Khaganat-NeL/khanat-opennel-code
2
0
Fork 0
Code Issues 21 Pull requests Projects Releases 1 Packages Wiki Activity

Working version

Browse source
This commit is contained in:
Stanislas Dolcini 2018-10-07 22:42:38 +02:00
parent ef76b60f7d
commit c408388a48
4 changed files with 79 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
code/web/public_php/login/class/LoginCb.php
View file

@ -3,9 +3,11 @@ class LoginCb extends CLoginServiceWeb
{ {
private $ring_web_host; private $ring_web_host;
private $ring_web_host_php; private $ring_web_host_php;
private $domain_id;
public function __construct($ring_web_host, $ring_web_host_php) public function __construct($ring_web_host, $ring_web_host_php, $domain_id)
{ {
$this->domain_id = $domain_id;
$this->ring_web_host_php = $ring_web_host_php; $this->ring_web_host_php = $ring_web_host_php;
$this->ring_web_host = $ring_web_host; $this->ring_web_host = $ring_web_host;
} }
@ -13,19 +15,17 @@ class LoginCb extends CLoginServiceWeb
// receive the login result sent back by the LS // receive the login result sent back by the LS
public function loginResult($userId, $cookie, $resultCode, $errorString) public function loginResult($userId, $cookie, $resultCode, $errorString)
{ {
global $domainId;
if ($resultCode == 0 && $cookie != "") { if ($resultCode == 0 && $cookie != "") {
// gather the domain information (server version, patch urls and backup patch url // gather the domain information (server version, patch urls and backup patch url
global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing; global $DBHost, $DBUserName, $DBPassword, $DBName, $AutoInsertInRing;
$link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName)); $link = mysqli_connect($DBHost, $DBUserName, $DBPassword) or die(errorMsgBlock(3004, 'main', $DBHost, $DBUserName));
mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName)); mysqli_select_db($link, $DBName) or die(errorMsgBlock(3005, 'main', $DBName, $DBHost, $DBUserName));
$query = "SELECT * FROM domain WHERE domain_id=$domainId"; $query = "SELECT * FROM domain WHERE domain_id = ".$this->domain_id ;
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) != 1) { if (mysqli_num_rows($result) != 1) {
die(errorMsgBlock(3001, $domainId)); die(errorMsgBlock(3001, $this->domain_id ));
} }
$row = mysqli_fetch_array($result); $row = mysqli_fetch_array($result);
@ -36,7 +36,7 @@ class LoginCb extends CLoginServiceWeb
// Auto-join an available mainland shard // Auto-join an available mainland shard
global $FSHostLuaMode, $FSHostResultStr; global $FSHostLuaMode, $FSHostResultStr;
$FSHostLuaMode = false; $FSHostLuaMode = false;
$res = joinMainland($userId, $domainId, $row["domain_name"]); $res = joinMainland($userId, $this->domain_id , $row["domain_name"]);
if ($res) { if ($res) {
echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $this->ring_web_host_php . "/ring/web_start.php#http://" . $this->ring_web_host . "/ring/\n"; echo "1#" . $cookie . "#" . $FSHostResultStr . "#http://" . $this->ring_web_host_php . "/ring/web_start.php#http://" . $this->ring_web_host . "/ring/\n";

