src/game/src/db.cpp

@@ -1,19 +1,21 @@
 #include "stdafx.h"
 #include <sstream>
 #include <common/length.h>
-#include <argon2.h>
 
 #include "db.h"
+
 #include "config.h"
 #include "desc_client.h"
 #include "desc_manager.h"
 #include "char.h"
 #include "char_manager.h"
 #include "item.h"
+#include "item_manager.h"
 #include "p2p.h"
 #include "matrix_card.h"
 #include "log.h"
 #include "login_data.h"
+#include "locale_service.h"
 #include "spam.h"
 
 extern std::string g_stBlockDate;
@@ -273,8 +275,8 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 
 				if (pMsg->Get()->uiNumRows == 0)
 				{
-                    SPDLOG_DEBUG("   WRONGCRD");
+                    SPDLOG_DEBUG("   NOID");
-                    LoginFailure(d, "WRONGCRD");
+                    LoginFailure(d, "NOID");
                     M2_DELETE(pinfo);
 				}
 				else
@@ -282,7 +284,8 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 					MYSQL_ROW row = mysql_fetch_row(pMsg->Get()->pSQLResult);
 					int col = 0;
 
-					// password, securitycode, social_id, id, status
+					// '%s', password, securitycode, social_id, id, status
+					char szPlainPassword[128 + 1];
 					char szHashedPassword[128 + 1];
 					char szMatrixCode[MATRIX_CODE_MAX_LEN + 1];
 					char szSocialID[SOCIAL_ID_MAX_LEN + 1];
@@ -296,6 +299,15 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 						break; 
 					}
 
+					strlcpy(szPlainPassword, row[col++], sizeof(szPlainPassword));
+
+					if (!row[col]) 
+					{
+						SPDLOG_ERROR("error column {}", col);
+						M2_DELETE(pinfo);
+						break;
+					}
+
 					strlcpy(szHashedPassword, row[col++], sizeof(szHashedPassword));
 
 					if (!row[col]) 
@@ -362,12 +374,12 @@ void DBManager::AnalyzeReturnQuery(SQLMsg * pMsg)
 					SPDLOG_DEBUG("Create_Time {} {}", retValue, szCreateDate);
 					SPDLOG_DEBUG("Block Time {} ", strncmp(szCreateDate, g_stBlockDate.c_str(), 8));
 
-					bool loginStatus = argon2id_verify(szHashedPassword, pinfo->passwd, strlen(pinfo->passwd)) == ARGON2_OK;
+					bool loginStatus = hash_secure_verify(szHashedPassword, szPlainPassword);
 
 					if (!loginStatus)
 					{
-						LoginFailure(d, "WRONGCRD");
+						LoginFailure(d, "WRONGPWD");
-						SPDLOG_DEBUG("   WRONGCRD");
+						SPDLOG_DEBUG("   WRONGPWD");
 						M2_DELETE(pinfo);
 					}
 					else if (bNotAvail)

src/game/src/input_auth.cpp

@@ -4,6 +4,9 @@
 #include "input.h"
 #include "desc_client.h"
 #include "desc_manager.h"
+#include "protocol.h"
+#include "matrix_card.h"
+#include "locale_service.h"
 #include "db.h"
 
 extern time_t get_global_time();
@@ -30,6 +33,13 @@ bool FN_IS_VALID_LOGIN_STRING(const char *str)
 	return true;
 }
 
+bool Login_IsInChannelService(const char* c_login)
+{
+	if (c_login[0] == '[')
+		return true;
+	return false;
+}
+
 CInputAuth::CInputAuth()
 {
 }
@@ -60,7 +70,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 	{
 		SPDLOG_DEBUG("InputAuth::Login : IS_NOT_VALID_LOGIN_STRING({}) desc {}",
 				login, (void*) get_pointer(d));
-		LoginFailure(d, "WRONGCRD");
+		LoginFailure(d, "NOID");
 		return;
 	}
 
@@ -90,11 +100,14 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 	TPacketCGLogin3 * p = M2_NEW TPacketCGLogin3;
 	memcpy(p, pinfo, sizeof(TPacketCGLogin3));
 
+	char szPasswd[PASSWD_MAX_LEN * 2 + 1];
+	DBManager::instance().EscapeString(szPasswd, sizeof(szPasswd), passwd, strlen(passwd));
+
 	char szLogin[LOGIN_MAX_LEN * 2 + 1];
 	DBManager::instance().EscapeString(szLogin, sizeof(szLogin), login, strlen(login));
 
 	DBManager::instance().ReturnQuery(QID_AUTH_LOGIN, dwKey, p, 
-			"SELECT password,securitycode,social_id,id,status,availDt - NOW() > 0,"
+			"SELECT '%s',password,securitycode,social_id,id,status,availDt - NOW() > 0,"
 			"UNIX_TIMESTAMP(silver_expire),"
 			"UNIX_TIMESTAMP(gold_expire),"
 			"UNIX_TIMESTAMP(safebox_expire),"
@@ -104,7 +117,7 @@ void CInputAuth::Login(LPDESC d, const char * c_pData)
 			"UNIX_TIMESTAMP(money_drop_rate_expire),"
 			"UNIX_TIMESTAMP(create_time)"
 			" FROM account WHERE login='%s'",
-			szLogin);
+			szPasswd, szLogin);
 }
 
 int CInputAuth::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)

src/game/src/input_db.cpp

@@ -26,9 +26,11 @@
 #include "building.h"
 #include "login_sim.h"
 #include "wedding.h"
+#include "login_data.h"
 #include "unique_item.h"
 
 #include "monarch.h"
+#include "affect.h"
 #include "castle.h"
 #include "motion.h"
 
@@ -1954,11 +1956,11 @@ int CInputDB::Analyze(LPDESC d, BYTE bHeader, const char * c_pData)
 		break;
 
 	case HEADER_DG_LOGIN_NOT_EXIST:
-		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGCRD");
+		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "NOID");
 		break;
 
 	case HEADER_DG_LOGIN_WRONG_PASSWD:
-		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGCRD");
+		LoginFailure(DESC_MANAGER::instance().FindByHandle(m_dwHandle), "WRONGPWD");
 		break;
 
 	case HEADER_DG_LOGIN_ALREADY:

src/game/src/utils.cpp

@@ -1,5 +1,11 @@
+#include <argon2.h>
 #include "stdafx.h"
 
+bool hash_secure_verify(const char *hashed_pwd, const char *plain_pwd)
+{
+	return argon2id_verify(hashed_pwd, plain_pwd, strlen(plain_pwd)) == ARGON2_OK;
+}
+
 static int global_time_gap = 0;
 
 time_t get_global_time()

src/game/src/utils.h

@@ -9,6 +9,8 @@
 #define REMOVE_BIT(var, bit)	((var) &= ~(bit))
 #define TOGGLE_BIT(var, bit)	((var) = (var) ^ (bit))
 
+bool hash_secure_verify(const char *, const char *);
+
 inline float DISTANCE_SQRT(int dx, int dy)
 {
     return ::sqrt((float)dx * dx + (float)dy * dy);