Merge c29899f2b9 into 52833f7fb3

src/core/CNStructs.hpp

@@ -40,7 +40,6 @@
 
 // wrapper for U16toU8
 #define ARRLEN(x) (sizeof(x)/sizeof(*x))
-#define AUTOU8(x) std::string(x, ARRLEN(x))
 #define AUTOU16TOU8(x) U16toU8(x, ARRLEN(x)) 
 
 // TODO: rewrite U16toU8 & U8toU16 to not use codecvt

src/servers/CNLoginServer.cpp

@@ -109,19 +109,18 @@ void CNLoginServer::login(CNSocket* sock, CNPacketData* data) {
 
     std::string userLogin;
     std::string userPassword;
+    if (isCookieAuth) {
+        // username encoded in TEGid raw
+        userLogin = std::string((char*)login->szCookie_TEGid);
 
+        // clients that use web login but without proper cookies
+        // send their passwords instead, so store that
+        userPassword = std::string((char*)login->szCookie_authid);
+    } else {
         /*
          * The std::string -> char* -> std::string maneuver should remove any
          * trailing garbage after the null terminator.
          */
-    if (isCookieAuth) {
-        // username encoded in TEGid raw
-        userLogin = std::string(AUTOU8((char*)login->szCookie_TEGid).c_str());
-
-        // N.B. clients that use web login without proper cookies
-        // send their passwords in the cookie field
-        userPassword = std::string(AUTOU8((char*)login->szCookie_authid).c_str());
-    } else {
         userLogin = std::string(AUTOU16TOU8(login->szID).c_str());
         userPassword = std::string(AUTOU16TOU8(login->szPassword).c_str());
     }
@@ -172,7 +171,7 @@ void CNLoginServer::login(CNSocket* sock, CNPacketData* data) {
     }
 
     if (isCookieAuth) {
-        const char *cookie = userPassword.c_str();
+        const char *cookie = reinterpret_cast<const char*>(login->szCookie_authid);
         if (!Database::checkCookie(findUser.AccountID, cookie))
             return loginFail(LoginError::ID_AND_PASSWORD_DO_NOT_MATCH, userLogin, sock);
     } else {