mirror of
https://port.numenaute.org/aleajactaest/khanat-opennel-code.git
synced 2024-11-10 09:19:01 +00:00
322 lines
9.9 KiB
PHP
322 lines
9.9 KiB
PHP
|
<?php
|
||
|
|
||
|
include_once('../config.php');
|
||
|
include_once('service_connection.php');
|
||
|
|
||
|
// ----------------------------------------------------------------------------------------
|
||
|
// Functions
|
||
|
// ----------------------------------------------------------------------------------------
|
||
|
|
||
|
function createSalt()
|
||
|
{
|
||
|
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||
|
|
||
|
return substr($chars, rand(0, strlen($chars)-1), 1).substr($chars, rand(0, strlen($chars)-1), 1);
|
||
|
}
|
||
|
|
||
|
// $reason contains the reason why the check failed or success
|
||
|
// return true if the check is ok
|
||
|
function checkUserValidity ($login, $password, $clientApplication, $cp, &$id, &$reason, &$priv, &$extended)
|
||
|
{
|
||
|
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
|
||
|
|
||
|
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("Can't connect to database host:$DBHost user:$DBUserName");
|
||
|
mysql_select_db ($DBName) or die ("Can't access to the table dbname:$DBName");
|
||
|
$query = "SELECT * FROM user where Login='$login'";
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
|
||
|
|
||
|
if (mysql_num_rows ($result) == 0)
|
||
|
{
|
||
|
if ($AcceptUnknownUser)
|
||
|
{
|
||
|
if (!$cp)
|
||
|
{
|
||
|
// Create a crypted user/pass.
|
||
|
$password = crypt($password, createSalt());
|
||
|
}
|
||
|
|
||
|
// login doesn't exist, create it
|
||
|
$query = "INSERT INTO user (Login, Password) VALUES ('$login', '$password')";
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
|
||
|
|
||
|
// get the user to have his UId
|
||
|
$query = "SELECT * FROM user WHERE Login='$login'";
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
|
||
|
|
||
|
if (mysql_num_rows ($result) == 1)
|
||
|
{
|
||
|
$reason = "Login '".$login."' was created because it was not found in database (error code 50)";
|
||
|
$row = mysql_fetch_array ($result);
|
||
|
$id = $row["UId"];
|
||
|
$priv = $row["Privilege"];
|
||
|
$extended = $row["ExtendedPrivilege"];
|
||
|
|
||
|
// add the default permission
|
||
|
$query = "INSERT INTO permission (UId,ClientApplication) VALUES ('$id', 'snowballs')";
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
|
||
|
|
||
|
$res = true;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$reason = "Can't fetch the login '".$login."' (error code 51)";
|
||
|
$res = false;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$reason = "Unknown login '".$login."' (error code 52)";
|
||
|
$res = false;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$row = mysql_fetch_array ($result);
|
||
|
$salt = substr($row["Password"],0,2);
|
||
|
if (($cp && $row["Password"] == $password) || (!$cp && $row["Password"] == crypt($password, $salt)))
|
||
|
{
|
||
|
// check if the user can use this application
|
||
|
|
||
|
$query = "SELECT * FROM permission WHERE UId='".$row["UId"]."' AND ClientApplication='$clientApplication'";
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: ".$query);
|
||
|
if (mysql_num_rows ($result) == 0)
|
||
|
{
|
||
|
// no permission
|
||
|
$reason = "You can't use the client application '$clientApplication' (error code 53)";
|
||
|
$res = false;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
// check if the user not already online
|
||
|
|
||
|
if ($row["State"] != "Offline")
|
||
|
{
|
||
|
$reason = "$login is already online and ";
|
||
|
// ask the LS to remove the client
|
||
|
if (disconnectClient ($row["ShardId"], $row["UId"], $tempres))
|
||
|
{
|
||
|
$reason = $reason."was just disconnected. Now you can retry the identification (error code 54)";
|
||
|
|
||
|
$query = "update shard set NbPlayers=NbPlayers-1 where ShardId=".$row["ShardId"];
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
|
||
|
|
||
|
$query = "update user set ShardId=-1, State='Offline' where UId=".$row["UId"];
|
||
|
$result = mysql_query ($query) or die ("Can't execute the query: '$query' errno:".mysql_errno().": ".mysql_error());
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$reason = $reason."can't be disconnected: $tempres (error code 55)";
|
||
|
}
|
||
|
$res = false;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$id = $row["UId"];
|
||
|
$priv = $row["Privilege"];
|
||
|
$extended = $row["ExtendedPrivilege"];
|
||
|
$res = true;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$reason = "Bad password (error code 56)";
|
||
|
$res = false;
|
||
|
}
|
||
|
}
|
||
|
mysql_close($link);
|
||
|
return $res;
|
||
|
}
|
||
|
|
||
|
function checkShardAccess($id, $clientApplication, $shardId)
|
||
|
{
|
||
|
global $PHP_SELF;
|
||
|
global $DBHost, $DBUserName, $DBPassword, $DBName;
|
||
|
|
||
|
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("0:Can't connect to database host:$DBHost user:$DBUserName");
|
||
|
mysql_select_db ($DBName) or die ("0:Can't access to the table dbname:$DBName");
|
||
|
|
||
|
$query = "SELECT * FROM permission WHERE UId='".$id."' AND ClientApplication='".$clientApplication."' AND (ShardId='".$shardId."' OR ShardId='-1')";;
|
||
|
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
|
||
|
|
||
|
if (mysql_num_rows ($result) > 0)
|
||
|
{
|
||
|
mysql_close($link);
|
||
|
return;
|
||
|
}
|
||
|
mysql_close($link);
|
||
|
die("0:Invalid shard access");
|
||
|
}
|
||
|
|
||
|
function displayAvailableShards($id, $clientApplication, $multiplePatchers)
|
||
|
{
|
||
|
global $PHP_SELF;
|
||
|
global $DBHost, $DBUserName, $DBPassword, $DBName;
|
||
|
|
||
|
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("0:Can't connect to database host:$DBHost user:$DBUserName");
|
||
|
mysql_select_db ($DBName) or die ("0:Can't access to the table dbname:$DBName");
|
||
|
|
||
|
$query = "SELECT * FROM user WHERE UId='".$id."'";
|
||
|
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
|
||
|
|
||
|
if ($result)
|
||
|
$uData = mysql_fetch_array($result);
|
||
|
|
||
|
if (strstr($uData['Privilege'], ':DEV:'))
|
||
|
$priv = 'dev';
|
||
|
else if (strlen($uData['Privilege']) > 0)
|
||
|
$priv = 'gm';
|
||
|
else
|
||
|
$priv = '';
|
||
|
|
||
|
$query = "SELECT * FROM shard WHERE ClientApplication='".$clientApplication."'";
|
||
|
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
|
||
|
|
||
|
$nbs = 0;
|
||
|
$res = "";
|
||
|
if (mysql_num_rows ($result) > 0)
|
||
|
{
|
||
|
//echo "<h1>Please, select a shard:</h1>\n";
|
||
|
while($row = mysql_fetch_array($result))
|
||
|
{
|
||
|
$query2 = "SELECT * FROM permission WHERE UId='".$id."' AND ClientApplication='".$clientApplication."' AND ShardId='".$row["ShardId"]."'";
|
||
|
$result2 = mysql_query ($query2) or die ("Can't execute the query: ".$query2);
|
||
|
|
||
|
$online = $row["Online"];
|
||
|
$uOnline = 1;
|
||
|
|
||
|
switch ($online)
|
||
|
{
|
||
|
case 0:
|
||
|
$uOnline = 0;
|
||
|
break;
|
||
|
case 1:
|
||
|
$uOnline = ($priv == 'dev' ? 1 : 2);
|
||
|
break;
|
||
|
case 2:
|
||
|
$uOnline = (($priv == 'dev' || $priv == 'gm') ? 1 : 2);
|
||
|
break;
|
||
|
default:
|
||
|
$uOnline = 1;
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
// only display the shard if the user have the good application name AND access to this shard with the permission table
