diff options
| -rw-r--r-- | src/server/game/Accounts/AccountMgr.cpp | 19 | ||||
| -rw-r--r-- | src/server/game/Accounts/AccountMgr.h | 1 | ||||
| -rw-r--r-- | src/server/worldserver/RemoteAccess/RASession.cpp | 28 | ||||
| -rw-r--r-- | src/server/worldserver/RemoteAccess/RASession.h | 1 |
4 files changed, 21 insertions, 28 deletions
diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp index bae151cd1b6..0229dd686b4 100644 --- a/src/server/game/Accounts/AccountMgr.cpp +++ b/src/server/game/Accounts/AccountMgr.cpp @@ -344,6 +344,25 @@ bool AccountMgr::GetEmail(uint32 accountId, std::string& email) return false; } +bool AccountMgr::CheckPassword(std::string username, std::string password) +{ + Utf8ToUpperOnlyLatin(username); + Utf8ToUpperOnlyLatin(password); + + LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD_BY_NAME); + stmt->setString(0, username); + + if (PreparedQueryResult result = LoginDatabase.Query(stmt)) + { + Trinity::Crypto::SRP6::Salt salt = (*result)[0].GetBinary<Trinity::Crypto::SRP6::SALT_LENGTH>(); + Trinity::Crypto::SRP6::Verifier verifier = (*result)[1].GetBinary<Trinity::Crypto::SRP6::VERIFIER_LENGTH>(); + if (Trinity::Crypto::SRP6::CheckLogin(username, password, salt, verifier)) + return true; + } + + return false; +} + bool AccountMgr::CheckPassword(uint32 accountId, std::string password) { std::string username; diff --git a/src/server/game/Accounts/AccountMgr.h b/src/server/game/Accounts/AccountMgr.h index 9e28396df06..ce881bd49a9 100644 --- a/src/server/game/Accounts/AccountMgr.h +++ b/src/server/game/Accounts/AccountMgr.h @@ -64,6 +64,7 @@ class TC_GAME_API AccountMgr static AccountOpResult ChangePassword(uint32 accountId, std::string newPassword); static AccountOpResult ChangeEmail(uint32 accountId, std::string newEmail); static AccountOpResult ChangeRegEmail(uint32 accountId, std::string newEmail); + static bool CheckPassword(std::string username, std::string password); static bool CheckPassword(uint32 accountId, std::string password); static bool CheckEmail(uint32 accountId, std::string newEmail); diff --git a/src/server/worldserver/RemoteAccess/RASession.cpp b/src/server/worldserver/RemoteAccess/RASession.cpp index ff2d23a815a..b4e9e6317be 100644 --- a/src/server/worldserver/RemoteAccess/RASession.cpp +++ b/src/server/worldserver/RemoteAccess/RASession.cpp @@ -20,7 +20,6 @@ #include "Config.h" #include "DatabaseEnv.h" #include "Log.h" -#include "SRP6.h" #include "Util.h" #include "World.h" #include <boost/asio/buffer.hpp> @@ -62,7 +61,7 @@ void RASession::Start() if (password.empty()) return; - if (!CheckAccessLevel(username) || !CheckPassword(username, password)) + if (!CheckAccessLevel(username) || !AccountMgr::CheckPassword(username, password)) { Send("Authentication failed\r\n"); _socket.close(); @@ -150,31 +149,6 @@ bool RASession::CheckAccessLevel(const std::string& user) return true; } -bool RASession::CheckPassword(const std::string& user, const std::string& pass) -{ - std::string safe_user = user; - Utf8ToUpperOnlyLatin(safe_user); - - std::string safe_pass = pass; - Utf8ToUpperOnlyLatin(safe_pass); - - LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD_BY_NAME); - - stmt->setString(0, safe_user); - - if (PreparedQueryResult result = LoginDatabase.Query(stmt)) - { - Trinity::Crypto::SRP6::Salt salt = (*result)[0].GetBinary<Trinity::Crypto::SRP6::SALT_LENGTH>(); - Trinity::Crypto::SRP6::Verifier verifier = (*result)[1].GetBinary<Trinity::Crypto::SRP6::VERIFIER_LENGTH>(); - - if (Trinity::Crypto::SRP6::CheckLogin(safe_user, safe_pass, salt, verifier)) - return true; - } - - TC_LOG_INFO("commands.ra", "Wrong password for user: {}", user); - return false; -} - bool RASession::ProcessCommand(std::string& command) { if (command.length() == 0) diff --git a/src/server/worldserver/RemoteAccess/RASession.h b/src/server/worldserver/RemoteAccess/RASession.h index cfb3177e4b5..e0f4b373f74 100644 --- a/src/server/worldserver/RemoteAccess/RASession.h +++ b/src/server/worldserver/RemoteAccess/RASession.h @@ -42,7 +42,6 @@ private: int Send(std::string_view data); std::string ReadString(); bool CheckAccessLevel(const std::string& user); - bool CheckPassword(const std::string& user, const std::string& pass); bool ProcessCommand(std::string& command); static void CommandPrint(void* callbackArg, std::string_view text); |