本文整理汇总了C++中DatabaseType::PQuery方法的典型用法代码示例。如果您正苦于以下问题:C++ DatabaseType::PQuery方法的具体用法?C++ DatabaseType::PQuery怎么用?C++ DatabaseType::PQuery使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类DatabaseType的用法示例。
在下文中一共展示了DatabaseType::PQuery方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: DeleteAccount
AccountOpResult AccountMgr::DeleteAccount(uint32 accid)
{
QueryResult* result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%u'", accid);
if (!result)
return AOR_NAME_NOT_EXIST; // account doesn't exist
delete result;
// existing characters list
result = CharacterDatabase.PQuery("SELECT guid FROM characters WHERE account='%u'", accid);
if (result)
{
do
{
Field* fields = result->Fetch();
uint32 guidlo = fields[0].GetUInt32();
ObjectGuid guid = ObjectGuid(HIGHGUID_PLAYER, guidlo);
// kick if player currently
ObjectAccessor::KickPlayer(guid);
Player::DeleteFromDB(guid, accid, false); // no need to update realm characters
}
while (result->NextRow());
delete result;
}
// table realm specific but common for all characters of account for realm
CharacterDatabase.PExecute("DELETE FROM character_tutorial WHERE account = '%u'", accid);
LoginDatabase.BeginTransaction();
bool res =
LoginDatabase.PExecute("DELETE FROM account WHERE id='%u'", accid) &&
LoginDatabase.PExecute("DELETE FROM realmcharacters WHERE acctid='%u'", accid);
LoginDatabase.CommitTransaction();
if (!res)
return AOR_DB_INTERNAL_ERROR; // unexpected error;
return AOR_OK;
}示例2: DeleteAccount
AccountOpResult AccountMgr::DeleteAccount(uint32 accid)
{
QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accid);
if (!result)
return AOR_NAME_NOT_EXIST; // account doesn't exist
// existed characters list
result = CharacterDatabase.PQuery("SELECT guid FROM characters WHERE account='%d'",accid);
if (result)
{
do
{
Field *fields = result->Fetch();
uint32 guidlo = fields[0].GetUInt32();
uint64 guid = MAKE_NEW_GUID(guidlo, 0, HIGHGUID_PLAYER);
// kick if player currently
if (Player* p = ObjectAccessor::FindPlayer(guid))
{
WorldSession* s = p->GetSession();
s->KickPlayer(); // mark session to remove at next session list update
s->LogoutPlayer(false); // logout player without waiting next session list update
}
Player::DeleteFromDB(guid, accid, false); // no need to update realm characters
} while (result->NextRow());
}
// table realm specific but common for all characters of account for realm
CharacterDatabase.PExecute("DELETE FROM character_tutorial WHERE account = '%u'",accid);
CharacterDatabase.PExecute("DELETE FROM account_data WHERE account = '%u'",accid);
LoginDatabase.BeginTransaction();
LoginDatabase.PExecute("DELETE FROM account WHERE id='%d'", accid);
LoginDatabase.PExecute("DELETE FROM account_access WHERE id ='%d'", accid);
LoginDatabase.PExecute("DELETE FROM realmcharacters WHERE acctid='%d'", accid);
LoginDatabase.CommitTransaction();
return AOR_OK;
}示例3: sellGuildhouse
void sellGuildhouse(Player *pPlayer, Creature *_Creature)
{
if (isPlayerHasGuildhouse(pPlayer, _Creature))
{
QueryResult *result;
result = WorldDatabase.PQuery("UPDATE `guildhouses` SET `guildId` = 0 WHERE `guildId` = %u",
pPlayer->GetGuildId());
if (result)
pPlayer->ModifyMoney(150000000);
//display message e.g. "here your money etc."
