diff options
| -rw-r--r-- | sql/realmd.sql | 30 | ||||
| -rw-r--r-- | sql/updates/6710_realmd_account_access.sql | 14 | ||||
| -rw-r--r-- | sql/updates/6710_world_command.sql | 3 | ||||
| -rw-r--r-- | sql/updates/6710_world_trinity_string.sql | 2 | ||||
| -rw-r--r-- | sql/world.sql | 5 | ||||
| -rw-r--r-- | src/game/AccountMgr.cpp | 3 | ||||
| -rw-r--r-- | src/game/Language.h | 1 | ||||
| -rw-r--r-- | src/game/Level1.cpp | 9 | ||||
| -rw-r--r-- | src/game/Level2.cpp | 6 | ||||
| -rw-r--r-- | src/game/Level3.cpp | 51 | ||||
| -rw-r--r-- | src/game/WorldSocket.cpp | 55 | ||||
| -rw-r--r-- | src/trinitycore/CliRunnable.cpp | 9 | ||||
| -rw-r--r-- | src/trinitycore/RASocket.cpp | 4 | ||||
| -rw-r--r-- | src/trinityrealm/AuthSocket.cpp | 7 |
14 files changed, 158 insertions, 41 deletions
diff --git a/sql/realmd.sql b/sql/realmd.sql index 63a05f66e7a..41a1946cb1d 100644 --- a/sql/realmd.sql +++ b/sql/realmd.sql @@ -15,6 +15,27 @@ /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; +-- +-- Structure for table `account_access` +-- + +CREATE TABLE `account_access` ( + `id` bigint(20) unsigned NOT NULL, + `gmlevel` tinyint(3) unsigned NOT NULL, + `RealmID` int(11) NOT NULL, + PRIMARY KEY (`id`,`RealmID`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC; + +-- +-- Content for table `account_access` +-- + +INSERT INTO `account_access` (`id`, `gmlevel`, `RealmID`) VALUES +(1, 3, -1), +(2, 2, -1), +(3, 1, -1); + +-- -- Table structure for table `account` -- @@ -23,7 +44,6 @@ CREATE TABLE `account` ( `id` int(11) unsigned NOT NULL auto_increment COMMENT 'Identifier', `username` varchar(32) NOT NULL default '', `sha_pass_hash` varchar(40) NOT NULL default '', - `gmlevel` tinyint(3) unsigned NOT NULL default '0', `sessionkey` longtext, `v` longtext, `s` longtext, @@ -49,10 +69,10 @@ CREATE TABLE `account` ( LOCK TABLES `account` WRITE; /*!40000 ALTER TABLE `account` DISABLE KEYS */; /*INSERT INTO `account` VALUES -(1,'ADMINISTRATOR','a34b29541b87b7e4823683ce6c7bf6ae68beaaac',3,'','0','0','','2006-04-25 10:18:56','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0), -(2,'GAMEMASTER','7841e21831d7c6bc0b57fbe7151eb82bd65ea1f9',2,'','0','0','','2006-04-25 10:18:56','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0), -(3,'MODERATOR','a7f5fbff0b4eec2d6b6e78e38e8312e64d700008',1,'','0','0','','2006-04-25 10:19:35','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0), -(4,'PLAYER','3ce8a96d17c5ae88a30681024e86279f1a38c041',0,'','0','0','','2006-04-25 10:19:35','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0);*/ +(1,'ADMINISTRATOR','a34b29541b87b7e4823683ce6c7bf6ae68beaaac',','0','0','','2006-04-25 10:18:56','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0), +(2,'GAMEMASTER','7841e21831d7c6bc0b57fbe7151eb82bd65ea1f9',','0','0','','2006-04-25 10:18:56','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0), +(3,'MODERATOR','a7f5fbff0b4eec2d6b6e78e38e8312e64d700008',','0','0','','2006-04-25 10:19:35','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0), +(4,'PLAYER','3ce8a96d17c5ae88a30681024e86279f1a38c041','','0','0','','2006-04-25 10:19:35','127.0.0.1',0,0,'0000-00-00 00:00:00',0,0,0,0);*/ /*!40000 ALTER TABLE `account` ENABLE KEYS */; UNLOCK TABLES; diff --git a/sql/updates/6710_realmd_account_access.sql b/sql/updates/6710_realmd_account_access.sql new file mode 100644 index 00000000000..3349f2f69e8 --- /dev/null +++ b/sql/updates/6710_realmd_account_access.sql @@ -0,0 +1,14 @@ +-- Table