[8450] Prevented using of plaintext passwords in sql queries Author: arrai

--HG-- branch : trunk
2026-01-22 10:05:32 +01:00 · 2009-09-02 18:14:10 -05:00
parent 9d161ff757
commit ea12ff233b
6 changed files with 60 additions and 27 deletions
--- a/src/game/WorldSocket.cpp
+++ b/src/game/WorldSocket.cpp
@@ -804,13 +804,10 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)

    // Re-check account ban (same check as in realmd)
    QueryResult *banresult =
-          loginDatabase.PQuery ("SELECT "
-                                "bandate, "
-                                "unbandate "
-                                "FROM account_banned "
-                                "WHERE id = '%u' "
-                                "AND active = 1",
-                                id);
+          loginDatabase.PQuery ("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 "
+                                "UNION "
+                                "SELECT 1 FROM ip_banned WHERE ip = '%s'",
+                                id, GetRemoteAddress().c_str());

    if (banresult) // if account banned
    {