From a89fe5182ecbcbc3e5cf9fc925f389f26577622f Mon Sep 17 00:00:00 2001 From: vl Date: Fri, 4 May 2012 18:33:59 +0200 Subject: [PATCH] Added: external auth --- code/web/api/client/auth.php | 26 ++++++------ code/web/api/client/user.php | 18 ++++++++- code/web/api/common/auth.php | 24 +++++++---- code/web/api/common/logger.php | 2 +- code/web/api/common/render.php | 55 ++++++++++++-------------- code/web/api/ryzom_api.php | 6 --- code/web/api/server/auth.php | 11 +++++- code/web/api/server/config.php.default | 2 + code/web/app/app_test/index.php | 2 +- code/web/app/index.php | 11 +++--- 10 files changed, 91 insertions(+), 66 deletions(-) diff --git a/code/web/api/client/auth.php b/code/web/api/client/auth.php index cab8a5886..f47dbd634 100644 --- a/code/web/api/client/auth.php +++ b/code/web/api/client/auth.php @@ -20,30 +20,28 @@ require_once(RYAPI_PATH.'client/config.php'); // Og (non-ryzom.com) method function ryzom_authenticate_with_serverkey($cid, $name, $authserver, $authkey) { - global $_RYZOM_API_CONFIG; - $fn = $_RYZOM_API_CONFIG['auth_script'].'?name='.$name.'&cid='.$cid.'&authkey='.$authkey.'&authserver='.$authserver; - - $res = file_get_contents($fn); - return $res == '1'; } // Ig method function ryzom_authenticate_ingame($cid, $name, $authkey) { - global $_RYZOM_API_CONFIG; - $fn = $_RYZOM_API_CONFIG['auth_script'].'?name='.$name.'&cid='.$cid.'&authkey='.$authkey.'&ig=1'; + if (isset($_SESSION['user'])) + return true; - $res = file_get_contents($fn); - echo $res; - return $res == '1'; + if (ryzom_get_param('user')) + return true; + + return false; } // Session method function ryzom_authenticate_with_session($name, $redirect) { - global $_RYZOM_API_CONFIG; - $fn = $_RYZOM_API_CONFIG['auth_script'].'?name='.$name; + if (isset($_SESSION['user'])) + return true; - $res = file_get_contents($fn); - return $res == '1'; + if (ryzom_get_param('user')) + return true; + + return false; } ?> diff --git a/code/web/api/client/user.php b/code/web/api/client/user.php index de526dcca..b6e906b2c 100644 --- a/code/web/api/client/user.php +++ b/code/web/api/client/user.php @@ -17,7 +17,23 @@ */ function ryzom_user_get_info($cid) { - return Array(); + if (isset($_SESSION['user'])) + return $_SESSION['user']; + + $user = unserialize(base64_decode(ryzom_get_param('user'))); + $_SESSION['user'] = $user; + return $user; } +function ryzom_get_user_id($cid, $name, $creation_date) { + if (isset($_SESSION['user'])) + return $_SESSION['user']['id']; + + $user = unserialize(base64_decode(ryzom_get_param('user'))); + $_SESSION['user'] = $user; + + return $user['id']; +} + + ?> diff --git a/code/web/api/common/auth.php b/code/web/api/common/auth.php index b6bcdd799..1d52c5d8e 100644 --- a/code/web/api/common/auth.php +++ b/code/web/api/common/auth.php @@ -5,7 +5,8 @@ function ryzom_app_authenticate(&$user, $ask_login=true, $welcome_message='') { $authserver = ryzom_get_param('authserver'); $authkey = ryzom_get_param('authkey'); $lang = ryzom_get_param('lang'); - + $cid = ryzom_get_param('cid', ''); + $is_ingame = false; // we have to set the $user['lang'] even for anonymous user or we cannot display the test in the right langage if($lang == '') { $l = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); @@ -14,15 +15,20 @@ function ryzom_app_authenticate(&$user, $ask_login=true, $welcome_message='') { else $lang = 