Check whether account has bot access or is locked before attempting to compare account's password hash in handle_telnet_packet()

2020-12-08 21:27:18 -08:00 · 2020-12-08 21:27:18 -08:00 · e96d1970a7
commit e96d1970a7
parent 101c041330
1 changed files with 34 additions and 34 deletions
--- a/src/bnetd/handle_telnet.cpp
+++ b/src/bnetd/handle_telnet.cpp
@ -200,6 +200,40 @@ namespace pvpgn
 						packet_del_ref(rpacket);
 						break;
 					}
+
+					if (account_get_auth_botlogin(account) != 1) /* default to false */
+					{
+						eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (no bot access)", conn_get_socket(c), account_get_name(account));
+						conn_set_state(c, conn_state_bot_username);
+
+						if (!(rpacket = packet_create(packet_class_raw)))
+						{
+							eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
+							break;
+						}
+
+						packet_append_ntstring(rpacket, tempb);
+						conn_push_outqueue(c, rpacket);
+						packet_del_ref(rpacket);
+						break;
+					}
+					else if (account_get_auth_lock(account) == 1) /* default to false */
+					{
+						eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (this account is locked)", conn_get_socket(c), account_get_name(account));
+						conn_set_state(c, conn_state_bot_username);
+
+						if (!(rpacket = packet_create(packet_class_raw)))
+						{
+							eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
+							break;
+						}
+
+						packet_append_ntstring(rpacket, tempb);
+						conn_push_outqueue(c, rpacket);
+						packet_del_ref(rpacket);
+						break;
+					}
+					
 					if ((oldstrhash1 = account_get_pass(account)))
 					{
 						if (hash_set_str(&oldpasshash1, oldstrhash1) < 0)
@ -260,40 +294,6 @@ namespace pvpgn
 							break;
 						}

-
-						if (account_get_auth_botlogin(account) != 1) /* default to false */
-						{
-							eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (no bot access)", conn_get_socket(c), account_get_name(account));
-							conn_set_state(c, conn_state_bot_username);
-
-							if (!(rpacket = packet_create(packet_class_raw)))
-							{
-								eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
-								break;
-							}
-
-							packet_append_ntstring(rpacket, tempb);
-							conn_push_outqueue(c, rpacket);
-							packet_del_ref(rpacket);
-							break;
-						}
-						else if (account_get_auth_lock(account) == 1) /* default to false */
-						{
-							eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (this account is locked)", conn_get_socket(c), account_get_name(account));
-							conn_set_state(c, conn_state_bot_username);
-
-							if (!(rpacket = packet_create(packet_class_raw)))
-							{
-								eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
-								break;
-							}
-
-							packet_append_ntstring(rpacket, tempb);
-							conn_push_outqueue(c, rpacket);
-							packet_del_ref(rpacket);
-							break;
-						}
-
 						eventlog(eventlog_level_info, __FUNCTION__, "[{}] \"{}\" bot logged in (correct password)", conn_get_socket(c), account_get_name(account));
 #ifdef WITH_LUA
 						if (lua_handle_user(c, NULL, NULL, luaevent_user_login) == 1)