Khaganat-NeL/khanat-opennel-code
2
0
Fork 0
Code Issues 21 Pull requests Projects Releases 1 Packages Wiki Activity

AutoIndent

Browse source
This commit is contained in:
Stanislas Dolcini 2018-10-02 19:28:26 +02:00
parent 077ab4c714
commit 8cd093edb5
3 changed files with 375 additions and 433 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
code/web/public_php/login/class/CWwwLog.php
View file

@ -1,37 +1,34 @@
<?php <?php
class CWwwLog class CWwwLog
{ {
//function CWwwLog() {} //function CWwwLog() {}
/* /**
* Return the log directory. Create it if it does not exist, or return false if creation failed. * Return the log directory. Create it if it does not exist, or return false if creation failed.
*/ * Examples:
function getSafeLogDir() * __FILE__ = r:\code\ryzom\www\login\config.php
{ * $_SERVER['PATH_TRANSLATED'] = 'r:/code/ryzom/www/login//r2_login.php'
// Examples: * $_SERVER['SCRIPT_FILENAME'] = 'r:/code/ryzom/www/login//r2_login.php'
// __FILE__ = r:\code\ryzom\www\login\config.php */
// $_SERVER['PATH_TRANSLATED'] = 'r:/code/ryzom/www/login//r2_login.php' public function getSafeLogDir()
// $_SERVER['SCRIPT_FILENAME'] = 'r:/code/ryzom/www/login//r2_login.php' {
global $LogRelativePath; global $LogRelativePath;
$pathInfo = pathinfo(__FILE__); $pathInfo = pathinfo(__FILE__);
$logPath = $pathInfo['dirname'].'/'.$LogRelativePath; $logPath = $pathInfo['dirname'] . '/' . $LogRelativePath;
if (!is_dir($logPath)) if (!is_dir($logPath)) {
{ $res = mkdir($LogPath, 0700);
$res = mkdir($LogPath, 0700); return $res ? $logPath : false;
return $res ? $logPath : false; }
} return $logPath;
return $logPath; }
}
function logStr($str) public function logStr($str)
{ {
$logPath = $this->getSafeLogDir(); $logPath = $this->getSafeLogDir();
if ($logPath !== false) if ($logPath !== false) {
{ $fp = fopen($logPath . '/r2_login_' . date('Y-m-d') . '.log', 'a');
$fp = fopen($logPath.'/r2_login_'.date('Y-m-d').'.log', 'a'); fwrite($fp, date('Y-m-d H:i:s') . ' (' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REQUEST_URI'] . "): $str\n");
fwrite($fp, date('Y-m-d H:i:s').' ('.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REQUEST_URI']."): $str\n"); fclose($fp);
fclose($fp); }
} }
} }
}
?>

86
code/web/public_php/login/class/LoginCb.php
View file

@ -1,54 +1,46 @@
<?php <?php
class LoginCb extends CLoginServiceWeb class LoginCb extends CLoginServiceWeb
{ {
// receive the login result sent back by the LS // receive the login result sent back by the LS
function loginResult($userId, $cookie, $resultCode, $errorString) public function loginResult($userId, $cookie, $resultCode, $errorString)
{ {
global $RingWebHost, $RingWebHostPHP; global $RingWebHost, $RingWebHostPHP;
global $domainId; global $domainId;
if ($resultCode == 0 && $cookie != "") if ($resultCode == 0 && $cookie != "") {
{ // gather the domain information (server version, patch urls and backup patch url
// gather the domain information (server version, patch urls and backup patch url global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$query = "SELECT * FROM domain WHERE domain_id=$domainId"; $query = "SELECT * FROM domain WHERE domain_id=$domainId";
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if( mysqli_num_rows($result) != 1) if (mysqli_num_rows($result) != 1) {
{ die(errorMsgBlock(3001, $domainId));
die(errorMsgBlock(3001, $domainId)); }
} $row = mysqli_fetch_array($result);
$row = mysqli_fetch_array($result);
// set the cookie // set the cookie
setcookie ( "ryzomId" , $cookie, 0, "/"); setcookie("ryzomId", $cookie, 0, "/");
$_COOKIE["ryzomId"] = $cookie; // make it available immediately $_COOKIE["ryzomId"] = $cookie; // make it available immediately
// Auto-join an available mainland shard // Auto-join an available mainland shard
global $FSHostLuaMode, $FSHostResultStr; global $FSHostLuaMode, $FSHostResultStr;
$FSHostLuaMode = false; $FSHostLuaMode = false;
$res = joinMainland($userId, $domainId, $row["domain_name"]); $res = joinMainland($userId, $domainId, $row["domain_name"]);
if ($res) if ($res) {
{ echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $RingWebHost . "/ring/web_start.php#http://" . $RingWebHostPHP . "/ring/\n";