'en'; } + $user['message'] = ''; $user['lang'] = $lang; - - if (RYZOM_IG || ryzom_get_param('ig')) { + $user['ig'] = false; + + if ((isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Ryzom')) || ryzom_get_param('ig')) { + $user['ig'] = true; // Ingame - $cid = ryzom_get_param('cid'); - if (!ryzom_authenticate_ingame($cid, $name, $authkey)) + $shardid = ryzom_get_param('shardid'); + if (!ryzom_authenticate_ingame($shardid, $cid, $name, $authkey)) return false; + $is_ingame = true; } else { // Outgame : Use session + $error_message = ''; if (!ryzom_authenticate_with_session($name, $cid, $error_message)) { if ($ask_login) { $c = ''; @@ -47,8 +53,12 @@ function ryzom_app_authenticate(&$user, $ask_login=true, $welcome_message='') { // get user informations $user = ryzom_user_get_info($cid); $user['lang'] = $_SESSION['lang']; - - $user['id'] = ryzom_get_user_id($cid, $user['char_name'], $user['creation_date']); + if (isset($user['creation_date'])) + $user['id'] = ryzom_get_user_id($cid, $user['char_name'], $user['creation_date']); + if ($is_ingame && $user['last_played_date'] != '0') + $user['ig'] = true; + else + $user['ig'] = false; unset($user['last_played_date']); unset($user['creation_date']); return true; diff --git a/code/web/api/common/logger.php b/code/web/api/common/logger.php index f4909e721..1e5106b54 100644 --- a/code/web/api/common/logger.php +++ b/code/web/api/common/logger.php @@ -33,7 +33,7 @@ class ryLogger { function getLogs() { $ret = ''; if ($this->logs && $this->enable) - $ret = "Debug\n".implode("\n", $this->logs); + $ret = "Debug\n\n".implode("\n", $this->logs); $this->logs = array(); return $ret; } diff --git a/code/web/api/common/render.php b/code/web/api/common/render.php index a2ec31795..60b101d38 100644 --- a/code/web/api/common/render.php +++ b/code/web/api/common/render.php @@ -16,7 +16,7 @@ * along with ryzom_api. If not, see . */ -function ryzom_app_render($title, $content, $bgcolor='', $javascript=array(), $homeLink=false) { +function ryzom_app_render($title, $content, $ig=false, $bgcolor='', $javascript=array(), $homeLink=false) { $c = ''; // Render header $title_prefix = ''; @@ -25,38 +25,35 @@ function ryzom_app_render($title, $content, $bgcolor='', $javascript=array(), $h } if (!$bgcolor) - $bgcolor = '#000000'.(RYZOM_IG?'00':''); - - $c .= ''."\n"; - $c .= ' - '."\n"; - $c .= ' '.$title_prefix.(translation_exists($title)?_t($title):$title).''."\n"; - $c .= ' '."\n"; - - if (!RYZOM_IG) { + $bgcolor = '#000000'.($ig?'00':''); + + if (!$ig) { + $c .= ''."\n"; + $c .= ' + '."\n"; + $c .= ' '.$title_prefix.(translation_exists($title)?_t($title):$title).''."\n"; + $c .= ' '."\n"; $c .= ryzom_render_header(); $c .= ryzom_render_header_www(); - } - - $events = ON_IPHONE ? 'onorientationchange="updateOrientation();" ' : ''; - - $c .= ' '."\n"; - - $c .= ' '."\n"; + $events = ON_IPHONE ? 'onorientationchange="updateOrientation();" ' : ''; + $c .= ' '."\n"; + $c .= ' '."\n"; + // Javascript + $js_code = ''; + foreach ($javascript as $js) + $js_code .= ''; + $c .= $js_code; - // Javascript - $js_code = ''; - foreach ($javascript as $js) - $js_code .= ''; - $c .= $js_code; - - if (RYZOM_IG) - $c .= $content; - else{ $c .= ryzom_render_www(ryzom_render_window($title, $content, $homeLink)); + $c .= ''; + } else { + $c .= ''; + $c .= $content; + $debug = ryLogger::getInstance()->getLogs(); + if ($debug) + $c .= '
'.$debug.'
