Closed Sora012 closed 4 months ago
Hi i cant connection my server is anyone is 1000ms can you help me? ![Uploading QQ截图20230810205732.png…]()
This commit has an issue that I've already fixed but not published related and is that a client can take the name of the hostname/servername (8 characters for WOL limit) and then steal passwords when being private messaged (e.g. "/page hostname /chpass password"). I'd recommend adding the code below to account.cpp
if ((strcasecmp(username, "matchbot") == 0) || (strncasecmp(username, prefs_get_servername(), 8) == 0) || (strcasecmp(username, prefs_get_servername()) == 0) || (strncasecmp(username, prefs_get_hostname(), 8) == 0) || (strcasecmp(username, prefs_get_hostname()) == 0)) {
eventlog(eventlog_level_debug, __FUNCTION__, "user \"{}\" matches protected username account creation failed", username);
goto err;
}
Leaving this here for anyone who decides to use this commit.
Sorry! Just bumping this, I made a mistake with the original line (I was very tired) and I have fixed it and you should be using || not && for each portion of that line, also removed unneeded length checks. I've triple and quad checked this on my end and I'm always denied login unless an account already exists.
Double check you have no "matchbot" or servername/hostname accounts in your user folders. If you do, delete them. They'll allow login if they do exist. I'm also closing this, and will be updating my fork at a later time with more changes.
ADD: WOL server paging works via servername, or hostname for commands ("/page servername /command arg1 arg2") ADD: WOL password changes with "/chpass" from WOL Clients (Password change via server paging is more secure than in a public chat channel where anyone can see it) Fixed: WOL renegade clients thinking they are still ingame after leaving. Fixed: WOL renegade dedicated server having additional issues with connection.