structure for `account_access` +DROP TABLE IF EXISTS `account_access`; +CREATE TABLE `account_access` ( + `id` bigint(20) unsigned NOT NULL, + `gmlevel` tinyint(3) unsigned NOT NULL, + `RealmID` int(11) NOT NULL, + PRIMARY KEY (`id`,`RealmID`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC; +-- export current gm account to the new table +-- RealmID -1 = all realms +INSERT INTO `account_access` (id, gmlevel, RealmID) +SELECT `id`, `gmlevel`, -1 FROM `account` WHERE `gmlevel` > 0; +-- Remove the gmlevel field from account +ALTER TABLE account DROP COLUMN `gmlevel`; diff --git a/sql/updates/6710_world_command.sql b/sql/updates/6710_world_command.sql new file mode 100644 index 00000000000..9aba5be5d56 --- /dev/null +++ b/sql/updates/6710_world_command.sql @@ -0,0 +1,3 @@ +UPDATE command +SET help = 'Syntax: .account set gmlevel [$account] #level [#realmid]\r\n\r\nSet the security level for targeted player (can\'t be used at self) or for account $name to a level of #level on the realm #realmID.\r\n\r\n#level may range from 0 to 3.\r\n\r\n#reamID may be -1 for all realms.' +WHERE name = 'account set gmlevel';
\ No newline at end of file diff --git a/sql/updates/6710_world_trinity_string.sql b/sql/updates/6710_world_trinity_string.sql new file mode 100644 index 00000000000..0a4abb66740 --- /dev/null +++ b/sql/updates/6710_world_trinity_string.sql @@ -0,0 +1,2 @@ +INSERT INTO trinity_string VALUES +(11001, 'You have not chosen -1 or the current realmID that you are on.', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
\ No newline at end of file diff --git a/sql/world.sql b/sql/world.sql index 85cca5958d8..39f3f6c644b 100644 --- a/sql/world.sql +++ b/sql/world.sql @@ -322,7 +322,7 @@ INSERT INTO `command` VALUES ('account password','0','Syntax: .account password $old_password $new_password $new_password\r\n\r\nChange your account password.'), ('account set','3','Syntax: .account set $subcommand\nType .account set to see the list of possible subcommands or .help account set $subcommand to see info on subcommands'), ('account set addon','3','Syntax: .account set addon [$account] #addon\r\n\r\nSet user (possible targeted) expansion addon level allowed. Addon values: 0 - normal, 1 - tbc, 2 - wotlk.'), -('account set gmlevel','4','Syntax: .account set gmlevel [$account] #level\r\n\r\nSet the security level for targeted player (can\'t be used at self) or for account $name to a level of #level.\r\n\r\n#level may range from 0 to 3.'), +('account set gmlevel','4','Syntax: .account set gmlevel [$account] #level [#realmid]\r\n\r\nSet the security level for targeted player (can\'t be used at self) or for account $name to a level of #level on the realm #realmID.\r\n\r\n#level may range from 0 to 3.\r\n\r\n#reamID may be -1 for all realms.'), ('account set password','4','Syntax: .account set password $account $password $password\r\n\r\nSet password for account.'), ('additem','3','Syntax: .additem #itemid/[#itemname]/#shift-click-item-link #itemcount\r\n\r\nAdds the specified number of items of id #itemid (or exact (!) name $itemname in brackets, or link created by shift-click at item in inventory or recipe) to your or selected character inventory. If #itemcount is omitted, only one item will be added.