'; + $c .= ''; } - - $c .= ''; return $c; } @@ -140,7 +137,7 @@ function ryzom_render_window_begin($title, $homeLink=false) { return '
-
'.$title_prefix.(translation_exists($title)?_t($title):$title).$homeLink.'
+
'.(translation_exists($title)?_t($title):$title).$homeLink.'
diff --git a/code/web/api/ryzom_api.php b/code/web/api/ryzom_api.php index 960405b03..5cd9a7ba8 100644 --- a/code/web/api/ryzom_api.php +++ b/code/web/api/ryzom_api.php @@ -25,12 +25,6 @@ if (!defined('ON_IPHONE')) { else define('ON_IPHONE', false); } -if (!defined('RYZOM_IG')) { - if (isset($_SERVER['HTTP_USER_AGENT'])) - define('RYZOM_IG', strpos($_SERVER['HTTP_USER_AGENT'], 'Ryzom')); - else - define('RYZOM_IG', false); -} $includes = array('auth', 'config', 'utils', 'user'); diff --git a/code/web/api/server/auth.php b/code/web/api/server/auth.php index a8706fe8d..2e2b3ca1c 100644 --- a/code/web/api/server/auth.php +++ b/code/web/api/server/auth.php @@ -23,8 +23,15 @@ function ryzom_authenticate_with_serverkey($cid, $name, $authserver, $authkey) { return true; } -function ryzom_authenticate_ingame($cid, $name, $authkey) { - return file_get_contents(RYAPI_AUTH_SCRIPT) == '1'; +function ryzom_authenticate_ingame($shardid, $cid, $name, $authkey) { + $db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING); + $uid = intval($cid / 16); + $sql = "SELECT cookie FROM ring_users WHERE user_id = $uid"; + $row = $db->query_single_row($sql); + + $rawkey = $shardid.$name.$cid.'\''.trim($row['cookie']).'\''; + $md5rawkey = md5($rawkey); + return $authkey == $md5rawkey; } // take the character name and the account password and check if it's valid diff --git a/code/web/api/server/config.php.default b/code/web/api/server/config.php.default index c55cf74f0..d145da877 100644 --- a/code/web/api/server/config.php.default +++ b/code/web/api/server/config.php.default @@ -15,6 +15,8 @@ * You should have received a copy of the GNU Lesser General Public License * along with ryzom_api. If not, see . */ + +define('RYAPI_SHARDID', '101'); define('RYAPI_WEBDB_HOST', 'localhost'); define('RYAPI_WEBDB_LOGIN', 'localhost'); define('RYAPI_WEBDB_PASS', 'localhost'); diff --git a/code/web/app/app_test/index.php b/code/web/app/app_test/index.php index 95573dfe2..ad5408e22 100644 --- a/code/web/app/app_test/index.php +++ b/code/web/app/app_test/index.php @@ -29,6 +29,6 @@ else // Content $c = _t('access', $num_access['num_access']).'
'; -echo ryzom_app_render(APP_NAME, $c); +echo ryzom_app_render(APP_NAME, $c, $user['ig']); ?> diff --git a/code/web/app/index.php b/code/web/app/index.php index ed90c42b2..86223a42f 100644 --- a/code/web/app/index.php +++ b/code/web/app/index.php @@ -1,7 +1,6 @@ '._t('welcome', $user['char_name']).''; } else { - if (!RYZOM_IG) { + if (!$user['ig']) { if ($user['message']) $c .= '
'._t($user['message']).'

'; $c .= ryzom_render_login_form(ryzom_get_param('name')); @@ -28,8 +26,11 @@ foreach ($apps as $app) { $c .= ''._t($app).'
'; } -if($logged) $c .= '
'._t('logout').''; +if ($logged && !$user['ig']) + $c .= '
'._t('logout').''; -echo ryzom_app_render('Ryzom', $c); +// Print GET values on debug view +p($_GET); +echo ryzom_app_render('Ryzom', $c, $user['ig']); ?> \ No newline at end of file