|
||
|
if (mysql_num_rows ($result2) > 0 && $row["ProgramName"] == $programName)
|
||
|
{
|
||
|
$nbs++;
|
||
|
$res = $res.$row["Version"]."|";
|
||
|
$res = $res.$uOnline."|";
|
||
|
$res = $res.$row["ShardId"]."|";
|
||
|
$res = $res.$row["Name"]."|";
|
||
|
$res = $res."999999|";
|
||
|
$res = $res.$row["WsAddr"]."|";
|
||
|
$res = $res.$row["PatchURL"];
|
||
|
if (strlen($row["DynPatchURL"]) > 0 && $multiplePatchers)
|
||
|
$res = $res."|".$row["DynPatchURL"];
|
||
|
$res = $res."\n";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
echo "1:".$nbs."\n";
|
||
|
echo $res;
|
||
|
mysql_close($link);
|
||
|
return $res;
|
||
|
}
|
||
|
|
||
|
function askSalt($login)
|
||
|
{
|
||
|
global $PHP_SELF;
|
||
|
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
|
||
|
|
||
|
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die ("0:Can't connect to database host:$DBHost user:$DBUserName");
|
||
|
mysql_select_db ($DBName) or die ("0:Can't access to the table dbname:$DBName");
|
||
|
|
||
|
$query = "SELECT Password FROM user WHERE Login='$login'";
|
||
|
$result = mysql_query ($query) or die ("0:Can't execute the query: ".$query);
|
||
|
|
||
|
if (mysql_num_rows ($result) != 1)
|
||
|
{
|
||
|
if ($AcceptUnknownUser)
|
||
|
{
|
||
|
$salt = createSalt();
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
die ("0:Unknown login $login (error code 64)");
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$res_array = mysql_fetch_array($result);
|
||
|
$salt = substr($res_array['Password'], 0, 2);
|
||
|
}
|
||
|
|
||
|
echo "1:".$salt;
|
||
|
mysql_close($link);
|
||
|
}
|
||
|
|
||
|
// --------------------------------------------------------------------------------------
|
||
|
// main
|
||
|
// --------------------------------------------------------------------------------------
|
||
|
|
||
|
if ($_GET["cmd"] == "ask")
|
||
|
{
|
||
|
askSalt($_GET["login"]);
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
// check cp is set (force bool)
|
||
|
$cp = ($_GET["cp"] == "1");
|
||
|
|
||
|
if (!checkUserValidity($_GET["login"], $_GET["password"], $_GET["clientApplication"], $cp, $id, $reason, $priv, $extended))
|
||
|
{
|
||
|
echo "0:".$reason;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if ($_GET["cmd"] == "login")
|
||
|
{
|
||
|
checkShardAccess($id, $_GET["clientApplication"], $_GET["shardid"]);
|
||
|
|
||
|
// user selected a shard, try to add the user to the shard
|
||
|
|
||
|
if (askClientConnection($_GET["shardid"], $id, $_GET["login"], $priv, $extended, $res, $patchURLS))
|
||
|
{
|
||
|
// access granted, send cookie and addr
|
||
|
echo "1:".$res;
|
||
|
|
||
|
// LS sent patching URLS? Add them at the end of the string
|
||
|
if (strlen($patchURLS) > 0)
|
||
|
echo ' '.$patchURLS;
|
||
|
|
||
|
/*
|
||
|
// OBSOLETE: emergency patch URI already sent at displayAvailableShards - no need to add it
|
||
|
// There is a default patching address? Add it at the end of the patching URLS
|
||
|
$query = "SELECT PatchURL FROM shard WHERE ShardId='$shardid'";
|
||
|
$result = mysql_query($query);
|
||
|
if ($result && ($array=mysql_fetch_array($result)))
|
||
|
{
|
||
|
$patchURL = $array['PatchURL'];
|
||
|
if (strlen($patchURL) > 0)
|
||
|
{
|
||
|
echo (strlen($patchURLS) > 0 ? '|' : ' ').$patchURL;
|
||
|
}
|
||
|
}
|
||
|
*/
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
// access denied, display why
|
||
|
echo "0:".$res;
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
// user logged, display the available shard
|
||
|
displayAvailableShards ($id, $_GET["clientApplication"], $cp);
|
||
|
}
|
||
|
}
|
||
|
?>
|