char msg[100];
sprintf(msg, MSG_SOLD, COST_GH_SELL / 150000000);
pPlayer->ModifyMoney(150000000);
_Creature->MonsterYell(msg, pPlayer->GetObjectGuid());
}
}示例4: getGuildHouseCoords
bool getGuildHouseCoords(uint32 guildId, float &x, float &y, float &z, uint32 &map)
{
if (guildId == 0)
{
//if player has no guild
return false;
}
QueryResult_AutoPtr result = CharacterDatabase.PQuery("SELECT `x`, `y`, `z`, `map` FROM `guild_houses` WHERE `guildId` = %u", guildId);
if(result)
{
Field *fields = result->Fetch();
x = fields[0].GetFloat();
y = fields[1].GetFloat();
z = fields[2].GetFloat();
map = fields[3].GetUInt32();
return true;
}
return false;
}示例5: LoadVersion
void SystemMgr::LoadVersion()
{
//Get Version information
QueryResult* pResult = SD2Database.PQuery("SELECT version FROM sd2_db_version LIMIT 1");
if (pResult)
{
Field* pFields = pResult->Fetch();
strSD2Version = pFields[0].GetCppString();
outstring_log("Loading %s", strSD2Version.c_str());
outstring_log("");
}
else
{
error_log("SD2: Missing `sd2_db_version` information.");
outstring_log("");
}
}示例6: CreateAccount
AccountOpResult AccountMgr::CreateAccount(std::string username, std::string password)
{
if (utf8length(username) > MAX_ACCOUNT_STR)
return AOR_NAME_TOO_LONG; // username's too long
normalizeString(username);
normalizeString(password);
LoginDatabase.EscapeString(username);
LoginDatabase.EscapeString(password);
QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE username = '%s'", username.c_str());
if (result)
return AOR_NAME_ALREDY_EXIST; // username does already exist
if (!LoginDatabase.PExecute("INSERT INTO account(username, sha_pass_hash, joindate) VALUES('%s', Sha1(CONCAT('%s', ':', '%s')), NOW())", username.c_str(), username.c_str(), password.c_str()))
return AOR_DB_INTERNAL_ERROR; // unexpected error
LoginDatabase.Execute("INSERT INTO realmcharacters (realmid, acctid, numchars) SELECT realmlist.id, account.id, 0 FROM realmlist, account LEFT JOIN realmcharacters ON acctid=account.id WHERE acctid IS NULL");
return AOR_OK; // everything's fine
}示例7: isPlayerHasGuildhouse
bool isPlayerHasGuildhouse(Player *player, Creature *_creature, bool whisper = false)
{
QueryResult_AutoPtr result = CharacterDatabase.PQuery("SELECT `comment` FROM `guild_houses` WHERE `guildId` = %u",
player->GetGuildId());
if (result)
{
if (whisper)
{
//whisper to player "already have etc..."
Field *fields = result->Fetch();
char msg[100];
sprintf(msg, MSG_ALREADYHAVEGH, fields[0].GetString());
_creature->MonsterWhisper(msg, player->GetGUID());
}
return true;
}
return false;
}示例8: _HandleRealmList
/// %Realm List command handler
bool AuthSocket::_HandleRealmList()
{
DEBUG_LOG("Entering _HandleRealmList");
if (recv_len() < 5)
return false;
recv_skip(5);
///- Get the user id (else close the connection)
// No SQL injection (escaped user name)
QueryResult* result = LoginDatabase.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '%s'", _safelogin.c_str());
if (!result)
{
sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.", _login.c_str());
close_connection();
return false;
}
uint32 id = (*result)[0].GetUInt32();
std::string rI = (*result)[1].GetCppString();
delete result;
///- Update realm list if need
sRealmList.UpdateIfNeed();
///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm)
ByteBuffer pkt;
LoadRealmlist(pkt, id);
ByteBuffer hdr;
hdr << (uint8) CMD_REALM_LIST;
hdr << (uint16)pkt.size();
hdr.append(pkt);
