Khaganat-NeL/khanat-opennel-code
2
0
Fork 0
Code Issues 21 Pull requests Projects Releases 1 Packages Wiki Activity

broken commit

Browse source
This commit is contained in:
Stanislas Dolcini 2018-10-03 22:09:28 +02:00
parent b3f31f7d5f
commit d5f2c226ca
2 changed files with 87 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

153
code/web/public_php/login/class/ConnectionHandler.php
View file

@ -6,14 +6,14 @@ set_error_handler('err_callback');
// For error handling, buffer all output
ob_start('ob_callback_r2login');
include_once 'config.php';
include_once 'login_translations.php';
include_once '../tools/nel_message.php';
include_once '../tools/domain_info.php';
include_once 'login_service_itf.php';
include_once '../ring/join_shard.php';
include_once './class/CWwwLog.php';
include_once './class/LoginCb.php';
include_once '../config.php';
include_once '../login_translations.php';
include_once '../../tools/nel_message.php';
include_once '../../tools/domain_info.php';
include_once '../login_service_itf.php';
include_once '../../ring/join_shard.php';
include_once './CWwwLog.php';
include_once './LoginCb.php';
class ConnectionHandler
{
@ -174,80 +174,79 @@ class ConnectionHandler
if ($stmt = mysqli_prepare("SELECT 1 FROM user WHERE Login='?'")) {
$stmt->bind_param("s", $login);
$stmt->execute();
$stmt->bind_result($result) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$stmt->bind_result($row) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$stmt->fetch();
$numrows = $stmt->num_rows;
if ($stmt->num_rows) {
$salt = get_salt($row["Password"]);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) {
// Store the real login (with correct case)
$_GET['login'] = $row['Login'];
// check if the user can use this application
$clientApplication = mysqli_real_escape_string($link, $clientApplication);
$query = "SELECT * FROM permission WHERE UId='" . $row["UId"] . "' AND DomainId='$domainId'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0) {
if ($AcceptUnknownUser) {
// add default permission
$query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('" . $row["UId"] . "', '$domainId', -1, '$domainStatus')";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3010);
$res = false;
} else {
// no permission
$reason = errorMsg(3011, $clientApplication, $domainName);
$res = false;
}
} else {
// check that the access privilege for the domain
$permission = mysqli_fetch_assoc($result);
if (!strstr($permission['AccessPrivilege'], $accessPriv)) {
// no right to connect
if ($AcceptUnknownUser) {
// set an additionnal privilege for this player
$query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",$accessPriv' WHERE PermissionId=" . $permission['PermissionId'];
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3012, $accessPriv);
} else {
// no permission
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
}
} else {
// // check if the user not already online
// if ($row["State"] != "Offline") {
// $reason = "$login is already online and ";
// // ask the LS to remove the client
// if (disconnectClient($row["ShardId"], $row["UId"], $tempres)) {
// $reason = $reason . "was just disconnected. Now you can retry the identification (error code 54)";
// $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=" . $row["ShardId"];
// $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link));
// $query = "update user set ShardId=-1, State='Offline' where UId=" . $row["UId"];
// $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link));
// } else {
// $reason = $reason . "can't be disconnected: $tempres (error code 55)";
// }
// $res = false;
// } else {
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
$res = true;
// }
}
}
} else {
$reason = errorMsg(2004, 'user');
}
}
$stmt->close();
}
if ($numrows >= 0) {
$row = $mysqli->fetch_assoc();
$salt = get_salt($row["Password"]);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) {
// Store the real login (with correct case)
$_GET['login'] = $row['Login'];
// check if the user can use this application
$clientApplication = mysqli_real_escape_string($link, $clientApplication);
$query = "SELECT * FROM permission WHERE UId='" . $row["UId"] . "' AND DomainId='$domainId'";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
if (mysqli_num_rows($result) == 0) {
if ($AcceptUnknownUser) {
// add default permission
$query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('" . $row["UId"] . "', '$domainId', -1, '$domainStatus')";
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3010);
$res = false;
} else {
// no permission
$reason = errorMsg(3011, $clientApplication, $domainName);
$res = false;
}
} else {
// check that the access privilege for the domain
$permission = mysqli_fetch_assoc($result);
if (!strstr($permission['AccessPrivilege'], $accessPriv)) {
// no right to connect
if ($AcceptUnknownUser) {
// set an additionnal privilege for this player
$query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",$accessPriv' WHERE PermissionId=" . $permission['PermissionId'];
$result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
$reason = errorMsg(3012, $accessPriv);
} else {
// no permission
$reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
}
} else {
// // check if the user not already online
// if ($row["State"] != "Offline") {
// $reason = "$login is already online and ";
// // ask the LS to remove the client
// if (disconnectClient($row["ShardId"], $row["UId"], $tempres)) {
// $reason = $reason . "was just disconnected. Now you can retry the identification (error code 54)";
// $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=" . $row["ShardId"];
// $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link));
// $query = "update user set ShardId=-1, State='Offline' where UId=" . $row["UId"];
// $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link));
// } else {
// $reason = $reason . "can't be disconnected: $tempres (error code 55)";
// }
// $res = false;
// } else {
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
$res = true;
// }
}
}
} else {
$reason = errorMsg(2004, 'user');
}
}
$mysqli->close();
return $res;
}

11
code/web/public_php/login/r2_login.php
View file

@ -1,5 +1,16 @@
<?php
error_reporting(E_ERROR | E_PARSE);
set_error_handler('err_callback');
// For error handling, buffer all output
ob_start('ob_callback_r2login');
include_once 'config.php';
include_once 'login_translations.php';
include_once '../tools/nel_message.php';
include_once '../tools/domain_info.php';
include_once 'login_service_itf.php';
include_once '../ring/join_shard.php';
include_once './class/connection_handler.php';
include_once './class/nel_command.php';