Ejemplo n.º 1
0
        public bool CheckPassword(uint accountId, string password)
        {
            string username;

            if (!GetName(accountId, out username))
            {
                return(false);
            }

            PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_CHECK_PASSWORD);

            stmt.AddValue(0, accountId);
            SQLResult result = DB.Login.Query(stmt);

            if (!result.IsEmpty())
            {
                byte[] salt     = result.Read <byte[]>(0);
                byte[] verifier = result.Read <byte[]>(1);
                if (SRP6.CheckLogin(username, password, salt, verifier))
                {
                    return(true);
                }
            }

            return(false);
        }
Ejemplo n.º 2
0
        bool CheckAccessLevelAndPassword(string email, string password)
        {
            //"SELECT a.id, a.username FROM account a LEFT JOIN battlenet_accounts ba ON a.battlenet_account = ba.id WHERE ba.email = ?"
            PreparedStatement stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_BNET_GAME_ACCOUNT_LIST);

            stmt.AddValue(0, email);
            SQLResult result = DB.Login.Query(stmt);

            if (result.IsEmpty())
            {
                Log.outInfo(LogFilter.CommandsRA, $"User {email} does not exist in database");
                return(false);
            }

            uint   accountId = result.Read <uint>(0);
            string username  = result.Read <string>(1);

            stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_ACCOUNT_ACCESS_BY_ID);
            stmt.AddValue(0, accountId);
            result = DB.Login.Query(stmt);
            if (result.IsEmpty())
            {
                Log.outInfo(LogFilter.CommandsRA, $"User {email} has no privilege to login");
                return(false);
            }

            //"SELECT SecurityLevel, RealmID FROM account_access WHERE AccountID = ? and (RealmID = ? OR RealmID = -1) ORDER BY SecurityLevel desc");
            if (result.Read <byte>(0) < ConfigMgr.GetDefaultValue("Ra.MinLevel", (byte)AccountTypes.Administrator))
            {
                Log.outInfo(LogFilter.CommandsRA, $"User {email} has no privilege to login");
                return(false);
            }
            else if (result.Read <int>(1) != -1)
            {
                Log.outInfo(LogFilter.CommandsRA, $"User {email} has to be assigned on all realms (with RealmID = '-1')");
                return(false);
            }

            stmt = DB.Login.GetPreparedStatement(LoginStatements.SEL_CHECK_PASSWORD);
            stmt.AddValue(0, accountId);
            result = DB.Login.Query(stmt);
            if (!result.IsEmpty())
            {
                var salt     = result.Read <byte[]>(0);
                var verifier = result.Read <byte[]>(1);

                if (SRP6.CheckLogin(username, password, salt, verifier))
                {
                    return(true);
                }
            }

            Log.outInfo(LogFilter.CommandsRA, $"Wrong password for user: {email}");
            return(false);
        }