1. HabboManager - O(1) username lookup
Before: getHabbo(String) held a synchronized lock and iterated ALL online users every call
After: Secondary ConcurrentHashMap<String, Habbo> keyed by lowercase username → instant get() lookup, no lock contention
2. ItemsComponent - Batch DB saves
Before: dispose() spawned a separate thread per dirty item, each opening its own DB connection
After: Single connection, JDBC addBatch()/executeBatch() for both UPDATE and DELETE, flushed every 100 items. A user with 500 dirty items now does 5 batch executions instead of 500 thread spawns + 500 connections.
3. AcceptFriendRequestEvent - N+1 elimination
Before: For each offline user: query 1 (getOfflineHabboInfo by ID) → query 2 (load full Habbo by username) = 2 queries × up to 100 users = 200 queries
After: Single query by user ID directly = 1 query × up to 100 users = 100 queries (50% reduction)
4. RoomManager - Direct HashMap lookup
Before: getCategory(int id) iterated all categories checking getId() == id even though the map is already keyed by ID
After: Direct roomCategories.get(id) → O(1) instead of O(n)
The Nitro client's NodeData parser enforces safety limits (max 1000 offers,
500 children, 20 depth) using Math.min() on the count but the server was
sending all data beyond those limits. The unread bytes left in the buffer
corrupted parsing of subsequent nodes, causing RangeError.
Cap server-side output to match client limits and snapshot offerIds array
to prevent potential race conditions between size() and iteration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- SQL injection fix: Replaced string concatenation of minPrice/maxPrice with proper parameterized ? placeholders using a paramIndex counter
- IDOR fix: Added user_id ownership check in MarketPlace.takeBackItem() — now verifies the DB user_id matches the requesting player before allowing item retrieval, with warning log on mismatch
- register interaction types wf_act_freeze, wf_act_unfreeze, wf_act_furni_to_user, wf_act_user_to_furni and wf_act_furni_to_furni
- add effect types FREEZE, UNFREEZE, FURNI_TO_USER, USER_TO_FURNI and FURNI_TO_FURNI
- add freeze handling with cancel-on-teleport and cleanup on teleport or room leave
- support furni-to-furni secondary target selection and immediate furni position persistence
- prevent frozen users from walking until they are unfrozen or moved out of the frozen state
- add wf_trg_leave_room, wf_trg_stuff_state, wf_trg_period_short, wf_trg_click_furni, wf_trg_click_tile, wf_trg_click_user and wf_trg_user_performs_action\n- add interaction type room_invisible_click_tile\n- persist selector-driven MatchFurni and ToggleRandom state changes\n- use configured duration in WiredEffectMuteHabbo
Add allow_underpass as a per-room boolean setting that controls whether
avatars can walk under elevated furniture. When disabled (default), the
room behaves normally with blocking items. When enabled, items elevated
above the UNDERPASS_HEIGHT threshold allow walking underneath.
Changes:
- Room: add allowUnderpass field with DB load/save
- RoomTileManager: make all 3 underpass checks conditional on room setting
- RoomItemManager: getWalkableItemAt() falls back when underpass disabled
- RoomSettingsComposer/SaveEvent: send/receive the flag in room settings packet
- SQL migration: add allow_underpass column to rooms table
Co-Authored-By: medievalshell <medievalshell@users.noreply.github.com>
duckietm