AssLikeThat
Posting Freak
- Jan 27, 2013
- 765
- 154
Hi,
So basically I had the hotel working fine, no problem whatsoever, all of a sudden it starts preventing me from entering and disconnecting when loading, looked into it a bit and I saw that the exploit with the SSO tickets wasn't patched on the version of RevCMS I had, it seemed to be nulling the SSO ticket when loading the client...
Did these fixes:
The assigning of the SSO Ticket seems fine; however I now am unable to enter the hotel, loads to 76% then disconnects.. I've researched all the possible reasons behind this but still can't seem to come up with a solution, been trying to sort this for a few hours now and am wits end with it.
I've double checked all the obvious stuff such as IP's, links, variables etc.
Would anybody be able to advise?
EDIT: Using PRODUCTION-201701242205-837386173
Haboon Edit
If you need any more info please let me know
Thanks
So basically I had the hotel working fine, no problem whatsoever, all of a sudden it starts preventing me from entering and disconnecting when loading, looked into it a bit and I saw that the exploit with the SSO tickets wasn't patched on the version of RevCMS I had, it seemed to be nulling the SSO ticket when loading the client...
Did these fixes:
You must be registered for see links
You must be registered for see links
The assigning of the SSO Ticket seems fine; however I now am unable to enter the hotel, loads to 76% then disconnects.. I've researched all the possible reasons behind this but still can't seem to come up with a solution, been trying to sort this for a few hours now and am wits end with it.
I've double checked all the obvious stuff such as IP's, links, variables etc.
Would anybody be able to advise?
EDIT: Using PRODUCTION-201701242205-837386173
Haboon Edit
using (IQueryAdapter dbClient = PlusEnvironment.GetDatabaseManager().GetQueryReactor())
{
dbClient.SetQuery(
"SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +
"FROM users " +
"JOIN user_auth_ticket " +
"ON users.id = user_auth_ticket.user_id " +
"WHERE user_auth_ticket.auth_ticket = @sso " +
"LIMIT 1"
);
dbClient.AddParameter("sso", SessionTicket);
dUserInfo = dbClient.getRow();
if (dUserInfo == null)
{
errorCode = 1;
return null;
}
UserId = Convert.ToInt32(dUserInfo["id"]);
if (PlusEnvironment.GetGame().GetClientManager().GetClientByUserID(UserId) != null)
{
errorCode = 2;
PlusEnvironment.GetGame().GetClientManager().GetClientByUserID(UserId).Disconnect();
return null;
}
dbClient.SetQuery("SELECT `group`,`level`,`progress` FROM `user_achievements` WHERE `userid` = '" + UserId + "'");
dAchievements = dbClient.getTable();
dbClient.SetQuery("SELECT room_id FROM user_favorites WHERE `user_id` = '" + UserId + "'");
dFavouriteRooms = dbClient.getTable();
dbClient.SetQuery("SELECT ignore_id FROM user_ignores WHERE `user_id` = '" + UserId + "'");
dIgnores = dbClient.getTable();
dbClient.SetQuery("SELECT `badge_id`,`badge_slot` FROM user_badges WHERE `user_id` = '" + UserId + "'");
dBadges = dbClient.getTable();
dbClient.SetQuery(
"SELECT users.id,users.username,users.motto,users.look,users.last_online,users.hide_inroom,users.hide_online " +
"FROM users " +
"JOIN messenger_friendships " +
"ON users.id = messenger_friendships.user_one_id " +
"WHERE messenger_friendships.user_two_id = " + UserId + " " +
"UNION ALL " +
"SELECT users.id,users.username,users.motto,users.look,users.last_online,users.hide_inroom,users.hide_online " +
"FROM users " +
"JOIN messenger_friendships " +
"ON users.id = messenger_friendships.user_two_id " +
"WHERE messenger_friendships.user_one_id = " + UserId);
dFriends = dbClient.getTable();
dbClient.SetQuery("SELECT messenger_requests.from_id,messenger_requests.to_id,users.username FROM users JOIN messenger_requests ON users.id = messenger_requests.from_id WHERE messenger_requests.to_id = " + UserId);
dRequests = dbClient.getTable();
dbClient.SetQuery("SELECT * FROM rooms WHERE `owner` = '" + UserId + "' LIMIT 150");
dRooms = dbClient.getTable();
