From cfc65466713a9344920a04d31018a18cf0c4ae12 Mon Sep 17 00:00:00 2001 From: Beny Date: Wed, 15 May 2019 23:39:39 +0100 Subject: [PATCH] Fixed exchangeable exploit & item duplication exploit --- .../habbo/habbohotel/items/ItemManager.java | 2 +- .../items/interactions/InteractionFXBox.java | 2 +- .../InteractionPetBreedingNest.java | 2 +- .../catalog/recycler/RecycleEvent.java | 2 +- .../crafting/CraftingCraftSecretEvent.java | 2 +- .../rooms/items/PostItDeleteEvent.java | 2 +- .../rooms/items/RedeemClothingEvent.java | 2 +- .../incoming/rooms/items/RedeemItemEvent.java | 87 +++++++++++-------- .../rooms/items/ToggleFloorItemEvent.java | 2 +- .../rooms/pets/PetPackageNameEvent.java | 2 +- .../incoming/rooms/pets/PetUseItemEvent.java | 8 +- .../habbo/threading/runnables/OpenGift.java | 2 +- .../threading/runnables/PetEatAction.java | 2 +- .../runnables/QueryDeleteHabboItem.java | 11 ++- 14 files changed, 73 insertions(+), 55 deletions(-) diff --git a/src/main/java/com/eu/habbo/habbohotel/items/ItemManager.java b/src/main/java/com/eu/habbo/habbohotel/items/ItemManager.java index 405968d5..98c050c3 100644 --- a/src/main/java/com/eu/habbo/habbohotel/items/ItemManager.java +++ b/src/main/java/com/eu/habbo/habbohotel/items/ItemManager.java @@ -660,7 +660,7 @@ public class ItemManager public HabboItem handleOpenRecycleBox(Habbo habbo, HabboItem box) { - Emulator.getThreading().run(new QueryDeleteHabboItem(box)); + Emulator.getThreading().run(new QueryDeleteHabboItem(box.getId())); HabboItem item = null; try (Connection connection = Emulator.getDatabase().getDataSource().getConnection(); PreparedStatement statement = connection.prepareStatement("SELECT * FROM items_presents WHERE item_id = ? LIMIT 1")) { diff --git a/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionFXBox.java b/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionFXBox.java index b3027e0d..5b3de90a 100644 --- a/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionFXBox.java +++ b/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionFXBox.java @@ -56,7 +56,7 @@ public class InteractionFXBox extends InteractionDefault @Override public void run() { - new QueryDeleteHabboItem(item).run(); + new QueryDeleteHabboItem(item.getId()).run(); room.sendComposer(new RemoveFloorItemComposer(item).compose()); } }, 500); diff --git a/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionPetBreedingNest.java b/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionPetBreedingNest.java index 2a156dd6..ce8e0ad0 100644 --- a/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionPetBreedingNest.java +++ b/src/main/java/com/eu/habbo/habbohotel/items/interactions/InteractionPetBreedingNest.java @@ -169,7 +169,7 @@ public class InteractionPetBreedingNest extends HabboItem public void breed(Habbo habbo, String name, int petOneId, int petTwoId) { - Emulator.getThreading().run(new QueryDeleteHabboItem(this)); + Emulator.getThreading().run(new QueryDeleteHabboItem(this.getId())); this.setExtradata("2"); habbo.getHabboInfo().getCurrentRoom().updateItem(this); diff --git a/src/main/java/com/eu/habbo/messages/incoming/catalog/recycler/RecycleEvent.java b/src/main/java/com/eu/habbo/messages/incoming/catalog/recycler/RecycleEvent.java index ef8af017..3ca79b8e 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/catalog/recycler/RecycleEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/catalog/recycler/RecycleEvent.java @@ -51,7 +51,7 @@ public class RecycleEvent extends MessageHandler { this.client.getHabbo().getInventory().getItemsComponent().removeHabboItem(item); this.client.sendResponse(new RemoveHabboItemComposer(item.getId())); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } } else diff --git a/src/main/java/com/eu/habbo/messages/incoming/crafting/CraftingCraftSecretEvent.java b/src/main/java/com/eu/habbo/messages/incoming/crafting/CraftingCraftSecretEvent.java index e40449c0..38eaeadb 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/crafting/CraftingCraftSecretEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/crafting/CraftingCraftSecretEvent.java @@ -94,7 +94,7 @@ public class CraftingCraftSecretEvent extends MessageHandler { this.client.getHabbo().getInventory().getItemsComponent().removeHabboItem(item); this.client.sendResponse(new RemoveHabboItemComposer(item.getId())); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } this.client.sendResponse(new