Working version
This commit is contained in:
parent
ef76b60f7d
commit
c408388a48
4 changed files with 79 additions and 55 deletions
|
@ -3,9 +3,11 @@ class LoginCb extends CLoginServiceWeb
|
||||||
{
|
{
|
||||||
private $ring_web_host;
|
private $ring_web_host;
|
||||||
private $ring_web_host_php;
|
private $ring_web_host_php;
|
||||||
|
private $domain_id;
|
||||||
|
|
||||||
public function __construct($ring_web_host, $ring_web_host_php)
|
public function __construct($ring_web_host, $ring_web_host_php, $domain_id)
|
||||||
{
|
{
|
||||||
|
$this->domain_id = $domain_id;
|
||||||
$this->ring_web_host_php = $ring_web_host_php;
|
$this->ring_web_host_php = $ring_web_host_php;
|
||||||
$this->ring_web_host = $ring_web_host;
|
$this->ring_web_host = $ring_web_host;
|
||||||
}
|
}
|
||||||
|
@ -13,19 +15,17 @@ class LoginCb extends CLoginServiceWeb
|
||||||
// receive the login result sent back by the LS
|
// receive the login result sent back by the LS
|
||||||
public function loginResult($userId, $cookie, $resultCode, $errorString)
|
public function loginResult($userId, $cookie, $resultCode, $errorString)
|
||||||
{
|
{
|
||||||
global $domainId;
|
|
||||||
|
|
||||||
if ($resultCode == 0 && $cookie != "") {
|
if ($resultCode == 0 && $cookie != "") {
|
||||||
// gather the domain information (server version, patch urls and backup patch url
|
// gather the domain information (server version, patch urls and backup patch url
|
||||||
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
|
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
|
||||||
|
|
||||||
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
|
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
|
||||||
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
|
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
|
||||||
$query = "SELECT * FROM domain WHERE domain_id=$domainId";
|
$query = "SELECT * FROM domain WHERE domain_id = ".$this->domain_id ;
|
||||||
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
|
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
|
||||||
|
|
||||||
if (mysqli_num_rows($result) != 1) {
|
if (mysqli_num_rows($result) != 1) {
|
||||||
die(errorMsgBlock(3001, $domainId));
|
die(errorMsgBlock(3001, $this->domain_id ));
|
||||||
}
|
}
|
||||||
$row = mysqli_fetch_array($result);
|
$row = mysqli_fetch_array($result);
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@ class LoginCb extends CLoginServiceWeb
|
||||||
// Auto-join an available mainland shard
|
// Auto-join an available mainland shard
|
||||||
global $FSHostLuaMode, $FSHostResultStr;
|
global $FSHostLuaMode, $FSHostResultStr;
|
||||||
$FSHostLuaMode = false;
|
$FSHostLuaMode = false;
|
||||||
$res = joinMainland($userId, $domainId, $row["domain_name"]);
|
$res = joinMainland($userId, $this->domain_id , $row["domain_name"]);
|
||||||
|
|
||||||
if ($res) {
|
if ($res) {
|
||||||
echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $this->ring_web_host_php . "/ring/web_start.php#http://" . $this->ring_web_host . "/ring/\n";
|
echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $this->ring_web_host_php . "/ring/web_start.php#http://" . $this->ring_web_host . "/ring/\n";
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
<?php
|
<?php
|
||||||
include_once './LoginCb.php';
|
include_once 'login_service_itf.php';
|
||||||
include_once './../tools/utils.php';
|
include_once 'LoginCb.php';
|
||||||
include_once './../config.php';
|
include_once 'tools/utils.php';
|
||||||
include_once './../login_translations.php';
|
include_once '../ring/join_shard.php';
|
||||||
include_once './../login_service_itf.php';
|
include_once '../tools/nel_message.php';
|
||||||
include_once './../../ring/join_shard.php';
|
include_once '../tools/domain_info.php';
|
||||||
include_once './../../tools/nel_message.php';
|
|
||||||
include_once './../../tools/domain_info.php';
|
|
||||||
|
|
||||||
class ConnectionHandler
