From 05ae1b304ad3fdcd677a55558f2bbf0ab4c1ea8d Mon Sep 17 00:00:00 2001 From: Kyle Spier-Swenson Date: Mon, 2 Apr 2018 06:25:42 -0700 Subject: [PATCH] Cid randomizer check no longer triggers if the user's cid changes once then changes back (#36887) * Cid randomizer check no longer triggers if the user's cid changes once then changes back Normally, we only check for the randomizer if their cid changed from their last allowed connection. In some edge cases, somebody's cid can be different from a one time glitch, then change back on the next connection. We now detect such cases and allow the connection. * Update client_procs.dm * Update client_procs.dm --- code/modules/client/client_procs.dm | 33 +++++++++++++---------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/code/modules/client/client_procs.dm b/code/modules/client/client_procs.dm index b036e826c9..17f8430b68 100644 --- a/code/modules/client/client_procs.dm +++ b/code/modules/client/client_procs.dm @@ -546,7 +546,13 @@ GLOBAL_LIST_EMPTY(external_rsc_urls) var/static/tokens = list() var/static/cidcheck_failedckeys = list() //to avoid spamming the admins if the same guy keeps trying. var/static/cidcheck_spoofckeys = list() + var/sql_ckey = sanitizeSQL(ckey) + var/datum/DBQuery/query_cidcheck = SSdbcore.NewQuery("SELECT computerid FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'") + query_cidcheck.Execute() + var/lastcid + if (query_cidcheck.NextRow()) + lastcid = query_cidcheck.item[1] var/oldcid = cidcheck[ckey] if (oldcid) @@ -565,7 +571,7 @@ GLOBAL_LIST_EMPTY(external_rsc_urls) qdel(src) return TRUE - if (oldcid != computer_id) //IT CHANGED!!! + if (oldcid != computer_id && computer_id != lastcid) //IT CHANGED!!! cidcheck -= ckey //so they can try again after removing the cid randomizer. to_chat(src, "Connection Error:") @@ -590,26 +596,17 @@ GLOBAL_LIST_EMPTY(external_rsc_urls) message_admins("[key_name_admin(src)] has been allowed to connect after appearing to have attempted to spoof a cid randomizer check because it appears they aren't spoofing one this time") cidcheck_spoofckeys -= ckey cidcheck -= ckey - else - var/sql_ckey = sanitizeSQL(ckey) - var/datum/DBQuery/query_cidcheck = SSdbcore.NewQuery("SELECT computerid FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'") - query_cidcheck.Execute() + else if (computer_id != lastcid) + cidcheck[ckey] = computer_id + tokens[ckey] = cid_check_reconnect() - var/lastcid - if (query_cidcheck.NextRow()) - lastcid = query_cidcheck.item[1] + sleep(5 SECONDS) //browse is queued, we don't want them to disconnect before getting the browse() command. - if (computer_id != lastcid) - cidcheck[ckey] = computer_id - tokens[ckey] = cid_check_reconnect() + //we sleep after telling the client to reconnect, so if we still exist something is up + log_access("Forced disconnect: [key] [computer_id] [address] - CID randomizer check") - sleep(5 SECONDS) //browse is queued, we don't want them to disconnect before getting the browse() command. - - //we sleep after telling the client to reconnect, so if we still exist something is up - log_access("Forced disconnect: [key] [computer_id] [address] - CID randomizer check") - - qdel(src) - return TRUE + qdel(src) + return TRUE /client/proc/cid_check_reconnect() var/token = md5("[rand(0,9999)][world.time][rand(0,9999)][ckey][rand(0,9999)][address][rand(0,9999)][computer_id][rand(0,9999)]")