echo "1#".$cookie."#".$FSHostResultStr."#http://".$RingWebHost."/ring/web_start.php#http://".$RingWebHostPHP."/ring/\n"; // return the ring domain information
// return the ring domain information echo $row["patch_version"] . "#" . $row["backup_patch_url"] . "#" . $row["patch_urls"];
echo $row["patch_version"]."#".$row["backup_patch_url"]."#".$row["patch_urls"]; } else {
} global $JoinSessionResultCode, $JoinSessionResultMsg;
else echo errorMsgBlock(BASE_TRANSLATED_RSM_ERROR_NUM + $JoinSessionResultCode, $JoinSessionResultCode, $JoinSessionResultMsg, $userId);
{ }
global $JoinSessionResultCode, $JoinSessionResultMsg; } else {
echo errorMsgBlock(BASE_TRANSLATED_RSM_ERROR_NUM + $JoinSessionResultCode, $JoinSessionResultCode, $JoinSessionResultMsg, $userId); // empty cookie, this mean the user id can't be validated by the LS
} echo errorMsgBlock(BASE_TRANSLATED_LS_ERROR_NUM + $resultCode, $resultCode, $errorString, $userId);
} }
else }
{ }
// empty cookie, this mean the user id can't be validated by the LS
echo errorMsgBlock(BASE_TRANSLATED_LS_ERROR_NUM + $resultCode, $resultCode, $errorString, $userId);
}
}
}
?>

657
code/web/public_php/login/r2_login.php
View file

@ -1,392 +1,345 @@
<?php <?php
error_reporting(E_ERROR | E_PARSE); error_reporting(E_ERROR | E_PARSE);
set_error_handler('err_callback'); set_error_handler('err_callback');
// For error handling, buffer all output // For error handling, buffer all output
ob_start('ob_callback_r2login'); ob_start('ob_callback_r2login');
include_once('config.php'); include_once 'config.php';
include_once('login_translations.php'); include_once 'login_translations.php';
include_once('../tools/nel_message.php'); include_once '../tools/nel_message.php';
include_once('../tools/domain_info.php'); include_once '../tools/domain_info.php';
include_once('login_service_itf.php'); include_once 'login_service_itf.php';
include_once('../ring/join_shard.php'); include_once '../ring/join_shard.php';
include_once('./class/CWwwLog.php'); include_once './class/CWwwLog.php';
include_once('./class/LoginCb.php'); include_once './class/LoginCb.php';
if (!isset($_GET['cmd'])) {
die(errorMsgBlock(3002));
}
function get_salt($password) // check for 'clear password' tag
{ if (!isset($_GET['cp'])) {
if ($password[0] == '$') $cp = 0;
{ } else {
$salt = substr($password, 0, 19); $cp = $_GET['cp'];
}
$submittedLang = isset($_GET['lg']) ? $_GET['lg'] : 'unknown';
if (isset($_GET['dbg']) && ($_GET['dbg'] == 1)) {
$DisplayDbg = true;
}
switch ($_GET['cmd']) {
case 'ask':
// client ask for a login salt
askSalt($_GET['login'], $submittedLang);
die();
case 'login':
$domainId = -1;
// client sent is login info
if (!checkUserValidity($_GET['login'], $_GET['password'], $_GET['clientApplication'], $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang)) {
echo '0:' . $reason;
} else {
// retreive the domain info
$domainInfo = getDomainInfo($domainId);
// if we need to create missing ring info
if ($AutoCreateRingInfo) {
// check if the ring user exist, and create it if not
$ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
mysqli_select_db($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
$query = "SELECT user_id FROM ring_users where user_id = '" . $id . "'";
$result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
if (mysqli_num_rows($result) == 0) {
// no ring user record, build one
$login = mysqli_real_escape_string($ringDb, $_GET['login']);
$query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
$result = mysqli_query($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
}
}
// store the web host for this domain
global $RingWebHost, $RingWebHostPHP;
$RingWebHost = $domainInfo['web_host'];
$RingWebHostPHP = $domainInfo['web_host_php'];
$LSaddr = explode(":", $domainInfo['login_address']);
// ask for a session cookie to the login service
$login = new LoginCb;
$res = "";
$login->connect($LSaddr[0], $LSaddr[1], $res);
$login->login($id, $_SERVER["REMOTE_ADDR"], $domainId);
// wait for the return message
if (!$login->waitCallback()) {
die(errorMsgBlock(3003));
}
//the rest of the process is done in the callback function
} }
else }
{
