예제 #1
0
        public void AcctLogin(string user, byte[] hash, uint cliChg, uint srvChg, pnCallback cb = null)
        {
            pnCli2Vault_AcctLoginRequest req = new pnCli2Vault_AcctLoginRequest();
            req.fAccount = user;
            req.fCliChg = cliChg;
            req.fHash = hash;
            req.fSrvChg = srvChg;
            req.fTransID = GetTransID();

            lock (fStream) {
                if (cb != null)
                    fCallbacks.Add(req.fTransID, cb);
                req.Send(fStream);
            }
        }
예제 #2
0
        private void IAcctLogin()
        {
            pnCli2Vault_AcctLoginRequest req = new pnCli2Vault_AcctLoginRequest();
            req.Read(fStream);

            pnVault2Cli_AcctLoginReply reply = new pnVault2Cli_AcctLoginReply();
            reply.fTransID = req.fTransID;
            reply.fResult = ENetError.kNetSuccess;

            try {
                pnSqlSelectStatement acct = new pnSqlSelectStatement();
                acct.AddColumn("Idx");
                acct.AddColumn("Password");
                acct.AddColumn("Permissions");
                acct.AddColumn("Guid");
                acct.AddWhere("Username", req.fAccount);
                acct.Limit = 1;
                acct.Table = "Accounts";
                IDataReader r = acct.Execute(fDb);

                uint? acctID = new uint?();
                if (r.Read()) {
                    // eap has made this password thing difficult for us...
                    // Usernames that are email addresses do some strange SHA-0 stuff,
                    // but normal usernames are just a SHA-1 hash. Lawd help us.
                    byte[] gPass = pnHelpers.GetBytes(r["Password"].ToString());
                    if (req.fAccount.Contains('@'))
                        gPass = pnHelpers.HashLogin(gPass, req.fCliChg, req.fSrvChg);

                    // ... Nice, Microsoft. Neither the == operator nor the Equals method
                    // actually tests the values >.<
                    if (gPass.SequenceEqual(req.fHash)) {
                        acctID = (uint)r["Idx"];
                        reply.fAcctGuid = new Guid(r["Guid"].ToString());
                        reply.fPermissions = (int)r["Permissions"];
                        if (reply.fPermissions == (int)pnAcctPerms.Banned)
                            reply.fResult = ENetError.kNetErrAccountBanned;
                    } else
                        reply.fResult = ENetError.kNetErrAuthenticationFailed;
                } else
                    // I realize there is an "Account Not Found" Error, but that's
                    // kind of a security hole.
                    reply.fResult = ENetError.kNetErrAuthenticationFailed;
                r.Close();

                // Now grab the avatars
                if (acctID.HasValue) {
                    pnSqlSelectStatement avatars = new pnSqlSelectStatement();
                    avatars.AddColumn("Model");
                    avatars.AddColumn("Name");
                    avatars.AddColumn("PlayerIdx");
                    avatars.AddWhere("AcctIdx", acctID.Value.ToString());
                    avatars.Limit = 5;
                    avatars.Table = "Players";
                    r = avatars.Execute(fDb);

                    List<pnVaultAvatarInfo> players = new List<pnVaultAvatarInfo>();
                    while (r.Read()) {
                        pnVaultAvatarInfo info = new pnVaultAvatarInfo();
                        info.fModel = r["Model"].ToString();
                        info.fPlayerID = (uint)r["PlayerIdx"];
                        info.fPlayerName = r["Name"].ToString();
                        players.Add(info);
                    }

                    reply.fAvatars = players.ToArray();
                    r.Close();
                }
            } catch (pnDbException e) {
                Error(e, "Database Error on Login");
                reply.fResult = ENetError.kNetErrInternalError;
            }

            reply.Send(fStream);
        }