them offline remove_online_user(character->account_id); else if (character->char_server < 0) //Free data from players that have not been online for a while. db_remove(online_db, key); return 0; } static int online_data_cleanup(int tid, unsigned int tick, int id, int data) { online_db->foreach(online_db, online_data_cleanup_sub); return 0; } //---------------------------------- // Reading Lan Support configuration //---------------------------------- int login_lan_config_read(const char *lancfgName) { FILE *fp; int line_num = 0; char line[1024], w1[64], w2[64], w3[64], w4[64]; if((fp = fopen(lancfgName, "r")) == NULL) { ShowWarning("LAN Support configuration file is not found: %s\n", lancfgName); return 1; } ShowInfo("Reading the configuration file %s...\n", lancfgName); while(fgets(line, sizeof(line), fp)) { line_num++; if ((line[0] == '/' && line[1] == '/') || line[0] == '\n' || line[1] == '\n') continue; if(sscanf(line,"%[^:]: %[^:]:%[^:]:%[^\r\n]", w1, w2, w3, w4) != 4) { ShowWarning("Error syntax of configuration file %s in line %d.\n", lancfgName, line_num); continue; } remove_control_chars(w1); remove_control_chars(w2); remove_control_chars(w3); remove_control_chars(w4); if(strcmpi(w1, "subnet") == 0) { subnet[subnet_count].mask = str2ip(w2); subnet[subnet_count].char_ip = str2ip(w3); subnet[subnet_count].map_ip = str2ip(w4); subnet[subnet_count].subnet = subnet[subnet_count].char_ip&subnet[subnet_count].mask; if (subnet[subnet_count].subnet != (subnet[subnet_count].map_ip&subnet[subnet_count].mask)) { ShowError("%s: Configuration Error: The char server (%s) and map server (%s) belong to different subnetworks!\n", lancfgName, w3, w4); continue; } subnet_count++; } ShowStatus("Read information about %d subnetworks.\n", subnet_count); } fclose(fp); return 0; } //----------------------------------------------------- // clear expired ip bans //----------------------------------------------------- int ip_ban_flush(int tid, unsigned int tick, int id, int data) { if(mysql_query(&mysql_handle, "DELETE FROM `ipbanlist` WHERE `rtime` <= NOW()")) { ShowSQL("DB error - %s\n",mysql_error(&mysql_handle)); ShowDebug("at %s:%d - DELETE FROM `ipbanlist` WHERE `rtime` <= NOW()\n", __FILE__,__LINE__); } return 0; } //----------------------------------- // Reading main configuration file //----------------------------------- int login_config_read(const char* cfgName) { char line[1024], w1[1024], w2[1024]; FILE* fp = fopen(cfgName, "r"); if (fp == NULL) { ShowError("Configuration file (%s) not found.\n", cfgName); return 1; } ShowInfo("Reading configuration file %s...\n", cfgName); while(fgets(line, sizeof(line), fp)) { if (line[0] == '/' && line[1] == '/') continue; if (sscanf(line, "%[^:]: %[^\r\n]", w1, w2) < 2) continue; remove_control_chars(w1); remove_control_chars(w2); if(!strcmpi(w1,"timestamp_format")) { strncpy(timestamp_format, w2, 20); } else if(!strcmpi(w1,"stdout_with_ansisequence")) { stdout_with_ansisequence = config_switch(w2); } else if(!strcmpi(w1,"console_silent")) { ShowInfo("Console Silent Setting: %d\n", atoi(w2)); msg_silent = atoi(w2); } else if (!strcmpi(w1, "bind_ip")) { char ip_str[16]; login_config.login_ip = host2ip(w2); if (login_config.login_ip) ShowStatus("Login server binding IP address : %s -> %s\n", w2, ip2str(login_config.login_ip, ip_str)); } else if(!strcmpi(w1,"login_port")) { login_config.login_port = (uint16)atoi(w2); ShowStatus("set login_port : %s\n",w2); } else if (!strcmpi(w1, "log_login")) login_config.log_login = config_switch(w2); else if (!strcmpi(w1, "ipban")) login_config.ipban = config_switch(w2); else if (!strcmpi(w1, "dynamic_pass_failure_ban")) login_config.dynamic_pass_failure_ban = config_switch(w2); else if (!strcmpi(w1, "dynamic_pass_failure_ban_interval")) login_config.dynamic_pass_failure_ban_interval = atoi(w2); else if (!strcmpi(w1, "dynamic_pass_failure_ban_limit")) login_config.dynamic_pass_failure_ban_limit = atoi(w2); else if (!strcmpi(w1, "dynamic_pass_failure_ban_duration")) login_config.dynamic_pass_failure_ban_duration = atoi(w2); else if (!strcmpi(w1, "new_account")) login_config.new_account_flag=config_switch(w2); else if (!strcmpi(w1, "check_client_version")) login_config.check_client_version=config_switch(w2); else if (!strcmpi(w1, "client_version_to_connect")) login_config.client_version_to_connect=atoi(w2); else if (!strcmpi(w1, "use_MD5_passwords")) login_config.use_md5_passwds = config_switch(w2); else if (!strcmpi(w1, "min_level_to_connect")) login_config.min_level_to_connect = atoi(w2); else if (!strcmpi(w1, "date_format")) strncpy(login_config.date_format, w2, sizeof(login_config.date_format)); else if (!strcmpi(w1, "console")) login_config.console = config_switch(w2); else if (!strcmpi(w1, "case_sensitive")) login_config.case_sensitive = config_switch(w2); else if (!strcmpi(w1, "allowed_regs")) //account flood protection system allowed_regs = atoi(w2); else if (!strcmpi(w1, "time_allowed")) time_allowed = atoi(w2); else if (!strcmpi(w1, "online_check")) login_config.online_check = config_switch(w2); else if (!strcmpi(w1, "use_dnsbl")) login_config.use_dnsbl = config_switch(w2); else if (!strcmpi(w1, "dnsbl_servers")) { strncpy(login_config.dnsbl_servs, w2, 1023); login_config.dnsbl_servs[1023] = '\0'; } else if (!strcmpi(w1, "ip_sync_interval")) login_config.ip_sync_interval = 1000*60*atoi(w2); //w2 comes in minutes. else if (!strcmpi(w1, "import")) login_config_read(w2); } fclose(fp); ShowInfo("Finished reading %s.\n", cfgName); return 0; } void sql_config_read(const char* cfgName) { char line[1024], w1[1024], w2[1024]; FILE* fp = fopen(cfgName, "r"); if(fp == NULL) { ShowError("file not found: %s\n", cfgName); return; } ShowInfo("reading configuration file %s...\n", cfgName); while(fgets(line, sizeof(line), fp)) { if (line[0] == '/' && line[1] == '/') continue; if (sscanf(line, "%[^:]: %[^\r\n]", w1, w2) < 2) continue; if (!strcmpi(w1, "gm_read_method")) login_config.login_gm_read = (atoi(w2) == 0); else if (!strcmpi(w1, "login_db")) strcpy(login_db, w2); else if (!strcmpi(w1, "login_server_ip")) strcpy(login_server_ip, w2); else if (!strcmpi(w1, "login_server_port")) login_server_port = atoi(w2); else if (!strcmpi(w1, "login_server_id")) strcpy(login_server_id, w2); else if (!strcmpi(w1, "login_server_pw")) strcpy(login_server_pw, w2); else if (!strcmpi(w1, "login_server_db")) strcpy(login_server_db, w2); else if (!strcmpi(w1, "default_codepage")) strcpy(default_codepage, w2); else if (!strcmpi(w1, "login_db_account_id")) strcpy(login_db_account_id, w2); else if (!strcmpi(w1, "login_db_userid")) strcpy(login_db_userid, w2); else if (!strcmpi(w1, "login_db_user_pass")) strcpy(login_db_user_pass, w2); else if (!strcmpi(w1, "login_db_level")) strcpy(login_db_level, w2); else if (!strcmpi(w1, "loginlog_db")) strcpy(loginlog_db, w2); else if (!strcmpi(w1, "reg_db")) strcpy(reg_db, w2); else if (!strcmpi(w1, "import")) sql_config_read(w2); } fclose(fp); ShowInfo("Done reading %s.\n", cfgName); } void login_set_defaults() { login_config.log_login = true; login_config.case_sensitive = true; login_config.min_level_to_connect = 0; login_config.check_client_version = false; login_config.client_version_to_connect = 20; login_config.new_account_flag = true; login_config.online_check = true; login_config.ipban = true; login_config.dynamic_pass_failure_ban = true; login_config.dynamic_pass_failure_ban_interval = 5; login_config.dynamic_pass_failure_ban_limit = 7; login_config.dynamic_pass_failure_ban_duration = 5; login_config.ip_sync_interval = 0; login_config.use_dnsbl = false; strcpy(login_config.dnsbl_servs, ""); login_config.use_md5_passwds = false; login_config.login_gm_read = true; login_config.login_ip = INADDR_ANY; login_config.login_port = 6900; login_config.console = false; strcpy(login_config.date_format, "%Y-%m-%d %H:%M:%S"); } //-------------------------------------- // Function called at exit of the server //-------------------------------------- void do_final(void) { //sync account when terminating. //but no need when you using DBMS (mysql) ShowStatus("Terminating...\n"); mmo_db_close(); online_db->destroy(online_db, NULL); if (gm_account_db) aFree(gm_account_db); } //------------------------------ // Function called when the server // has received a crash signal. //------------------------------ void do_abort(void) { } void set_server_type(void) { SERVER_TYPE = ATHENA_SERVER_LOGIN; } int do_init(int argc, char** argv) { // initialize login server int i; login_set_defaults(); // read login-server configuration login_config_read((argc > 1) ? argv[1] : LOGIN_CONF_NAME); sql_config_read(SQL_CONF_NAME); login_lan_config_read((argc > 2) ? argv[2] : LAN_CONF_NAME); srand((unsigned int)time(NULL)); for(i=0;i