khanat-opennel-code/code/nelns/login_system/www/public_html/index.php

322 lines
9.9 KiB
PHP
Raw Normal View History

2014-08-18 23:57:20 +00:00
<?php
include_once('../config.php');
include_once('service_connection.php');
// ----------------------------------------------------------------------------------------
// Functions
// ----------------------------------------------------------------------------------------
function createSalt()
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
return substr($chars, rand(0, strlen($chars)-1), 1).substr($chars, rand(0, strlen($chars)-1), 1);
}
// $reason contains the reason why the check failed or success
// return true if the check is ok
function checkUserValidity ($login, $password, $clientApplication, $cp, &$id, &$reason, &$priv, &$extended)
{
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($DBName) or die ("Can't access to the table dbname:$DBName");
$query = "SELECT * FROM user where Login='$login'";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) == 0)
{
if ($AcceptUnknownUser)
{
if (!$cp)
{
// Create a crypted user/pass.
$password = crypt($password, createSalt());
}
// login doesn't exist, create it
$query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
// get the user to have his UId
$query = "SELECT * FROM user WHERE Login='$login'";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) == 1)
{
$reason = "Login '".$login."' was created because it was not found in database (error code 50)";
$row = mysql_fetch_array ($result);
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
// add the default permission
$query = "INSERT INTO permission (UId,ClientApplication) VALUES ('$id', 'snowballs')";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
$res = true;
}
else
{
$reason = "Can't fetch the login '".$login."' (error code 51)";
$res = false;
}
}
else
{
$reason = "Unknown login '".$login."' (error code 52)";
$res = false;
}
}
else
{
$row = mysql_fetch_array ($result);
$salt = substr($row["Password"],0,2);
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt)))
{
// check if the user can use this application
$query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'";
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
if (mysql_num_rows ($result) == 0)
{
// no permission
$reason = "You can't use the client application '$clientApplication' (error code 53)";
$res = false;
}
else
{
// check if the user not already online
if ($row["State"] != "Offline")
{
$reason = "$login is already online and ";
// ask the LS to remove the client
if (disconnectClient ($row["ShardId"], $row["UId"], $tempres))
{
$reason = $reason."was just disconnected. Now you can retry the identification (error code 54)";
$query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
$result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
$query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
$result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
}
else
{
$reason = $reason."can't be disconnected: $tempres (error code 55)";
}
$res = false;
}
else
{
$id = $row["UId"];
$priv = $row["Privilege"];
$extended = $row["ExtendedPrivilege"];
$res = true;
}
}
}
else
{
$reason = "Bad password (error code 56)";
$res = false;
}
}
mysql_close($link);
return $res;
}
function checkShardAccess($id, $clientApplication, $shardId)
{
global $PHP_SELF;
global $DBHost, $DBUserName, $DBPassword, $DBName;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("0:Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($DBName) or die ("0:Can't access to the table dbname:$DBName");
$query = "SELECT * FROM permission WHERE UId='".$id."' AND ClientApplication='".$clientApplication."' AND (ShardId='".$shardId."' OR ShardId='-1')";;
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
if (mysql_num_rows ($result) > 0)
{
mysql_close($link);
return;
}
mysql_close($link);
die("0:Invalid shard access");
}
function displayAvailableShards($id, $clientApplication, $multiplePatchers)
{
global $PHP_SELF;
