There is one incorrect field length related to guilds in the database, which can be used to cause an overflow client-side, by sending CMSG_GUILD_INFO_TEXT with long strings.
The guild information has the same 500 characters client-side limit as the guild bank tab information, but on server-side it can be 65k characters long. A lengthy guild info makes the whole Guild panel unusable.
Length of the other fields match the client's limits in the database: guild bank tab name (16), public note (31), officer note (31), motd (128), guild bank tab info (500).
Closes#11395
Signed-off-by: DDuarte <dnpd.dd@gmail.com>
Settings within worldserver.conf:
Three settings for secruity level:
0 - None - No change to current system
1 - Email - Always requires the email entered on registration for confirming.
2 - RBAC - Groups applied with the RBAC role always require the email entered on registration for confirming.
RBAC default to every group. Changed some logs to make it more clear what is going on at all.
Emails may now no longer exceed 64 chars. Current email is used as regmail.
On account creation, two emails are saved. Registration email and normal email. Normal email is relevant afterwards. Registration email can be changed by console ONLY.
Includes new commands and changes to existing ones:
.account fulfills several new functions:
* Still prints GM Level.
* If account has permission, it displays the current email. This is not defaulted to any group.
* Security level is displayed. Also displays if user has RBAC perm if RBAC security mode is selected
.account email allows user to change email with sufficient confirmation
.account set sec email allows higher sec with higher sec than account to change the normal email. Registrationemail remains untouched here.
.account set sec regmail allows console to change registration email.
.pinfo now displays the registration and normal mail.
Also fixes .learn all crafts.
Closes#10558
New column in account table is a base32 of token key bytes,
coincidentally it is the same format Google's Authenticator Android app uses.
If you want that to work, set system time on server correctly and use ntpd.
Closes#10527
Signed-off-by: Nay <dnpd.dd@gmail.com>
* Moved some checks around
* Added RBAC Permission for Email, last login and last ip (group 3 and 4) -- If missing RBAC permission, then it displays "Unauthorized (RBAC)"
* Changed totalmail output from uint64 to uint32
* Level either puts Max level, or a list of information necessary
* Only queries guild if the current xp query also detects guild membership
* Incorporated recent changes into code
* Commander requires higher than target to get sensitive data beside RBAC permission.
* Unlooted items / money persist across player sessions
* Loot inside items is tied to the item rather than the player so if trading
partially looted items becomes possible, this implementation will still work
* New tables added:
characters_database.sql (first time users)
characters_create_item_loot.sql (existing users)
Implementation Can be tested with:
Watertight Trunk [21113]
Bulging Sack of Gems [25422]
Fat Sack of Coins [11937]
Closes#2048
There are still some issues that need to be fixed, for more info see CalendarHandler.cpp TODO part.
Some unblizzlike behaviour possible, we don't have a lot of sniffs.
Big thanks to @Warpten, he joined my project and helped a lot.
IMPORTANT NOTE: Read / append packed time functions in ByteBuffer.h are not correct, they need to be fixed in order to have event times accurate
Signed-off-by: Nay <dnpd.dd@gmail.com>
