private void IAcctLogin() { pnCli2Vault_AcctLoginRequest req = new pnCli2Vault_AcctLoginRequest(); req.Read(fStream); pnVault2Cli_AcctLoginReply reply = new pnVault2Cli_AcctLoginReply(); reply.fTransID = req.fTransID; reply.fResult = ENetError.kNetSuccess; try { pnSqlSelectStatement acct = new pnSqlSelectStatement(); acct.AddColumn("Idx"); acct.AddColumn("Password"); acct.AddColumn("Permissions"); acct.AddColumn("Guid"); acct.AddWhere("Username", req.fAccount); acct.Limit = 1; acct.Table = "Accounts"; IDataReader r = acct.Execute(fDb); uint? acctID = new uint?(); if (r.Read()) { // eap has made this password thing difficult for us... // Usernames that are email addresses do some strange SHA-0 stuff, // but normal usernames are just a SHA-1 hash. Lawd help us. byte[] gPass = pnHelpers.GetBytes(r["Password"].ToString()); if (req.fAccount.Contains('@')) gPass = pnHelpers.HashLogin(gPass, req.fCliChg, req.fSrvChg); // ... Nice, Microsoft. Neither the == operator nor the Equals method // actually tests the values >.< if (gPass.SequenceEqual(req.fHash)) { acctID = (uint)r["Idx"]; reply.fAcctGuid = new Guid(r["Guid"].ToString()); reply.fPermissions = (int)r["Permissions"]; if (reply.fPermissions == (int)pnAcctPerms.Banned) reply.fResult = ENetError.kNetErrAccountBanned; } else reply.fResult = ENetError.kNetErrAuthenticationFailed; } else // I realize there is an "Account Not Found" Error, but that's // kind of a security hole. reply.fResult = ENetError.kNetErrAuthenticationFailed; r.Close(); // Now grab the avatars if (acctID.HasValue) { pnSqlSelectStatement avatars = new pnSqlSelectStatement(); avatars.AddColumn("Model"); avatars.AddColumn("Name"); avatars.AddColumn("PlayerIdx"); avatars.AddWhere("AcctIdx", acctID.Value.ToString()); avatars.Limit = 5; avatars.Table = "Players"; r = avatars.Execute(fDb); List<pnVaultAvatarInfo> players = new List<pnVaultAvatarInfo>(); while (r.Read()) { pnVaultAvatarInfo info = new pnVaultAvatarInfo(); info.fModel = r["Model"].ToString(); info.fPlayerID = (uint)r["PlayerIdx"]; info.fPlayerName = r["Name"].ToString(); players.Add(info); } reply.fAvatars = players.ToArray(); r.Close(); } } catch (pnDbException e) { Error(e, "Database Error on Login"); reply.fResult = ENetError.kNetErrInternalError; } reply.Send(fStream); }