<?php
if(strstr($_SERVER['HTTP_USER_AGENT'], 'Ryzom')){
define('isWEBIG', true);
}else{
define('isWEBIG', false);
}
require_once 'config.php';
require_once 'pdr_util.php';
require_once 'pdr_util_character.php';
require_once 'pdr_util_guild.php';
/**
* Singleton wrapper class for PDO database connection
*/
class DB {
private $_pdo = null;
private function __construct(){
$this->_pdo = new PDO('mysql:host='.$GLOBALS['DBHost'].';dbname='.$GLOBALS['DBName'].';charset=utf-8', $GLOBALS['DBUserName'], $GLOBALS['DBPassword'], array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8'));
$this->_pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
public function getInstance(){
static $instance = null;
if($instance === null){
$instance = new DB();
}
return $instance;
}
/**
* @param string $sql
* @param array $params (optional)
* @return PDOStatement
*/
function query($sql, $params=array()){
if(empty($params)){
$stmt = $this->_pdo->query($sql);
}else{
$stmt = $this->_pdo->prepare($sql);
$stmt->execute($params);
}
return $stmt;
}
}
/**
* Verify and log-in user
*
* @return mixed user info array or boolean FALSE when user was not verified
*/
function app_authenticate(){
// mask possible double session_start() warning
@session_start();
if(isWEBIG){
// ingame login
// gather user from $_GET or $_POST variables
$user = webig_user();
// verify it against database
$user = webig_auth($user);
}else{
// outgame login
if(isset($_POST['login'])){
// login request
$shardid = is($_POST['login']['shardid'], '');
$name = is($_POST['login']['name'], '');
$passwd = is($_POST['login']['passwd'], '');
// verify character and password against database and populate $_GET with user info
$user = login_auth($shardid, $name, $passwd);
$_SESSION['login']['error'] = ($user === false);
}elseif(isset($_GET['logout'])){
// logout request
unset($_SESSION['user']);
unset($_SESSION['authkey']);
// redirect to self without URL parameters
header('Location: '.$_SERVER['PHP_SELF']);
exit;
}else{
// continue session
$user = is($_SESSION['user'], false);
// verify user in session against database (e.g. user might be deleted)
$user = load_user($user['shardid'], null, $user['cid']);
}
}
// auth failed?
if(empty($user)){
return false;
}
// remove values we do not need to keep in session
unset($user['password']);
unset($user['cookie']);
// return user info array on success
$_SESSION['user'] = $user;
return $user;
}
// get user info that WebIG sends us
function webig_user(){
$user = array();
// shard id (302)
$user['shardid'] = ryzom_get_param('shardid');
// character name (User)
$user['name'] = ryzom_get_param('name');
// character id (16), user id is calculated as 'uid = cid >> 4';
$user['cid'] = ryzom_get_param('cid');
// language
$user['lang'] = ryzom_get_param('lang');
$user['authkey'] = ryzom_get_param('authkey');
return $user;
}
/**
* Verify character using info from ig browser
*
* @param array $user
* @return bool return user info array on success and FALSE on error
*/
function webig_auth($user){
// find user by shard and character id (name might be temporarily changed in game)
$result = load_user($user['shardid'], null, $user['cid']);
if(empty($result)){
// should not happen, but user was not found
return false;
}
// Create auth key by using cookie from DB and user info from user
$authkey = webig_create_authkey($user, $result['cookie']);
if($user['authkey'] !== $authkey){
// something is out of sync - either user info or cookie
return false;
}
// return result from DB
return $result;
}
/**
* Verify character
*
* @param int $shardid character shard id
* @param string $name character name
* @param string $passwd plain text password
* @return mixed return user info array on success or boolean false on error
*/
function login_auth($shardid, $name, $passwd){
// get character from db
$user = load_user($shardid, $name);
if(empty($user)){
// user was not found
return false;
}
$passwd = crypt($passwd, substr($user['password'], 0, 2));
if($passwd !== $user['password']){
// password failed
return false;
}
return $user;
}
/**
* Fetch user info from db
*
* If name is NULL, then $cid is used
*
* @param int $shardid
* @param string $name
* @param int $cid
* @return array
*/
function load_user($shardid, $name, $cid = null){
// `nel`.`user` has password
// `ring_open`.`ring_users` has cookie
// `ring_open`.`characters` has char_id, char_name, home_mainland_session_id(==shardid)
$sql = 'SELECT c.`char_id` cid, c.`char_name` name, c.`home_mainland_session_id` shardid, n.`password`, u.`cookie`
FROM `ring_open`.`characters` c
JOIN `ring_open`.`ring_users` u on u.`user_id` = c.`user_id`
JOIN `nel`.`user` n on n.`uid` = c.`user_id`
WHERE c.`home_mainland_session_id` = :shardid';
