Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Index: logonserver/AccountCache.cpp
- ===================================================================
- --- logonserver/AccountCache.cpp (Revision 3430)
- +++ logonserver/AccountCache.cpp (Arbeitskopie)
- @@ -128,9 +128,22 @@
- ASCENT_TOUPPER(Password);
- // Prehash the I value.
- - hash.UpdateData((Username + ":" + Password));
- - hash.Finalize();
- - memcpy(acct->SrpHash, hash.GetDigest(), 20);
- + if (Password.length() != 40)
- + {
- + hash.UpdateData((Username + ":" + Password));
- + hash.Finalize();
- + memcpy(acct->SrpHash, hash.GetDigest(), 20);
- + }
- + else
- + {
- + BigNumber bn;
- + bn.SetHexStr(Password.c_str());
- + uint8 mDigest[20];
- + memset(mDigest,0,20);
- + memcpy(mDigest,bn.AsByteArray(),bn.GetNumBytes());
- + std::reverse(mDigest,mDigest+20);
- + memcpy(acct->SrpHash, mDigest, 20);
- + }
- AccountDatabase[Username] = acct;
- }
- @@ -172,9 +185,22 @@
- ASCENT_TOUPPER(Password);
- // Prehash the I value.
- - hash.UpdateData((Username + ":" + Password));
- - hash.Finalize();
- - memcpy(acct->SrpHash, hash.GetDigest(), 20);
- + if (Password.length() != 40)
- + {
- + hash.UpdateData((Username + ":" + Password));
- + hash.Finalize();
- + memcpy(acct->SrpHash, hash.GetDigest(), 20);
- + }
- + else
- + {
- + BigNumber bn;
- + bn.SetHexStr(Password.c_str());
- + uint8 mDigest[20];
- + memset(mDigest,0,20);
- + memcpy(mDigest,bn.AsByteArray(),bn.GetNumBytes());
- + std::reverse(mDigest,mDigest+20);
- + memcpy(acct->SrpHash, mDigest, 20);
- + }
- }
- void AccountMgr::ReloadAccountsCallback()
- Index: game/Level3.cpp
- ===================================================================
- --- game/Level3.cpp (Revision 3430)
- +++ game/Level3.cpp (Arbeitskopie)
- @@ -791,11 +791,12 @@
- return false;
- std::stringstream my_sql;
- - my_sql << "UPDATE accounts SET password = '" << password << "' WHERE login = '" << account << "'";
- + my_sql << "UPDATE accounts SET password = SHA1(CONCAT(UPPER(`login`),':',UPPER('" << password << "'))) WHERE login = '" << account << "'";
- sLogonCommHandler.LogonDatabaseSQLExecute(my_sql.str().c_str());
- GreenSystemMessage(m_session, "Account '%s' password has been changed to '%s'. The change will be effective with the next reload cycle.", account, password);
- + sGMLog.writefromsession(m_session, "Account %s password has been changed to %s", account, password);
- return true;
- }
- @@ -2482,7 +2483,7 @@
- {
- // username = password :P
- BlueSystemMessage(m_session, "Changed password of %s to %s.", password, username);
- - sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = '%s' WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(username).c_str());
- + sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = SHA1(CONCAT(UPPER(`login`),':',UPPER('%s'))) WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(username).c_str());
- sLogonCommHandler.LogonDatabaseReloadAccounts();
- sGMLog.writefromsession(m_session, "used change password command, %s to %s.", password, username);
- }
- @@ -2490,7 +2491,7 @@
- {
- // changing our own username.
- BlueSystemMessage(m_session, "Changed your password to %s.", password);
- - sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = '%s' WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(m_session->GetAccountName()).c_str());
- + sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = SHA1(CONCAT(UPPER(`login`),':',UPPER('%s'))) WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(m_session->GetAccountName()).c_str());
- sLogonCommHandler.LogonDatabaseReloadAccounts();
- sGMLog.writefromsession(m_session, "used change password command, self to %s.", password);
- }
- Index: ascent/ConsoleCommands.cpp
- ===================================================================
- --- ascent/ConsoleCommands.cpp (Revision 3430)
- +++ ascent/ConsoleCommands.cpp (Arbeitskopie)
- @@ -224,7 +224,7 @@
- string spassword = CharacterDatabase.EscapeString(string(password));
- string semail = CharacterDatabase.EscapeString(string(email));
- - sLogonCommHandler.LogonDatabaseSQLExecute("INSERT INTO accounts (login, password, email, flags) VALUES('%s','%s','%s',%u)",susername.c_str(), spassword.c_str(),
- + sLogonCommHandler.LogonDatabaseSQLExecute("INSERT INTO accounts (login, password, email, flags) VALUES('%s',SHA1(CONCAT(UPPER('%s'),':',UPPER('%s'))),'%s',%u)",susername.c_str(), susername.c_str(), spassword.c_str(),
- semail.c_str(), flags);
- pConsole->Write("Account created.\r\n");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement