Working version

2018-10-07 22:42:38 +02:00 · 2018-10-07 22:42:38 +02:00 · c408388a48
commit c408388a48
parent ef76b60f7d
4 changed files with 79 additions and 55 deletions
--- a/code/web/public_php/login/class/LoginCb.php
+++ b/code/web/public_php/login/class/LoginCb.php
@ -3,9 +3,11 @@ class LoginCb extends CLoginServiceWeb
 {
    private $ring_web_host;
    private $ring_web_host_php;
+    private $domain_id;

-    public function __construct($ring_web_host, $ring_web_host_php)
+    public function __construct($ring_web_host, $ring_web_host_php, $domain_id)
    {
+        $this->domain_id = $domain_id;
        $this->ring_web_host_php = $ring_web_host_php;
        $this->ring_web_host = $ring_web_host;
    }
@ -13,19 +15,17 @@ class LoginCb extends CLoginServiceWeb
    // receive the login result sent back by the LS
    public function loginResult($userId, $cookie, $resultCode, $errorString)
    {
-        global $domainId;
-
        if ($resultCode == 0 && $cookie != "") {
            // gather the domain information (server version, patch urls and backup patch url
            global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;

            $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
            mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
-            $query = "SELECT * FROM domain WHERE domain_id=$domainId";
+            $query = "SELECT * FROM domain WHERE domain_id = ".$this->domain_id ;
            $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));

            if (mysqli_num_rows($result) != 1) {
-                die(errorMsgBlock(3001, $domainId));
+                die(errorMsgBlock(3001, $this->domain_id ));
            }
            $row = mysqli_fetch_array($result);

@ -36,7 +36,7 @@ class LoginCb extends CLoginServiceWeb
            // Auto-join an available mainland shard
            global $FSHostLuaMode, $FSHostResultStr;
            $FSHostLuaMode = false;
-            $res = joinMainland($userId, $domainId, $row["domain_name"]);
+            $res = joinMainland($userId, $this->domain_id , $row["domain_name"]);

            if ($res) {
                echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $this->ring_web_host_php . "/ring/web_start.php#http://" . $this->ring_web_host . "/ring/\n";
--- a/code/web/public_php/login/class/connection_handler.php
+++ b/code/web/public_php/login/class/connection_handler.php
@ -1,15 +1,15 @@
 <?php
-include_once './LoginCb.php';
-include_once './../tools/utils.php';
-include_once './../config.php';
-include_once './../login_translations.php';
-include_once './../login_service_itf.php';
-include_once './../../ring/join_shard.php';
-include_once './../../tools/nel_message.php';
-include_once './../../tools/domain_info.php';
-
+include_once 'login_service_itf.php';
+include_once 'LoginCb.php';
+include_once 'tools/utils.php';
+include_once '../ring/join_shard.php';
+include_once '../tools/nel_message.php';
+include_once '../tools/domain_info.php';
 class ConnectionHandler
 {
+    private $accept_unknown_user;
+    private $auto_create_ring_info;
+
    private $db_base_connection;
    private $db_ring_connection;

@ -31,7 +31,7 @@ class ConnectionHandler
        $this->db_base_connection_host = $db_base_connection_host;
        $this->db_base_connection_username = $db_base_connection_username;
        $this->db_base_connection_password = $db_base_connection_password;
-        $this->db_base_connection_dbname = $db_base_connection_dname;
+        $this->db_base_connection_dbname = $db_base_connection_dbname;
    }

    /**
@ -39,12 +39,21 @@ class ConnectionHandler
     */
    public function connect()
    {
-        connect_to_base_db($this->db_base_connection_host,
+        $this->connect_to_base_db($this->db_base_connection_host,
            $this->db_base_connection_username,
            $this->db_base_connection_password,
            $this->db_base_connection_dbname);
    }

+    public function set_accept_unknown_user($value)
+    {
+        $this->accept_unknown_user = $value;
+    }
+    public function set_auto_create_ring_info($value)
+    {
+        $this->auto_create_ring_info = $value;
+    }
+
    /**
     * Connect to the base database and sets the fields.
     */
@ -79,15 +88,17 @@ class ConnectionHandler

