I wanted to ban an IP range and didn't want to put thousands of records in the banned_ips table... So I thought this little change would be so helpful, and help tighten the security a little.
To use this, an IP address inserted into banned_ips
may now contain the '%' wildcard, which is used in the SQL
like operator. For example, " insert into banned_ips(ip_address,notes)values('10.0.%', 'Rampant abuse from 10.0.*.* ends today' ) ". This change still allows specific IP banning, not affecting previous behavior.
Code:
Index: trunk/EQEmuServer/common/database.cpp
===================================================================
--- trunk/EQEmuServer/common/database.cpp (revision 1997)
+++ trunk/EQEmuServer/common/database.cpp (working copy)
@@ -215,7 +215,7 @@
char *query = 0;
MYSQL_RES *result;
//cout << "Checking against Banned IPs table."<< endl; //Lieka: Debugging
- if (RunQuery(query, MakeAnyLenString(&query, "SELECT ip_address FROM Banned_IPs WHERE ip_address='%s'", loginIP), errbuf, &result)) {
+ if (RunQuery(query, MakeAnyLenString(&query, "SELECT ip_address FROM Banned_IPs WHERE '%s' like ip_address", loginIP), errbuf, &result)) {
safe_delete_array(query);
if (mysql_num_rows(result) != 0)
{
@@ -3122,4 +3122,4 @@
safe_delete_array(query);
return false;
}
-}+}