|
class ConnectionHandler
|
||||||
{
|
{
|
||||||
|
private $accept_unknown_user;
|
||||||
|
private $auto_create_ring_info;
|
||||||
|
|
||||||
private $db_base_connection;
|
private $db_base_connection;
|
||||||
private $db_ring_connection;
|
private $db_ring_connection;
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@ class ConnectionHandler
|
||||||
$this->db_base_connection_host = $db_base_connection_host;
|
$this->db_base_connection_host = $db_base_connection_host;
|
||||||
$this->db_base_connection_username = $db_base_connection_username;
|
$this->db_base_connection_username = $db_base_connection_username;
|
||||||
$this->db_base_connection_password = $db_base_connection_password;
|
$this->db_base_connection_password = $db_base_connection_password;
|
||||||
$this->db_base_connection_dbname = $db_base_connection_dname;
|
$this->db_base_connection_dbname = $db_base_connection_dbname;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -39,12 +39,21 @@ class ConnectionHandler
|
||||||
*/
|
*/
|
||||||
public function connect()
|
public function connect()
|
||||||
{
|
{
|
||||||
connect_to_base_db($this->db_base_connection_host,
|
$this->connect_to_base_db($this->db_base_connection_host,
|
||||||
$this->db_base_connection_username,
|
$this->db_base_connection_username,
|
||||||
$this->db_base_connection_password,
|
$this->db_base_connection_password,
|
||||||
$this->db_base_connection_dbname);
|
$this->db_base_connection_dbname);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function set_accept_unknown_user($value)
|
||||||
|
{
|
||||||
|
$this->accept_unknown_user = $value;
|
||||||
|
}
|
||||||
|
public function set_auto_create_ring_info($value)
|
||||||
|
{
|
||||||
|
$this->auto_create_ring_info = $value;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Connect to the base database and sets the fields.
|
* Connect to the base database and sets the fields.
|
||||||
*/
|
*/
|
||||||
|
@ -79,15 +88,17 @@ class ConnectionHandler
|
||||||
|
|
||||||
private function askSalt($login, $lang)
|
private function askSalt($login, $lang)
|
||||||
{
|
{
|
||||||
|
$salt = '';
|
||||||
setMsgLanguage($lang);
|
setMsgLanguage($lang);
|
||||||
$escaped_login = $this->db_base_connection->escape_string($login);
|
$escaped_login = $this->db_base_connection->escape_string($login);
|
||||||
if ($stmt = $this->db_base_connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) {
|
$query = 'SELECT Password FROM user WHERE Login = ? LIMIT 1';
|
||||||
|
if ($stmt = $this->db_base_connection->prepare($query)) {
|
||||||
$stmt->bind_param('s', $escaped_login);
|
$stmt->bind_param('s', $escaped_login);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
$stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
|
$stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $this->db_base_connection_dbname, $this->db_base_connection_host, $this->db_base_connection_username, $this->db_base_connection->error));
|
||||||
$stmt->fetch();
|
$stmt->fetch();
|
||||||
if ($stmt->num_rows == 1) {
|
if (isset($password)) {
|
||||||
$salt = '1:' . get_salt($password);
|
$salt = '1:' . $this->get_salt($password);
|
||||||
} else {
|
} else {
|
||||||
$salt = errorMsgBlock(2001, $login, 'askSalt');
|
$salt = errorMsgBlock(2001, $login, 'askSalt');
|
||||||
}
|
}
|
||||||
|
@ -102,7 +113,7 @@ class ConnectionHandler
|
||||||
*/
|
*/
|
||||||
private function CreateRing($domainInfo, $id, $login)
|
private function CreateRing($domainInfo, $id, $login)
|
||||||
{
|
{
|
||||||
connect_to_ring_db($this->db_ring_connection_host,
|
$this->connect_to_ring_db($this->db_ring_connection_host,
|
||||||
$this->db_ring_connection_username,
|
$this->db_ring_connection_username,
|
||||||
$this->db_ring_connection_password,
|
$this->db_ring_connection_password,
|
||||||
$domainInfo['ring_db_name']);
|
$domainInfo['ring_db_name']);
|
||||||
|
@ -125,7 +136,7 @@ class ConnectionHandler
|
||||||
