diff options
Diffstat (limited to 'src')
4 files changed, 26 insertions, 3 deletions
diff --git a/src/server/authserver/Server/AuthSocket.cpp b/src/server/authserver/Server/AuthSocket.cpp index 24cca80fcea..b4118b6a4bf 100644 --- a/src/server/authserver/Server/AuthSocket.cpp +++ b/src/server/authserver/Server/AuthSocket.cpp @@ -294,7 +294,13 @@ void AuthSocket::_SetVSFields(const std::string& rI) const char *v_hex, *s_hex; v_hex = v.AsHexStr(); s_hex = s.AsHexStr(); - LoginDatabase.PExecute("UPDATE account SET v = '%s', s = '%s' WHERE username = '%s'", v_hex, s_hex, _safelogin.c_str()); + + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_VS); + stmt->setString(0, v_hex); + stmt->setString(1, s_hex); + stmt->setString(2, _safelogin); + LoginDatabase.Execute(stmt); + OPENSSL_free((void*)v_hex); OPENSSL_free((void*)s_hex); } @@ -607,7 +613,14 @@ bool AuthSocket::_HandleLogonProof() ///- Update the sessionkey, last_ip, last login time and reset number of failed logins in the account table for this account // No SQL injection (escaped user name) and IP address as received by socket const char* K_hex = K.AsHexStr(); - LoginDatabase.PExecute("UPDATE account SET sessionkey = '%s', last_ip = '%s', last_login = NOW(), locale = '%u', failed_logins = 0 WHERE username = '%s'", K_hex, socket().get_remote_address().c_str(), GetLocaleByName(_localizationName), _safelogin.c_str()); + + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SET_LOGONPROOF); + stmt->setString(0, K_hex); + stmt->setString(1, socket().get_remote_address().c_str()); + stmt->setUInt32(2, GetLocaleByName(_localizationName)); + stmt->setString(3, _safelogin); + LoginDatabase.Execute(stmt); + OPENSSL_free((void*)K_hex); ///- Finish SRP6 and send the final result to the client diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index ccdffc2954d..46930436496 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -20,11 +20,18 @@ bool LoginDatabaseConnection::Open(const std::string& infoString) { + if (!MySQLConnection::Open(infoString)) + return false; + + m_stmts.resize(MAX_LOGINDATABASE_STATEMENTS); + /* ################################## LOAD YOUR PREPARED STATEMENTS HERE ################################## */ + PrepareStatement(LOGIN_SET_VS, "UPDATE account SET v = ?, s = ? WHERE username = ?"); + PrepareStatement(LOGIN_SET_LOGONPROOF, "UPDATE account SET sessionkey = ?, last_ip = ?, last_login = NOW(), locale = ?, failed_logins = 0 WHERE username = ?"); - return MySQLConnection::Open(infoString); + return true; } diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h index 6ad514774dd..dce347ad22e 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.h +++ b/src/server/shared/Database/Implementation/LoginDatabase.h @@ -37,6 +37,8 @@ typedef DatabaseWorkerPool<LoginDatabaseConnection> LoginDatabaseWorkerPool; enum LoginDatabaseStatements { + LOGIN_SET_VS, + LOGIN_SET_LOGONPROOF, MAX_LOGINDATABASE_STATEMENTS, }; diff --git a/src/server/shared/Database/MySQLConnection.cpp b/src/server/shared/Database/MySQLConnection.cpp index b2e52ea7eb7..3eb8cb3d032 100644 --- a/src/server/shared/Database/MySQLConnection.cpp +++ b/src/server/shared/Database/MySQLConnection.cpp @@ -191,6 +191,7 @@ bool MySQLConnection::Execute(PreparedStatement* stmt) uint32 index = stmt->m_index; MySQLPreparedStatement* m_mStmt = GetPreparedStatement(index); + ASSERT(m_mStmt); // Can only be null if preparation failed, server side error or bad query m_mStmt->m_stmt = stmt; // Cross reference them for debug output stmt->m_stmt = m_mStmt; |