From 5c2ac5ab24b52c36e0e7cdb7940b5415e029231d Mon Sep 17 00:00:00 2001
From: Akkadius <akkadius1@gmail.com>
Date: Tue, 9 Jul 2019 17:52:04 -0500
Subject: [PATCH] Validate password hash in WS auth [skip ci]

---
 loginserver/world_server.cpp | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/loginserver/world_server.cpp b/loginserver/world_server.cpp
index d8782451a..48bf57d13 100644
--- a/loginserver/world_server.cpp
+++ b/loginserver/world_server.cpp
@@ -756,7 +756,12 @@ bool WorldServer::HandleNewLoginserverRegisteredOnly(
 
 			bool does_world_server_pass_authentication_check = (
 				world_registration.server_admin_account_name == this->GetAccountName() &&
-				world_registration.server_admin_account_password == this->GetAccountPassword()
+					eqcrypt_verify_hash(
+						GetAccountName(),
+						GetAccountPassword(),
+						world_registration.server_admin_account_password,
+						server.options.GetEncryptionMode()
+					)
 			);
 
 			this
@@ -842,7 +847,12 @@ bool WorldServer::HandleNewLoginserverInfoUnregisteredAllowed(
 
 		bool does_world_server_pass_authentication_check = (
 			world_registration.server_admin_account_name == this->GetAccountName() &&
-			world_registration.server_admin_account_password == this->GetAccountPassword()
+				eqcrypt_verify_hash(
+					GetAccountName(),
+					GetAccountPassword(),
+					world_registration.server_admin_account_password,
+					server.options.GetEncryptionMode()
+				)
 		);
 
 		bool does_world_server_have_non_empty_credentials = (
@@ -852,7 +862,6 @@ bool WorldServer::HandleNewLoginserverInfoUnregisteredAllowed(
 
 		if (does_world_server_have_non_empty_credentials) {
 			if (does_world_server_pass_authentication_check) {
-
 				this->SetIsServerAuthorized(true);
 
 				LogInfo(