diff --git a/code/web/public_php/login/class/ConnectionHandler.php b/code/web/public_php/login/class/ConnectionHandler.php index d0886f841..bcc2cab3a 100644 --- a/code/web/public_php/login/class/ConnectionHandler.php +++ b/code/web/public_php/login/class/ConnectionHandler.php @@ -6,14 +6,14 @@ set_error_handler('err_callback'); // For error handling, buffer all output ob_start('ob_callback_r2login'); -include_once 'config.php'; -include_once 'login_translations.php'; -include_once '../tools/nel_message.php'; -include_once '../tools/domain_info.php'; -include_once 'login_service_itf.php'; -include_once '../ring/join_shard.php'; -include_once './class/CWwwLog.php'; -include_once './class/LoginCb.php'; +include_once '../config.php'; +include_once '../login_translations.php'; +include_once '../../tools/nel_message.php'; +include_once '../../tools/domain_info.php'; +include_once '../login_service_itf.php'; +include_once '../../ring/join_shard.php'; +include_once './CWwwLog.php'; +include_once './LoginCb.php'; class ConnectionHandler { @@ -174,80 +174,79 @@ class ConnectionHandler if ($stmt = mysqli_prepare("SELECT 1 FROM user WHERE Login='?'")) { $stmt->bind_param("s", $login); $stmt->execute(); - $stmt->bind_result($result) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); + $stmt->bind_result($row) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); $stmt->fetch(); - $numrows = $stmt->num_rows; + if ($stmt->num_rows) { + $salt = get_salt($row["Password"]); + if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) { + // Store the real login (with correct case) + $_GET['login'] = $row['Login']; + // check if the user can use this application + + $clientApplication = mysqli_real_escape_string($link, $clientApplication); + $query = "SELECT * FROM permission WHERE UId='" . $row["UId"] . "' AND DomainId='$domainId'"; + $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); + if (mysqli_num_rows($result) == 0) { + if ($AcceptUnknownUser) { + // add default permission + $query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('" . $row["UId"] . "', '$domainId', -1, '$domainStatus')"; + $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); + + $reason = errorMsg(3010); + $res = false; + } else { + // no permission + $reason = errorMsg(3011, $clientApplication, $domainName); + $res = false; + } + } else { + // check that the access privilege for the domain + $permission = mysqli_fetch_assoc($result); + + if (!strstr($permission['AccessPrivilege'], $accessPriv)) { + // no right to connect + if ($AcceptUnknownUser) { + // set an additionnal privilege for this player + $query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",$accessPriv' WHERE PermissionId=" . $permission['PermissionId']; + $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); + $reason = errorMsg(3012, $accessPriv); + } else { + // no permission + $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv); + } + } else { + // // check if the user not already online + // if ($row["State"] != "Offline") { + // $reason = "$login is already online and "; + // // ask the LS to remove the client + // if (disconnectClient($row["ShardId"], $row["UId"], $tempres)) { + // $reason = $reason . "was just disconnected. Now you can retry the identification (error code 54)"; + + // $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=" . $row["ShardId"]; + // $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link)); + + // $query = "update user set ShardId=-1, State='Offline' where UId=" . $row["UId"]; + // $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link)); + // } else { + // $reason = $reason . "can't be disconnected: $tempres (error code 55)"; + // } + // $res = false; + // } else { + $id = $row["UId"]; + $priv = $row["Privilege"]; + $extended = $row["ExtendedPrivilege"]; + $res = true; + // } + } + } + } else { + $reason = errorMsg(2004, 'user'); + } + } $stmt->close(); } - if ($numrows >= 0) { - $row = $mysqli->fetch_assoc(); - $salt = get_salt($row["Password"]); - if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt))) { - // Store the real login (with correct case) - $_GET['login'] = $row['Login']; - // check if the user can use this application - $clientApplication = mysqli_real_escape_string($link, $clientApplication); - $query = "SELECT * FROM permission WHERE UId='" . $row["UId"] . "' AND DomainId='$domainId'"; - $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if (mysqli_num_rows($result) == 0) { - if ($AcceptUnknownUser) { - // add default permission - $query = "INSERT INTO permission (UId, DomainId, ShardId, AccessPrivilege) VALUES ('" . $row["UId"] . "', '$domainId', -1, '$domainStatus')"; - $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - - $reason = errorMsg(3010); - $res = false; - } else { - // no permission - $reason = errorMsg(3011, $clientApplication, $domainName); - $res = false; - } - } else { - // check that the access privilege for the domain - $permission = mysqli_fetch_assoc($result); - - if (!strstr($permission['AccessPrivilege'], $accessPriv)) { - // no right to connect - if ($AcceptUnknownUser) { - // set an additionnal privilege for this player - $query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",$accessPriv' WHERE PermissionId=" . $permission['PermissionId']; - $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - $reason = errorMsg(3012, $accessPriv); - } else { - // no permission - $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv); - } - } else { - // // check if the user not already online - // if ($row["State"] != "Offline") { - // $reason = "$login is already online and "; - // // ask the LS to remove the client - // if (disconnectClient($row["ShardId"], $row["UId"], $tempres)) { - // $reason = $reason . "was just disconnected. Now you can retry the identification (error code 54)"; - - // $query = "update shard set NbPlayers=NbPlayers-1 where ShardId=" . $row["ShardId"]; - // $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link)); - - // $query = "update user set ShardId=-1, State='Offline' where UId=" . $row["UId"]; - // $result = mysqli_query($link, $query) or die("Can't execute the query: '$query' errno:" . mysqli_errno($link) . ": " . mysqli_error($link)); - // } else { - // $reason = $reason . "can't be disconnected: $tempres (error code 55)"; - // } - // $res = false; - // } else { - $id = $row["UId"]; - $priv = $row["Privilege"]; - $extended = $row["ExtendedPrivilege"]; - $res = true; - // } - } - } - } else { - $reason = errorMsg(2004, 'user'); - } - } $mysqli->close(); return $res; } diff --git a/code/web/public_php/login/r2_login.php b/code/web/public_php/login/r2_login.php index 564ba9177..0a38e4e88 100755 --- a/code/web/public_php/login/r2_login.php +++ b/code/web/public_php/login/r2_login.php @@ -1,5 +1,16 @@