API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 8th, 2017
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 4.68 KB | None | 0 0
raw download clone embed print report
  1. Index: logonserver/AccountCache.cpp
  2. ===================================================================
  3. --- logonserver/AccountCache.cpp    (Revision 3430)
  4. +++ logonserver/AccountCache.cpp    (Arbeitskopie)
  5. @@ -128,9 +128,22 @@
  6.     ASCENT_TOUPPER(Password);
  7.    
  8.     // Prehash the I value.
  9. -   hash.UpdateData((Username + ":" + Password));
  10. -   hash.Finalize();
  11. -   memcpy(acct->SrpHash, hash.GetDigest(), 20);
  12. +   if (Password.length() != 40)
  13. +   {
  14. +       hash.UpdateData((Username + ":" + Password));
  15. +       hash.Finalize();
  16. +       memcpy(acct->SrpHash, hash.GetDigest(), 20);
  17. +   }
  18. +   else
  19. +   {
  20. +        BigNumber bn;
  21. +        bn.SetHexStr(Password.c_str());
  22. +        uint8 mDigest[20];
  23. +        memset(mDigest,0,20);
  24. +        memcpy(mDigest,bn.AsByteArray(),bn.GetNumBytes());
  25. +        std::reverse(mDigest,mDigest+20);
  26. +       memcpy(acct->SrpHash, mDigest, 20);
  27. +   }
  28.  
  29.     AccountDatabase[Username] = acct;
  30.  }
  31. @@ -172,9 +185,22 @@
  32.     ASCENT_TOUPPER(Password);
  33.  
  34.     // Prehash the I value.
  35. -   hash.UpdateData((Username + ":" + Password));
  36. -   hash.Finalize();
  37. -   memcpy(acct->SrpHash, hash.GetDigest(), 20);
  38. +   if (Password.length() != 40)
  39. +   {
  40. +       hash.UpdateData((Username + ":" + Password));
  41. +       hash.Finalize();
  42. +       memcpy(acct->SrpHash, hash.GetDigest(), 20);
  43. +   }
  44. +   else
  45. +   {
  46. +        BigNumber bn;
  47. +        bn.SetHexStr(Password.c_str());
  48. +        uint8 mDigest[20];
  49. +        memset(mDigest,0,20);
  50. +        memcpy(mDigest,bn.AsByteArray(),bn.GetNumBytes());
  51. +        std::reverse(mDigest,mDigest+20);
  52. +       memcpy(acct->SrpHash, mDigest, 20);
  53. +   }
  54.  }
  55.  
  56.  void AccountMgr::ReloadAccountsCallback()
  57. Index: game/Level3.cpp
  58. ===================================================================
  59. --- game/Level3.cpp (Revision 3430)
  60. +++ game/Level3.cpp (Arbeitskopie)
  61. @@ -791,11 +791,12 @@
  62.         return false;
  63.  
  64.     std::stringstream my_sql;
  65. -   my_sql << "UPDATE accounts SET password = '" << password << "' WHERE login = '" << account << "'";
  66. +   my_sql << "UPDATE accounts SET password = SHA1(CONCAT(UPPER(`login`),':',UPPER('" << password << "')))  WHERE login = '" << account << "'";
  67.  
  68.     sLogonCommHandler.LogonDatabaseSQLExecute(my_sql.str().c_str());
  69.  
  70.     GreenSystemMessage(m_session, "Account '%s' password has been changed to '%s'. The change will be effective with the next reload cycle.", account, password);
  71. +   sGMLog.writefromsession(m_session, "Account %s password has been changed to %s", account, password);
  72.  
  73.     return true;
  74.  }
  75. @@ -2482,7 +2483,7 @@
  76.     {
  77.         // username = password :P
  78.         BlueSystemMessage(m_session, "Changed password of %s to %s.", password, username);
  79. -       sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = '%s' WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(username).c_str());
  80. +       sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = SHA1(CONCAT(UPPER(`login`),':',UPPER('%s'))) WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(username).c_str());
  81.         sLogonCommHandler.LogonDatabaseReloadAccounts();
  82.         sGMLog.writefromsession(m_session, "used change password command, %s to %s.", password, username);
  83.     }
  84. @@ -2490,7 +2491,7 @@
  85.     {
  86.         // changing our own username.
  87.         BlueSystemMessage(m_session, "Changed your password to %s.", password);
  88. -       sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = '%s' WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(m_session->GetAccountName()).c_str());
  89. +       sLogonCommHandler.LogonDatabaseSQLExecute("UPDATE accounts SET password = SHA1(CONCAT(UPPER(`login`),':',UPPER('%s'))) WHERE login = '%s'", WorldDatabase.EscapeString(password).c_str(), WorldDatabase.EscapeString(m_session->GetAccountName()).c_str());
  90.         sLogonCommHandler.LogonDatabaseReloadAccounts();
  91.         sGMLog.writefromsession(m_session, "used change password command, self to %s.", password);
  92.     }
  93. Index: ascent/ConsoleCommands.cpp
  94. ===================================================================
  95. --- ascent/ConsoleCommands.cpp  (Revision 3430)
  96. +++ ascent/ConsoleCommands.cpp  (Arbeitskopie)
  97. @@ -224,7 +224,7 @@
  98.     string spassword = CharacterDatabase.EscapeString(string(password));
  99.     string semail = CharacterDatabase.EscapeString(string(email));
  100.  
  101. -   sLogonCommHandler.LogonDatabaseSQLExecute("INSERT INTO accounts (login, password, email, flags) VALUES('%s','%s','%s',%u)",susername.c_str(), spassword.c_str(),
  102. +   sLogonCommHandler.LogonDatabaseSQLExecute("INSERT INTO accounts (login, password, email, flags) VALUES('%s',SHA1(CONCAT(UPPER('%s'),':',UPPER('%s'))),'%s',%u)",susername.c_str(), susername.c_str(), spassword.c_str(),
  103.         semail.c_str(), flags);
  104.  
  105.     pConsole->Write("Account created.\r\n");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!