void InstanceSaveManager::_DelHelper(DatabaseType &db, const char *fields, const char *table, const char *queryTail, ...) { Tokens fieldTokens = StrSplit(fields, ", "); ASSERT(fieldTokens.size() != 0); va_list ap; char szQueryTail [MAX_QUERY_LEN]; va_start(ap, queryTail); vsnprintf(szQueryTail, MAX_QUERY_LEN, queryTail, ap); va_end(ap); QueryResult_AutoPtr result = db.PQuery("SELECT %s FROM %s %s", fields, table, szQueryTail); if (result) { do { Field *fields = result->Fetch(); std::ostringstream ss; for (size_t i = 0; i < fieldTokens.size(); i++) { std::string fieldValue = fields[i].GetCppString(); db.EscapeString(fieldValue); ss << (i != 0 ? " AND " : "") << fieldTokens[i] << " = '" << fieldValue << "'"; } db.DirectPExecute("DELETE FROM %s WHERE %s", table, ss.str().c_str()); } while (result->NextRow()); } }
bool AccountMgr::CheckPassword(uint32 accid, std::string passwd) { normalizeString(passwd); LoginDatabase.EscapeString(passwd); QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d' AND sha_pass_hash=Sha1(CONCAT(UPPER(username), ':', UPPER('%s')))", accid, passwd.c_str()); if (result) return true; return false; }
uint32 AccountMgr::GetId(std::string username) { LoginDatabase.EscapeString(username); QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT id FROM account WHERE username = '******'", username.c_str()); if (!result) return 0; else { uint32 id = (*result)[0].GetUInt32(); return id; } }
AccountOpResult AccountMgr::ChangeUsername(uint32 accid, std::string new_uname, std::string new_passwd) { QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accid); if (!result) return AOR_NAME_NOT_EXIST; // account doesn't exist if (utf8length(new_uname) > MAX_ACCOUNT_STR) return AOR_NAME_TOO_LONG; if (utf8length(new_passwd) > MAX_ACCOUNT_STR) return AOR_PASS_TOO_LONG; normalizeString(new_uname); normalizeString(new_passwd); LoginDatabase.EscapeString(new_uname); LoginDatabase.EscapeString(new_passwd); if (!LoginDatabase.PExecute("UPDATE account SET username='******', sha_pass_hash=Sha1(CONCAT('%s', ':', '%s')) WHERE id='%d'", new_uname.c_str(), new_uname.c_str(), new_passwd.c_str(), accid)) return AOR_DB_INTERNAL_ERROR; // unexpected error return AOR_OK; }
AccountOpResult AccountMgr::ChangePassword(uint32 accid, std::string new_passwd) { QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accid); if (!result) return AOR_NAME_NOT_EXIST; // account doesn't exist if (utf8length(new_passwd) > MAX_ACCOUNT_STR) return AOR_PASS_TOO_LONG; normalizeString(new_passwd); LoginDatabase.EscapeString(new_passwd); // also reset s and v to force update at next realmd login if (!LoginDatabase.PExecute("UPDATE account SET v='0', s='0', sha_pass_hash=Sha1("_CONCAT3_("username", "':'", "'%s'")") WHERE id='%d'", new_passwd.c_str(), accid)) return AOR_DB_INTERNAL_ERROR; // unexpected error return AOR_OK; }
AccountOpResult AccountMgr::CreateAccount(std::string username, std::string password) { if (utf8length(username) > MAX_ACCOUNT_STR) return AOR_NAME_TOO_LONG; // username's too long normalizeString(username); normalizeString(password); LoginDatabase.EscapeString(username); LoginDatabase.EscapeString(password); QueryResult_AutoPtr result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE username = '******'", username.c_str()); if (result) return AOR_NAME_ALREDY_EXIST; // username does already exist if (!LoginDatabase.PExecute("INSERT INTO account(username, sha_pass_hash, joindate) VALUES('%s', Sha1(CONCAT('%s', ':', '%s')), NOW())", username.c_str(), username.c_str(), password.c_str())) return AOR_DB_INTERNAL_ERROR; // unexpected error LoginDatabase.Execute("INSERT INTO realmcharacters (realmid, acctid, numchars) SELECT realmlist.id, account.id, 0 FROM realmlist, account LEFT JOIN realmcharacters ON acctid=account.id WHERE acctid IS NULL"); return AOR_OK; // everything's fine }