$salt = substr($password, 0, 2);
}
return $salt;
}
// see errorMsg // no more to do (other global statement are old garbage)
function errorMsgBlock($errNum=GENERIC_ERROR_NUM) // $mixedArgs die();
{
$args = func_get_args();
return '0:'.call_user_func_array('errorMsg', $args);
}
// Callback called on end of output buffering
function ob_callback_r2login($buffer)
{
// Log only in case of error or malformed result string
$blockHd = substr($buffer, 0, 2);
if ($blockHd != '1:')
{
$logFile = new CWwwLog();
$logFile->logStr(str_replace("\n",'\n',$buffer));
}
return $buffer; // sent to output
}
// Callback called on error
function err_callback($errno, $errmsg, $filename, $linenum, $vars)
{
$logFile = new CWwwLog();
$logFile->logStr("PHP ERROR/$errno $errmsg ($filename:$linenum)");
$logFile->logStr("PHP CALLSTACK/" . print_r(debug_backtrace(), TRUE));
// Never die after an error
}
if (!isset($_GET['cmd']))
{
die (errorMsgBlock(3002));
}
// check for 'clear password' tag
if (!isset($_GET['cp']))
{
$cp = 0;
}
else
{
$cp = $_GET['cp'];
}
$submittedLang = isset($_GET['lg']) ? $_GET['lg'] : 'unknown';
if (isset($_GET['dbg']) && ($_GET['dbg'] == 1))
$DisplayDbg = true;
switch($_GET['cmd'])
{
case 'ask':
// client ask for a login salt
askSalt($_GET['login'], $submittedLang);
die();
case 'login':
$domainId = -1;
// client sent is login info
if (!checkUserValidity($_GET['login'], $_GET['password'], $_GET['clientApplication'], $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang))
{
echo '0:'.$reason;
}
else
{
// retreive the domain info
$domainInfo = getDomainInfo($domainId);
// if we need to create missing ring info
if ($AutoCreateRingInfo)
{
// check if the ring user exist, and create it if not
$ringDb = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die(errorMsgBlock(3004, 'Ring', $DBHost, $RingDBUserName));
mysqli_select_db ($ringDb, $domainInfo['ring_db_name']) or die(errorMsgBlock(3005, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName));
$query = "SELECT user_id FROM ring_users where user_id = '".$id."'";
$result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
if (mysqli_num_rows($result) == 0)
{
// no ring user record, build one
$login = mysqli_real_escape_string($ringDb, $_GET['login']);
$query = "INSERT INTO ring_users SET user_id = '$id', user_name = '$login', user_type='ut_pioneer'";
$result = mysqli_query ($ringDb, $query) or die(errorMsgBlock(3006, $query, 'Ring', $domainInfo['ring_db_name'], $DBHost, $RingDBUserName, mysqli_error($ringDb)));
}
}
// store the web host for this domain
global $RingWebHost, $RingWebHostPHP;
$RingWebHost = $domainInfo['web_host'];
$RingWebHostPHP = $domainInfo['web_host_php'];
$LSaddr = explode(":", $domainInfo['login_address']);
// ask for a session cookie to the login service
$login = new LoginCb;
$res = "";
$login->connect($LSaddr[0], $LSaddr[1], $res);
$login->login($id, $_SERVER["REMOTE_ADDR"], $domainId);
// wait for the return message
if (!$login->waitCallback())
{
die(errorMsgBlock(3003));
}
//the rest of the process is done in the callback function
}
}
// no more to do (other global statement are old garbage)
die();
// ---------------------------------------------------------------------------------------- // ----------------------------------------------------------------------------------------
// Functions // Functions
// ---------------------------------------------------------------------------------------- // ----------------------------------------------------------------------------------------
// $reason contains the reason why the check failed or success function get_salt($password)
// return true if the check is ok {
function checkUserValidity ($login, $password, $clientApplication, $cp, &$id, &$reason, &$priv, &$extended, &$domainId, $lang) if ($password[0] == '$') {
{ $salt = substr($password, 0, 19);
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser; } else {
$salt = substr($password, 0, 2);
}
return $salt;
}
setMsgLanguage($lang); // see errorMsg
function errorMsgBlock($errNum = GENERIC_ERROR_NUM) // $mixedArgs
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); {
mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); $args = func_get_args();
return '0:' . call_user_func_array('errorMsg', $args);
}
// we map the client application to the domain name // Callback called on end of output buffering
$domainName = mysqli_real_escape_string($link, $clientApplication); function ob_callback_r2login($buffer)
{
// Log only in case of error or malformed result string
$blockHd = substr($buffer, 0, 2);
if ($blockHd != '1:') {
$logFile = new CWwwLog();
$logFile->logStr(str_replace("\n", '\n', $buffer));
}
return $buffer; // sent to output
}
// retreive the domain id // Callback called on error
$query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'"; function err_callback($errno, $errmsg, $filename, $linenum, $vars)
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); {
$logFile = new CWwwLog();
$logFile->logStr("PHP ERROR/$errno $errmsg ($filename:$linenum)");
$logFile->logStr("PHP CALLSTACK/" . print_r(debug_backtrace(), true));
// Never die after an error
}
if (mysqli_num_rows($result) == 0) // $reason contains the reason why the check failed or success
{ // return true if the check is ok
// unrecoverable error, we must giveup function checkUserValidity($login, $password, $clientApplication, $cp, &$id, &$reason, &$priv, &$extended, &$domainId, $lang)
$reason = errorMsg(3007, $domainName); {
mysqli_close($link); global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
return false;
}
$row = mysqli_fetch_array($result); setMsgLanguage($lang);
$domainId = $row[0];
// retreive the domain info $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
$domainInfo = getDomainInfo($domainId); mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
// convert the domain status enum into the privilege access set // we map the client application to the domain name
$accessPriv = strtoupper(substr($domainInfo['status'], 3)); $domainName = mysqli_real_escape_string($link, $clientApplication);
// now, retrieve the user infos // retreive the domain id
$login = mysqli_real_escape_string($link, $login); $query = "SELECT domain_id FROM domain WHERE domain_name='$domainName'";
$query = "SELECT * FROM user where Login='$login'"; $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows ($result) == 0) if (mysqli_num_rows($result) == 0) {
{ // unrecoverable error, we must giveup
if ($AcceptUnknownUser) $reason = errorMsg(3007, $domainName);
{ mysqli_close($link);
// login doesn't exist, create it return false;
$password = mysqli_real_escape_string($link, $password); }
$query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
// get the user to have his UId $row = mysqli_fetch_array($result);
$query = "SELECT * FROM user WHERE Login='$login'"; $domainId = $row[0];
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows ($result) == 1) // retreive the domain info
{ $domainInfo = getDomainInfo($domainId);
$reason = errorMsg(3008, $login);
$row = mysqli_fetch_assoc ($result);
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
// add the default permission // convert the domain status enum into the privilege access set
$query = "INSERT INTO permission (UId, DomainId, AccessPrivilege) VALUES ('$id', '$domainId', '$accessPriv')"; $accessPriv = strtoupper(substr($domainInfo['status'], 3));
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$res = false; // now, retrieve the user infos
} $login = mysqli_real_escape_string($link, $login);
else $query = "SELECT * FROM user where Login='$login'";
{ $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3009, $login);
$res = false;
}
}
else
{
$reason = errorMsg(2001, $login, 'checkUserValidity');
}
}
else
{
$row = mysqli_fetch_assoc ($result);
$salt = get_salt($row["Password"]);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt)))
{
// Store the real login (with correct case)
$_GET['login'] = $row['Login'];
// check if the user can use this application
$clientApplication = mysqli_real_escape_string($link, $clientApplication); if (mysqli_num_rows($result) == 0) {
$query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND DomainId='$domainId'"; if ($AcceptUnknownUser) {
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); // login doesn't exist, create it
