aboutsummaryrefslogtreecommitdiff
path: root/src/server/authserver/Server/AuthSocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/authserver/Server/AuthSocket.cpp')
-rw-r--r--src/server/authserver/Server/AuthSocket.cpp17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp
index 24cca80fcea..b4118b6a4bf 100644
--- a/src/server/authserver/Server/AuthSocket.cpp
+++ b/src/server/authserver/Server/AuthSocket.cpp
@@ -294,7 +294,13 @@ void AuthSocket::_SetVSFields(const std::string& rI)
const char *v_hex, *s_hex;
v_hex = v.AsHexStr();
s_hex = s.AsHexStr();
- LoginDatabase.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'", v_hex, s_hex, _safelogin.c_str());
+
+ PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_VS);
+ stmt->setString(0, v_hex);
+ stmt->setString(1, s_hex);
+ stmt->setString(2, _safelogin);
+ LoginDatabase.Execute(stmt);
+
OPENSSL_free((void*)v_hex);
OPENSSL_free((void*)s_hex);
}
@@ -607,7 +613,14 @@ bool AuthSocket::_HandleLogonProof()
///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account
// No SQL injection (escaped user name) and IP address as received by socket
const char* K_hex = K.AsHexStr();
- LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, socket().get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str());
+
+ PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_LOGONPROOF);
+ stmt->setString(0, K_hex);
+ stmt->setString(1, socket().get_remote_address().c_str());
+ stmt->setUInt32(2, GetLocaleByName(_localizationName));
+ stmt->setString(3, _safelogin);
+ LoginDatabase.Execute(stmt);
+
OPENSSL_free((void*)K_hex);
///- Finish SRP6 and send the final result to the client