private function Login($login, $password, $clientApplication, $cp, $submittedLang)
|
private function Login($login, $password, $clientApplication, $cp, $submittedLang)
|
||||||
{
|
{
|
||||||
$domainId = -1;
|
$domainId = -1;
|
||||||
$loginSuccessful = checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang);
|
$loginSuccessful = $this->checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang);
|
||||||
// Client sent his login info
|
// Client sent his login info
|
||||||
if (!$loginSuccessful) {
|
if (!$loginSuccessful) {
|
||||||
echo '0:' . $reason;
|
echo '0:' . $reason;
|
||||||
|
@ -133,15 +144,15 @@ class ConnectionHandler
|
||||||
// retrieve the domain info
|
// retrieve the domain info
|
||||||
$domainInfo = getDomainInfo($domainId);
|
$domainInfo = getDomainInfo($domainId);
|
||||||
// if we need to create missing ring info
|
// if we need to create missing ring info
|
||||||
if ($AutoCreateRingInfo) {
|
if ($this->auto_create_ring_info) {
|
||||||
CreateRing($domainInfo, $id, $login);
|
$this->CreateRing($domainInfo, $id, $login);
|
||||||
}
|
}
|
||||||
|
|
||||||
$LSaddr = explode(":", $domainInfo['login_address']);
|
$LSaddr = explode(":", $domainInfo['login_address']);
|
||||||
|
|
||||||
// ask for a session cookie to the login service
|
// ask for a session cookie to the login service
|
||||||
$loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php']);
|
$loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php'], $domainId);
|
||||||
$loginCb->connect($LSaddr[0], $LSaddr[1], '');
|
$loginCb->connect($LSaddr[0], $LSaddr[1], $result);
|
||||||
$loginCb->login($id, $_SERVER['REMOTE_ADDR'], $domainId);
|
$loginCb->login($id, $_SERVER['REMOTE_ADDR'], $domainId);
|
||||||
|
|
||||||
// wait for the return message
|
// wait for the return message
|
||||||
|
@ -160,17 +171,18 @@ class ConnectionHandler
|
||||||
{
|
{
|
||||||
switch ($command->cmd) {
|
switch ($command->cmd) {
|
||||||
case 'ask':
|
case 'ask':
|
||||||
echo askSalt($command->login, $command->submittedLang);
|
echo $this->askSalt($command->login, $command->submittedLang);
|
||||||
break;
|
break;
|
||||||
case 'login-https':
|
case 'https-login':
|
||||||
$salt = substr(askSalt($command->login, $command->submittedLang), 2);
|
$salt = substr($this->askSalt($command->login, $command->submittedLang), 2);
|
||||||
$generated_password = crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt));
|
$generated_password = crypt($command->password, $salt);
|
||||||
login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
|
$this->login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
|
||||||
break;
|
break;
|
||||||
case 'login':
|
case 'login':
|
||||||
login($command->login, $command->password, $command->clientApplication, $command->cp, $command->submittedLang);
|
$this->login($command->login, $command->password, $command->clientApplication, $command->cp, $command->submittedLang);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
echo ('0:Invalid command');
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -196,13 +208,13 @@ class ConnectionHandler
|
||||||
$res = false;
|
$res = false;
|
||||||
setMsgLanguage($lang);
|
setMsgLanguage($lang);
|
||||||
$domainName = $this->db_base_connection->escape_string($clientApplication);
|
$domainName = $this->db_base_connection->escape_string($clientApplication);
|
||||||
|
$query = 'SELECT domain_id FROM domain WHERE domain_name = ? LIMIT 1';
|
||||||
if ($stmt = $this->db_base_connection->prepare('SELECT domain_id FROM domain WHERE domain_name=\'?\' LIMIT 1')) {
|
if ($stmt = $this->db_base_connection->prepare($query)) {
|
||||||
$stmt->bind_param("s", $domainName);
|
$stmt->bind_param("s", $domainName);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
$stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_base_connection->error));
|
$stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_base_connection->error));
|
||||||
