API tools faq
paste
Advertisement
Guest User

login

a guest
Sep 1st, 2018
5,512
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.65 KB | None | 0 0
raw download clone embed print report
  1. ALTER PROCEDURE [dbo].[WZ_ACCOUNT_LOGIN]
  2. @in_IP varchar(100),
  3. @in_EMail varchar(100),
  4. @in_HardwareID varchar(50),
  5. @in_Mac varchar(50),
  6. @in_Password varchar(100),
  7. @in_Country varchar(50)=''
  8. AS
  9. BEGIN
  10. SET NOCOUNT ON;
  11.  
  12. declare @CustomerID int
  13. declare @MD5Password varchar(100)
  14. declare @AccAccountStatus int = 0 -- this is Accounts.AccountStatus
  15. declare @BadLoginCount int
  16. declare @BadLoginIP varchar(128)
  17. declare @BadLoginTime datetime
  18.  
  19. -- this call is always valid
  20. select 0 as ResultCode
  21.  
  22. -- search for record with username
  23. SELECT
  24. @CustomerID=CustomerID,
  25. @MD5Password=MD5Password,
  26. @AccAccountStatus=AccountStatus,
  27. @BadLoginCount=BadLoginCount,
  28. @BadLoginIP=BadLoginIP,
  29. @BadLoginTime=BadLoginTime
  30. FROM Accounts
  31. WHERE email=@in_Email
  32. if (@@RowCount = 0) begin
  33. select
  34. 1 as LoginResult,
  35. 0 as CustomerID,
  36. 0 as AccountStatus,
  37. 0 as SteamUserID
  38. return
  39. end
  40.  
  41. -- if there was 10 unsuccessful attempts from KNOWN ips, block user for 60min
  42. if(@BadLoginCount >= 10 and exists (select RecordID from LoginBadIPs where IP=@in_IP and CustomerID=@CustomerID))
  43. begin
  44. declare @MinsAfterBadLogin int = DATEDIFF(minute, @BadLoginTime, GETDATE())
  45. if(@MinsAfterBadLogin < 60) begin
  46. select
  47. 5 as LoginResult,
  48. @CustomerID as CustomerID,
  49. 210 as AccountStatus,
  50. 0 as SessionID,
  51. 0 as IsDeveloper,
  52. 0 as SteamUserID
  53. return
  54. end
  55. end
  56.  
  57. -- check MD5 password
  58. declare @MD5FromPwd varchar(100)
  59. exec FN_CreateMD5Password @in_Password, @MD5FromPwd OUTPUT
  60. if(@MD5Password <> @MD5FromPwd)
  61. begin
  62. -- increase bad login count
  63. update Accounts set BadLoginCount=(BadLoginCount+1), BadLoginIP=@in_IP, BadLoginTime=GETDATE() where CustomerID=@CustomerID
  64.  
  65. declare @RecordID int = 0
  66. select @RecordID=RecordID from LoginBadIPs where IP=@in_IP and CustomerID=@CustomerID
  67. if(@@ROWCOUNT > 0) begin
  68. update LoginBadIPs set Attempts=Attempts+1 where RecordID=@RecordID
  69. end
  70. else begin
  71. insert into LoginBadIPs (IP, CustomerID, Attempts) values (@in_IP, @CustomerID, 1)
  72. end
  73.  
  74. select
  75. 2 as LoginResult,
  76. 0 as CustomerID,
  77. 0 as AccountStatus,
  78. 0 as SteamUserID
  79. return
  80. end
  81.  
  82. update Accounts set BadLoginCount=0 where CustomerID=@CustomerID
  83. delete from LoginBadIPs where IP=@in_IP and CustomerID=@CustomerID
  84.  
  85. -- check if deleted account because of refund (sync with WZ_SteamLogin)
  86. if(@AccAccountStatus = 999) begin
  87. select
  88. 3 as LoginResult,
  89. 0 as CustomerID,
  90. 999 as AccountStatus,
  91. 0 as SteamUserID
  92. return
  93. end
  94.  
  95. -- perform actual login
  96. exec WZ_ACCOUNT_LOGIN_EXEC @in_IP, @in_HardwareID, @in_Mac, @CustomerID, @in_Country, 0
  97. END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!