InventoryRefreshComposer()); diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/PostItDeleteEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/PostItDeleteEvent.java index e5b4663a..18f46d0f 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/PostItDeleteEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/PostItDeleteEvent.java @@ -29,7 +29,7 @@ public class PostItDeleteEvent extends MessageHandler item.setRoomId(0); room.removeHabboItem(item); room.sendComposer(new RemoveWallItemComposer(item).compose()); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } } } diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemClothingEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemClothingEvent.java index 179b4923..612360cf 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemClothingEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemClothingEvent.java @@ -45,7 +45,7 @@ public class RedeemClothingEvent extends MessageHandler this.client.getHabbo().getHabboInfo().getCurrentRoom().updateTile(tile); this.client.getHabbo().getHabboInfo().getCurrentRoom().sendComposer(new UpdateStackHeightComposer(tile.x, tile.y, tile.relativeHeight()).compose()); this.client.getHabbo().getHabboInfo().getCurrentRoom().sendComposer(new RemoveFloorItemComposer(item, true).compose()); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); try (Connection connection = Emulator.getDatabase().getDataSource().getConnection(); PreparedStatement statement = connection.prepareStatement("INSERT INTO users_clothing (user_id, clothing_id) VALUES (?, ?)")) { diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemItemEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemItemEvent.java index 840d3b5a..106c2efb 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemItemEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/RedeemItemEvent.java @@ -12,6 +12,9 @@ import com.eu.habbo.messages.outgoing.users.UserCurrencyComposer; import com.eu.habbo.plugin.Event; import com.eu.habbo.plugin.events.furniture.FurnitureRedeemedEvent; import com.eu.habbo.threading.runnables.QueryDeleteHabboItem; +import gnu.trove.set.hash.THashSet; + +import java.util.ArrayList; public class RedeemItemEvent extends MessageHandler { @@ -29,6 +32,7 @@ public class RedeemItemEvent extends MessageHandler if(item != null && this.client.getHabbo().getHabboInfo().getId() == item.getUserId()) { boolean furnitureRedeemEventRegistered = Emulator.getPluginManager().isRegistered(FurnitureRedeemedEvent.class, true); + FurnitureRedeemedEvent furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), 0, FurnitureRedeemedEvent.CREDITS); if(item.getBaseItem().getName().startsWith("CF_") || item.getBaseItem().getName().startsWith("CFC_") || item.getBaseItem().getName().startsWith("DF_") || item.getBaseItem().getName().startsWith("PF_")) { @@ -45,19 +49,9 @@ public class RedeemItemEvent extends MessageHandler return; } - if(furnitureRedeemEventRegistered) - { - Event furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), credits, FurnitureRedeemedEvent.CREDITS); - Emulator.getPluginManager().fireEvent(furniRedeemEvent); - - if(furniRedeemEvent.isCancelled()) - return; - } - - this.client.getHabbo().getHabboInfo().addCredits(credits); - this.client.sendResponse(new UserCreditsComposer(this.client.getHabbo())); - - } else if (item.getBaseItem().getName().startsWith("PF_")) + furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), credits, FurnitureRedeemedEvent.CREDITS); + } + else if (item.getBaseItem().getName().startsWith("PF_")) { int pixels; @@ -71,17 +65,7 @@ public class RedeemItemEvent extends MessageHandler return; } - if(furnitureRedeemEventRegistered) - { - Event furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), pixels, FurnitureRedeemedEvent.PIXELS); - Emulator.getPluginManager().fireEvent(furniRedeemEvent); - - if(furniRedeemEvent.isCancelled()) - return; - } - - this.client.getHabbo().getHabboInfo().addPixels(pixels); - this.client.sendResponse(new UserCurrencyComposer(this.client.getHabbo())); + furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), pixels, FurnitureRedeemedEvent.PIXELS); } else if (item.getBaseItem().getName().startsWith("DF_")) { @@ -108,39 +92,68 @@ public class RedeemItemEvent extends MessageHandler return; } - if(furnitureRedeemEventRegistered) - { - Event furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), points, FurnitureRedeemedEvent.DIAMONDS); - Emulator.getPluginManager().fireEvent(furniRedeemEvent); - - if(furniRedeemEvent.isCancelled()) - return; - } - - this.client.getHabbo().givePoints(pointsType, points); + furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), points, pointsType); } else if (item.getBaseItem().getName().startsWith("CF_diamond_")) { + int points; + try { - this.client.getHabbo().givePoints(Integer.valueOf(item.getBaseItem().getName().split("_")[2])); + points = Integer.valueOf(item.getBaseItem().getName().split("_")[2]); } catch (Exception e) { Emulator.getLogging().logErrorLine("Failed to parse redeemable diamonds furniture: " + item.getBaseItem().getName() + ". Must be in format of CF_diamond_"); return; } + + furniRedeemEvent = new FurnitureRedeemedEvent(item, this.client.getHabbo(), points, FurnitureRedeemedEvent.DIAMONDS); } + if(furnitureRedeemEventRegistered) + { + Emulator.getPluginManager().fireEvent(furniRedeemEvent); + + if(furniRedeemEvent.isCancelled()) + return; + } + + if(furniRedeemEvent.amount < 1) + return; + + if(room.getHabboItem(item.getId()) == null) // plugins may cause a lag between which time the item can be removed from the room + return; + room.removeHabboItem(item); room.sendComposer(new RemoveFloorItemComposer(item).compose()); RoomTile t = room.getLayout().getTile(item.getX(), item.getY()); t.setStackHeight(room.getStackHeight(item.getX(), item.getY(), false)); room.updateTile(t); room.sendComposer(new UpdateStackHeightComposer(item.getX(), item.getY(), t.relativeHeight()).compose()); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); + + switch(furniRedeemEvent.currencyID) { + case FurnitureRedeemedEvent.CREDITS: + this.client.getHabbo().getHabboInfo().addCredits(furniRedeemEvent.amount); + this.client.sendResponse(new UserCreditsComposer(this.client.getHabbo())); + break; + + case FurnitureRedeemedEvent.DIAMONDS: + this.client.getHabbo().givePoints(furniRedeemEvent.amount); + break; + + case FurnitureRedeemedEvent.PIXELS: + this.client.getHabbo().getHabboInfo().addPixels(furniRedeemEvent.amount); + this.client.sendResponse(new UserCurrencyComposer(this.client.getHabbo())); + break; + + default: + this.client.getHabbo().givePoints(furniRedeemEvent.currencyID, furniRedeemEvent.amount); + break; + } } } } } -} +} \ No newline at end of file diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/ToggleFloorItemEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/ToggleFloorItemEvent.java index e46ec8ae..e78db148 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/items/ToggleFloorItemEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/items/ToggleFloorItemEvent.java @@ -97,7 +97,7 @@ public class ToggleFloorItemEvent extends MessageHandler //Do not move to onClick(). Wired could trigger it. if(item instanceof InteractionMonsterPlantSeed) { - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); int rarity = 0; if (item.getExtradata().isEmpty()) rarity = InteractionMonsterPlantSeed.randomRarityLevel(); else diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetPackageNameEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetPackageNameEvent.java index 8c26286e..36893168 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetPackageNameEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetPackageNameEvent.java @@ -70,7 +70,7 @@ public class PetPackageNameEvent extends MessageHandler pet.needsUpdate = true; pet.getRoomUnit().setLocation(room.getLayout().getTile(item.getX(), item.getY())); pet.getRoomUnit().setZ(item.getZ()); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); room.removeHabboItem(item); room.sendComposer(new RemoveFloorItemComposer(item).compose()); RoomTile tile = room.getLayout().getTile(item.getX(), item.getY()); diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetUseItemEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetUseItemEvent.java index c94745b9..6fd22971 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetUseItemEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/pets/PetUseItemEvent.java @@ -103,7 +103,7 @@ public class PetUseItemEvent extends MessageHandler Emulator.getThreading().run(pet); this.client.getHabbo().getHabboInfo().getCurrentRoom().sendComposer(new RoomPetHorseFigureComposer((HorsePet) pet).compose()); this.client.getHabbo().getHabboInfo().getCurrentRoom().sendComposer(new