99
code/web/public_php/login/class/connection_handler.php
View file

@ -1,15 +1,15 @@
<?php <?php
include_once './LoginCb.php'; include_once 'login_service_itf.php';
include_once './../tools/utils.php'; include_once 'LoginCb.php';
include_once './../config.php'; include_once 'tools/utils.php';
include_once './../login_translations.php'; include_once '../ring/join_shard.php';
include_once './../login_service_itf.php'; include_once '../tools/nel_message.php';
include_once './../../ring/join_shard.php'; include_once '../tools/domain_info.php';
include_once './../../tools/nel_message.php';
include_once './../../tools/domain_info.php';
class ConnectionHandler class ConnectionHandler
{ {
private $accept_unknown_user;
private $auto_create_ring_info;
private $db_base_connection; private $db_base_connection;
private $db_ring_connection; private $db_ring_connection;
@ -31,7 +31,7 @@ class ConnectionHandler
$this->db_base_connection_host = $db_base_connection_host; $this->db_base_connection_host = $db_base_connection_host;
$this->db_base_connection_username = $db_base_connection_username; $this->db_base_connection_username = $db_base_connection_username;
$this->db_base_connection_password = $db_base_connection_password; $this->db_base_connection_password = $db_base_connection_password;
$this->db_base_connection_dbname = $db_base_connection_dname; $this->db_base_connection_dbname = $db_base_connection_dbname;
} }
/** /**
@ -39,12 +39,21 @@ class ConnectionHandler
*/ */
public function connect() public function connect()
{ {
connect_to_base_db($this->db_base_connection_host, $this->connect_to_base_db($this->db_base_connection_host,
$this->db_base_connection_username, $this->db_base_connection_username,
$this->db_base_connection_password, $this->db_base_connection_password,
$this->db_base_connection_dbname); $this->db_base_connection_dbname);
} }
public function set_accept_unknown_user($value)
{
$this->accept_unknown_user = $value;
}
public function set_auto_create_ring_info($value)
{
$this->auto_create_ring_info = $value;
}
/** /**
* Connect to the base database and sets the fields. * Connect to the base database and sets the fields.
*/ */
@ -79,15 +88,17 @@ class ConnectionHandler
private function askSalt($login, $lang) private function askSalt($login, $lang)
{ {
$salt = '';
setMsgLanguage($lang); setMsgLanguage($lang);
$escaped_login = $this->db_base_connection->escape_string($login); $escaped_login = $this->db_base_connection->escape_string($login);
if ($stmt = $this->db_base_connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) { $query = 'SELECT Password FROM user WHERE Login = ? LIMIT 1';
if ($stmt = $this->db_base_connection->prepare($query)) {
$stmt->bind_param('s', $escaped_login); $stmt->bind_param('s', $escaped_login);
$stmt->execute(); $stmt->execute();
$stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error)); $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $this->db_base_connection_dbname, $this->db_base_connection_host, $this->db_base_connection_username, $this->db_base_connection->error));
$stmt->fetch(); $stmt->fetch();
if ($stmt->num_rows == 1) { if (isset($password)) {
$salt = '1:' . get_salt($password); $salt = '1:' . $this->get_salt($password);
} else { } else {
$salt = errorMsgBlock(2001, $login, 'askSalt'); $salt = errorMsgBlock(2001, $login, 'askSalt');
} }
@ -102,7 +113,7 @@ class ConnectionHandler
*/ */
private function CreateRing($domainInfo, $id, $login) private function CreateRing($domainInfo, $id, $login)
{ {
connect_to_ring_db($this->db_ring_connection_host, $this->connect_to_ring_db($this->db_ring_connection_host,
$this->db_ring_connection_username, $this->db_ring_connection_username,
$this->db_ring_connection_password, $this->db_ring_connection_password,
$domainInfo['ring_db_name']); $domainInfo['ring_db_name']);
@ -125,7 +136,7 @@ class ConnectionHandler
private function Login($login, $password, $clientApplication, $cp, $submittedLang) private function Login($login, $password, $clientApplication, $cp, $submittedLang)
{ {
$domainId = -1; $domainId = -1;
$loginSuccessful = checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang); $loginSuccessful = $this->checkUserValidity($login, $password, $clientApplication, $cp, $id, $reason, $priv, $extended, $domainId, $submittedLang);
// Client sent his login info // Client sent his login info
if (!$loginSuccessful) { if (!$loginSuccessful) {
echo '0:' . $reason; echo '0:' . $reason;
@ -133,15 +144,15 @@ class ConnectionHandler
// retrieve the domain info // retrieve the domain info
$domainInfo = getDomainInfo($domainId); $domainInfo = getDomainInfo($domainId);
// if we need to create missing ring info // if we need to create missing ring info
if ($AutoCreateRingInfo) { if ($this->auto_create_ring_info) {
CreateRing($domainInfo, $id, $login); $this->CreateRing($domainInfo, $id, $login);
} }
$LSaddr = explode(":", $domainInfo['login_address']); $LSaddr = explode(":", $domainInfo['login_address']);
// ask for a session cookie to the login service // ask for a session cookie to the login service
$loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php']); $loginCb = new LoginCb($domainInfo['web_host'], $domainInfo['web_host_php'], $domainId);
$loginCb->connect($LSaddr[0], $LSaddr[1], ''); $loginCb->connect($LSaddr[0], $LSaddr[1], $result);
$loginCb->login($id, $_SERVER['REMOTE_ADDR'], $domainId); $loginCb->login($id, $_SERVER['REMOTE_ADDR'], $domainId);
// wait for the return message // wait for the return message
@ -160,17 +171,18 @@ class ConnectionHandler
{ {
