diff --git a/code/modules/economy/ATM.dm b/code/modules/economy/ATM.dm index aac37d104a8..cc71897a033 100644 --- a/code/modules/economy/ATM.dm +++ b/code/modules/economy/ATM.dm @@ -213,6 +213,7 @@ log transactions /obj/machinery/atm/Topic(var/href, var/href_list) if(href_list["choice"]) + if (!usr.Adjacent(src)) return switch(href_list["choice"]) if("transfer") if(authenticated_account) @@ -249,58 +250,44 @@ log transactions authenticated_account.security_level = new_sec_level if("attempt_auth") - // check if they have low security enabled - scan_user(usr) + //scan_user(usr) // ATMs shouldn't be able to scan people for a card - Bedshaped - if(!ticks_left_locked_down && held_card) - var/tried_account_num = text2num(href_list["account_num"]) - if(!tried_account_num) - tried_account_num = held_card.associated_account_number - var/tried_pin = text2num(href_list["account_pin"]) + if (ticks_left_locked_down) return + if (!held_card && !href_list["account_num"]) return + var/tried_account_num = text2num(href_list["account_num"]) + if (!tried_account_num && held_card) + tried_account_num = held_card.associated_account_number + var/tried_pin = text2num(href_list["account_pin"]) + var/datum/money_account/potential_account = get_account(tried_account_num) + if (!potential_account) + usr << " \icon[src] Account number not found." + number_incorrect_tries++ + handle_lockdown() + return + switch (potential_account.security_level+1) //checks the security level of an account number to see what checks to do + if (1) // Security level zero + authenticated_account = attempt_account_access(tried_account_num, tried_pin, potential_account.security_level) + // It should be impossible to fail at this point + if (2) // Security level one + authenticated_account = attempt_account_access(text2num(href_list["account_num"]), tried_pin, potential_account.security_level) + if (3) // Security level two + if (held_card) + if (text2num(href_list["account_num"]) != held_card.associated_account_number) + else authenticated_account = attempt_account_access(tried_account_num, tried_pin, potential_account.security_level) + else usr << "Account card not found." + if (!authenticated_account) + number_incorrect_tries++ + usr << " \icon[src] Incorrect pin/account combination entered, [(max_pin_attempts+1) - number_incorrect_tries] attempts remaining." + handle_lockdown(tried_account_num) + else + bank_log_access(authenticated_account, machine_id) + number_incorrect_tries = 0 + playsound(src, 'sound/machines/twobeep.ogg', 50, 1) + ticks_left_timeout = 120 + view_screen = NO_SCREEN + usr << " \icon[src] Access granted. Welcome user '[authenticated_account.owner_name].'" + previous_account_number = tried_account_num - authenticated_account = attempt_account_access(tried_account_num, tried_pin, held_card && held_card.associated_account_number == tried_account_num ? 2 : 1) - if(!authenticated_account) - number_incorrect_tries++ - if(previous_account_number == tried_account_num) - if(number_incorrect_tries > max_pin_attempts) - //lock down the atm - ticks_left_locked_down = 30 - playsound(src, 'sound/machines/buzz-two.ogg', 50, 1) - - //create an entry in the account transaction log - var/datum/money_account/failed_account = get_account(tried_account_num) - if(failed_account) - var/datum/transaction/T = new() - T.target_name = failed_account.owner_name - T.purpose = "Unauthorised login attempt" - T.source_terminal = machine_id - T.date = current_date_string - T.time = worldtime2text() - failed_account.transaction_log.Add(T) - else - usr << "\red \icon[src] Incorrect pin/account combination entered, [max_pin_attempts - number_incorrect_tries] attempts remaining." - previous_account_number = tried_account_num - playsound(src, 'sound/machines/buzz-sigh.ogg', 50, 1) - else - usr << "\red \icon[src] incorrect pin/account combination entered." - number_incorrect_tries = 0 - else - playsound(src, 'sound/machines/twobeep.ogg', 50, 1) - ticks_left_timeout = 120 - view_screen = NO_SCREEN - - //create a transaction log entry - var/datum/transaction/T = new() - T.target_name = authenticated_account.owner_name - T.purpose = "Remote terminal access" - T.source_terminal = machine_id - T.date = current_date_string - T.time = worldtime2text() - authenticated_account.transaction_log.Add(T) - - usr << "\blue \icon[src] Access granted. Welcome user '[authenticated_account.owner_name].'" - - previous_account_number = tried_account_num if("e_withdrawal") var/amount = max(text2num(href_list["funds_amount"]),0) amount = round(amount, 0.01) @@ -372,6 +359,8 @@ log transactions R.overlays += stampoverlay R.stamps += "
This paper has been stamped by the Automatic Teller Machine." + release_held_id(usr) // printing ends the ATM session similar to real life + prevents spam + if(prob(50)) playsound(loc, 'sound/items/polaroid1.ogg', 50, 1) else @@ -418,6 +407,7 @@ log transactions playsound(loc, 'sound/items/polaroid1.ogg', 50, 1) else playsound(loc, 'sound/items/polaroid2.ogg', 50, 1) + release_held_id(usr) // printing ends the ATM session similar to real life + prevents spam if("insert_card") if(!held_card) @@ -464,6 +454,19 @@ log transactions view_screen = NO_SCREEN +// checks if the ATM needs to be locked down and locks it down if it does +/obj/machinery/atm/proc/handle_lockdown(var/tried_account_num = null) + if (number_incorrect_tries > max_pin_attempts) + //lock down the atm + var/area/t = get_area(src) + ticks_left_locked_down = 60 + playsound(src, 'sound/machines/buzz-two.ogg', 50, 1) + global_announcer.autosay("An ATM has gone into lockdown in [t.name].", machine_id) + if (tried_account_num) + bank_log_unauthorized(get_account(tried_account_num), machine_id) + view_screen = NO_SCREEN + else playsound(src, 'sound/machines/buzz-sigh.ogg', 50, 1) + // put the currently held id on the ground or in the hand of the user /obj/machinery/atm/proc/release_held_id(mob/living/carbon/human/human_user as mob) if(!held_card) diff --git a/code/modules/economy/Accounts.dm b/code/modules/economy/Accounts.dm index a85b18553c3..2507df74920 100644 --- a/code/modules/economy/Accounts.dm +++ b/code/modules/economy/Accounts.dm @@ -110,3 +110,24 @@ for(var/datum/money_account/D in all_money_accounts) if(D.account_number == account_number) return D + return 0 + +/proc/bank_log_unauthorized(var/datum/money_account/bank_account, var/machine_id = "Unknown machine ID") + var/datum/transaction/T = new() + T.target_name = bank_account.owner_name + T.purpose = "Unauthorised login attempt" + T.source_terminal = machine_id + T.date = worlddate2text() + T.time = worldtime2text() + bank_account.transaction_log.Add(T) + return + +/proc/bank_log_access(var/datum/money_account/bank_account, var/machine_id = "Unknown machine ID") + var/datum/transaction/T = new() + T.target_name = bank_account.owner_name + T.purpose = "Remote terminal access" + T.source_terminal = machine_id + T.date = worlddate2text() + T.time = worldtime2text() + bank_account.transaction_log.Add(T) + return \ No newline at end of file diff --git a/html/changelog.html b/html/changelog.html index dd838a097cd..f193a90bc65 100644 --- a/html/changelog.html +++ b/html/changelog.html @@ -56,6 +56,17 @@ -->
+

31 August 2016

+

Bedshaped updated:

+ +

25 August 2016

Bedshaped updated: