[8450] Prevented using of plaintext passwords in sql queries Author: arrai

--HG-- branch : trunk
author: megamage <none@none> 2009-09-02 18:14:10 -0500
committer: megamage <none@none> 2009-09-02 18:14:10 -0500
commit: ea12ff233b985bd9db6f99eee07fefde80811a94 (patch)
tree: 92109342be4da2582bdc1a97cf10183efaf5452f /src/game/WorldSocket.cpp
parent: 9d161ff757daf47335f7cc84825463cc30818c8c (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/src/game/WorldSocket.cpp b/src/game/WorldSocket.cpp
index 0413f197877..d3f66c39d61 100644
--- a/src/game/WorldSocket.cpp
+++ b/src/game/WorldSocket.cpp
@@ -804,13 +804,10 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket)
 
     // Re-check account ban (same check as in realmd)
     QueryResult *banresult =
-          loginDatabase.PQuery ("SELECT "
-                                "bandate, "
-                                "unbandate "
-                                "FROM account_banned "
-                                "WHERE id = '%u' "
-                                "AND active = 1",
-                                id);
+          loginDatabase.PQuery ("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 "
+                                "UNION "
+                                "SELECT 1 FROM ip_banned WHERE ip = '%s'",
+                                id, GetRemoteAddress().c_str());
 
     if (banresult) // if account banned
     {
author	megamage <none@none>	2009-09-02 18:14:10 -0500
committer	megamage <none@none>	2009-09-02 18:14:10 -0500
commit	ea12ff233b985bd9db6f99eee07fefde80811a94 (patch)
tree	92109342be4da2582bdc1a97cf10183efaf5452f /src/game/WorldSocket.cpp
parent	9d161ff757daf47335f7cc84825463cc30818c8c (diff)