Originally posted by [b]Kazukin[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=3436
There is a bug in
functions_kafras.txt which defaults every password exceeding number 10,000,000 to this number. I think, the problem is derived from
r12192 when '
input' command's options were expanded and the conf. variable '
input_max_value: 10000000' set.
QUOTE
function script F_EntKafCode {
mes "Enter a number 1000~10000000:";
// Any number exceeding 10,000,000 will be set to 10,000,000 due to 'input_max_value'
set @code_,0;
set @kafcode_try,@kafcode_try+1;
if(@kafcode_try>10) {
set @kafcode_try,0;
logmes "Hack: Tried to fit storage password.";
}
input @code_;
if(@code_<1000) {
mes "You shouldn't use such short password.";
return 0;
}
//This check cannot be true
if(@code_>10000000) {
mes "You can't use such big password.";
return 0;
}
return @code_;
}
This function should prevent the password from being set when exceeding number 10000000, but since 'input' command max. is set to 10,000,000, when trying to input a higher number as the password, the password is set to 10,000,000 and the check never executes.
An example:
1. I set storage psw to: 12345678 (12,345,678 > 10,000,000)
**Storage psw is set to 10000000 in DB.
2. I try to access storage using psw: 12345678 (12,345,678 > 10,000,000)
**I can access storage since the same problem happens with input. And the user believes he has really set the psw to: 12345678
3. I try to access storage using psw: 99999999 (99,999,999 > 10,000,000)
**I can also access storage even if this psw is completly different from my original one: 12345678
My quickfix:
Set '
input_max_value' to 1000000000 (100,000,000) so psws can really be set to 1000~10,000,000.
OR use '
input @code_,0,1000000000;'
And add:
QUOTE
if(#kafra_code==10000000 && @code>10000000) {
set @code,10000000;
}
before some checks in this file so users with their password set to 10,000,000 by this bug while using a higher number and not knowing about it don't suddenly become unable to access storage and change/remove their passwords.
This post has been edited by Kazukin: Jul 28 2009, 12:23 PM