if (mysqli_num_rows ($result) == 0) $password = mysqli_real_escape_string($link, $password);
{ $query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
if ($AcceptUnknownUser) $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
{
// add default permission
$query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('".$row["UId"]."', '$domainId', -1, '$domainStatus')";
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3010); // get the user to have his UId
$res = false; $query = "SELECT * FROM user WHERE Login='$login'";
} $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
else
{
// no permission
$reason = errorMsg(3011, $clientApplication, $domainName);
$res = false;
}
}
else
{
// check that the access privilege for the domain
$permission = mysqli_fetch_assoc($result);
if (!strstr($permission['AccessPrivilege'], $accessPriv)) if (mysqli_num_rows($result) == 1) {
{ $reason = errorMsg(3008, $login);
// no right to connect $row = mysqli_fetch_assoc($result);
if ($AcceptUnknownUser) $id = $row["UId"];
{ $priv = $row["Privilege"];
// set an additionnal privilege for this player $extended = $row["ExtendedPrivilege"];
$query = "UPDATE permission set AccessPrivilege='".$permission['AccessPrivilege'].",$accessPriv' WHERE PermissionId=".$permission['PermissionId'];
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3012, $accessPriv); // add the default permission
$res = false; $query = "INSERT INTO permission (UId, DomainId, AccessPrivilege) VALUES ('$id', '$domainId', '$accessPriv')";
} $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
else
{
// no permission
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
$res = false;
}
}
else
{
// // check if the user not already online $res = false;
// } else {
// if ($row["State"] != "Offline") $reason = errorMsg(3009, $login);
// { $res = false;
// $reason = "$login is already online and "; }
// // ask the LS to remove the client } else {
// if (disconnectClient ($row["ShardId"], $row["UId"], $tempres)) $reason = errorMsg(2001, $login, 'checkUserValidity');
// { }
// $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)"; } else {
// $row = mysqli_fetch_assoc($result);
// $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"]; $salt = get_salt($row["Password"]);
// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link)); if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) {
// // Store the real login (with correct case)
// $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"]; $_GET['login'] = $row['Login'];
// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link)); // check if the user can use this application
// }
// else
// {
// $reason = $reason."can't be disconnected: $tempres (error code 55)";
// }
// $res = false;
// }
// else
// {
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
$res = true;
// }
}
}
}
else
{
$reason = errorMsg(2004, 'user');
$res = false;
}
}
mysqli_close($link);
return $res;
}
function askSalt($login, $lang) $clientApplication = mysqli_real_escape_string($link, $clientApplication);
{ $query = "SELECT * FROM permission WHERE UId='" . $row["UId"] . "' AND DomainId='$domainId'";
global $PHP_SELF; $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
global $DBHost, $DBUserName, $DBPassword, $DBName; if (mysqli_num_rows($result) == 0) {
global $AcceptUnknownUser; if ($AcceptUnknownUser) {
// add default permission
$query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('" . $row["UId"] . "', '$domainId', -1, '$domainStatus')";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
setMsgLanguage($lang); $reason = errorMsg(3010);
$res = false;
} else {
// no permission
$reason = errorMsg(3011, $clientApplication, $domainName);
$res = false;
}
} else {
// check that the access privilege for the domain
$permission = mysqli_fetch_assoc($result);
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die (errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); if (!strstr($permission['AccessPrivilege'], $accessPriv)) {
mysqli_select_db ($link, $DBName) or die (errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); // no right to connect
if ($AcceptUnknownUser) {
