MapleStory Private Server Wiki
(Created page with 'right|300px&nbsp The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page wi…')
 
Line 1: Line 1:
  +
[[File:Placeholder|right|300px]]&nbsp
 
 
The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in.
 
The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in.
   
Line 18: Line 18:
 
==Possible exploits==
 
==Possible exploits==
 
[[Packet editing|Packet edits]] may alter the account name and password to contain illegal characters, such as spaces and punctuations, which poses the threat of [http://en.wikipedia.org/wiki/SQL_injection SQL injection]. This can be avoided using filters or simply using parameterized statements in your SQL statements.
 
[[Packet editing|Packet edits]] may alter the account name and password to contain illegal characters, such as spaces and punctuations, which poses the threat of [http://en.wikipedia.org/wiki/SQL_injection SQL injection]. This can be avoided using filters or simply using parameterized statements in your SQL statements.
[[Category:Packet Handler\]]
+
[[Category:Packet Handler]]

Revision as of 04:15, 19 July 2010

The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in.


Actions of the packet handler

This handler will decipher the packet into the player's account particulars, i.e the account name and password.


It will send a packet back to the player, indicating login failure if

  • searching the database for the account name yields nothing
  • the password doesn't match with the one in database
  • the account is already logged in
  • the account is banned

If login success if sent, in GMS, the game client will send back a packet to the server which triggers the Pin Operation Handler.


Possible exploits

Packet edits may alter the account name and password to contain illegal characters, such as spaces and punctuations, which poses the threat of SQL injection. This can be avoided using filters or simply using parameterized statements in your SQL statements.