    private function askSalt($login, $lang)
    {
+        $salt = '';
        setMsgLanguage($lang);
        $escaped_login = $this->db_base_connection->escape_string($login);
-        if ($stmt = $this->db_base_connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) {
+        $query = 'SELECT Password FROM user WHERE Login = ? LIMIT 1';
+        if ($stmt = $this->db_base_connection->prepare($query)) {
            $stmt->bind_param('s', $escaped_login);
            $stmt->execute();
-            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
+            $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $this->db_base_connection_dbname, $this->db_base_connection_host, $this->db_base_connection_username, $this->db_base_connection->error));
            $stmt->fetch();
-            if ($stmt->num_rows == 1) {
-                $salt = '1:' . get_salt($password);
+            if (isset($password)) {
+                $salt = '1:' . $this->get_salt($password);
            } else {
                $salt = errorMsgBlock(2001, $login, 'askSalt');
            }
@ -102,7 +113,7 @@ class ConnectionHandler
     */
    private function CreateRing($domainInfo, $id, $login)
    {
-        connect_to_ring_db($this->db_ring_connection_host,
+        $this->connect_to_ring_db($this->db_ring_connection_host,
            $this->db_ring_connection_username,
            $this->db_ring_connection_password,
            $domainInfo['ring_db_name']);
@ -125,7 +136,7 @@ class ConnectionHandler
    private function Login($login, $password, $clientApplication, $cp, $submittedLang)
    {
        $domainId = -1;
-        $loginSuccessful = checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang);
+        $loginSuccessful = $this->checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang);
        // Client sent his login info
        if (!$loginSuccessful) {
            echo '0:' . $reason;
@ -133,15 +144,15 @@ class ConnectionHandler
            // retrieve the domain info
            $domainInfo = getDomainInfo($domainId);
            // if we need to create missing ring info
-            if ($AutoCreateRingInfo) {
-                CreateRing($domainInfo, $id, $login);
+            if ($this->auto_create_ring_info) {
+                $this->CreateRing($domainInfo, $id, $login);
            }

            $LSaddr = explode(":", $domainInfo['login_address']);

            // ask for a session cookie to the login service
-            $loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php']);
-            $loginCb->connect($LSaddr[0], $LSaddr[1], '');
+            $loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php'], $domainId);
+            $loginCb->connect($LSaddr[0], $LSaddr[1], $result);
            $loginCb->login($id, $_SERVER['REMOTE_ADDR'], $domainId);

            // wait for the return message
@ -160,17 +171,18 @@ class ConnectionHandler
    {
        switch ($command->cmd) {
            case 'ask':
-                echo askSalt($command->login, $command->submittedLang);
+                echo $this->askSalt($command->login, $command->submittedLang);
                break;
-            case 'login-https':
-                $salt = substr(askSalt($command->login, $command->submittedLang), 2);
-                $generated_password = crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt));
-                login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
+            case 'https-login':
+                $salt = substr($this->askSalt($command->login, $command->submittedLang), 2);
+                $generated_password = crypt($command->password, $salt);
+                $this->login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
                break;
            case 'login':
-                login($command->login, $command->password, $command->clientApplication, $command->cp, $command->submittedLang);
+                $this->login($command->login, $command->password, $command->clientApplication, $command->cp, $command->submittedLang);
                break;
            default:
+                echo ('0:Invalid command');
                break;
        }
    }
@ -196,13 +208,13 @@ class ConnectionHandler
        $res = false;
        setMsgLanguage($lang);
        $domainName = $this->db_base_connection->escape_string($clientApplication);
-
-        if ($stmt = $this->db_base_connection->prepare('SELECT domain_id FROM domain WHERE domain_name=\'?\' LIMIT 1')) {
+        $query = 'SELECT domain_id FROM domain WHERE domain_name = ? LIMIT 1';
+        if ($stmt = $this->db_base_connection->prepare($query)) {
            $stmt->bind_param("s", $domainName);
            $stmt->execute();
            $stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_base_connection->error));
            $stmt->fetch();
-            if ($stmt->num_rows == 0) {
+            if (!isset($domainId)) {
                // unrecoverable error, we must giveup
                $reason = errorMsg(3007, $domainName);
                $mysqli->close();
@ -210,7 +222,6 @@ class ConnectionHandler
            }
            $stmt->close();
        }
-
        // retrieve the domain info
        $domainInfo = getDomainInfo($domainId);

