From 4fc0a3c9a19d76bed3079b368b0402730633db6d Mon Sep 17 00:00:00 2001
From: Beny <ben@beny.pro>
Date: Tue, 21 May 2019 19:09:54 +0100
Subject: [PATCH] SSO exploit fixed

---
 .../java/com/eu/habbo/habbohotel/users/HabboManager.java   | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java b/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java
index 64107ea0..6bca1549 100644
--- a/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java
+++ b/src/main/java/com/eu/habbo/habbohotel/users/HabboManager.java
@@ -110,7 +110,7 @@ public class HabboManager
 
 
         try(Connection connection = Emulator.getDatabase().getDataSource().getConnection();
-            PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket LIKE ? LIMIT 1"))
+            PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE auth_ticket = ? LIMIT 1"))
         {
             statement.setString(1, sso);
             try (ResultSet set = statement.executeQuery())
@@ -126,11 +126,10 @@ public class HabboManager
 
                     if (!Emulator.debugging)
                     {
-                        try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE auth_ticket LIKE ? AND id = ? LIMIT 1"))
+                        try (PreparedStatement stmt = connection.prepareStatement("UPDATE users SET auth_ticket = ? WHERE id = ? LIMIT 1"))
                         {
                             stmt.setString(1, "");
-                            stmt.setString(2, sso);
-                            stmt.setInt(3, habbo.getHabboInfo().getId());
+                            stmt.setInt(2, habbo.getHabboInfo().getId());
                             stmt.execute();
                         } catch (SQLException e)
                         {