public void AcctLogin(string user, byte[] hash, uint cliChg, uint srvChg, pnCallback cb = null)
{
pnCli2Vault_AcctLoginRequest req = new pnCli2Vault_AcctLoginRequest();
req.fAccount = user;
req.fCliChg = cliChg;
req.fHash = hash;
req.fSrvChg = srvChg;
req.fTransID = GetTransID();
lock (fStream) {
if (cb != null)
fCallbacks.Add(req.fTransID, cb);
req.Send(fStream);
}
}
private void IAcctLogin()
{
pnCli2Vault_AcctLoginRequest req = new pnCli2Vault_AcctLoginRequest();
req.Read(fStream);
pnVault2Cli_AcctLoginReply reply = new pnVault2Cli_AcctLoginReply();
reply.fTransID = req.fTransID;
reply.fResult = ENetError.kNetSuccess;
try {
pnSqlSelectStatement acct = new pnSqlSelectStatement();
acct.AddColumn("Idx");
acct.AddColumn("Password");
acct.AddColumn("Permissions");
acct.AddColumn("Guid");
acct.AddWhere("Username", req.fAccount);
acct.Limit = 1;
acct.Table = "Accounts";
IDataReader r = acct.Execute(fDb);
uint? acctID = new uint?();
if (r.Read()) {
// eap has made this password thing difficult for us...
// Usernames that are email addresses do some strange SHA-0 stuff,
// but normal usernames are just a SHA-1 hash. Lawd help us.
byte[] gPass = pnHelpers.GetBytes(r["Password"].ToString());
if (req.fAccount.Contains('@'))
gPass = pnHelpers.HashLogin(gPass, req.fCliChg, req.fSrvChg);
// ... Nice, Microsoft. Neither the == operator nor the Equals method
// actually tests the values >.<
if (gPass.SequenceEqual(req.fHash)) {
acctID = (uint)r["Idx"];
reply.fAcctGuid = new Guid(r["Guid"].ToString());
reply.fPermissions = (int)r["Permissions"];
if (reply.fPermissions == (int)pnAcctPerms.Banned)
reply.fResult = ENetError.kNetErrAccountBanned;
} else
reply.fResult = ENetError.kNetErrAuthenticationFailed;
} else
// I realize there is an "Account Not Found" Error, but that's
// kind of a security hole.
reply.fResult = ENetError.kNetErrAuthenticationFailed;
r.Close();
// Now grab the avatars
if (acctID.HasValue) {
pnSqlSelectStatement avatars = new pnSqlSelectStatement();
avatars.AddColumn("Model");
avatars.AddColumn("Name");
avatars.AddColumn("PlayerIdx");
avatars.AddWhere("AcctIdx", acctID.Value.ToString());
avatars.Limit = 5;
avatars.Table = "Players";
r = avatars.Execute(fDb);
List<pnVaultAvatarInfo> players = new List<pnVaultAvatarInfo>();
while (r.Read()) {
pnVaultAvatarInfo info = new pnVaultAvatarInfo();
info.fModel = r["Model"].ToString();
info.fPlayerID = (uint)r["PlayerIdx"];
info.fPlayerName = r["Name"].ToString();
players.Add(info);
}
reply.fAvatars = players.ToArray();
r.Close();
}
} catch (pnDbException e) {
Error(e, "Database Error on Login");
reply.fResult = ENetError.kNetErrInternalError;
}
reply.Send(fStream);
}