diff options
| author | Machiavelli <none@none> | 2010-09-03 01:00:49 +0200 |
|---|---|---|
| committer | Machiavelli <none@none> | 2010-09-03 01:00:49 +0200 |
| commit | 7982cc0f7d99d8cc3548dc9e8c600608a54368ec (patch) | |
| tree | e64bb59c7857a27edf29beac4c7c1a0d78dfcab9 /src/server/authserver | |
| parent | 2c1c391597f9334705198ca965424b5a791df6ba (diff) | |
Core/DBLayer:
- A few prepared statement implementations in authsocket as example.
- Add an ASSERT in MySQLConnection::Execute(PreparedStatement*) to catch faulty created statements
--HG--
branch : trunk
Diffstat (limited to 'src/server/authserver')
| -rw-r--r-- | src/server/authserver/Server/AuthSocket.cpp | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp index 24cca80fcea..b4118b6a4bf 100644 --- a/src/server/authserver/Server/AuthSocket.cpp +++ b/src/server/authserver/Server/AuthSocket.cpp @@ -294,7 +294,13 @@ void AuthSocket::_SetVSFields(const std::string& rI) const char *v_hex, *s_hex; v_hex = v.AsHexStr(); s_hex = s.AsHexStr(); - LoginDatabase.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'", v_hex, s_hex, _safelogin.c_str()); + + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_VS); + stmt->setString(0, v_hex); + stmt->setString(1, s_hex); + stmt->setString(2, _safelogin); + LoginDatabase.Execute(stmt); + OPENSSL_free((void*)v_hex); OPENSSL_free((void*)s_hex); } @@ -607,7 +613,14 @@ bool AuthSocket::_HandleLogonProof() ///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account // No SQL injection (escaped user name) and IP address as received by socket const char* K_hex = K.AsHexStr(); - LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, socket().get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str()); + + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_LOGONPROOF); + stmt->setString(0, K_hex); + stmt->setString(1, socket().get_remote_address().c_str()); + stmt->setUInt32(2, GetLocaleByName(_localizationName)); + stmt->setString(3, _safelogin); + LoginDatabase.Execute(stmt); + OPENSSL_free((void*)K_hex); ///- Finish SRP6 and send the final result to the client |