From c3ccccf0445e2ce7f5dcb64d4335ea865708899a Mon Sep 17 00:00:00 2001
From: HaiFire3344 <166965795+HaiFire3344@users.noreply.github.com>
Date: Sat, 7 Dec 2024 20:12:28 -0500
Subject: [PATCH] Update AuthenticationController.cs

[Originally authored by AlanMoonbase](https://github.com/rpaciorek/sodoff/commit/1e9ca7e19c11b246cabd46fc20585dc8a997fbc8#diff-bb10d4643a2fa54d983a574662f579e09c056f29837397a10cd9300a98fbcc7cR171)
---
 .../Common/AuthenticationController.cs            | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Controllers/Common/AuthenticationController.cs b/src/Controllers/Common/AuthenticationController.cs
index 3ee0896..78f1838 100644
--- a/src/Controllers/Common/AuthenticationController.cs
+++ b/src/Controllers/Common/AuthenticationController.cs
@@ -168,7 +168,7 @@ public class AuthenticationController : Controller {
     [Route("AuthenticationWebService.asmx/LoginChild")]
     [DecryptRequest("childUserID")]
     [EncryptResponse]
-    public IActionResult LoginChild([FromForm] Guid parentApiToken) {
+    public IActionResult LoginChild([FromForm] Guid parentApiToken, [FromForm] string apiKey) {
         User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == parentApiToken)?.User;
         if (user is null) {
             return Unauthorized();
@@ -181,6 +181,19 @@ public class AuthenticationController : Controller {
             return Unauthorized();
         }
 
+        uint gameVersion = ClientVersion.GetVersion(apiKey);
+        if (viking.GameVersion is null)
+            viking.GameVersion = gameVersion;
+        if (
+            (viking.GameVersion != gameVersion) &&
+            !(viking.GameVersion >= ClientVersion.Min_SoD && gameVersion >= ClientVersion.Min_SoD) &&
+            !(viking.GameVersion >= ClientVersion.WoJS && gameVersion >= ClientVersion.WoJS && viking.GameVersion < ClientVersion.WoJS_NewAvatar && gameVersion < ClientVersion.WoJS_NewAvatar)
+        )
+            return Unauthorized();
+            // do not let players log into users from other games, exceptions:
+            //   1) different version of SoD
+            //   2) WoJS with old avatar and lands
+
         // Check if user is viking parent
         if (user != viking.User) {
             return Unauthorized();