* Require all RA use to have -1 (equal power across all realms) to prevent abuse

* of people using RA to assign powers to themselves on other realms. Thanks Sundark. --HG-- branch : trunk
2026-01-21 01:37:37 +01:00 · 2009-12-22 22:27:15 -06:00
parent 76ed9dd088
commit f637efa908
1 changed files with 7 additions and 1 deletions
--- a/src/trinitycore/RASocket.cpp
+++ b/src/trinitycore/RASocket.cpp
@@ -154,7 +154,7 @@ void RASocket::OnRead()
                    ///- Escape the Login to allow quotes in names
                    loginDatabase.escape_string(login);

-                    QueryResult* result = loginDatabase.PQuery("SELECT a.id, aa.gmlevel FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = '%s' AND aa.RealmID = '-1'",login.c_str ());
+                    QueryResult* result = loginDatabase.PQuery("SELECT a.id, aa.gmlevel, aa.RealmID FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = '%s'",login.c_str ());

                    ///- If the user is not found, deny access
                    if(!result)
@@ -175,6 +175,12 @@ void RASocket::OnRead()
                            Sendf("-Not enough privileges.\r\n");
                            sLog.outRemote("User %s has no privilege.\n",szLogin.c_str());
                            if(bSecure)SetCloseAndDelete();
+                        }   else if(fields[2].GetUInt32() != '-1')
+                        {
+                            ///- if RealmID isn't -1, deny access
+                            Sendf("-Not enough privileges.\r\n");
+                            sLog.outRemote("User %s has to be assigned on all realms (with RealmID = '-1').\n",szLogin.c_str());
+                            if(bSecure)SetCloseAndDelete();
                        }   else
                        {
                            stage=LG;