dbClient.SetQuery("SELECT `quest_id`,`progress` FROM user_quests WHERE `user_id` = '" + UserId + "'");
dQuests = dbClient.getTable();
dbClient.SetQuery("SELECT `id`,`user_id`,`target`,`type` FROM `user_relationships` WHERE `user_id` = '" + UserId + "'");
dRelations = dbClient.getTable();
dbClient.SetQuery("SELECT * FROM `user_info` WHERE `user_id` = '" + UserId + "' LIMIT 1");
UserInfo = dbClient.getRow();
if (UserInfo == null)
{
dbClient.RunQuery("INSERT INTO `user_info` (`user_id`) VALUES ('" + UserId + "')");
dbClient.SetQuery("SELECT * FROM `user_info` WHERE `user_id` = '" + UserId + "' LIMIT 1");
UserInfo = dbClient.getRow();
}
dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");
dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");
}
{
dbClient.SetQuery(
"SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +
"FROM users " +
"JOIN user_auth_ticket " +
"ON users.id = user_auth_ticket.user_id " +
"WHERE user_auth_ticket.auth_ticket = @sso " +
"LIMIT 1"
);
dbClient.AddParameter("sso", SessionTicket);
dUserInfo = dbClient.getRow();
if (dUserInfo == null)
{
errorCode = 1;
return null;
}
UserId = Convert.ToInt32(dUserInfo["id"]);
if (PlusEnvironment.GetGame().GetClientManager().GetClientByUserID(UserId) != null)
{
errorCode = 2;
PlusEnvironment.GetGame().GetClientManager().GetClientByUserID(UserId).Disconnect();
return null;
}
dbClient.SetQuery("SELECT `group`,`level`,`progress` FROM `user_achievements` WHERE `userid` = '" + UserId + "'");
dAchievements = dbClient.getTable();
dbClient.SetQuery("SELECT room_id FROM user_favorites WHERE `user_id` = '" + UserId + "'");
dFavouriteRooms = dbClient.getTable();
dbClient.SetQuery("SELECT ignore_id FROM user_ignores WHERE `user_id` = '" + UserId + "'");
dIgnores = dbClient.getTable();
dbClient.SetQuery("SELECT `badge_id`,`badge_slot` FROM user_badges WHERE `user_id` = '" + UserId + "'");
dBadges = dbClient.getTable();
dbClient.SetQuery(
"SELECT users.id,users.username,users.motto,users.look,users.last_online,users.hide_inroom,users.hide_online " +
"FROM users " +
"JOIN messenger_friendships " +
"ON users.id = messenger_friendships.user_one_id " +
"WHERE messenger_friendships.user_two_id = " + UserId + " " +
"UNION ALL " +
"SELECT users.id,users.username,users.motto,users.look,users.last_online,users.hide_inroom,users.hide_online " +
"FROM users " +
"JOIN messenger_friendships " +
"ON users.id = messenger_friendships.user_two_id " +
"WHERE messenger_friendships.user_one_id = " + UserId);
dFriends = dbClient.getTable();
dbClient.SetQuery("SELECT messenger_requests.from_id,messenger_requests.to_id,users.username FROM users JOIN messenger_requests ON users.id = messenger_requests.from_id WHERE messenger_requests.to_id = " + UserId);
dRequests = dbClient.getTable();
dbClient.SetQuery("SELECT * FROM rooms WHERE `owner` = '" + UserId + "' LIMIT 150");
dRooms = dbClient.getTable();
dbClient.SetQuery("SELECT `quest_id`,`progress` FROM user_quests WHERE `user_id` = '" + UserId + "'");
dQuests = dbClient.getTable();
dbClient.SetQuery("SELECT `id`,`user_id`,`target`,`type` FROM `user_relationships` WHERE `user_id` = '" + UserId + "'");
dRelations = dbClient.getTable();
dbClient.SetQuery("SELECT * FROM `user_info` WHERE `user_id` = '" + UserId + "' LIMIT 1");
UserInfo = dbClient.getRow();
if (UserInfo == null)
{
dbClient.RunQuery("INSERT INTO `user_info` (`user_id`) VALUES ('" + UserId + "')");
dbClient.SetQuery("SELECT * FROM `user_info` WHERE `user_id` = '" + UserId + "' LIMIT 1");
UserInfo = dbClient.getRow();
}
dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");
dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");
}
public static void PerformShutDown()
{
Console.Clear();
log.Info("Server shutting down...");
Console.Title = "PLUS EMULATOR: SHUTTING DOWN!";
PlusEnvironment.GetGame().GetClientManager().SendMessage(new BroadcastMessageAlertComposer(PlusEnvironment.GetGame().GetLanguageLocale().TryGetValue("shutdown_alert")));
GetGame().StopGameLoop();
Thread.Sleep(2500);
GetConnectionManager().Destroy();//Stop listening.
