Jump to content

Account name exposed with "Remember Account Name" unchecked


Kai Moon
 Share

Recommended Posts

On the game login screen, unchecking "Remember Account Name" blanks the account name field, but only when starting up the game. So, for example, mapserver crashing or disconnection will expose the account name. This is a security risk for streamers. It should be blanked every time.

 

Steps to reproduce:

1) On the login screen, uncheck "Remember Account Name"

2) Log in, select a server, select a character, enter the game normally

3) Quit to login screen, or simulate a mapserver disconnection

 

Expected results:

The account name field is blank, same as game startup

 

Actual results:

The account name field shows your account name

account-name-exposed.jpeg

Edited by Kai Moon
Link to comment
Share on other sites

Ah, gotcha.  I tried force-ending the task to see if I could replicate it, but it remained blank every time.  If you verify the game files before relaunching, does it make a difference?

Link to comment
Share on other sites

Since the game isn't designed for streaming, and even predates the creation of YouTube, I don't think this is a bug.

 

You run the risk streaming your login of the game. Perhaps don't start the stream until your ready to safely start streaming.

  • Thumbs Up 5
Link to comment
Share on other sites

Posted (edited)
On 4/25/2022 at 6:28 AM, SeraphimKensai said:

Perhaps don't start the stream until your ready to safely start streaming.

I think you're misunderstanding. When I start the game from desktop, the account name is properly blanked out. That part's working fine.

 

The issue is that a LCTMS dumps me back to the login screen, and exposes my account name, whether or not Remember Account Name is unchecked. I can't expect or control that. And it's working contrary to what it says it does, which is a bug in my business.

Edited by Kai Moon
Link to comment
Share on other sites

Posted (edited)

These appear to be the relevant lines from uiLogin.c :

smf_SetRawText(s_editAccount, g_achAccountName, false);
smf_CreateAndParse(g_achAccountName, s_editAccount); // Required so smf_SelectAllText works.
smf_SelectAllText(s_editAccount);

This enters the account name into the text field, but doesn't look at g_iDontSaveName, so always executes.

 

My understanding is that, for housekeeping reasons, g_achAccountName can't be wiped. But enclosing these lines in an if block should stop it from being displayed, which would be good enough.

if( !g_iDontSaveName )
{
	smf_SetRawText(s_editAccount, g_achAccountName, false);
	smf_CreateAndParse(g_achAccountName, s_editAccount); // Required so smf_SelectAllText works.
	smf_SelectAllText(s_editAccount);
}

 

Edited by Kai Moon
Link to comment
Share on other sites

16 hours ago, Kai Moon said:

The issue is that a LCTMS dumps me back to the login screen, and exposes my account name, whether or not Remember Account Name is unchecked. I can't expect or control that. And it's working contrary to what it says it does, which is a bug in my business.

The Remember Account Name setting controls whether the account name is saved between instantions of the client. When you get mapserved and dumped back to the login screen, your client has not exited; you are still running the same instance of the client, and the client retains the account name you signed in with. What you want isn't "make the Remember Account Name setting work right", but a new setting that would change what the client does with your account name after you sign in. Or perhaps a setting that protects the account name like a password, so that the account name displays as asterisks.

Link to comment
Share on other sites

Having a pre-filled account name display as asterisks would be awesome, but getting off-topic.

 

"Make the setting work right" isn't the way I'd put it. "Right or wrong" leaves space for personal opinions, judgement calls whether design is good or bad, clashing expectations based on being used to this old game's quirks vs expectations based on current design practices.

 

Instead, what I want is "Make the setting do what it plainly says it does".

 

The setting is "Remember Account Name". When unchecked, the game will sometimes Remember Account Name anyway. The cause, as seen in the source code, is because uiLogin.c never checks the setting (except to put a checkmark in the box or not). That omission makes the plain text of the setting not match the function of the setting. Fortunately, it's probably a one-line fix.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...