[gunzemulator] r346 committed - Added error-checking for accountIDs. This should be replaced with...

0 views
Skip to first unread message

gunzem...@googlecode.com

unread,
Jun 27, 2010, 4:12:56 PM6/27/10
to gogo-dev...@googlegroups.com
Revision: 346
Author: cg.wowus.cg
Date: Sun Jun 27 13:12:05 2010
Log: Added error-checking for accountIDs. This should be replaced with
actually passing const references to AccountInfo to database, but I'll
do that later. CharacterID validation is still not done.
http://code.google.com/p/gunzemulator/source/detail?r=346

Modified:
/trunk/database/src/MySQL/modules/CreateCharacter.cpp
/trunk/database/src/MySQL/modules/DeleteCharacter.cpp
/trunk/database/src/MySQL/modules/GetAccountInfo.cpp
/trunk/database/src/MySQL/modules/GetCID.cpp
/trunk/database/src/MySQL/modules/GetCharacterInfo.cpp
/trunk/database/src/MySQL/modules/GetCharacterList.cpp
/trunk/gogo/src/modules/OnCharCreate.cpp
/trunk/gogo/src/modules/OnCharDelete.cpp
/trunk/gogo/src/modules/OnCharInfo.cpp
/trunk/gogo/src/modules/OnCharList.cpp
/trunk/gogo/src/modules/OnCharSelect.cpp
/trunk/include/database/AccountInfo.h

=======================================
--- /trunk/database/src/MySQL/modules/CreateCharacter.cpp Thu Jun 24
17:29:27 2010
+++ /trunk/database/src/MySQL/modules/CreateCharacter.cpp Sun Jun 27
13:12:05 2010
@@ -28,6 +28,9 @@

void MySQLGunzDB::CreateCharacter(uint32_t aid, string name, uint32_t
marker, uint32_t sex, uint32_t hair, uint32_t face, uint32_t costume)
{
+ if(aid == 0xFFFFFFFF)
+ throw InvalidAccountInfo();
+
if (!NameExists(name))
throw NameInUse();

=======================================
--- /trunk/database/src/MySQL/modules/DeleteCharacter.cpp Thu Jun 24
18:26:43 2010
+++ /trunk/database/src/MySQL/modules/DeleteCharacter.cpp Sun Jun 27
13:12:05 2010
@@ -24,6 +24,9 @@
if(marker > 3)
return;

+ if(aid == 0xFFFFFFFF)
+ throw InvalidAccountInfo();
+
exec_query(
bind(make_delete_character_query, _1, aid, marker)
);
=======================================
--- /trunk/database/src/MySQL/modules/GetAccountInfo.cpp Thu Jun 24
17:29:27 2010
+++ /trunk/database/src/MySQL/modules/GetAccountInfo.cpp Sun Jun 27
13:12:05 2010
@@ -31,13 +31,9 @@
if(rowCount == 0)
throw InvalidAccountInfo();

- AccountInfo ret;
const Row& row = result[0];

- ret.AccountId = row["aid"];
- ret.AccountAccess = row["ugradeid"];
- ret.AccountPremium = row["ugradeid"];
- ret.AccountName = username;
+ AccountInfo ret(row["aid"], username, row["ugradeid"], row["pgradeid"]);

if ((ret.AccountAccess == 253) || (ret.AccountAccess == 105))
throw BannedUser(username);
=======================================
--- /trunk/database/src/MySQL/modules/GetCID.cpp Thu Jun 24 17:29:27 2010
+++ /trunk/database/src/MySQL/modules/GetCID.cpp Sun Jun 27 13:12:05 2010
@@ -25,6 +25,9 @@

uint32_t MySQLGunzDB::GetCID(uint32_t aid, uint32_t marker)
{
+ if(aid == 0xFFFFFFFF)
+ throw InvalidAccountInfo();
+
return run_query<uint32_t>(
bind(make_get_cid_query, _1, aid, marker),
handle_get_cid
=======================================
--- /trunk/database/src/MySQL/modules/GetCharacterInfo.cpp Thu Jun 24
17:29:27 2010
+++ /trunk/database/src/MySQL/modules/GetCharacterInfo.cpp Sun Jun 27
13:12:05 2010
@@ -66,6 +66,9 @@

CharacterInfo MySQLGunzDB::GetCharacterInfo(uint32_t aid, uint8_t slot)
{
+ if(aid == 0xFFFFFFFF)
+ throw InvalidAccountInfo();
+
// Normal, clan, equip, inventory.
CharacterInfo ret = run_query<CharacterInfo>(
bind(make_get_character_info_query, _1, aid,
static_cast<uint32_t>(slot)),
=======================================
--- /trunk/database/src/MySQL/modules/GetCharacterList.cpp Thu Jun 24
17:29:27 2010
+++ /trunk/database/src/MySQL/modules/GetCharacterList.cpp Sun Jun 27
13:12:05 2010
@@ -40,6 +40,9 @@