GetGame().GetPacketManager().UnregisterAll();//Unregister the packets.
GetGame().GetPacketManager().WaitForAllToComplete();
GetGame().GetClientManager().CloseAll();//Close all connections
GetGame().GetRoomManager().Dispose();//Stop the game loop.
using (IQueryAdapter dbClient = _manager.GetQueryReactor())
{
dbClient.RunQuery("TRUNCATE `catalog_marketplace_data`");
dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
dbClient.RunQuery("UPDATE `users` SET online = '0'");
dbClient.RunQuery("UPDATE `rooms` SET `users_now` = '0' WHERE `users_now` > '0'");
dbClient.RunQuery("UPDATE `server_status` SET `users_online` = '0', `loaded_rooms` = '0'");
}
log.Info("Plus Emulator has successfully shutdown.");
Thread.Sleep(1000);
Environment.Exit(0);
}
{
Console.Clear();
log.Info("Server shutting down...");
Console.Title = "PLUS EMULATOR: SHUTTING DOWN!";
PlusEnvironment.GetGame().GetClientManager().SendMessage(new BroadcastMessageAlertComposer(PlusEnvironment.GetGame().GetLanguageLocale().TryGetValue("shutdown_alert")));
GetGame().StopGameLoop();
Thread.Sleep(2500);
GetConnectionManager().Destroy();//Stop listening.
GetGame().GetPacketManager().UnregisterAll();//Unregister the packets.
GetGame().GetPacketManager().WaitForAllToComplete();
GetGame().GetClientManager().CloseAll();//Close all connections
GetGame().GetRoomManager().Dispose();//Stop the game loop.
using (IQueryAdapter dbClient = _manager.GetQueryReactor())
{
dbClient.RunQuery("TRUNCATE `catalog_marketplace_data`");
dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
dbClient.RunQuery("UPDATE `users` SET online = '0'");
dbClient.RunQuery("UPDATE `rooms` SET `users_now` = '0' WHERE `users_now` > '0'");
dbClient.RunQuery("UPDATE `server_status` SET `users_online` = '0', `loaded_rooms` = '0'");
}
log.Info("Plus Emulator has successfully shutdown.");
Thread.Sleep(1000);
Environment.Exit(0);
}
/*-------------------------------Create SSO auth_ticket-------------------------------------*/
final public function createSSO($k)
{
global $engine;
$sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {
$engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");
} else {
$engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')");
}
return $sessionKey;
unset($sessionKey);
}
final public function createSSO($k)
{
global $engine;
$sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {
$engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");
} else {
$engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')");
}
return $sessionKey;
unset($sessionKey);
}
case "client":
$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
$template->setParams('sso', $users->createSSO($_SESSION['user']['id']));
break;
$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
$template->setParams('sso', $users->createSSO($_SESSION['user']['id']));
break;
using System;
using Plus.Communication.Packets.Incoming;
using Plus.HabboHotel.GameClients;
using Plus.Communication.Packets.Outgoing.Handshake;
namespace Plus.Communication.Packets.Incoming.Handshake
{
public class SSOTicketEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
if (Session == null || Session.RC4Client == null || Session.GetHabbo() != null)
return;
string SSO = Packet.PopString();
if (string.IsNullOrEmpty(SSO) || SSO.Length < 15)
return;
Session.TryAuthenticate(SSO);
}
}
}
using Plus.Communication.Packets.Incoming;
using Plus.HabboHotel.GameClients;
using Plus.Communication.Packets.Outgoing.Handshake;
namespace Plus.Communication.Packets.Incoming.Handshake
{
public class SSOTicketEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
if (Session == null || Session.RC4Client == null || Session.GetHabbo() != null)
return;
string SSO = Packet.PopString();
if (string.IsNullOrEmpty(SSO) || SSO.Length < 15)
return;
Session.TryAuthenticate(SSO);
}
}
}
If you need any more info please let me know
Thanks
Last edited: