Verify members in db on expedition invites

Fixes an exploit where multiple accepted cross zone invites could race
with cache updates and allow an expedition to exceed its max members

zone/expedition.cpp

@@ -782,7 +782,7 @@ bool Expedition::ProcessAddConflicts(Client* leader_client, Client* add_client,
 	}
 
 	// swapping ignores the max player count check since it's a 1:1 change
-	if (!swapping && GetMemberCount() >= m_max_players)
+	if (!swapping && ExpeditionDatabase::GetMemberCount(m_id) >= m_max_players)
 	{
 		SendLeaderMessage(leader_client, Chat::Red, DZADD_EXCEED_MAX, { fmt::format_int(m_max_players).str() });
 		has_conflict = true;
@@ -834,9 +834,13 @@ void Expedition::DzInviteResponse(Client* add_client, bool accepted, const std::
 	}
 
 	// error if swapping and character was already removed before the accept
-	if (was_swap_invite && !HasMember(swap_remove_name))
+	if (was_swap_invite)
 	{
-		has_conflicts = true;
+		auto swap_member = GetMemberData(swap_remove_name);
+		if (!swap_member.IsValid() || !ExpeditionDatabase::HasMember(m_id, swap_member.char_id))
+		{
+			has_conflicts = true;
+		}
 	}
 
 	if (has_conflicts)