send((char const*)hdr.contents(), hdr.size());
return true;
}示例9: ChangeUsername
AccountOpResult AccountMgr::ChangeUsername(uint32 accid, std::string new_uname, std::string new_passwd)
{
QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accid);
if (!result)
return AOR_NAME_NOT_EXIST; // account doesn't exist
if (utf8length(new_uname) > MAX_ACCOUNT_STR)
return AOR_NAME_TOO_LONG;
if (utf8length(new_passwd) > MAX_ACCOUNT_STR)
return AOR_PASS_TOO_LONG;
normalizeString(new_uname);
normalizeString(new_passwd);
LoginDatabase.EscapeString(new_uname);
LoginDatabase.EscapeString(new_passwd);
if (!LoginDatabase.PExecute("UPDATE account SET username='%s', sha_pass_hash=Sha1(CONCAT('%s', ':', '%s')) WHERE id='%d'", new_uname.c_str(), new_uname.c_str(), new_passwd.c_str(), accid))
return AOR_DB_INTERNAL_ERROR; // unexpected error
return AOR_OK;
}示例10: ChangeUsername
AccountOpResult AccountMgr::ChangeUsername(uint32 accid, std::string new_uname, std::string new_passwd)
{
QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accid);
if (!result)
return AOR_NAME_NOT_EXIST; // account doesn't exist
if (utf8length(new_uname) > MAX_ACCOUNT_STR)
return AOR_NAME_TOO_LONG;
if (utf8length(new_passwd) > MAX_ACCOUNT_STR)
return AOR_PASS_TOO_LONG;
normalizeString(new_uname);
normalizeString(new_passwd);
std::string safe_new_uname = new_uname;
LoginDatabase.escape_string(safe_new_uname);
LoginDatabase.PExecute("UPDATE account SET v='0',s='0',username='%s',sha_pass_hash='%s' WHERE id='%d'", safe_new_uname.c_str(),
CalculateShaPassHash(new_uname, new_passwd).c_str(), accid);
return AOR_OK;
}示例11: isPlayerHasGuildhouse
bool isPlayerHasGuildhouse(Player *pPlayer, Creature *_Creature, bool say = false)
{
QueryResult *result;
result = WorldDatabase.PQuery("SELECT `comment` FROM `guildhouses` WHERE `guildId` = %u",
pPlayer->GetGuildId());
if (result)
{
if (say)
{
//whisper to pPlayer "already have etc..."
Field *fields = result->Fetch();
char msg[100];
sprintf(msg, MSG_ALREADYHAVEGH, fields[0].GetString());
_Creature->MonsterSay(msg, pPlayer->GetObjectGuid());
}
return true;
}
return false;
}示例12: _HandleLogonProof
//.........这里部分代码省略.........
memcpy(hash, sha.GetDigest(), 20);
sha.Initialize();
sha.UpdateBigNumbers(&g, NULL);
sha.Finalize();
for (int i = 0; i < 20; i++)
{
hash[i] ^= sha.GetDigest()[i];
}
BigNumber t3;
t3.SetBinary(hash, 20);
sha.Initialize();
sha.UpdateData(_login);
sha.Finalize();
uint8 t4[SHA_DIGEST_LENGTH];
memcpy(t4, sha.GetDigest(), SHA_DIGEST_LENGTH);
sha.Initialize();
sha.UpdateBigNumbers(&t3, NULL);
sha.UpdateData(t4, SHA_DIGEST_LENGTH);
sha.UpdateBigNumbers(&s, &A, &B, &K, NULL);
sha.Finalize();
BigNumber M;
M.SetBinary(sha.GetDigest(), 20);
///- Check if SRP6 results match (password is correct), else send an error
if (!memcmp(M.AsByteArray(), lp.M1, 20))
{
sLog.outBasic("User '%s' successfully authenticated", _login.c_str());
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
dbRealmServer.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, GetRemoteAddress().c_str(), _localization, _safelogin.c_str() );
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client
sha.Initialize();
sha.UpdateBigNumbers(&A, &M, &K, NULL);
sha.Finalize();
sAuthLogonProof_S proof;
memcpy(proof.M2, sha.GetDigest(), 20);
proof.cmd = AUTH_LOGON_PROOF;
proof.error = 0;
proof.unk1 = 0x00800000;
proof.unk2 = 0x00;
proof.unk3 = 0x00;
SendBuf((char *)&proof, sizeof(proof));
///- Set _authed to true!