\r\n.'), ('additemset','3','Syntax: .additemset #itemsetid\r\n\r\nAdd items from itemset of id #itemsetid to your or selected character inventory. Will add by one example each item from itemset.'), @@ -7716,7 +7716,8 @@ INSERT INTO `trinity_string` (`entry`,`content_default`,`content_loc1`,`content_ (10053, 'Take me to Crown Guard Tower.', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), (10054, 'Give me the flag, I''ll take it to the central beacon for the glory of the Alliance!', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), (10055, 'Give me the flag, I''ll take it to the central beacon for the glory of the Horde!', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), -(11000, '|cffffff00[|c00077766Autobroadcast|cffffff00]: |cFFF222FF%s|r', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); +(11000, '|cffffff00[|c00077766Autobroadcast|cffffff00]: |cFFF222FF%s|r', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), +(11001, 'You have not chosen -1 or the current realmID that you are on.', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); /*!40000 ALTER TABLE `trinity_string` ENABLE KEYS */; UNLOCK TABLES; diff --git a/src/game/AccountMgr.cpp b/src/game/AccountMgr.cpp index ed9f85d0eab..12da998901b 100644 --- a/src/game/AccountMgr.cpp +++ b/src/game/AccountMgr.cpp @@ -95,6 +95,7 @@ AccountOpResult AccountMgr::DeleteAccount(uint32 accid) bool res = loginDatabase.PExecute("DELETE FROM account WHERE id='%d'", accid) && + loginDatabase.PExecute("DELETE FROM account_access WHERE id ='%d'", accid) && loginDatabase.PExecute("DELETE FROM realmcharacters WHERE acctid='%d'", accid); loginDatabase.CommitTransaction(); @@ -167,7 +168,7 @@ uint32 AccountMgr::GetId(std::string username) uint32 AccountMgr::GetSecurity(uint32 acc_id) { - QueryResult *result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE id = '%u'", acc_id); + QueryResult *result = loginDatabase.PQuery("SELECT gmlevel FROM account_access WHERE id = '%u'", acc_id); if(result) { uint32 sec = (*result)[0].GetUInt32(); diff --git a/src/game/Language.h b/src/game/Language.h index 488b7a71c3b..565534a3021 100644 --- a/src/game/Language.h +++ b/src/game/Language.h @@ -963,6 +963,7 @@ enum TrinityStrings // Use for custom patches 11000-11999 LANG_AUTO_BROADCAST = 11000, + LANG_INVALID_REALMID = 11001, // NOT RESERVED IDS 12000-1999999999 // `db_script_string` table index 2000000000-2000009999 (MIN_DB_SCRIPT_STRING_ID-MAX_DB_SCRIPT_STRING_ID) diff --git a/src/game/Level1.cpp b/src/game/Level1.cpp index 51424a48421..d08980d7cb7 100644 --- a/src/game/Level1.cpp +++ b/src/game/Level1.cpp @@ -498,8 +498,13 @@ bool ChatHandler::HandleGMTicketAssignToCommand(const char* args) } uint64 tarGUID = objmgr.GetPlayerGUIDByName(targm.c_str()); uint64 accid = objmgr.GetPlayerAccountIdByGUID(tarGUID); - QueryResult *result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE id = '%u'", accid); - if(!tarGUID|| !result || result->Fetch()->GetUInt32() < SEC_MODERATOR) + QueryResult *result = loginDatabase.PQuery("SELECT gmlevel RealmID FROM account_access WHERE id = '%u'", accid); + + Field * fields = result->Fetch(); + uint32 gmlevel = fields[0].GetUInt32(); + uint32 SecurityRealmID = fields[1].GetUInt32(); + + if(!tarGUID|| !result || gmlevel < SEC_MODERATOR || (SecurityRealmID != realmID && SecurityRealmID != -1)) { SendSysMessage(LANG_COMMAND_TICKETASSIGNERROR_A); return true; diff --git a/src/game/Level2.cpp b/src/game/Level2.cpp index 49ebc05e1d5..dc9d84bf4c8 100644 --- a/src/game/Level2.cpp +++ b/src/game/Level2.cpp @@ -2189,7 +2189,11 @@ bool ChatHandler::HandlePInfoCommand(const char* args) uint32 security = 0; std::string last_login = GetTrinityString(LANG_ERROR); - QueryResult* result = loginDatabase.PQuery("SELECT username,gmlevel,email,last_ip,last_login FROM account WHERE id = '%u'",accId); + QueryResult* result = loginDatabase.PQuery("SELECT a.username,aa.gmlevel,a.email,a.last_ip,a.last_login " + "FROM account a " + "LEFT JOIN account_access aa " + "ON (a.id = aa.id) " + "WHERE a.id = '%u'",accId); if(result) { Field* fields = result->Fetch(); diff --git a/src/game/Level3.cpp b/src/game/Level3.cpp index e29c21c0bb2..624fc1d14ea 100644 --- a/src/game/Level3.cpp +++ b/src/game/Level3.cpp @@ -1411,13 +1411,15 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char *args) uint32 gm = 0; char* arg1 = strtok((char*)args, " "); char* arg2 = strtok(NULL, " "); + char* arg3 = strtok(NULL, " "); - if (getSelectedPlayer() && arg1 && !arg2) + if (getSelectedPlayer() && arg1 && !arg3) { targetAccountId = getSelectedPlayer()->GetSession()->GetAccountId(); accmgr.GetName(targetAccountId, targetAccountName); Player* targetPlayer = getSelectedPlayer(); gm = atoi(arg1); + uint32 gmRealmID = arg2 ? atoi(arg2) : realmID; // Check for invalid specified GM level. if (gm < SEC_PLAYER || gm > SEC_ADMINISTRATOR) @@ -1429,20 +1431,40 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char *args) // Check if targets GM level and specified GM level is not higher than current gm level targetSecurity = targetPlayer->GetSession()->GetSecurity(); - if (targetSecurity >= m_session->GetSecurity() || gm >= m_session->GetSecurity()) + if (targetSecurity >= m_session->GetSecurity() || + gm >= m_session->GetSecurity() || + (gmRealmID != realmID && m_session->GetSecurity() < SEC_CONSOLE)) { SendSysMessage(LANG_YOURS_SECURITY_IS_LOW); SetSentErrorMessage(true); return false; } + // Check if provided realmID is not current realmID, or isn't -1 + if (gmRealmID != realmID && gmRealmID != -1) + { + SendSysMessage(LANG_INVALID_REALMID); + SetSentErrorMessage(true); + return false; + } + // Decide which string to show if (m_session->GetPlayer() != targetPlayer) PSendSysMessage(LANG_YOU_CHANGE_SECURITY, targetAccountName.c_str(), gm); else PSendSysMessage(LANG_YOURS_SECURITY_CHANGED, m_session->GetPlayer()->GetName(), gm); - loginDatabase.PExecute("UPDATE account SET gmlevel = '%d' WHERE id = '%u'", gm, targetAccountId); + // If gmRealmID is -1, delete all values for the account id, else, insert values for the specific realmID + if (gmRealmID == -1) + { + loginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u'", targetAccountId); + loginDatabase.PExecute("INSERT INTO account_access VALUES ('%u', '%d', -1)", targetAccountId, gm); + } + else + { + loginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u' AND RealmID = '%d'", targetAccountId, realmID); + loginDatabase.PExecute("INSERT INTO account_access VALUES ('%u','%d','%d')", targetAccountId, gm, realmID); + } return true; } else @@ -1469,6 +1491,15 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char *args) return false; } + uint32 gmRealmID = arg3 ? atoi(arg3) : realmID; + // Check if provided realmID is not current realmID, or isn't -1 + if (gmRealmID != realmID && gmRealmID != -1) + { + SendSysMessage(LANG_INVALID_REALMID); + SetSentErrorMessage(true); + return false; + } + targetAccountId = accmgr.GetId(arg1); /// m_session==NULL only for console uint32 plSecurity = m_session ? m_session->GetSecurity() : SEC_CONSOLE; @@ -1484,7 +1515,17 @@ bool ChatHandler::HandleAccountSetGmLevelCommand(const char *args) } PSendSysMessage(LANG_YOU_CHANGE_SECURITY, targetAccountName.c_str(), gm); - loginDatabase.PExecute("UPDATE account SET gmlevel = '%d' WHERE id = '%u'", gm, targetAccountId); + // If gmRealmID is -1, delete all values for the account id, else, insert values for the specific realmID + if (gmRealmID == -1) + { + loginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u'", targetAccountId); + loginDatabase.PExecute("INSERT INTO account_access VALUES ('%u', '%d', -1)", targetAccountId, gm); + } + else + { + loginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u' AND RealmID = '%d'", targetAccountId, realmID); + loginDatabase.PExecute("INSERT INTO account_access VALUES ('%u','%d','%d')", targetAccountId, gm, realmID); + } return true; } } @@ -6915,7 +6956,7 @@ bool ChatHandler::HandleInstanceSaveDataCommand(const char * /*args*/) bool ChatHandler::HandleGMListFullCommand(const char* /*args*/) { ///- Get the accounts with GM Level >0 - QueryResult *result = loginDatabase.Query( "SELECT username,gmlevel FROM account WHERE gmlevel > 0" ); + QueryResult *result = loginDatabase.Query("SELECT a.username,aa.gmlevel FROM account a, account_access aa WHERE a.id=aa.id AND aa.gmlevel > 0"); if(result) { SendSysMessage(LANG_GMLIST); diff --git a/src/game/WorldSocket.cpp b/src/game/WorldSocket.cpp index 0f25f92ab66..34efa1066fb 100644 --- a/src/game/WorldSocket.cpp +++ b/src/game/WorldSocket.cpp @@ -741,15 +741,14 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) QueryResult *result = loginDatabase.PQuery ("SELECT " "id, " //0 - "gmlevel, " //1 - "sessionkey, " //2 - "last_ip, " //3 - "locked, " //4 - "v, " //5 - "s, " //6 - "expansion, " //7 - "mutetime, " //8 - "locale " //9 + "sessionkey, " //1 + "last_ip, " //2 + "locked, " //3 + "v, " //4 + "s, " //5 + "expansion, " //6 + "mutetime, " //7 + "locale " //8 "FROM account " "WHERE username = '%s'", safe_account.c_str ()); @@ -768,17 +767,17 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) Field* fields = result->Fetch (); - uint8 expansion = fields[7].GetUInt8(); + uint8 expansion = fields[6].GetUInt8(); uint32 world_expansion = sWorld.getConfig(CONFIG_EXPANSION); if(expansion > world_expansion) expansion = world_expansion; - //expansion = ((sWorld.getConfig(CONFIG_EXPANSION) > fields[7].GetUInt8()) ? fields[7].GetUInt8() : sWorld.getConfig(CONFIG_EXPANSION)); + //expansion = ((sWorld.getConfig(CONFIG_EXPANSION) > fields[6].GetUInt8()) ? fields[6].GetUInt8() : sWorld.getConfig(CONFIG_EXPANSION)); N.SetHexStr ("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7"); g.SetDword (7); - v.SetHexStr(fields[5].GetString()); - s.SetHexStr (fields[6].GetString ()); + v.SetHexStr(fields[4].GetString()); + s.SetHexStr (fields[5].GetString ()); const char* sStr = s.AsHexStr (); //Must be freed by OPENSSL_free() const char* vStr = v.AsHexStr (); //Must be freed by OPENSSL_free() @@ -791,9 +790,9 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) OPENSSL_free ((void*) vStr); ///- Re-check ip locking (same check as in realmd). - if (fields[4].GetUInt8 () == 1) // if ip is locked + if (fields[3].GetUInt8 () == 1) // if ip is locked { - if (strcmp (fields[3].GetString (), GetRemoteAddress ().c_str ())) + if (strcmp (fields[2].GetString (), GetRemoteAddress ().c_str ())) { packet.Initialize (SMSG_AUTH_RESPONSE, 1); packet << uint8 (AUTH_FAILED); @@ -806,22 +805,40 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) } id = fields[0].GetUInt32 (); - security = fields[1].GetUInt16 (); /* if(security > SEC_ADMINISTRATOR) // prevent invalid security settings in DB security = SEC_ADMINISTRATOR; */ - K.SetHexStr (fields[2].GetString ()); + K.SetHexStr (fields[1].GetString ()); - time_t mutetime = time_t (fields[8].GetUInt64 ()); + time_t mutetime = time_t (fields[7].GetUInt64 ()); - locale = LocaleConstant (fields[9].GetUInt8 ()); + locale = LocaleConstant (fields[8].GetUInt8 ()); if (locale >= MAX_LOCALE) locale = LOCALE_enUS; delete result; + // Checks gmlevel per Realm + result = + loginDatabase.PQuery ("SELECT " + "RealmID, " //0 + "gmlevel " //1 + "FROM account_access " + "WHERE id = '%d'" + " AND (RealmID = '%d'" + " OR RealmID = '-1')", + id, realmID); + if(!result) + security = 0; + else + { + fields = result->Fetch (); + security = fields[1].GetInt32(); + delete result; + } + // Re-check account ban (same check as in realmd) QueryResult *banresult = loginDatabase.PQuery ("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 " diff --git a/src/trinitycore/CliRunnable.cpp b/src/trinitycore/CliRunnable.cpp index e325c2ca366..b35af1f1bb5 100644 --- a/src/trinitycore/CliRunnable.cpp +++ b/src/trinitycore/CliRunnable.cpp @@ -236,9 +236,12 @@ bool ChatHandler::HandleAccountOnlineListCommand(const char* /*args*/) ///- Get the username, last IP and GM level of each account // No SQL injection. account is uint32. - // 0 1 2 3 - QueryResult *resultLogin = loginDatabase.PQuery("SELECT username, last_ip, gmlevel, expansion FROM account WHERE id = '%u'",account); - + QueryResult *resultLogin = + loginDatabase.PQuery("SELECT a.username, a.last_ip, aa.gmlevel, a.expansion " + "FROM account a " + "LEFT JOIN account_access aa " + "ON (a.id = aa.id) " + "WHERE a.id = '%u'", account); if(resultLogin) { Field *fieldsLogin = resultLogin->Fetch(); diff --git a/src/trinitycore/RASocket.cpp b/src/trinitycore/RASocket.cpp index f5d968ef102..15043bde3ef 100644 --- a/src/trinitycore/RASocket.cpp +++ b/src/trinitycore/RASocket.cpp @@ -145,7 +145,7 @@ void RASocket::OnRead() { szLogin=&buff[5]; - ///- Get the gmlevel and password from the account table + ///- Get the password from the account table std::string login = szLogin; ///- Convert Account name to Upper Format @@ -154,7 +154,7 @@ void RASocket::OnRead() ///- Escape the Login to allow quotes in names loginDatabase.escape_string(login); - QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '%s'",login.c_str()); + QueryResult* result = loginDatabase.PQuery("SELECT aa.gmlevel FROM account_access aa, account a WHERE a.username = '%s' AND aa.id = a.id",login.c_str()); ///- If the user is not found, deny access if(!result) diff --git a/src/trinityrealm/AuthSocket.cpp b/src/trinityrealm/AuthSocket.cpp index a19d16106f3..ee71c523816 100644 --- a/src/trinityrealm/AuthSocket.cpp +++ b/src/trinityrealm/AuthSocket.cpp @@ -410,7 +410,12 @@ bool AuthSocket::_HandleLogonChallenge() ///- Get the account details from the account table // No SQL injection (escaped user name) - result = loginDatabase.PQuery("SELECT sha_pass_hash,id,locked,last_ip,gmlevel,v,s FROM account WHERE username = '%s'",_safelogin.c_str ()); + result = + loginDatabase.PQuery("SELECT a.sha_pass_hash,a.id,a.locked,a.last_ip,aa.gmlevel,a.v,a.s " + "FROM account a " + "LEFT JOIN account_access aa " + "ON (a.id = aa.id) " + "WHERE a.username = '%s'",_safelogin.c_str ()); if (result) { ///- If the IP is 'locked', check that the player comes indeed from the correct IP address |