Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ALTER PROCEDURE [dbo].[WZ_ACCOUNT_LOGIN]
- @in_IP varchar(100),
- @in_EMail varchar(100),
- @in_HardwareID varchar(50),
- @in_Mac varchar(50),
- @in_Password varchar(100),
- @in_Country varchar(50)=''
- AS
- BEGIN
- SET NOCOUNT ON;
- declare @CustomerID int
- declare @MD5Password varchar(100)
- declare @AccAccountStatus int = 0 -- this is Accounts.AccountStatus
- declare @BadLoginCount int
- declare @BadLoginIP varchar(128)
- declare @BadLoginTime datetime
- -- this call is always valid
- select 0 as ResultCode
- -- search for record with username
- SELECT
- @CustomerID=CustomerID,
- @MD5Password=MD5Password,
- @AccAccountStatus=AccountStatus,
- @BadLoginCount=BadLoginCount,
- @BadLoginIP=BadLoginIP,
- @BadLoginTime=BadLoginTime
- FROM Accounts
- WHERE email=@in_Email
- if (@@RowCount = 0) begin
- select
- 1 as LoginResult,
- 0 as CustomerID,
- 0 as AccountStatus,
- 0 as SteamUserID
- return
- end
- -- if there was 10 unsuccessful attempts from KNOWN ips, block user for 60min
- if(@BadLoginCount >= 10 and exists (select RecordID from LoginBadIPs where IP=@in_IP and CustomerID=@CustomerID))
- begin
- declare @MinsAfterBadLogin int = DATEDIFF(minute, @BadLoginTime, GETDATE())
- if(@MinsAfterBadLogin < 60) begin
- select
- 5 as LoginResult,
- @CustomerID as CustomerID,
- 210 as AccountStatus,
- 0 as SessionID,
- 0 as IsDeveloper,
- 0 as SteamUserID
- return
- end
- end
- -- check MD5 password
- declare @MD5FromPwd varchar(100)
- exec FN_CreateMD5Password @in_Password, @MD5FromPwd OUTPUT
- if(@MD5Password <> @MD5FromPwd)
- begin
- -- increase bad login count
- update Accounts set BadLoginCount=(BadLoginCount+1), BadLoginIP=@in_IP, BadLoginTime=GETDATE() where CustomerID=@CustomerID
- declare @RecordID int = 0
- select @RecordID=RecordID from LoginBadIPs where IP=@in_IP and CustomerID=@CustomerID
- if(@@ROWCOUNT > 0) begin
- update LoginBadIPs set Attempts=Attempts+1 where RecordID=@RecordID
- end
- else begin
- insert into LoginBadIPs (IP, CustomerID, Attempts) values (@in_IP, @CustomerID, 1)
- end
- select
- 2 as LoginResult,
- 0 as CustomerID,
- 0 as AccountStatus,
- 0 as SteamUserID
- return
- end
- update Accounts set BadLoginCount=0 where CustomerID=@CustomerID
- delete from LoginBadIPs where IP=@in_IP and CustomerID=@CustomerID
- -- check if deleted account because of refund (sync with WZ_SteamLogin)
- if(@AccAccountStatus = 999) begin
- select
- 3 as LoginResult,
- 0 as CustomerID,
- 999 as AccountStatus,
- 0 as SteamUserID
- return
- end
- -- perform actual login
- exec WZ_ACCOUNT_LOGIN_EXEC @in_IP, @in_HardwareID, @in_Mac, @CustomerID, @in_Country, 0
- END
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement