Fix a login exploit.

Make a list of GUIDs that purpose is which characters can login per account.
This fixes an exploit that player can login (but shouldn't) with packet manipulation.

Signed-off-by: Anubisss <anubisss210@gmail.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp b/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp
index 077f332ec6a..9ca3432ec99 100755
--- a/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp
+++ b/src/server/game/Server/Protocol/Handlers/CharacterHandler.cpp
@@ -212,7 +212,10 @@ void WorldSession::HandleCharEnum(QueryResult result)
             uint32 guidlow = (*result)[0].GetUInt32();
             sLog->outDetail("Loading char guid %u from account %u.",guidlow,GetAccountId());
             if (Player::BuildEnumData(result, &data))
+            {
+                m_AllowedCharsToLogin.push_back(guidlow);
                 ++num;
+            }
         }
         while (result->NextRow());
     }
@@ -660,6 +663,13 @@ void WorldSession::HandlePlayerLoginOpcode(WorldPacket & recv_data)
 
     recv_data >> playerGuid;
 
+    if (!CharCanLogin(GUID_LOPART(playerGuid)))
+    {
+        sLog->outError("Account (%u) can't login with that character (%u).", GetAccountId(), GUID_LOPART(playerGuid));
+        KickPlayer();
+        return;
+    }
+
     LoginQueryHolder *holder = new LoginQueryHolder(GetAccountId(), playerGuid);
     if (!holder->Initialize())
     {