From 080ba6ca2bcb08ba45991d80c66043c7a4a8846a Mon Sep 17 00:00:00 2001
From: Lucas Nicodemus <nicatron21@gmail.com>
Date: Thu, 14 Jul 2011 13:50:00 -0600
Subject: [PATCH] Blank passwords no longer result in
 "heightheightheightheight" Try/Catch around login function

---
 TShockAPI/Commands.cs | 41 ++++++++++++++++++++++++-----------------
 TShockAPI/Tools.cs    |  4 ++++
 2 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/TShockAPI/Commands.cs b/TShockAPI/Commands.cs
index 12b43c99..32469c81 100755
--- a/TShockAPI/Commands.cs
+++ b/TShockAPI/Commands.cs
@@ -303,24 +303,31 @@ namespace TShockAPI
                 args.Player.SendMessage("If you forgot your password, there is no way to recover it.");
                 return;
             }
+            try
+            {
+                string encrPass = Tools.HashPassword(args.Parameters[1]);
+                string[] exr = TShock.Users.FetchHashedPasswordAndGroup(args.Parameters[0]);
+                if (exr[0].ToUpper() == encrPass.ToUpper())
+                {
+                    args.Player.Group = Tools.GetGroup(exr[1]);
+                    args.Player.UserName = args.Parameters[0];
+                    args.Player.IsLoggedIn = true;
+                    args.Player.SendMessage("Authenticated as " + args.Parameters[0] + " successfully.", Color.LimeGreen);
+                    Log.ConsoleInfo(args.Player.Name + " authenticated successfully as user: " + args.Parameters[0]);
+                    return;
+                }
+                else
+                {
+                    Log.Warn(args.Player.IP + " failed to authenticate as user: " + args.Parameters[0]);
+                    args.Player.LoginAttempts++;
+                    return;
+                }
+            } catch (Exception e)
+            {
+                args.Player.SendMessage("There was an error processing your request. Maybe your account doesn't exist?", Color.Red);
+                return;
+            }
 
-            string encrPass = Tools.HashPassword(args.Parameters[1]);
-            string[] exr = TShock.Users.FetchHashedPasswordAndGroup(args.Parameters[0]);
-            if (exr[0].ToUpper() == encrPass.ToUpper())
-            {
-                args.Player.Group = Tools.GetGroup(exr[1]);
-                args.Player.UserName = args.Parameters[0];
-                args.Player.IsLoggedIn = true;
-                args.Player.SendMessage("Authenticated as " + args.Parameters[0] + " successfully.", Color.LimeGreen);
-                Log.ConsoleInfo(args.Player.Name + " authenticated successfully as user: " + args.Parameters[0]);
-                return;
-            }
-            else
-            {
-                Log.Warn(args.Player.IP + " failed to authenticate as user: " + args.Parameters[0]);
-                args.Player.LoginAttempts++;
-                return;
-            }
         }
 
         //Todo: Add separate help text for '/user add' and '/user del'. Also add '/user addip' and '/user delip'
diff --git a/TShockAPI/Tools.cs b/TShockAPI/Tools.cs
index bdf6cfdf..ec4b50af 100755
--- a/TShockAPI/Tools.cs
+++ b/TShockAPI/Tools.cs
@@ -500,6 +500,10 @@ namespace TShockAPI
         {
             using (var sha = new SHA512CryptoServiceProvider())
             {
+                if (password == "")
+                {
+                    return "nonexistent-password";
+                }
                 var bytes = sha.ComputeHash(Encoding.ASCII.GetBytes(password));
                 return bytes.Aggregate("", (s, b) => s + b.ToString("height"));
             }