_authed = true;
}
else
{
char data[4]={AUTH_LOGON_PROOF,REALM_AUTH_NO_MATCH,3,0};
SendBuf(data,sizeof(data));
sLog.outBasic("[AuthChallenge] account %s tried to login with wrong password!",_login.c_str ());
uint32 MaxWrongPassCount = sConfig.GetIntDefault("WrongPass.MaxCount", 0);
if(MaxWrongPassCount > 0)
{
//Increment number of failed logins by one and if it reaches the limit temporarily ban that account or IP
dbRealmServer.PExecute("UPDATE account SET failed_logins = failed_logins + 1 WHERE username = '%s'",_safelogin.c_str());
if(QueryResult *loginfail = dbRealmServer.PQuery("SELECT id, failed_logins FROM account WHERE username = '%s'", _safelogin.c_str()))
{
Field* fields = loginfail->Fetch();
uint32 failed_logins = fields[1].GetUInt32();
if( failed_logins >= MaxWrongPassCount )
{
uint32 WrongPassBanTime = sConfig.GetIntDefault("WrongPass.BanTime", 600);
bool WrongPassBanType = sConfig.GetBoolDefault("WrongPass.BanType", false);
if(WrongPassBanType)
{
uint32 acc_id = fields[0].GetUInt32();
dbRealmServer.PExecute("INSERT INTO account_banned VALUES ('%u',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban',1)",
acc_id, WrongPassBanTime);
sLog.outBasic("[AuthChallenge] account %s got banned for '%u' seconds because it failed to authenticate '%u' times",
_login.c_str(), WrongPassBanTime, failed_logins);
}
else
{
std::string current_ip = GetRemoteAddress();
dbRealmServer.escape_string(current_ip);
dbRealmServer.PExecute("INSERT INTO ip_banned VALUES ('%s',UNIX_TIMESTAMP(),UNIX_TIMESTAMP()+'%u','MaNGOS realmd','Failed login autoban')",
current_ip.c_str(), WrongPassBanTime);
sLog.outBasic("[AuthChallenge] IP %s got banned for '%u' seconds because account %s failed to authenticate '%u' times",
current_ip.c_str(), WrongPassBanTime, _login.c_str(), failed_logins);
}
}
delete loginfail;
}
}
}
return true;
}示例13: _HandleLogonChallenge
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin=_login;
dbRealmServer.escape_string(_safelogin);
///- Check if the client has one of the expected version numbers
bool valid_version=false;
int accepted_versions[]=EXPECTED_MANGOS_CLIENT_BUILD;
for(int i=0;accepted_versions[i];i++)
if(ch->build==accepted_versions[i])
{
valid_version=true;
break;
}
/// <ul><li> if this is a valid version
if(valid_version)
{
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
dbRealmServer.escape_string(address);
QueryResult *result = dbRealmServer.PQuery( "SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '%s'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
//.........这里部分代码省略.........
示例14: _HandleLogonChallenge
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (ibuf.GetLength() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
ibuf.Read((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (ibuf.GetLength() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
///- Read the remaining of the packet
ibuf.Read((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin=_login;
dbRealmServer.escape_string(_safelogin);
pkt << (uint8) AUTH_LOGON_CHALLENGE;
pkt << (uint8) 0x00;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
dbRealmServer.Execute("DELETE FROM ip_banned WHERE unbandate<=UNIX_TIMESTAMP() AND unbandate<>bandate");
std::string address = GetRemoteAddress();
dbRealmServer.escape_string(address);
QueryResult *result = dbRealmServer.PQuery( "SELECT * FROM ip_banned WHERE ip = '%s'",address.c_str());
if(result)
{
pkt << (uint8)REALM_AUTH_ACCOUNT_BANNED;
sLog.outBasic("[AuthChallenge] Banned ip %s tries to login!",GetRemoteAddress().c_str ());
delete result;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
result = dbRealmServer.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel FROM account WHERE username = '%s'",_safelogin.c_str ());
if( result )
{
///- If the IP is 'locked', check that the player comes indeed from the correct IP address
bool locked = false;
if((*result)[2].GetUInt8() == 1) // if ip is locked
{
DEBUG_LOG("[AuthChallenge] Account '%s' is locked to IP - '%s'", _login.c_str(), (*result)[3].GetString());
DEBUG_LOG("[AuthChallenge] Player address is '%s'", GetRemoteAddress().c_str());
if ( strcmp((*result)[3].GetString(),GetRemoteAddress().c_str()) )
{
DEBUG_LOG("[AuthChallenge] Account IP differs");
pkt << (uint8) REALM_AUTH_ACCOUNT_FREEZED;
locked=true;
}
else
{
DEBUG_LOG("[AuthChallenge] Account IP matches");
}
}
else
{
DEBUG_LOG("[AuthChallenge] Account '%s' is not locked to ip", _login.c_str());
}
if (!locked)
//.........这里部分代码省略.........