$params = array('shardid' => $shardid);
if($name !== null){
$sql .= ' AND c.`char_name` = :name';
$params['name'] = $name;
}elseif($cid !== null){
$sql .= ' AND c.`char_id` = :cid';
$params['cid'] = $cid;
}else{
// $name or $cid both empty
return false;
}
$result = DB::getInstance()->query($sql, $params)->fetch(PDO::FETCH_ASSOC);
return $result;
}
/**
* Verify user info that ig browser sent us using cookie from database
*
* @param array $user user info array
* @param string $cookie User login cookie from database
* @return string md5 hash
*/
function webig_create_authkey($user, $cookie){
return md5($user['shardid'].$user['name'].$user['cid'].'\''.$cookie.'\'');
}
/**
* Return user privileges from DB
*
* @param int $uid user id (uid = cid >> 4)
* @return mixed array of user privileges or boolean FALSE when user was not found
*/
function webig_get_privileges($uid){
$sql = 'select `privilege` from `nel`.`user` where `uid` = :id';
$params = array('id' => $uid);
$result = DB::getInstance()->query($sql, $params)->fetchColumn(0);
if($result !== false){
$result = explode(':', $result);
$ret = array();
foreach($result as $k=>$v){
if($v != ''){
$ret[]=$v;
}
}
$result = $ret;
}
return $result;
}
/**
* Test user privileges
*
* @param int $uid user id
* @param array $priv array of privileges, like array('DEV', 'GM')
* @return bool
*/
function webig_has_privileges($uid, $priv){
$userpriv = webig_get_privileges($uid);
$result = array_intersect($priv, $userpriv);
return !empty($result);
}
/**
* Test user privileges against (DEV, SGM, GM)
*
* @param int $uid user id
* @return bool
*/
function webig_is_admin($uid){
// entities_game_service/player_manager/player_manager.cpp defines order
// DEV > SGM > EM > GM > EG > VG > SG > G > OBSERVER > PR
return webig_has_privileges($uid, array('DEV', 'SGM', 'EM', 'GM'));
}
/**
* Load character from shard save binary file
*
* @param int $cid
* @return mixed array with character info or boolean FALSE on error
*/
function webig_load_character($cid){
$pdr = CharacterPdr::createDefault();
$char = $pdr->load($cid);
if(empty($char)){
return false;
}
$result = array(
'id' => (int) $cid,
'name' => (string) $char->EntityBase->_Name['value'],
'title' => (string) $char->_Title['value'],
'race' => (string) $char->EntityBase->_Race['value'],
'gender' => (int) $char->EntityBase->_Gender['value'] == '0' ? 'male' : 'female',
'cult' => (string) $char->DeclaredCult['value'],
'civ' => (string) $char->DeclaredCiv['value'],
'guild' => false,
);
$guild_id = (int) $char->_GuildId['value'];
if($guild_id>0){
// if char is in guild, then also get guild info
$result['guild'] = webig_load_guild($guild_id);
// get guild rank (also from guild file)
$result['guild_membership'] = webig_load_guild_membership($guild_id, $cid);
}
unset($char);
return $result;
}
/**
* Load basic guild info (name, description, motd, culv, civ)
*
* @param int $guild_id
* @return mixed array with guild info or boolean FALSE on error
*/
function webig_load_guild($guild_id){
$pdr = GuildPdr::createDefault();
$guild = $pdr->load($guild_id);
if(empty($guild)){
return false;
}
$result = array(
'id' => (int) $guild_id,
'icon' => (string) $guild->Icon['value'],
'name' => (string) $guild->_Name['value'],
'description' => (string) $guild->_Description['value'],
'motd' => (string) $guild->_MessageOfTheDay['value'],
'cult' => (string) $guild->DeclaredCult['value'],
'civ' => (string) $guild->DeclaredCiv['value'],
);
unset($guild);
return $result;
}
/**
* Load guild member info
*
* @param int $guild_id
* @param int $char_id
* @return mixed array with guild member info or boolean FALSE if guild or character not found
*/
function webig_load_guild_membership($guild_id, $char_id){
$pdr = GuildPdr::createDefault();
$guild = $pdr->load($guild_id);
if(empty($guild)){
return false;
}
$result = false;
// test for 'id' and type (CHAR == 0), ignore creator (should be 0x00) and dynamic
// 0x0000000013:00:00:87
$eid = sprintf('0x%010x:00:', $char_id);
$i = 0;
while(isset($guild->Members->__Key__[$i])){
$key = $guild->Members->__Key__[$i];
$pos = strpos((string)$key['value'], $eid);
if($pos === 1){
$val = $guild->Members->__Val__[$i];
$result = array(
'grade' => (string) $val->Members->Grade['value'],
'joined' => (int) $val->Members->EnterTime['value'],
);
break;
}
$i++;
}
unset($guild);
return $result;
}
// shortcut for 'isset() ? .. : ..'
function is(&$var, $default = null){
return isset($var) ? $var : $default;
}
// escape string so it's safe for HTML
function h($str){
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}
// return $_GET[var] or $_POST[var] or $default
function ryzom_get_param($var, $default=''){
return is($_GET[$var], is($_POST[$var], $default));
}