From e96d1970a7b4f9cc693323b6ed58598960ab30a1 Mon Sep 17 00:00:00 2001
From: relesgoe <RElesgoe@users.noreply.github.com>
Date: Tue, 8 Dec 2020 21:27:18 -0800
Subject: [PATCH] Check whether account has bot access or is locked before
 attempting to compare account's password hash in handle_telnet_packet()

---
 src/bnetd/handle_telnet.cpp | 68 ++++++++++++++++++-------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/bnetd/handle_telnet.cpp b/src/bnetd/handle_telnet.cpp
index ed61e26..12a9d59 100644
--- a/src/bnetd/handle_telnet.cpp
+++ b/src/bnetd/handle_telnet.cpp
@@ -200,6 +200,40 @@ namespace pvpgn
 						packet_del_ref(rpacket);
 						break;
 					}
+
+					if (account_get_auth_botlogin(account) != 1) /* default to false */
+					{
+						eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (no bot access)", conn_get_socket(c), account_get_name(account));
+						conn_set_state(c, conn_state_bot_username);
+
+						if (!(rpacket = packet_create(packet_class_raw)))
+						{
+							eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
+							break;
+						}
+
+						packet_append_ntstring(rpacket, tempb);
+						conn_push_outqueue(c, rpacket);
+						packet_del_ref(rpacket);
+						break;
+					}
+					else if (account_get_auth_lock(account) == 1) /* default to false */
+					{
+						eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (this account is locked)", conn_get_socket(c), account_get_name(account));
+						conn_set_state(c, conn_state_bot_username);
+
+						if (!(rpacket = packet_create(packet_class_raw)))
+						{
+							eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
+							break;
+						}
+
+						packet_append_ntstring(rpacket, tempb);
+						conn_push_outqueue(c, rpacket);
+						packet_del_ref(rpacket);
+						break;
+					}
+					
 					if ((oldstrhash1 = account_get_pass(account)))
 					{
 						if (hash_set_str(&oldpasshash1, oldstrhash1) < 0)
@@ -260,40 +294,6 @@ namespace pvpgn
 							break;
 						}
 
-
-						if (account_get_auth_botlogin(account) != 1) /* default to false */
-						{
-							eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (no bot access)", conn_get_socket(c), account_get_name(account));
-							conn_set_state(c, conn_state_bot_username);
-
-							if (!(rpacket = packet_create(packet_class_raw)))
-							{
-								eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
-								break;
-							}
-
-							packet_append_ntstring(rpacket, tempb);
-							conn_push_outqueue(c, rpacket);
-							packet_del_ref(rpacket);
-							break;
-						}
-						else if (account_get_auth_lock(account) == 1) /* default to false */
-						{
-							eventlog(eventlog_level_info, __FUNCTION__, "[{}] bot login for \"{}\" refused (this account is locked)", conn_get_socket(c), account_get_name(account));
-							conn_set_state(c, conn_state_bot_username);
-
-							if (!(rpacket = packet_create(packet_class_raw)))
-							{
-								eventlog(eventlog_level_error, __FUNCTION__, "[{}] could not create rpacket", conn_get_socket(c));
-								break;
-							}
-
-							packet_append_ntstring(rpacket, tempb);
-							conn_push_outqueue(c, rpacket);
-							packet_del_ref(rpacket);
-							break;
-						}
-
 						eventlog(eventlog_level_info, __FUNCTION__, "[{}] \"{}\" bot logged in (correct password)", conn_get_socket(c), account_get_name(account));
 #ifdef WITH_LUA
 						if (lua_handle_user(c, NULL, NULL, luaevent_user_login) == 1)