From d50eb923ba4f51477e3e2464dd26d2bfe2755198 Mon Sep 17 00:00:00 2001
From: wish <wish@sek.ai>
Date: Fri, 1 Dec 2023 00:51:05 +1100
Subject: [PATCH] validate additional SysLogin data

---
 server/channelserver/handlers.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/channelserver/handlers.go b/server/channelserver/handlers.go
index 7445d0f2b..ea727d842 100644
--- a/server/channelserver/handlers.go
+++ b/server/channelserver/handlers.go
@@ -130,7 +130,7 @@ func handleMsgSysLogin(s *Session, p mhfpacket.MHFPacket) {
 
 	if !s.server.erupeConfig.DevModeOptions.DisableTokenCheck {
 		var token string
-		err := s.server.db.QueryRow("SELECT token FROM sign_sessions WHERE token=$1", pkt.LoginTokenString).Scan(&token)
+		err := s.server.db.QueryRow("SELECT token FROM sign_sessions ss INNER JOIN public.users u on ss.user_id = u.id WHERE token=$1 AND ss.id=$2 AND u.id=(SELECT c.user_id FROM characters c WHERE c.id=$3)", pkt.LoginTokenString, pkt.LoginTokenNumber, pkt.CharID0).Scan(&token)
 		if err != nil {
 			s.rawConn.Close()
 			s.logger.Warn(fmt.Sprintf("Invalid login token, offending CID: (%d)", pkt.CharID0))