switch ($command->cmd) { switch ($command->cmd) {
case 'ask': case 'ask':
echo askSalt($command->login, $command->submittedLang); echo $this->askSalt($command->login, $command->submittedLang);
break; break;
case 'login-https': case 'https-login':
$salt = substr(askSalt($command->login, $command->submittedLang), 2); $salt = substr($this->askSalt($command->login, $command->submittedLang), 2);
$generated_password = crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt)); $generated_password = crypt($command->password, $salt);
login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang); $this->login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang);
break; break;
case 'login': case 'login':
login($command->login, $command->password, $command->clientApplication, $command->cp, $command->submittedLang); $this->login($command->login, $command->password, $command->clientApplication, $command->cp, $command->submittedLang);
break; break;
default: default:
echo ('0:Invalid command');
break; break;
} }
} }
@ -196,13 +208,13 @@ class ConnectionHandler
$res = false; $res = false;
setMsgLanguage($lang); setMsgLanguage($lang);
$domainName = $this->db_base_connection->escape_string($clientApplication); $domainName = $this->db_base_connection->escape_string($clientApplication);
$query = 'SELECT domain_id FROM domain WHERE domain_name = ? LIMIT 1';
if ($stmt = $this->db_base_connection->prepare('SELECT domain_id FROM domain WHERE domain_name=\'?\' LIMIT 1')) { if ($stmt = $this->db_base_connection->prepare($query)) {
$stmt->bind_param("s", $domainName); $stmt->bind_param("s", $domainName);
$stmt->execute(); $stmt->execute();
$stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_base_connection->error)); $stmt->bind_result($domainId) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $db_base_connection->error));
$stmt->fetch(); $stmt->fetch();
if ($stmt->num_rows == 0) { if (!isset($domainId)) {
// unrecoverable error, we must giveup // unrecoverable error, we must giveup
$reason = errorMsg(3007, $domainName); $reason = errorMsg(3007, $domainName);
$mysqli->close(); $mysqli->close();
@ -210,7 +222,6 @@ class ConnectionHandler
} }
$stmt->close(); $stmt->close();
} }
// retrieve the domain info // retrieve the domain info
$domainInfo = getDomainInfo($domainId); $domainInfo = getDomainInfo($domainId);
@ -220,20 +231,25 @@ class ConnectionHandler
// now, retrieve the user infos // now, retrieve the user infos
$login = $this->db_base_connection->escape_string($login); $login = $this->db_base_connection->escape_string($login);
$numrows = 0; $numrows = 0;
if ($stmt = $this->db_base_connection->prepare('SELECT Password, UId FROM user WHERE Login=\'?\' LIMIT 1')) { $query = 'SELECT Password, UId FROM user WHERE Login = ? LIMIT 1';
if ($stmt = $this->db_base_connection->prepare($query)) {
$stmt->bind_param('s', $login); $stmt->bind_param('s', $login);
$stmt->execute(); $stmt->execute();
$stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error)); $success = $stmt->bind_result($dbPassword, $dbUid) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error));
$stmt->fetch(); $stmt->fetch();
if ($stmt->num_rows) { if ($success) {
$salt = get_salt($dbPassword); $salt = $this->get_salt($dbPassword);
if (($cp && $dbPassword == $password) || (!$cp && $dbPassword == crypt($password, $salt))) { if (($cp && $dbPassword == $password) || (!$cp && $dbPassword == crypt($password, $salt))) {
if ($stmt2 = $this->db_base_connection->prepare('SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission WHERE UId=\'' . $dbUid . '\' AND DomainId=\'$domainId\'')) { $stmt->close();
$stmt2->bind_param('i', $dbUid); // UId is not a foreign key for some reason.
// Hence we have to join explicitely
$query = 'SELECT AccessPrivilege, Privilege, ExtendedPrivilege FROM permission JOIN user ON user.UId = permission.UId WHERE user.UId = ? AND permission.DomainId = ? LIMIT 1';
if ($stmt2 = $this->db_base_connection->prepare($query)) {
$stmt2->bind_param('ii', $dbUid, $domainId);
$stmt2->execute(); $stmt2->execute();
$stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_base_connection->error)); $success = $stmt2->bind_result($dbAccessPrivilege, $dbPrivilege, $dbExtendedPrivilege) or die(errorMsgBlock(3006, $query, 'main', $this->db_base_connection_dbname, $this->db_base_connection_host, $this->db_base_connection_username, $this->db_base_connection->error));
$stmt2->fetch(); $stmt2->fetch();
if ($stmt->num_rows == 0) { if (!$success) {
// no permission // no permission
$reason = errorMsg(3011, $clientApplication, $domainName); $reason = errorMsg(3011, $clientApplication, $domainName);
$res = false; $res = false;
@ -242,7 +258,7 @@ class ConnectionHandler
// no permission // no permission
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv); $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
} else { } else {
if (!IsUserOnline($res)) { if (!$this->is_user_online($res)) {
$id = $dbUid; $id = $dbUid;
$priv = $dbPrivilege; $priv = $dbPrivilege;
$extended = $dbExtendedPrivilege; $extended = $dbExtendedPrivilege;
@ -256,7 +272,6 @@ class ConnectionHandler
$reason = errorMsg(2004, 'user'); $reason = errorMsg(2004, 'user');
} }
} }
$stmt->close();
} }
return $res; return $res;
} }
@ -266,7 +281,7 @@ class ConnectionHandler
* Sets res to false if it failed. * Sets res to false if it failed.
* @todo fix it. * @todo fix it.
*/ */
private function IsUserOnline(&$res) private function is_user_online(&$res)
{ {
return false; return false;
// // check if the user not already online // // check if the user not already online

