Character delete patch
Removed an exploit where characters of different accounts could be deleted by a logging account session. Issue pointed out by zera.
This commit is contained in:
@@ -17,10 +17,6 @@
|
|||||||
You should have received a copy of the GNU Affero General Public License
|
You should have received a copy of the GNU Affero General Public License
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
/* NPC Base
|
|
||||||
Map Name (Map ID)
|
|
||||||
Extra NPC info.
|
|
||||||
*/
|
|
||||||
|
|
||||||
var status;
|
var status;
|
||||||
|
|
||||||
|
|||||||
@@ -17,10 +17,6 @@
|
|||||||
You should have received a copy of the GNU Affero General Public License
|
You should have received a copy of the GNU Affero General Public License
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
/* NPC Base
|
|
||||||
Map Name (Map ID)
|
|
||||||
Extra NPC info.
|
|
||||||
*/
|
|
||||||
|
|
||||||
var status;
|
var status;
|
||||||
|
|
||||||
|
|||||||
@@ -17,10 +17,6 @@
|
|||||||
You should have received a copy of the GNU Affero General Public License
|
You should have received a copy of the GNU Affero General Public License
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
/* NPC Base
|
|
||||||
Map Name (Map ID)
|
|
||||||
Extra NPC info.
|
|
||||||
*/
|
|
||||||
|
|
||||||
var status;
|
var status;
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,6 @@
|
|||||||
NPC: Blocked Entrance (portal?)
|
NPC: Blocked Entrance (portal?)
|
||||||
MAP: Mushroom Castle - East Castle Tower (106021400)
|
MAP: Mushroom Castle - East Castle Tower (106021400)
|
||||||
*/
|
*/
|
||||||
importPackage(Packages.tools);
|
|
||||||
|
|
||||||
var status;
|
var status;
|
||||||
|
|
||||||
|
|||||||
@@ -965,8 +965,37 @@ public class MapleClient {
|
|||||||
return Server.getInstance().getChannel(world, channel);
|
return Server.getInstance().getChannel(world, channel);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean hasCharacter(int cid) throws SQLException {
|
||||||
|
Connection con = null;
|
||||||
|
PreparedStatement ps = null;
|
||||||
|
ResultSet rs = null;
|
||||||
|
|
||||||
|
try {
|
||||||
|
con = DatabaseConnection.getConnection();
|
||||||
|
ps = con.prepareStatement("SELECT id FROM characters WHERE accountid = ?");
|
||||||
|
ps.setInt(1, getAccID());
|
||||||
|
|
||||||
|
rs = ps.executeQuery();
|
||||||
|
while (rs.next()) {
|
||||||
|
if (rs.getInt("id") == cid) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
if(rs != null && !rs.isClosed()) rs.close();
|
||||||
|
if(ps != null && !ps.isClosed()) ps.close();
|
||||||
|
if(con != null && !con.isClosed()) con.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public boolean deleteCharacter(int cid) {
|
public boolean deleteCharacter(int cid) {
|
||||||
try {
|
try {
|
||||||
|
if(!hasCharacter(cid)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return MapleCharacter.deleteCharFromDB(MapleCharacter.loadCharFromDB(cid, this, false));
|
return MapleCharacter.deleteCharFromDB(MapleCharacter.loadCharFromDB(cid, this, false));
|
||||||
} catch(SQLException ex) {
|
} catch(SQLException ex) {
|
||||||
ex.printStackTrace();
|
ex.printStackTrace();
|
||||||
|
|||||||
@@ -34,9 +34,12 @@ public final class DeleteCharHandler extends AbstractMaplePacketHandler {
|
|||||||
String pic = slea.readMapleAsciiString();
|
String pic = slea.readMapleAsciiString();
|
||||||
int cid = slea.readInt();
|
int cid = slea.readInt();
|
||||||
if (c.checkPic(pic)) {
|
if (c.checkPic(pic)) {
|
||||||
FilePrinter.printError(FilePrinter.DELETED_CHARACTERS + c.getAccountName() + ".txt", c.getAccountName() + " deleted CID: " + cid + "\r\n");
|
if(c.deleteCharacter(cid)) {
|
||||||
c.announce(MaplePacketCreator.deleteCharResponse(cid, 0));
|
FilePrinter.printError(FilePrinter.DELETED_CHARACTERS + c.getAccountName() + ".txt", c.getAccountName() + " deleted CID: " + cid + "\r\n");
|
||||||
c.deleteCharacter(cid);
|
c.announce(MaplePacketCreator.deleteCharResponse(cid, 0));
|
||||||
|
} else {
|
||||||
|
c.announce(MaplePacketCreator.deleteCharResponse(cid, 0x14));
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
c.announce(MaplePacketCreator.deleteCharResponse(cid, 0x14));
|
c.announce(MaplePacketCreator.deleteCharResponse(cid, 0x14));
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user