From dd6ee1f08e64cc702d31093d31922c44f7c57882 Mon Sep 17 00:00:00 2001 From: Travis Burtrum Date: Fri, 16 Mar 2012 23:19:00 -0400 Subject: [PATCH] Allowed for variable-length passwords and removed MD5sum of the password before sending to LoginServer. Ideally the password should be hashed in the client before even getting to the server, MoparScape supports this. It should be encrypted before being sent to the LoginServer if it is not on the same host, make this todo. --- .../moparscape/msc/gs/builders/ls/MiscPacketBuilder.java | 6 +++++- .../org/moparscape/msc/gs/phandler/client/PlayerLogin.java | 2 +- .../ls/packethandler/loginserver/PlayerLoginHandler.java | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/GameServer/src/org/moparscape/msc/gs/builders/ls/MiscPacketBuilder.java b/GameServer/src/org/moparscape/msc/gs/builders/ls/MiscPacketBuilder.java index 2578025..458b35b 100644 --- a/GameServer/src/org/moparscape/msc/gs/builders/ls/MiscPacketBuilder.java +++ b/GameServer/src/org/moparscape/msc/gs/builders/ls/MiscPacketBuilder.java @@ -111,7 +111,11 @@ public class MiscPacketBuilder { s.setHandler(connector, new PlayerLogin(player)); s.addLong(player.getUsernameHash()); s.addLong(DataConversions.IPToLong(player.getCurrentIP())); - s.addBytes(DataConversions.md5(player.getPassword()).getBytes()); + //s.addBytes(DataConversions.md5(player.getPassword()).getBytes()); + // todo: since this is sent over the network to the LoginServer, it should be encrypted first... + // change protocol here to account for any-length password + s.addInt(player.getPassword().length()); + s.addBytes(player.getPassword().getBytes()); s.addBytes(player.getClassName().getBytes()); packets.add(s.toPacket()); } diff --git a/GameServer/src/org/moparscape/msc/gs/phandler/client/PlayerLogin.java b/GameServer/src/org/moparscape/msc/gs/phandler/client/PlayerLogin.java index 00b0c1a..7bb9fa0 100644 --- a/GameServer/src/org/moparscape/msc/gs/phandler/client/PlayerLogin.java +++ b/GameServer/src/org/moparscape/msc/gs/phandler/client/PlayerLogin.java @@ -49,7 +49,7 @@ public class PlayerLogin implements PacketHandler { String password = ""; username = p.readString(20).trim(); - password = p.readString(20).trim(); + password = p.readString().trim(); if (world.countPlayers() >= Config.MAX_PLAYERS) { loginCode = 10; diff --git a/LoginServer/src/org/moparscape/msc/ls/packethandler/loginserver/PlayerLoginHandler.java b/LoginServer/src/org/moparscape/msc/ls/packethandler/loginserver/PlayerLoginHandler.java index 798ab36..c2eb0d5 100644 --- a/LoginServer/src/org/moparscape/msc/ls/packethandler/loginserver/PlayerLoginHandler.java +++ b/LoginServer/src/org/moparscape/msc/ls/packethandler/loginserver/PlayerLoginHandler.java @@ -24,7 +24,8 @@ public class PlayerLoginHandler implements PacketHandler { World world = (World) session.getAttachment(); long user = p.readLong(); String ip = DataConversions.IPToString(p.readLong()); - String pass = p.readString(32).trim(); + // change protocol here to account for any-length password + String pass = p.readString(p.readInt()).trim(); String className = p.readString(); byte loginCode = validatePlayer(user, pass, ip);