RemoveFloorItemComposer(item).compose()); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } } else if (pet instanceof MonsterplantPet) @@ -124,7 +124,7 @@ public class PetUseItemEvent extends MessageHandler this.client.getHabbo().getHabboInfo().getCurrentRoom().updateTiles(room.getLayout().getTilesAt(room.getLayout().getTile(item.getX(), item.getY()), item.getBaseItem().getWidth(), item.getBaseItem().getLength(), item.getRotation())); AchievementManager.progressAchievement(this.client.getHabbo(), Emulator.getGameEnvironment().getAchievementManager().getAchievement("MonsterPlantHealer")); pet.getRoomUnit().removeStatus(RoomUnitStatus.GESTURE); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } } else if (item.getBaseItem().getName().equalsIgnoreCase("mnstr_fert")) @@ -143,7 +143,7 @@ public class PetUseItemEvent extends MessageHandler this.client.getHabbo().getHabboInfo().getCurrentRoom().updateTiles(room.getLayout().getTilesAt(room.getLayout().getTile(item.getX(), item.getY()), item.getBaseItem().getWidth(), item.getBaseItem().getLength(), item.getRotation())); pet.getRoomUnit().removeStatus(RoomUnitStatus.GESTURE); pet.cycle(); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } } else if (item.getBaseItem().getName().startsWith("mnstr_rebreed")) @@ -167,7 +167,7 @@ public class PetUseItemEvent extends MessageHandler this.client.getHabbo().getHabboInfo().getCurrentRoom().sendComposer(new PetStatusUpdateComposer(pet).compose()); this.client.getHabbo().getHabboInfo().getCurrentRoom().updateTiles(room.getLayout().getTilesAt(room.getLayout().getTile(item.getX(), item.getY()), item.getBaseItem().getWidth(), item.getBaseItem().getLength(), item.getRotation())); pet.getRoomUnit().removeStatus(RoomUnitStatus.GESTURE); - Emulator.getThreading().run(new QueryDeleteHabboItem(item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(item.getId())); } } } diff --git a/src/main/java/com/eu/habbo/threading/runnables/OpenGift.java b/src/main/java/com/eu/habbo/threading/runnables/OpenGift.java index 84d49be6..40b01146 100644 --- a/src/main/java/com/eu/habbo/threading/runnables/OpenGift.java +++ b/src/main/java/com/eu/habbo/threading/runnables/OpenGift.java @@ -53,7 +53,7 @@ public class OpenGift implements Runnable this.habbo.getClient().sendResponse(new InventoryRefreshComposer()); - Emulator.getThreading().run(new QueryDeleteHabboItem(this.item)); + Emulator.getThreading().run(new QueryDeleteHabboItem(this.item.getId())); Emulator.getThreading().run(new RemoveFloorItemTask(this.room, this.item), this.item.getBaseItem().getName().contains("present_wrap") ? 5000 : 0); if (inside != null) diff --git a/src/main/java/com/eu/habbo/threading/runnables/PetEatAction.java b/src/main/java/com/eu/habbo/threading/runnables/PetEatAction.java index 22b00057..8341fa3a 100644 --- a/src/main/java/com/eu/habbo/threading/runnables/PetEatAction.java +++ b/src/main/java/com/eu/habbo/threading/runnables/PetEatAction.java @@ -56,7 +56,7 @@ public class PetEatAction implements Runnable { if (this.food != null && Integer.valueOf(this.food.getExtradata()) == this.food.getBaseItem().getStateCount()) { - Emulator.getThreading().run(new QueryDeleteHabboItem(this.food), 500); + Emulator.getThreading().run(new QueryDeleteHabboItem(this.food.getId()), 500); if (this.pet.getRoom() != null) { this.pet.getRoom().removeHabboItem(this.food); diff --git a/src/main/java/com/eu/habbo/threading/runnables/QueryDeleteHabboItem.java b/src/main/java/com/eu/habbo/threading/runnables/QueryDeleteHabboItem.java index 51899b92..084dddcb 100644 --- a/src/main/java/com/eu/habbo/threading/runnables/QueryDeleteHabboItem.java +++ b/src/main/java/com/eu/habbo/threading/runnables/QueryDeleteHabboItem.java @@ -9,11 +9,16 @@ import java.sql.SQLException; public class QueryDeleteHabboItem implements Runnable { - private final HabboItem item; + private final int itemId; + + public QueryDeleteHabboItem(int itemId) + { + this.itemId = itemId; + } public QueryDeleteHabboItem(HabboItem item) { - this.item = item; + this.itemId = item.getId(); } @Override @@ -21,7 +26,7 @@ public class QueryDeleteHabboItem implements Runnable { try (Connection connection = Emulator.getDatabase().getDataSource().getConnection(); PreparedStatement statement = connection.prepareStatement("DELETE FROM items WHERE id = ?")) { - statement.setInt(1, this.item.getId()); + statement.setInt(1, this.itemId); statement.execute(); } catch (SQLException e)