mirror of
https://port.numenaute.org/aleajactaest/khanat-opennel-code.git
synced 2024-11-14 19:49:55 +00:00
9bc219ee14
About Shared Library (shared) and Module Library (module) type of cmake target INSTALL command has different behaviour for ARCHIVE LIBRARY RUNTIME depending on the platform
241 lines
6.7 KiB
PHP
241 lines
6.7 KiB
PHP
<?php
|
|
// NeL - MMORPG Framework <http://dev.ryzom.com/projects/nel/>
|
|
// Copyright (C) 2010 Winch Gate Property Limited
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as
|
|
// published by the Free Software Foundation, either version 3 of the
|
|
// License, or (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
// authenticate
|
|
function auth(&$error)
|
|
{
|
|
global $command, $sessionAuth, $admcookielogin, $admcookiepassword, $sessionAuth;
|
|
global $admlogin, $admpassword, $uid, $gid, $useCookie, $group, $HTTP_POST_VARS;
|
|
unset($error);
|
|
|
|
switch($HTTP_POST_VARS["command"])
|
|
{
|
|
case "logout":
|
|
addToLog("Logout!");
|
|
|
|
$uid = $sessionAuth["uid"];
|
|
logUser($uid, "LOGOUT");
|
|
|
|
//session_unregister("sessionAuth");
|
|
unset($_SESSION["sessionAuth"]);
|
|
session_destroy();
|
|
|
|
// erases cookies
|
|
eraseCookies();
|
|
|
|
unset($admlogin);
|
|
unset($admpassword);
|
|
unset($admcookielogin);
|
|
unset($admcookiepassword);
|
|
unset($uid);
|
|
|
|
htmlProlog($_SERVER['PHP_SELF'], "Logout", false);
|
|
|
|
echo "<center>\n";
|
|
echo "You are not logged any more<br>\n";
|
|
echo "Click <a href='index.php'>here</a> to login<br>\n";
|
|
echo "</center>\n";
|
|
|
|
htmlEpilog();
|
|
|
|
die();
|
|
break;
|
|
|
|
case "chPassword":
|
|
addToLog("Change pass!");
|
|
global $chOldPass, $chNewPass, $chConfirmNewPass;
|
|
|
|
if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
|
|
{
|
|
$error = "Invalid login '$admlogin'";
|
|
eraseCookies();
|
|
return 0;
|
|
}
|
|
|
|
if (crypt($chOldPass, "NL") == $admpassword && $chNewPass == $chConfirmNewPass)
|
|
{
|
|
sqlquery("UPDATE user SET password='".crypt($chNewPass, "NL")."' WHERE uid='$uid'");
|
|
$admpassword = $chNewPass;
|
|
|
|
addToLog("Changed password to '$chNewPass':'".crypt($chNewPass, "NL")."'");
|
|
|
|
//session_unregister("sessionAuth");
|
|
unset($_SESSION["sessionAuth"]);
|
|
session_destroy();
|
|
}
|
|
|
|
case "login":
|
|
$admpassword = crypt($admpassword, "NL");
|
|
|
|
addToLog("Login! -- admlogin='$admlogin', admpassword='$admpassword'");
|
|
|
|
if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
|
|
{
|
|
$error = "Invalid login '$admlogin'";
|
|
print $error;
|
|
eraseCookies();
|
|
return 0;
|
|
}
|
|
|
|
$sessionAuth = array ("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
|
|
//session_register("sessionAuth");
|
|
$_SESSION["sessionAuth"] = $sessionAuth;
|
|
|
|
if ($useCookie)
|
|
setupCookies($admlogin, $admpassword);
|
|
|
|
logUser($uid, "LOGIN");
|
|
|
|
return 1;
|
|
break;
|
|
|
|
default:
|
|
|
|
if (!isset($sessionAuth) || $sessionAuth["admlogin"] == "")
|
|
{
|
|
print "no sessionauth or admlogin is blank";
|
|
if (!isset($admcookielogin))
|
|
{
|
|
addToLog("cookie not set");
|
|
return false;
|
|
}
|
|
else
|
|
{
|
|
$admlogin = $admcookielogin;
|
|
$admpassword = $admcookiepassword;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$admlogin = $sessionAuth["admlogin"];
|
|
$admpassword = $sessionAuth["admpassword"];
|
|
$uid = $sessionAuth["uid"];
|
|