// set an additionnal privilege for this player
$query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",$accessPriv' WHERE PermissionId=" . $permission['PermissionId'];
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$login = mysqli_real_escape_string($link, $login); $reason = errorMsg(3012, $accessPriv);
$query = "SELECT Password FROM user WHERE Login='$login'"; $res = false;
$result = mysqli_query ($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); } else {
// no permission
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
$res = false;
}
} else {
if (mysqli_num_rows ($result) != 1) // // check if the user not already online
{ //
if ($AcceptUnknownUser) // if ($row["State"] != "Offline")
{ // {
// just accept the client and return a default salk // $reason = "$login is already online and ";
echo "1:AA"; // // ask the LS to remove the client
die; // if (disconnectClient ($row["ShardId"], $row["UId"], $tempres))
} // {
else // $reason = $reason."was just disconnected. Now you can retry the identification (error code 54)";
{ //
die (errorMsgBlock(2001, $login, 'askSalt')); // $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
// Check if this is not an unconfirmed account // $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
/*$query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'"; //
$result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); // $query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
// $result = mysqli_query ($link, $query) or die ("Can't execute the query: '$query' errno:".mysqli_errno($link).": ".mysqli_error($link));
// }
// else
// {
// $reason = $reason."can't be disconnected: $tempres (error code 55)";
// }
// $res = false;
// }
// else
// {
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
$res = true;
// }
}
}
} else {
$reason = errorMsg(2004, 'user');
$res = false;
}
}
mysqli_close($link);
return $res;
}
if (mysqli_num_rows($result) == 0) function askSalt($login, $lang)
{ {
// no user record, reject it global $PHP_SELF;
die (errorMsgBlock(2001, $login, 'askSalt')); global $DBHost, $DBUserName, $DBPassword, $DBName;
} global $AcceptUnknownUser;
else if (mysqli_num_rows($result) == 1)
{
// one unconfirmed record, let the client send the encrypted password to get the corresponding email address
$row = mysqli_fetch_assoc($result);
$salt = substr($row['GamePassword'], 0, 2);
}
else
{
if ($lang == 'unknown')
{
// several matching records => display a multi-language message now
$languages = array();
while ($row = mysqli_fetch_assoc($result))
{
$languages[$row['Language']] = true;
}
setMsgLanguage(array_keys($languages));
}
die (errorMsgBlock(2003));
}*/
}
}
else
{
$res_array = mysqli_fetch_assoc($result);
$salt = get_salt($res_array['Password']);
}
echo "1:".$salt; setMsgLanguage($lang);
mysqli_close($link);
}
?> $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$login = mysqli_real_escape_string($link, $login);
$query = "SELECT Password FROM user WHERE Login='$login'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) != 1) {
if ($AcceptUnknownUser) {
// just accept the client and return a default salk
echo "1:AA";
die;
} else {
die(errorMsgBlock(2001, $login, 'askSalt'));
// Check if this is not an unconfirmed account
/*$query = "SELECT GamePassword, Language FROM signup_data WHERE login='$login'";
$result = mysqli_query($link, $query) or die (errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0)
{
// no user record, reject it
die (errorMsgBlock(2001, $login, 'askSalt'));
}
else if (mysqli_num_rows($result) == 1)
{
// one unconfirmed record, let the client send the encrypted password to get the corresponding email address
$row = mysqli_fetch_assoc($result);
$salt = substr($row['GamePassword'], 0, 2);
}
else
{
if ($lang == 'unknown')
{
// several matching records => display a multi-language message now
$languages = array();
while ($row = mysqli_fetch_assoc($result))
{
$languages[$row['Language']] = true;
}
setMsgLanguage(array_keys($languages));
}
die (errorMsgBlock(2003));
}*/
}
} else {
$res_array = mysqli_fetch_assoc($result);
$salt = get_salt($res_array['Password']);
}
echo "1:" . $salt;
mysqli_close($link);
}