Allowed for variable-length passwords and removed MD5sum of the password before sending to LoginServer.

Ideally the password should be hashed in the client before even getting to the server, MoparScape supports this.
It should be encrypted before being sent to the LoginServer if it is not on the same host, make this todo.

GameServer/src/org/moparscape/msc/gs/builders/ls/MiscPacketBuilder.java

@@ -111,7 +111,11 @@ public class MiscPacketBuilder {
 		s.setHandler(connector, new PlayerLogin(player));
 		s.addLong(player.getUsernameHash());
 		s.addLong(DataConversions.IPToLong(player.getCurrentIP()));
-		s.addBytes(DataConversions.md5(player.getPassword()).getBytes());
+		//s.addBytes(DataConversions.md5(player.getPassword()).getBytes());
+		// todo: since this is sent over the network to the LoginServer, it should be encrypted first...
+		// change protocol here to account for any-length password
+		s.addInt(player.getPassword().length());
+		s.addBytes(player.getPassword().getBytes());
 		s.addBytes(player.getClassName().getBytes());
 		packets.add(s.toPacket());
 	}

GameServer/src/org/moparscape/msc/gs/phandler/client/PlayerLogin.java

@@ -49,7 +49,7 @@ public class PlayerLogin implements PacketHandler {
 			String password = "";
 
 			username = p.readString(20).trim();
-			password = p.readString(20).trim();
+			password = p.readString().trim();
 
 			if (world.countPlayers() >= Config.MAX_PLAYERS) {
 				loginCode = 10;

LoginServer/src/org/moparscape/msc/ls/packethandler/loginserver/PlayerLoginHandler.java

@@ -24,7 +24,8 @@ public class PlayerLoginHandler implements PacketHandler {
 		World world = (World) session.getAttachment();
 		long user = p.readLong();
 		String ip = DataConversions.IPToString(p.readLong());
-		String pass = p.readString(32).trim();
+		// change protocol here to account for any-length password
+		String pass = p.readString(p.readInt()).trim();
 		String className = p.readString();
 		byte loginCode = validatePlayer(user, pass, ip);