8
code/web/public_php/login/class/nel_command.php
View file

@ -35,10 +35,10 @@ class NelCommand
public function __construct($getParams) public function __construct($getParams)
{ {
$this->cmd = $getParams['cmd']; $this->cmd = isset($getParams['cmd']) ? $getParams['cmd'] : NULL;
$this->login = $getParams['login']; $this->login = isset($getParams['login']) ? $getParams['login'] : "";
$this->password = $getParams['password']; $this->password = isset($getParams['password']) ? $getParams['password'] : "";
$this->clientApplication = $getParams['clientApplication']; $this->clientApplication =isset($getParams['clientApplication']) ? $getParams['clientApplication'] : "";
$this->cp = isset($getParams['cp']) ? $getParams['cp'] : 0; $this->cp = isset($getParams['cp']) ? $getParams['cp'] : 0;
$this->submittedLang = isset($getParams['lg']) ? $getParams['lg'] : 'unknown'; $this->submittedLang = isset($getParams['lg']) ? $getParams['lg'] : 'unknown';
} }

15
code/web/public_php/login/r2_login.php
View file

@ -1,4 +1,11 @@
<?php <?php
error_reporting(E_ERROR | E_PARSE);
set_error_handler('err_callback');
// For error handling, buffer all output
ob_start('ob_callback_r2login');
include_once './login_translations.php';
include_once './config.php';
include_once './tools/utils.php'; include_once './tools/utils.php';
include_once './class/connection_handler.php'; include_once './class/connection_handler.php';
include_once './class/nel_command.php'; include_once './class/nel_command.php';
@ -14,14 +21,16 @@ if (!isset($_GET['cmd'])) {
* $DisplayDbg is used in login_translations.php * $DisplayDbg is used in login_translations.php
* @todo Make sure this is the best place to do it. * @todo Make sure this is the best place to do it.
*/ */
if (isset($_GET['dbg']) && ($_GET['dbg'] == 1)) { $DisplayDbg = isset($_GET['dbg']) && ($_GET['dbg'] == 1);
$DisplayDbg = true;
}
// Create a command object using the user's parameters. // Create a command object using the user's parameters.
$nel_command = new NelCommand($_GET); $nel_command = new NelCommand($_GET);
// Create a connexion handler to process that command. // Create a connexion handler to process that command.
$connection_handler = new ConnectionHandler($DBHost, $DBUserName, $DBPassword, $DBName, $DBHost, $RingDBUserName, $RingDBPassword); $connection_handler = new ConnectionHandler($DBHost, $DBUserName, $DBPassword, $DBName, $DBHost, $RingDBUserName, $RingDBPassword);
// Allow to create accounts on the fly (not recommended).
$connection_handler->set_accept_unknown_user($AcceptUnknownUser);
// Allow to auto create rings (not recommended).
$connection_handler->set_auto_create_ring_info($AutoCreateRingInfo);
// Connect the connection handler to the database. // Connect the connection handler to the database.
$connection_handler->connect(); $connection_handler->connect();
// Process the command sent by the user. // Process the command sent by the user.