The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in.
Actions of the packet handler
This handler will decipher the packet into the player's account particulars, i.e the account name and password.
It will send a packet back to the player, indicating login failure if
- searching the database for the account name yields nothing
- the password doesn't match with the one in database
- the account is already logged in
- the account is banned
If login success if sent, in GMS, the game client will send back a packet to the server which triggers the Pin Operation Handler.
Packet edits may alter the account name and password to contain illegal characters, such as spaces and punctuations, which poses the threat of SQL injection. This can be avoided using filters or simply using parameterized statements in your SQL statements.