khanat-opennel-code/code/ryzom/tools/server/www/tools/validate_cookie.php
acemtp@users.sourceforge.net d5c601ffa5 initial version
2010-05-06 02:08:41 +02:00

80 lines
No EOL
2.2 KiB
PHP

<?php
include('../login/config.php');
function convertCookieForActionHandler($cookie)
{
$ret = "";
for ($i = 0; $i<strlen($cookie); ++$i)
{
if ($cookie[$i] == '|')
$ret .= '_';
else
$ret .= $cookie[$i];
}
return $ret;
}
function validateCookie(&$userId, &$domainId, &$charId)
{
global $DBHost, $DBUserName, $DBPassword, $DBName, $RingDBName, $AcceptUnknownUser;
if (!isset($_COOKIE["ryzomId"]))
{
echo "Cookie not found<BR>";
return false;
}
// read the ip and compare with client ip
$cookie = $_COOKIE["ryzomId"];
echo "Cookie is $cookie<BR>";
sscanf($cookie, "%02X%02X%02X%02X", $b0, $b1, $b2, $b3);
$addr = $b0 + ($b1<<8) + ($b2<<16) + ($b3<<24);
printf("Addr is %X<BR>", $addr);
$addrStr = long2ip($addr);
echo "addrStr is $addrStr<br>";
if ($_SERVER["REMOTE_ADDR"] != $addrStr)
{
echo "Client ip don't match cookie<BR>";
return false;
}
// check the cookie in the database
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($RingDBName) or die ("Can't access to the table dbname:$RingDBName");
$query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) == 0)
{
echo "Can't find cookie $cookie in database<BR>";
return false;
}
$row = mysql_fetch_array($result);
if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" )
{
echo "User $row[user_id] is not looged or online<BR>";
return false;
}
$userId = $row["user_id"];
$domainId = $row["current_domain_id"];
// $charId = ($userId*16) + (getCharSlot()) & 0xf;
$charId = $userId*16 + getCharSlot();
return true;
}
function getCharSlot()
{
global $_GET, $_POST;
if (isset($_GET["charSlot"]))
return $_GET["charSlot"];
else if (isset($_POST["charSlot"]))
return $_POST["charSlot"];
else
return 0; // temp dev: use 0 as the "ring character"
}
?>