From 9882f1273ecd968025555f3b40d0cac4c4d327ab Mon Sep 17 00:00:00 2001 From: Nyo Date: Thu, 28 Jul 2016 22:23:13 +0200 Subject: [PATCH] .BANCHO. .FIX. Fixed account randomly restricted/banned at login --- events/loginEvent.py | 8 +++++--- helpers/userHelper.py | 13 +++++++------ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/events/loginEvent.py b/events/loginEvent.py index 0f84e1f..ce0c7d5 100644 --- a/events/loginEvent.py +++ b/events/loginEvent.py @@ -89,8 +89,10 @@ def handle(tornadoRequest): glob.verifiedCache[str(userID)] = 0 raise exceptions.loginBannedException() - # Save HWID in db + + # Save HWID in db for multiaccount detection hwAllowed = userHelper.logHardware(userID, clientData, firstLogin) + # This is false only if HWID is empty # if HWID is banned, we get restricted so there's no # need to deny bancho access @@ -98,7 +100,7 @@ def handle(tornadoRequest): raise exceptions.haxException() # Log user IP - userHelper.IPLog(userID, requestIP) + userHelper.logIP(userID, requestIP) # Delete old tokens for that user and generate a new one glob.tokens.deleteOldTokens(userID) @@ -228,7 +230,7 @@ def handle(tornadoRequest): # User tried to log in from unknown IP responseData += serverPackets.needVerification() except exceptions.haxException: - # Using oldoldold client, we can't check hw. Force update. + # Using oldoldold client, we don't have client data. Force update. # (we don't use enqueue because we don't have a token since login has failed) err = True responseData += serverPackets.forceUpdate() diff --git a/helpers/userHelper.py b/helpers/userHelper.py index 6cf14a8..2de89f2 100644 --- a/helpers/userHelper.py +++ b/helpers/userHelper.py @@ -280,10 +280,10 @@ def getShowCountry(userID): return False return generalFunctions.stringToBool(country) -def IPLog(userID, ip): +def logIP(userID, ip): """ - Botnet the user - (log his ip for multiaccount detection) + User IP log + USED FOR MULTIACCOUNT DETECTION """ glob.db.execute("""INSERT INTO ip_user (userid, ip, occurencies) VALUES (%s, %s, '1') ON DUPLICATE KEY UPDATE occurencies = occurencies + 1""", [userID, ip]) @@ -471,8 +471,9 @@ def appendNotes(userID, notes, addNl = True): def logHardware(userID, hashes, activation = False): """ Hardware log + USED FOR MULTIACCOUNT DETECTION - Peppy's botnet structure (new line = "|", already split) + Peppy's botnet (client data) structure (new line = "|", already split) [0] osu! version [1] plain mac addressed, separated by "." [2] mac addresses hash set @@ -496,7 +497,7 @@ def logHardware(userID, hashes, activation = False): banned = glob.db.fetchAll("""SELECT users.id as userid, hw_user.occurencies, users.username FROM hw_user LEFT JOIN users ON users.id = hw_user.userid WHERE hw_user.userid != %(userid)s - AND (IF(%(mac)s!='b4ec3c4334a0249dae95c284ec5983df', hw_user.mac = %(mac)s, 0) OR hw_user.unique_id = %(uid)s OR hw_user.disk_id = %(diskid)s) + AND (IF(%(mac)s!='b4ec3c4334a0249dae95c284ec5983df', hw_user.mac = %(mac)s, 1) AND hw_user.unique_id = %(uid)s AND hw_user.disk_id = %(diskid)s) AND (users.privileges & 3 != 3)""", { "userid": userID, "mac": hashes[2], @@ -569,7 +570,7 @@ def verifyUser(userID, hashes): username = getUsername(userID) # Make sure there are no other accounts activated with this exact mac/unique id/hwid - match = glob.db.fetchAll("SELECT userid FROM hw_user WHERE (IF(%(mac)s != 'b4ec3c4334a0249dae95c284ec5983df', mac = %(mac)s, 0) OR unique_id = %(uid)s OR disk_id = %(diskid)s) AND userid != %(userid)s AND activated = 1 LIMIT 1", { + match = glob.db.fetchAll("SELECT userid FROM hw_user WHERE (IF(%(mac)s != 'b4ec3c4334a0249dae95c284ec5983df', mac = %(mac)s, 1) AND unique_id = %(uid)s AND disk_id = %(diskid)s) AND userid != %(userid)s AND activated = 1 LIMIT 1", { "mac": hashes[2], "uid": hashes[3], "diskid": hashes[4],