From d56c492eb1de87ed47b8cc10ac4fd33313aa61b0 Mon Sep 17 00:00:00 2001
From: HaiFire3344 <166965795+HaiFire3344@users.noreply.github.com>
Date: Sun, 29 Dec 2024 11:15:42 -0500
Subject: [PATCH] Prevent logging into accounts from different games (#13)

[Originally authored by AlanMoonbase](https://github.com/rpaciorek/sodoff/commit/1e9ca7e19c11b246cabd46fc20585dc8a997fbc8#diff-bb10d4643a2fa54d983a574662f579e09c056f29837397a10cd9300a98fbcc7cR171)
---
 .../Common/AuthenticationController.cs            | 15 ++++++++++++++-
 src/Model/Viking.cs                               |  1 +
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/Controllers/Common/AuthenticationController.cs b/src/Controllers/Common/AuthenticationController.cs
index 3ee0896..78f1838 100644
--- a/src/Controllers/Common/AuthenticationController.cs
+++ b/src/Controllers/Common/AuthenticationController.cs
@@ -168,7 +168,7 @@ public class AuthenticationController : Controller {
     [Route("AuthenticationWebService.asmx/LoginChild")]
     [DecryptRequest("childUserID")]
     [EncryptResponse]
-    public IActionResult LoginChild([FromForm] Guid parentApiToken) {
+    public IActionResult LoginChild([FromForm] Guid parentApiToken, [FromForm] string apiKey) {
         User? user = ctx.Sessions.FirstOrDefault(e => e.ApiToken == parentApiToken)?.User;
         if (user is null) {
             return Unauthorized();
@@ -181,6 +181,19 @@ public class AuthenticationController : Controller {
             return Unauthorized();
         }
 
+        uint gameVersion = ClientVersion.GetVersion(apiKey);
+        if (viking.GameVersion is null)
+            viking.GameVersion = gameVersion;
+        if (
+            (viking.GameVersion != gameVersion) &&
+            !(viking.GameVersion >= ClientVersion.Min_SoD && gameVersion >= ClientVersion.Min_SoD) &&
+            !(viking.GameVersion >= ClientVersion.WoJS && gameVersion >= ClientVersion.WoJS && viking.GameVersion < ClientVersion.WoJS_NewAvatar && gameVersion < ClientVersion.WoJS_NewAvatar)
+        )
+            return Unauthorized();
+            // do not let players log into users from other games, exceptions:
+            //   1) different version of SoD
+            //   2) WoJS with old avatar and lands
+
         // Check if user is viking parent
         if (user != viking.User) {
             return Unauthorized();
diff --git a/src/Model/Viking.cs b/src/Model/Viking.cs
index 67b188f..418a1dc 100644
--- a/src/Model/Viking.cs
+++ b/src/Model/Viking.cs
@@ -44,4 +44,5 @@ public class Viking {
     public DateTime? CreationDate { get; set; }
     public DateTime? BirthDate { get; set; }
     public Gender? Gender { get; set; }
+    public uint? GameVersion { get; set; }
 }