SmallVector<CharacterEntry, 4> MySQLGunzDB::GetCharacterList(uint32_t aid)
{
+ if(aid == 0xFFFFFFFF)
+ throw InvalidAccountInfo();
+
return run_query<SmallVector<CharacterEntry, 4> >(
bind(make_get_character_list_query, _1, aid),
handle_get_character_list
=======================================
--- /trunk/gogo/src/modules/OnCharCreate.cpp Sat Jun 26 14:21:44 2010
+++ /trunk/gogo/src/modules/OnCharCreate.cpp Sun Jun 27 13:12:05 2010
@@ -25,6 +25,9 @@

void GoGoClient::OnCharCreate(MUID /* uidPlayer */, uint32_t charMarker,
const std::string& charName, uint32_t charSex, uint32_t charHair, uint32_t
charFace, uint32_t charCostume)
{
+ if(!myAccount.isValid)
+ return transmitter->disconnect();
+
try
{
if(charName.length() <= 3)
=======================================
--- /trunk/gogo/src/modules/OnCharDelete.cpp Sat Jun 26 14:21:44 2010
+++ /trunk/gogo/src/modules/OnCharDelete.cpp Sun Jun 27 13:12:05 2010
@@ -17,6 +17,9 @@

void GoGoClient::OnCharDelete(MUID /* uidPlayer */, uint32_t charMarker,
const std::string& /* charName */)
{
+ if(!myAccount.isValid)
+ return transmitter->disconnect();
+
database->DeleteCharacter(myAccount.AccountId, charMarker);
transmitter->send(packet::protocol::Match_ResponseDeleteChar(PEC_NONE));
}
=======================================
--- /trunk/gogo/src/modules/OnCharInfo.cpp Fri Jun 25 16:32:59 2010
+++ /trunk/gogo/src/modules/OnCharInfo.cpp Sun Jun 27 13:12:05 2010
@@ -25,6 +25,9 @@
logger->info(format("[%1%] Hack Detected! (Tried to get info for an
out-of-bounds character)") % transmitter->get_ip());
return transmitter->disconnect();
}
+
+ if(!myAccount.isValid)
+ return transmitter->disconnect();

try {
myCharacter = database->GetCharacterInfo(myAccount.AccountId, marker);
=======================================
--- /trunk/gogo/src/modules/OnCharList.cpp Fri Jun 25 16:32:59 2010
+++ /trunk/gogo/src/modules/OnCharList.cpp Sun Jun 27 13:12:05 2010
@@ -21,6 +21,9 @@

typedef SmallVector<CharacterEntry, 4> CharList;

+ if(!myAccount.isValid)
+ return transmitter->disconnect();
+
CharList charList = database->GetCharacterList(myAccount.AccountId);
blob charBlob(charList.size(), 34);

=======================================
--- /trunk/gogo/src/modules/OnCharSelect.cpp Fri Jun 25 16:32:59 2010
+++ /trunk/gogo/src/modules/OnCharSelect.cpp Sun Jun 27 13:12:05 2010
@@ -19,11 +19,14 @@
{
using packet::protocol::Match_ResponseSelectChar;

- if (marker > 3)
+ if(marker > 3)
{
logger->info(format("[%1%] Hack Detected! (Tried to get info for an
out-of-bounds character)") % transmitter->get_ip());
return transmitter->disconnect();
}
+
+ if(!myAccount.isValid)
+ return transmitter->disconnect();

try
{
=======================================
--- /trunk/include/database/AccountInfo.h Fri Jun 25 08:39:54 2010
+++ /trunk/include/database/AccountInfo.h Sun Jun 27 13:12:05 2010
@@ -9,12 +9,26 @@
boost::uint8_t AccountAccess;
boost::uint8_t AccountPremium;

- AccountInfo ()
- {
- AccountId = -1;
- AccountName = "";
- AccountAccess = 0;
- AccountPremium = 0;
+ bool isValid;
+
+ // This is very dangerous. We shouldn't be doing this, but its necessary
+ // for it to be allocated with GoGoClient.
+ AccountInfo()
+ : AccountId(0xFFFFFFFF), isValid(false)
+ {
+ }
+
+ AccountInfo(
+ boost::uint32_t accountID,
+ const std::string& accountName,
+ boost::uint8_t accountAccess,
+ boost::uint8_t accountPremium)
+ : AccountId(accountID),
+ AccountName(accountName),
+ AccountAccess(accountAccess),
+ AccountPremium(accountPremium),
+ isValid(true)
+ {
}

};

Reply all
Reply to author
Forward
0 new messages