$stmt->fetch();
|
$stmt->fetch();
|
||||||
if ($stmt->num_rows == 0) {
|
if (!isset($domainId)) {
|
||||||
// unrecoverable error, we must giveup
|
// unrecoverable error, we must giveup
|
||||||
$reason = errorMsg(3007, $domainName);
|
$reason = errorMsg(3007, $domainName);
|
||||||
$mysqli->close();
|
$mysqli->close();
|
||||||
|
@ -210,7 +222,6 @@ class ConnectionHandler
|
||||||
}
|
}
|
||||||
$stmt->close();
|
$stmt->close();
|
||||||
}
|
}
|
||||||
|
|
||||||
// retrieve the domain info
|
// retrieve the domain info
|
||||||
$domainInfo = getDomainInfo($domainId);
|
$domainInfo = getDomainInfo($domainId);
|
||||||
|
|
||||||
|
@ -220,20 +231,25 @@ class ConnectionHandler
|
||||||
// now, retrieve the user infos
|
// now, retrieve the user infos
|
||||||
$login = $this->db_base_connection->escape_string($login);
|
$login = $this->db_base_connection->escape_string($login);
|
||||||
$numrows = 0;
|
$numrows = 0;
|
||||||
if ($stmt = $this->db_base_connection->prepare('SELECT Password, UId FROM user WHERE Login=\'?\' LIMIT 1')) {
|
$query = 'SELECT Password, UId FROM user WHERE Login = ? LIMIT 1';
|
||||||
|
if ($stmt = $this->db_base_connection->prepare($query)) {
|
||||||
$stmt->bind_param('s', $login);
|
$stmt->bind_param('s', $login);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
$stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
|
$success = $stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
|
||||||
$stmt->fetch();
|
$stmt->fetch();
|
||||||
if ($stmt->num_rows) {
|
if ($success) {
|
||||||
$salt = get_salt($dbPassword);
|
$salt = $this->get_salt($dbPassword);
|
||||||
if (($cp && $dbPassword == $password) || (!$cp && $dbPassword == crypt($password, $salt))) {
|
if (($cp && $dbPassword == $password) || (!$cp && $dbPassword == crypt($password, $salt))) {
|
||||||
if ($stmt2 = $this->db_base_connection->prepare('SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission WHERE UId=\'' . $dbUid . '\' AND DomainId=\'$domainId\'')) {
|
$stmt->close();
|
||||||
$stmt2->bind_param('i', $dbUid);
|
// UId is not a foreign key for some reason.
|
||||||
|
// Hence we have to join explicitely
|
||||||
|
$query = 'SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission JOIN user ON user.UId = permission.UId WHERE user.UId = ? AND permission.DomainId = ? LIMIT 1';
|
||||||
|
if ($stmt2 = $this->db_base_connection->prepare($query)) {
|
||||||
|
$stmt2->bind_param('ii', $dbUid, $domainId);
|
||||||
$stmt2->execute();
|
$stmt2->execute();
|
||||||
$stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
|
$success = $stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $this->db_base_connection_dbname, $this->db_base_connection_host, $this->db_base_connection_username, $this->db_base_connection->error));
|
||||||
$stmt2->fetch();
|
$stmt2->fetch();
|
||||||
if ($stmt->num_rows == 0) {
|
if (!$success) {
|
||||||
// no permission
|
// no permission
|
||||||
$reason = errorMsg(3011, $clientApplication, $domainName);
|
$reason = errorMsg(3011, $clientApplication, $domainName);
|
||||||
$res = false;
|
$res = false;
|
||||||
|
@ -242,7 +258,7 @@ class ConnectionHandler
|
||||||
// no permission
|
// no permission
|
||||||
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
|
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
|
||||||
} else {
|
} else {
|
||||||
if (!IsUserOnline($res)) {
|
if (!$this->is_user_online($res)) {
|
||||||
$id = $dbUid;
|
$id = $dbUid;
|
||||||
$priv = $dbPrivilege;
|
$priv = $dbPrivilege;
|
||||||
$extended = $dbExtendedPrivilege;
|
$extended = $dbExtendedPrivilege;
|
||||||
|
@ -256,7 +272,6 @@ class ConnectionHandler
|
||||||
$reason = errorMsg(2004, 'user');
|
$reason = errorMsg(2004, 'user');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$stmt->close();
|
|
||||||
}
|
}
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
|
@ -266,7 +281,7 @@ class ConnectionHandler
|
||||||
* Sets res to false if it failed.