global $DBHost, $DBUserName, $DBPassword, $DBName;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("0:Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($DBName) or die ("0:Can't access to the table dbname:$DBName");
$query = "SELECT * FROM user WHERE UId='".$id."'";
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
if ($result)
$uData = mysql_fetch_array($result);
if (strstr($uData['Privilege'], ':DEV:'))
$priv = 'dev';
else if (strlen($uData['Privilege']) > 0)
$priv = 'gm';
else
$priv = '';
$query = "SELECT * FROM shard WHERE ClientApplication='".$clientApplication."'";
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
$nbs = 0;
$res = "";
if (mysql_num_rows ($result) > 0)
{
//echo "<h1>Please, select a shard:</h1>\n";
while($row = mysql_fetch_array($result))
{
$query2 = "SELECT * FROM permission WHERE UId='".$id."' AND ClientApplication='".$clientApplication."' AND ShardId='".$row["ShardId"]."'";
$result2 = mysql_query ($query2) or die ("Can't execute the query: ".$query2);
$online = $row["Online"];
$uOnline = 1;
switch ($online)
{
case 0:
$uOnline = 0;
break;
case 1:
$uOnline = ($priv == 'dev' ? 1 : 2);
break;
case 2:
$uOnline = (($priv == 'dev' || $priv == 'gm') ? 1 : 2);
break;
default:
$uOnline = 1;
break;
}
// only display the shard if the user have the good application name AND access to this shard with the permission table
if (mysql_num_rows ($result2) > 0 && $row["ProgramName"] == $programName)
{
$nbs++;
$res = $res.$row["Version"]."|";
$res = $res.$uOnline."|";
$res = $res.$row["ShardId"]."|";
$res = $res.$row["Name"]."|";
$res = $res."999999|";
$res = $res.$row["WsAddr"]."|";
$res = $res.$row["PatchURL"];
if (strlen($row["DynPatchURL"]) > 0 && $multiplePatchers)
$res = $res."|".$row["DynPatchURL"];
$res = $res."\n";
}
}
}
echo "1:".$nbs."\n";
echo $res;
mysql_close($link);
return $res;
}
function askSalt($login)
{
global $PHP_SELF;
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("0:Can't connect to database host:$DBHost user:$DBUserName");
mysql_select_db ($DBName) or die ("0:Can't access to the table dbname:$DBName");
$query = "SELECT Password FROM user WHERE Login='$login'";
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
if (mysql_num_rows ($result) != 1)
{
if ($AcceptUnknownUser)
{
$salt = createSalt();
}
else
{
die ("0:Unknown login $login (error code 64)");
}
}
else
{
$res_array = mysql_fetch_array($result);
$salt = substr($res_array['Password'], 0, 2);
}
echo "1:".$salt;
mysql_close($link);
}
// --------------------------------------------------------------------------------------
// main
// --------------------------------------------------------------------------------------
if ($_GET["cmd"] == "ask")
{
askSalt($_GET["login"]);
die();
}
// check cp is set (force bool)
$cp = ($_GET["cp"] == "1");
if (!checkUserValidity($_GET["login"], $_GET["password"], $_GET["clientApplication"], $cp, $id, $reason, $priv, $extended))
{
echo "0:".$reason;
}
else
{
if ($_GET["cmd"] == "login")
{
checkShardAccess($id, $_GET["clientApplication"], $_GET["shardid"]);
// user selected a shard, try to add the user to the shard
if (askClientConnection($_GET["shardid"], $id, $_GET["login"], $priv, $extended, $res, $patchURLS))
{
// access granted, send cookie and addr
echo "1:".$res;
// LS sent patching URLS? Add them at the end of the string
if (strlen($patchURLS) > 0)
echo ' '.$patchURLS;
/*
// OBSOLETE: emergency patch URI already sent at displayAvailableShards - no need to add it
// There is a default patching address? Add it at the end of the patching URLS
$query = "SELECT PatchURL FROM shard WHERE ShardId='$shardid'";
$result = mysql_query($query);
if ($result && ($array=mysql_fetch_array($result)))
{
$patchURL = $array['PatchURL'];
if (strlen($patchURL) > 0)
{
echo (strlen($patchURLS) > 0 ? '|' : ' ').$patchURL;
}
}
*/
}
else
{
// access denied, display why
echo "0:".$res;
}
}
else
{
// user logged, display the available shard
displayAvailableShards ($id, $_GET["clientApplication"], $cp);
}
}
?>