}
|
|
|
|
if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
|
|
{
|
|
if (!$uid)
|
|
{
|
|
$error = "Invalid login '$admlogin'";
|
|
eraseCookies();
|
|
return false;
|
|
}
|
|
}
|
|
|
|
$sessionAuth = array ("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
|
|
//session_register("sessionAuth");
|
|
$_SESSION["sessionAuth"] = $sessionAuth;
|
|
|
|
if ($useCookie)
|
|
setupCookies($admlogin, $admpassword);
|
|
else
|
|
eraseCookies();
|
|
|
|
//logUser($uid, "BROWSE");
|
|
|
|
return 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
|
|
// validate id
|
|
function validateId($admlogin, $admpassword, &$useCookies, &$gid, &$group)
|
|
{
|
|
global $REMOTE_ADDR;
|
|
|
|
if (!ereg('^[a-zA-Z0-9]+$', $admlogin))
|
|
{
|
|
//echo "DETECTED potential hacking login='$admlogin'<br>\n";
|
|
return false;
|
|
}
|
|
|
|
addToLog("Validate login: '$admlogin'/'$admpassword'...");
|
|
$res = mysql_query("SELECT auth.password AS password, auth.uid AS uid, auth.useCookie AS useCookie, auth.gid AS gid, ugroup.login AS gname, auth.allowed_ip AS allowed_ip FROM user AS auth, user AS ugroup WHERE BINARY auth.login='$admlogin' AND auth.gid=ugroup.uid");
|
|
if (!$res || !($arr=mysql_fetch_array($res)) || !($arr["uid"]) || $admpassword != $arr["password"])
|
|
{
|
|
addToLog("failed !!");
|
|
return false;
|
|
}
|
|
$allowed_ip = $arr["allowed_ip"];
|
|
if ($allowed_ip != "" && strstr($REMOTE_ADDR, $allowed_ip) == FALSE)
|
|
return false;
|
|
|
|
addToLog("success");
|
|
$useCookies = ($arr["useCookie"] == "yes");
|
|
$gid = $arr["gid"];
|
|
$group = $arr["gname"];
|
|
return $arr["uid"];
|
|
}
|
|
|
|
|
|
// setup cookies
|
|
function setupCookies($admlogin, $admpassword)
|
|
{
|
|
/*
|
|
setcookie("admcookielogin", $admlogin, time()+3600*24*15);
|
|
setcookie("admcookiepassword", $admpassword, time()+3600*24*15);
|
|
*/
|
|
addToLog("cookies set to admlogin=$admlogin admpassword=$admpassword");
|
|
}
|
|
|
|
// erase cookies
|
|
function eraseCookies()
|
|
{
|
|
setcookie("admcookielogin");
|
|
setcookie("admcookiepassword");
|
|
|
|
addToLog("cookies reset");
|
|
}
|
|
|
|
// log user
|
|
function logUser($uid, $act, $prefix="")
|
|
{
|
|
global $HTTP_USER_AGENT, $REMOTE_ADDR, $userlogpath;
|
|
|
|
$result = sqlquery("SELECT login FROM user WHERE uid='$uid'");
|
|
if ($result && ($result=sqlfetch($result)))
|
|
{
|
|
$login = $result["login"];
|
|
$filename = $userlogpath."/".$login.".log";
|
|
$file = fopen($filename, "a");
|
|
if ($file)
|
|
{
|
|
fwrite($file, ($prefix!="" ? $prefix." " : "").date("Y/m/d H:i:s")." $uid:$login:$HTTP_USER_AGENT:$REMOTE_ADDR $act\n");
|
|
fclose($file);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$filename = $userlogpath."/unreferenced_user.log";
|
|
$file = fopen($filename, "a");
|
|
if ($file)
|
|
{
|
|
fwrite($file, date("Y/m/d H:i:s")." $uid:<unknown login>:$HTTP_USER_AGENT:$REMOTE_ADDR $act\n");
|
|
fclose($file);
|
|
}
|
|
}
|
|
|
|
/*
|
|
$result = sqlquery("SELECT http_agent, remote_address, act FROM user_log WHERE uid='$uid' ORDER BY log_date DESC LIMIT 1");
|
|
if (!$result || !($arr=mysql_fetch_array($result)) || $arr["http_agent"]!=$HTTP_USER_AGENT || $arr["remote_address"]!=$REMOTE_ADDR || $arr["act"]!=$act)
|
|
{
|
|
sqlquery("INSERT INTO user_log SET uid='$uid', http_agent='$HTTP_USER_AGENT', remote_address='$REMOTE_ADDR', log_date=NOW(), act='$act'");
|
|
}
|
|
*/
|
|
}
|
|
?>
|