|
* Sets res to false if it failed.
|
||||||
* @todo fix it.
|
* @todo fix it.
|
||||||
*/
|
*/
|
||||||
private function IsUserOnline(&$res)
|
private function is_user_online(&$res)
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
// // check if the user not already online
|
// // check if the user not already online
|
||||||
|
|
|
@ -35,10 +35,10 @@ class NelCommand
|
||||||
|
|
||||||
public function __construct($getParams)
|
public function __construct($getParams)
|
||||||
{
|
{
|
||||||
$this->cmd = $getParams['cmd'];
|
$this->cmd = isset($getParams['cmd']) ? $getParams['cmd'] : NULL;
|
||||||
$this->login = $getParams['login'];
|
$this->login = isset($getParams['login']) ? $getParams['login'] : "";
|
||||||
$this->password = $getParams['password'];
|
$this->password = isset($getParams['password']) ? $getParams['password'] : "";
|
||||||
$this->clientApplication = $getParams['clientApplication'];
|
$this->clientApplication =isset($getParams['clientApplication']) ? $getParams['clientApplication'] : "";
|
||||||
$this->cp = isset($getParams['cp']) ? $getParams['cp'] : 0;
|
$this->cp = isset($getParams['cp']) ? $getParams['cp'] : 0;
|
||||||
$this->submittedLang = isset($getParams['lg']) ? $getParams['lg'] : 'unknown';
|
$this->submittedLang = isset($getParams['lg']) ? $getParams['lg'] : 'unknown';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,11 @@
|
||||||
<?php
|
<?php
|
||||||
|
error_reporting(E_ERROR | E_PARSE);
|
||||||
|
set_error_handler('err_callback');
|
||||||
|
// For error handling, buffer all output
|
||||||
|
ob_start('ob_callback_r2login');
|
||||||
|
|
||||||
|
include_once './login_translations.php';
|
||||||
|
include_once './config.php';
|
||||||
include_once './tools/utils.php';
|
include_once './tools/utils.php';
|
||||||
include_once './class/connection_handler.php';
|
include_once './class/connection_handler.php';
|
||||||
include_once './class/nel_command.php';
|
include_once './class/nel_command.php';
|
||||||
|
@ -14,14 +21,16 @@ if (!isset($_GET['cmd'])) {
|
||||||
* $DisplayDbg is used in login_translations.php
|
* $DisplayDbg is used in login_translations.php
|
||||||
* @todo Make sure this is the best place to do it.
|
* @todo Make sure this is the best place to do it.
|
||||||
*/
|
*/
|
||||||
if (isset($_GET['dbg']) && ($_GET['dbg'] == 1)) {
|
$DisplayDbg = isset($_GET['dbg']) && ($_GET['dbg'] == 1);
|
||||||
$DisplayDbg = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create a command object using the user's parameters.
|
// Create a command object using the user's parameters.
|
||||||
$nel_command = new NelCommand($_GET);
|
$nel_command = new NelCommand($_GET);
|
||||||
// Create a connexion handler to process that command.
|
// Create a connexion handler to process that command.
|
||||||
$connection_handler = new ConnectionHandler($DBHost, $DBUserName, $DBPassword, $DBName, $DBHost, $RingDBUserName, $RingDBPassword);
|
$connection_handler = new ConnectionHandler($DBHost, $DBUserName, $DBPassword, $DBName, $DBHost, $RingDBUserName, $RingDBPassword);
|
||||||
|
// Allow to create accounts on the fly (not recommended).
|
||||||
|
$connection_handler->set_accept_unknown_user($AcceptUnknownUser);
|
||||||
|
// Allow to auto create rings (not recommended).
|
||||||
|
$connection_handler->set_auto_create_ring_info($AutoCreateRingInfo);
|
||||||
// Connect the connection handler to the database.
|
// Connect the connection handler to the database.
|
||||||
$connection_handler->connect();
|
$connection_handler->connect();
|
||||||
// Process the command sent by the user.
|
// Process the command sent by the user.
|
||||||
|
|
Loading…
Reference in a new issue