@ -220,20 +231,25 @@ class ConnectionHandler
        // now, retrieve the user infos
        $login = $this->db_base_connection->escape_string($login);
        $numrows = 0;
-        if ($stmt = $this->db_base_connection->prepare('SELECT Password, UId FROM user WHERE Login=\'?\' LIMIT 1')) {
+        $query = 'SELECT Password, UId FROM user WHERE Login = ? LIMIT 1';
+        if ($stmt = $this->db_base_connection->prepare($query)) {
            $stmt->bind_param('s', $login);
            $stmt->execute();
-            $stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
+            $success = $stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
            $stmt->fetch();
-            if ($stmt->num_rows) {
-                $salt = get_salt($dbPassword);
+            if ($success) {
+                $salt = $this->get_salt($dbPassword);
                if (($cp && $dbPassword == $password) || (!$cp && $dbPassword == crypt($password, $salt))) {
-                    if ($stmt2 = $this->db_base_connection->prepare('SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission WHERE UId=\'' . $dbUid . '\' AND DomainId=\'$domainId\'')) {
-                        $stmt2->bind_param('i', $dbUid);
+                    $stmt->close();
+                    // UId is not a foreign key for some reason.
+                    // Hence we have to join explicitely
+                    $query = 'SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission JOIN user ON user.UId = permission.UId WHERE user.UId = ? AND permission.DomainId = ? LIMIT 1';
+                    if ($stmt2 = $this->db_base_connection->prepare($query)) {
+                        $stmt2->bind_param('ii', $dbUid, $domainId);
                        $stmt2->execute();
-                        $stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
+                        $success = $stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $this->db_base_connection_dbname, $this->db_base_connection_host, $this->db_base_connection_username, $this->db_base_connection->error));
                        $stmt2->fetch();
-                        if ($stmt->num_rows == 0) {
+                        if (!$success) {
                            // no permission
                            $reason = errorMsg(3011, $clientApplication, $domainName);
                            $res = false;
@ -242,7 +258,7 @@ class ConnectionHandler
                                // no permission
                                $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
                            } else {
-                                if (!IsUserOnline($res)) {
+                                if (!$this->is_user_online($res)) {
                                    $id = $dbUid;
                                    $priv = $dbPrivilege;
                                    $extended = $dbExtendedPrivilege;
@ -256,7 +272,6 @@ class ConnectionHandler
                    $reason = errorMsg(2004, 'user');
                }
            }
-            $stmt->close();
        }
        return $res;
    }
@ -266,7 +281,7 @@ class ConnectionHandler
     * Sets res to false if it failed.
     * @todo fix it.
     */
-    private function IsUserOnline(&$res)
+    private function is_user_online(&$res)
    {
        return false;
        // // check if the user not already online
--- a/code/web/public_php/login/class/nel_command.php
+++ b/code/web/public_php/login/class/nel_command.php
@ -35,10 +35,10 @@ class NelCommand

    public function __construct($getParams)
    {
-        $this->cmd = $getParams['cmd'];
-        $this->login = $getParams['login'];
-        $this->password = $getParams['password'];
-        $this->clientApplication = $getParams['clientApplication'];
+        $this->cmd = isset($getParams['cmd']) ? $getParams['cmd'] : NULL;
+        $this->login = isset($getParams['login']) ? $getParams['login'] : "";
+        $this->password = isset($getParams['password']) ? $getParams['password'] : "";
+        $this->clientApplication =isset($getParams['clientApplication']) ? $getParams['clientApplication'] : "";
        $this->cp = isset($getParams['cp']) ? $getParams['cp'] : 0;
        $this->submittedLang = isset($getParams['lg']) ? $getParams['lg'] : 'unknown';
    }
--- a/code/web/public_php/login/r2_login.php
+++ b/code/web/public_php/login/r2_login.php
@ -1,4 +1,11 @@
 <?php
+error_reporting(E_ERROR | E_PARSE);
+set_error_handler('err_callback');
+// For error handling, buffer all output
+ob_start('ob_callback_r2login');
+
+include_once './login_translations.php';
+include_once './config.php';
 include_once './tools/utils.php';
 include_once './class/connection_handler.php';
 include_once './class/nel_command.php';
@ -14,14 +21,16 @@ if (!isset($_GET['cmd'])) {
 * $DisplayDbg is used in login_translations.php
 * @todo Make sure this is the best place to do it.
 */
-if (isset($_GET['dbg']) && ($_GET['dbg'] == 1)) {
-    $DisplayDbg = true;
-}
+$DisplayDbg = isset($_GET['dbg']) && ($_GET['dbg'] == 1);

 // Create a command object using the user's parameters.
 $nel_command = new NelCommand($_GET);
 // Create a connexion handler to process that command.
 $connection_handler = new ConnectionHandler($DBHost, $DBUserName, $DBPassword, $DBName, $DBHost, $RingDBUserName, $RingDBPassword);
+// Allow to create accounts on the fly (not recommended).
+$connection_handler->set_accept_unknown_user($AcceptUnknownUser);
+// Allow to auto create rings (not recommended).
+$connection_handler->set_auto_create_ring_info($AutoCreateRingInfo);
 // Connect the connection handler to the database.
 $connection_handler->connect();
 // Process the command sent by the user.