示例15: _HandleLogonChallenge
/// Logon Challenge command handler
bool AuthSocket::_HandleLogonChallenge()
{
DEBUG_LOG("Entering _HandleLogonChallenge");
if (recv_len() < sizeof(sAuthLogonChallenge_C))
return false;
///- Read the first 4 bytes (header) to get the length of the remaining of the packet
std::vector<uint8> buf;
buf.resize(4);
recv((char *)&buf[0], 4);
EndianConvert(*((uint16*)(buf[0])));
uint16 remaining = ((sAuthLogonChallenge_C *)&buf[0])->size;
DEBUG_LOG("[AuthChallenge] got header, body is %#04x bytes", remaining);
if ((remaining < sizeof(sAuthLogonChallenge_C) - buf.size()) || (recv_len() < remaining))
return false;
//No big fear of memory outage (size is int16, i.e. < 65536)
buf.resize(remaining + buf.size() + 1);
buf[buf.size() - 1] = 0;
sAuthLogonChallenge_C *ch = (sAuthLogonChallenge_C*)&buf[0];
///- Read the remaining of the packet
recv((char *)&buf[4], remaining);
DEBUG_LOG("[AuthChallenge] got full packet, %#04x bytes", ch->size);
DEBUG_LOG("[AuthChallenge] name(%d): '%s'", ch->I_len, ch->I);
// BigEndian code, nop in little endian case
// size already converted
EndianConvert(*((uint32*)(&ch->gamename[0])));
EndianConvert(ch->build);
EndianConvert(*((uint32*)(&ch->platform[0])));
EndianConvert(*((uint32*)(&ch->os[0])));
EndianConvert(*((uint32*)(&ch->country[0])));
EndianConvert(ch->timezone_bias);
EndianConvert(ch->ip);
ByteBuffer pkt;
_login = (const char*)ch->I;
_build = ch->build;
_os = (const char*)ch->os;
if(_os.size() > 4)
return false;
///- Normalize account name
//utf8ToUpperOnlyLatin(_login); -- client already send account in expected form
//Escape the user login to avoid further SQL injection
//Memory will be freed on AuthSocket object destruction
_safelogin = _login;
LoginDatabase.escape_string(_safelogin);
// Starting CMD_AUTH_LOGON_CHALLENGE
AuthResult result = WOW_FAIL_UNKNOWN0;
///- Verify that this IP is not in the ip_banned table
// No SQL injection possible (paste the IP address as passed by the socket)
std::string address = get_remote_address();
LoginDatabase.escape_string(address);
QueryResult* qresult = LoginDatabase.PQuery("SELECT unbandate FROM ip_banned WHERE "
// permanent still banned
"(unbandate = bandate OR unbandate > UNIX_TIMESTAMP()) AND ip = '%s'", address.c_str());
if (qresult)
{
result = WOW_FAIL_BANNED;
BASIC_LOG("[AuthChallenge] Banned ip %s tries to login!", get_remote_address().c_str());
delete qresult;
}
else
{
///- Get the account details from the account table
// No SQL injection (escaped user name)
//qresult = LoginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '%s'",_safelogin.c_str());
qresult = LoginDatabase.PQuery("SELECT a.sha_pass_hash,a.id,a.locked,a.last_ip,aa.gmlevel,a.v,a.s FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE username = '%s'", _safelogin.c_str());
if (qresult)
{
std::string rI = (*qresult)[0].GetCppString();
uint32 accountId = (*qresult)[1].GetUInt32();
uint8 locked = (*qresult)[2].GetUInt8();
std::string lastIP = (*qresult)[3].GetString();
uint8 secLevel = (*qresult)[4].GetUInt8();
std::string databaseV = (*qresult)[5].GetCppString();
std::string databaseS = (*qresult)[6].GetCppString();
bool blockLogin = false;
if (sConfig.GetBoolDefault("MultiIPCheck", false))
{
int32 iplimit = sConfig.GetIntDefault("MultiIPLimit", 10);
int32 multiIPdelay = sConfig.GetIntDefault("MultiIPPeriodInHours", 48);
// If a GM account login ignore MultiIP
QueryResult* ipcheck = LoginDatabase.PQuery("SELECT id FROM account WHERE last_ip = '%s' AND id != %u AND last_login > NOW() - INTERVAL %u HOUR ORDER BY last_login DESC;", get_remote_address().c_str(), accountId, multiIPdelay);
if (ipcheck)
//.........这里部分代码省略.........