/// %Realm List command handler bool AuthSocket::_HandleRealmList() { DEBUG_LOG("Entering _HandleRealmList"); if (ibuf.GetLength() < 5) return false; ibuf.Remove(5); ///- Get the user id (else close the connection) // No SQL injection (escaped user name) QueryResult *result = loginDatabase.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '******'",_safelogin.c_str()); if(!result) { sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str()); SetCloseAndDelete(); return false; } uint32 id = (*result)[0].GetUInt32(); std::string rI = (*result)[1].GetCppString(); delete result; ///- Update realm list if need m_realmList.UpdateIfNeed(); ///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm) ByteBuffer pkt; pkt << (uint32) 0; pkt << (uint16) m_realmList.size(); RealmList::RealmMap::const_iterator i; for( i = m_realmList.begin(); i != m_realmList.end(); ++i ) { uint8 AmountOfCharacters; // No SQL injection. id of realm is controlled by the database. result = loginDatabase.PQuery( "SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id); if( result ) { Field *fields = result->Fetch(); AmountOfCharacters = fields[0].GetUInt8(); delete result; } else AmountOfCharacters = 0; uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0; pkt << i->second.icon; // realm type pkt << lock; // if 1, then realm locked pkt << i->second.color; // if 2, then realm is offline pkt << i->first; pkt << i->second.address; pkt << i->second.populationLevel; pkt << AmountOfCharacters; pkt << i->second.timezone; // realm category pkt << (uint8) 0x2C; // unk, may be realm number/id? } pkt << (uint8) 0x10; pkt << (uint8) 0x00; ByteBuffer hdr; hdr << (uint8) REALM_LIST; hdr << (uint16)pkt.size(); hdr.append(pkt); SendBuf((char const*)hdr.contents(), hdr.size()); return true; }
/// %Realm List command handler bool AuthSocket::_HandleRealmList() { DEBUG_LOG("Entering _HandleRealmList"); if (socket().recv_len() < 5) return false; socket().recv_skip(5); ///- Get the user id (else close the connection) // No SQL injection (escaped user name) QueryResult_AutoPtr result = loginDatabase.PQuery("SELECT id,sha_pass_hash FROM account WHERE username = '******'",_safelogin.c_str()); if (!result) { sLog.outError("[ERROR] user %s tried to login and we cannot find him in the database.",_login.c_str()); socket().shutdown(); return false; } uint32 id = (*result)[0].GetUInt32(); std::string rI = (*result)[1].GetCppString(); ///- Update realm list if need m_realmList.UpdateIfNeed(); RealmList::RealmMap::const_iterator rlm; RealmList built_realmList; for (rlm = m_realmList.begin(); rlm != m_realmList.end(); ++rlm) { if ( _expversion & POST_BC_EXP_FLAG )//2.4.3 and 3.1.3 cliens { if (rlm->second.gamebuild == _build) built_realmList.AddRealm(rlm->second); } else if ( _expversion & PRE_BC_EXP_FLAG )//1.12.1 and 1.12.2 clients are compatible with eachother { if ( AuthHelper::IsPreBCAcceptedClientBuild ( rlm->second.gamebuild ) ) built_realmList.AddRealm(rlm->second); } } ///- Circle through realms in the RealmList and construct the return packet (including # of user characters in each realm) ByteBuffer pkt; pkt << (uint32) 0; if ( _expversion & POST_BC_EXP_FLAG )//only 2.4.3 and 3.1.3 cliens pkt << (uint16) built_realmList.size(); else pkt << (uint32) built_realmList.size(); RealmList::RealmMap::const_iterator i; for (i = built_realmList.begin(); i != built_realmList.end(); ++i) { uint8 AmountOfCharacters; // No SQL injection. id of realm is controlled by the database. result = loginDatabase.PQuery("SELECT numchars FROM realmcharacters WHERE realmid = '%d' AND acctid='%u'",i->second.m_ID,id); if (result) { Field *fields = result->Fetch(); AmountOfCharacters = fields[0].GetUInt8(); } else AmountOfCharacters = 0; uint8 lock = (i->second.allowedSecurityLevel > _accountSecurityLevel) ? 1 : 0; pkt << i->second.icon; // realm type if ( _expversion & POST_BC_EXP_FLAG )//only 2.4.3 and 3.1.3 cliens pkt << lock; // if 1, then realm locked pkt << i->second.color; // if 2, then realm is offline pkt << i->first; pkt << i->second.address; pkt << i->second.populationLevel; pkt << AmountOfCharacters; pkt << i->second.timezone; // realm category if ( _expversion & POST_BC_EXP_FLAG )//2.4.3 and 3.1.3 clients pkt << (uint8) 0x2C; // unk, may be realm number/id? else pkt << (uint8) 0x0; //1.12.1 and 1.12.2 clients } if ( _expversion & POST_BC_EXP_FLAG )//2.4.3 and 3.1.3 cliens { pkt << (uint8) 0x10; pkt << (uint8) 0x00; }else{//1.12.1 and 1.12.2 clients pkt << (uint8) 0x00; pkt << (uint8) 0x02; } ByteBuffer hdr; hdr << (uint8) REALM_LIST; hdr << (uint16)pkt.size(); hdr.append(pkt); socket().send((char const*)hdr.contents(), hdr.size()); return true; }