Made4forum (talk | contribs) mNo edit summary |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in. |
+ | ==The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in.== |
− | |||
==Actions of the packet handler== |
==Actions of the packet handler== |
||
− | This handler will decipher the packet into the player's account particulars, i.e the account name and password. |
+ | This handler will decipher the packet into the player's account particulars, i.e the account name and password '''''8:24, November 21, 2011 (UTC)[[Special:Contributions/203.13.146.60|203.13.146.60]]''''' |
− | |||
It will send a packet back to the player, indicating login failure if |
It will send a packet back to the player, indicating login failure if |
||
− | *searching the database for the account name yields nothing |
+ | *searching the database for the account name yields nothing`11`12 |
− | *the password doesn't match with the one in |
+ | *the password doesn't match with the one in database1`111``1`12 |
*the account is already logged in |
*the account is already logged in |
||
*the account is banned |
*the account is banned |
||
If login success if sent, in GMS, the game client will send back a packet to the server which triggers the [[Pin Operation Handler]]. |
If login success if sent, in GMS, the game client will send back a packet to the server which triggers the [[Pin Operation Handler]]. |
||
+ | ==[[File:Loginpwhandler.png|thumb|The game client waiting for the login password handler to respond]]== |
||
− | |||
==Possible exploits== |
==Possible exploits== |
Latest revision as of 08:26, 21 November 2011
The login password handler is a packet handler used by the login server. It is triggered when the player clicks 'Login' at the login page with his account particulars filled in.[]
Actions of the packet handler[]
This handler will decipher the packet into the player's account particulars, i.e the account name and password 8:24, November 21, 2011 (UTC)203.13.146.60
It will send a packet back to the player, indicating login failure if
- searching the database for the account name yields nothing`11`12
- the password doesn't match with the one in database1`111``1`12
- the account is already logged in
- the account is banned
If login success if sent, in GMS, the game client will send back a packet to the server which triggers the Pin Operation Handler.
[]
Possible exploits[]
Packet edits may alter the account name and password to contain illegal characters, such as spaces and punctuations, which poses the threat of SQL injection. This can be avoided using filters or simply using parameterized statements in your SQL statements.