Mirror/Erupe
1
0
Fork 0
mirror of https://github.com/Mezeporta/Erupe.git synced 2025-12-12 23:14:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

implement token verification

Browse Source
This commit is contained in:
wish
2022-08-04 10:51:31 +10:00
parent bf851b5c67
commit ed11b5ced9
3 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config.json
View File

@@ -17,6 +17,7 @@
"TournamentEvent": 0, "TournamentEvent": 0,
"MezFesEvent": true, "MezFesEvent": true,
"DisableMailItems": true, "DisableMailItems": true,
"DisableTokenCheck": false,
"SaveDumps": { "SaveDumps": {
"Enabled": true, "Enabled": true,
"OutputDir": "savedata" "OutputDir": "savedata"

1
config/config.go
View File

@@ -36,6 +36,7 @@ type DevModeOptions struct {
FestaEvent int // Hunter's Festa event status FestaEvent int // Hunter's Festa event status
TournamentEvent int // VS Tournament event status TournamentEvent int // VS Tournament event status
MezFesEvent bool // MezFes status MezFesEvent bool // MezFes status
DisableTokenCheck bool // Disables checking login token exists in the DB (security risk!)
DisableMailItems bool // Hack to prevent english versions of MHF from crashing DisableMailItems bool // Hack to prevent english versions of MHF from crashing
SaveDumps SaveDumpOptions SaveDumps SaveDumpOptions
} }

25
server/channelserver/handlers.go
View File

@@ -135,20 +135,19 @@ func handleMsgSysTerminalLog(s *Session, p mhfpacket.MHFPacket) {
func handleMsgSysLogin(s *Session, p mhfpacket.MHFPacket) { func handleMsgSysLogin(s *Session, p mhfpacket.MHFPacket) {
pkt := p.(*mhfpacket.MsgSysLogin) pkt := p.(*mhfpacket.MsgSysLogin)
rights := uint32(0x0E) if s.server.erupeConfig.DevMode && !s.server.erupeConfig.DevModeOptions.DisableTokenCheck {
// 0e with normal sub 4e when having premium var token string
// 01 = Character can take quests at allows err := s.server.db.QueryRow("SELECT token FROM sign_sessions WHERE token=$1", pkt.LoginTokenString).Scan(&token)
// 02 = Hunter Life, normal quests core sub if err != nil {
// 03 = Extra Course, extra quests, town boxes, QOL course, core sub s.rawConn.Close()
// 06 = Premium Course, standard 'premium' which makes ranking etc. faster s.logger.Warn(fmt.Sprintf("Invalid login token, offending CID: (%d)", pkt.CharID0))
// 06 0A 0B = Boost Course, just actually 3 subs combined return
// 08 09 1E = N Course, gives you the benefits of being in a netcafe (extra quests, N Points, daily freebies etc.) minimal and pointless }
// 0C = N Boost course, ultra luxury course that ruins the game if in use
err := s.server.db.QueryRow("SELECT rights FROM users u INNER JOIN characters c ON u.id = c.user_id WHERE c.id = $1", pkt.CharID0).Scan(&rights)
if err != nil {
panic(err)
} }
rights := uint32(0x0E)
s.server.db.QueryRow("SELECT rights FROM users u INNER JOIN characters c ON u.id = c.user_id WHERE c.id = $1", pkt.CharID0).Scan(&rights)
s.Lock() s.Lock()
s.charID = pkt.CharID0 s.charID = pkt.CharID0
s.rights = rights s.rights = rights
@@ -157,7 +156,7 @@ func handleMsgSysLogin(s *Session, p mhfpacket.MHFPacket) {
bf := byteframe.NewByteFrame() bf := byteframe.NewByteFrame()
bf.WriteUint32(uint32(Time_Current_Adjusted().Unix())) // Unix timestamp bf.WriteUint32(uint32(Time_Current_Adjusted().Unix())) // Unix timestamp
_, err = s.server.db.Exec("UPDATE servers SET current_players=$1 WHERE server_id=$2", len(s.server.sessions), s.server.ID) _, err := s.server.db.Exec("UPDATE servers SET current_players=$1 WHERE server_id=$2", len(s.server.sessions), s.server.ID)
if err != nil { if err != nil {
panic(err) panic(err)
} }