From da2a6205ed14f51f876b0e07478f807f0f8cad41 Mon Sep 17 00:00:00 2001 From: hg <4683435+hgtw@users.noreply.github.com> Date: Sat, 13 Jun 2020 19:44:27 -0400 Subject: [PATCH] Use replay timer uuid to allow re-invite Instead of allowing all previous members to bypass a replay timer conflict, only allow if expedition uuid of the lockout matches This fixes an exploit for expeditions that add delayed replay timers. Members could be part of an expedition on creation and then quit to form another expedition. They could then always be re-invited to the original expedition even with a conflicting replay timer lockout. --- zone/expedition.cpp | 63 ++++++++++++++++++------------------ zone/expedition_database.cpp | 4 ++- 2 files changed, 34 insertions(+), 33 deletions(-) diff --git a/zone/expedition.cpp b/zone/expedition.cpp index 1f15d18e7..60a699293 100644 --- a/zone/expedition.cpp +++ b/zone/expedition.cpp @@ -691,44 +691,43 @@ bool Expedition::ProcessAddConflicts(Client* leader_client, Client* add_client, has_conflict = true; } - // client with a replay lockout is allowed only if they were a previous member - auto member_iter = m_member_id_history.find(add_client->CharacterID()); - bool was_member = (member_iter != m_member_id_history.end()); - if (!was_member) - { - auto replay_lockout = add_client->GetExpeditionLockout(m_expedition_name, DZ_REPLAY_TIMER_NAME); - if (replay_lockout) - { - has_conflict = true; - - auto time_remaining = replay_lockout->GetDaysHoursMinutesRemaining(); - SendLeaderMessage(leader_client, Chat::Red, DZADD_REPLAY_TIMER, { - add_client->GetName(), - time_remaining.days, - time_remaining.hours, - time_remaining.mins - }); - } - } - // check any extra event lockouts for this expedition that the client has and expedition doesn't auto client_lockouts = add_client->GetExpeditionLockouts(m_expedition_name); for (const auto& client_lockout : client_lockouts) { - bool is_missing_lockout = (m_lockouts.find(client_lockout.GetEventName()) == m_lockouts.end()); - if (!client_lockout.IsReplayTimer() && is_missing_lockout) + if (client_lockout.IsReplayTimer()) { - has_conflict = true; + // client with a replay lockout is allowed only if the replay timer was from this expedition + if (client_lockout.GetExpeditionUUID() != GetUUID()) + { + has_conflict = true; - auto time_remaining = client_lockout.GetDaysHoursMinutesRemaining(); - SendLeaderMessage(leader_client, Chat::Red, DZADD_EVENT_TIMER, { - add_client->GetName(), - client_lockout.GetEventName(), - time_remaining.days, - time_remaining.hours, - time_remaining.mins, - client_lockout.GetEventName() - }); + auto time_remaining = client_lockout.GetDaysHoursMinutesRemaining(); + SendLeaderMessage(leader_client, Chat::Red, DZADD_REPLAY_TIMER, { + add_client->GetName(), + time_remaining.days, + time_remaining.hours, + time_remaining.mins + }); + } + } + else + { + bool is_missing_lockout = (m_lockouts.find(client_lockout.GetEventName()) == m_lockouts.end()); + if (is_missing_lockout) + { + has_conflict = true; + + auto time_remaining = client_lockout.GetDaysHoursMinutesRemaining(); + SendLeaderMessage(leader_client, Chat::Red, DZADD_EVENT_TIMER, { + add_client->GetName(), + client_lockout.GetEventName(), + time_remaining.days, + time_remaining.hours, + time_remaining.mins, + client_lockout.GetEventName() + }); + } } } diff --git a/zone/expedition_database.cpp b/zone/expedition_database.cpp index 18d952e4a..00c7b6418 100644 --- a/zone/expedition_database.cpp +++ b/zone/expedition_database.cpp @@ -227,7 +227,9 @@ ExpeditionDatabase::LoadMultipleExpeditionLockouts( MySQLRequestResult ExpeditionDatabase::LoadMembersForCreateRequest( const std::vector& character_names, const std::string& expedition_name) { - LogExpeditionsDetail("Loading multiple characters data for [{}] request", expedition_name); + LogExpeditionsDetail( + "Loading data of [{}] characters for [{}] request", character_names.size(), expedition_name + ); std::string in_character_names_query; for (const auto& character_name : character_names)