Use configured resolution for login/outgame/ingame
[ryzomcore.git] / nelns / admin / public_html / session_auth.php
blobddf0a60de72ad41420cc47d4af4c72eb8fc936df
1 <?php
2 // NeL - MMORPG Framework <http://dev.ryzom.com/projects/nel/>
3 // Copyright (C) 2010 Winch Gate Property Limited
4 //
5 // This program is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU Affero General Public License as
7 // published by the Free Software Foundation, either version 3 of the
8 // License, or (at your option) any later version.
9 //
10 // This program is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU Affero General Public License for more details.
15 // You should have received a copy of the GNU Affero General Public License
16 // along with this program. If not, see <http://www.gnu.org/licenses/>.
18 // authenticate
19 function auth(&$error)
21 global $command, $sessionAuth, $admcookielogin, $admcookiepassword, $sessionAuth;
22 global $admlogin, $admpassword, $uid, $gid, $useCookie, $group, $HTTP_POST_VARS;
23 unset($error);
25 switch($HTTP_POST_VARS["command"])
27 case "logout":
28 addToLog("Logout!");
30 $uid = $sessionAuth["uid"];
31 logUser($uid, "LOGOUT");
33 //session_unregister("sessionAuth");
34 unset($_SESSION["sessionAuth"]);
35 session_destroy();
37 // erases cookies
38 eraseCookies();
40 unset($admlogin);
41 unset($admpassword);
42 unset($admcookielogin);
43 unset($admcookiepassword);
44 unset($uid);
46 htmlProlog($_SERVER['PHP_SELF'], "Logout", false);
48 echo "<center>\n";
49 echo "You are not logged any more<br>\n";
50 echo "Click <a href='index.php'>here</a> to login<br>\n";
51 echo "</center>\n";
53 htmlEpilog();
55 die();
56 break;
58 case "chPassword":
59 addToLog("Change pass!");
60 global $chOldPass, $chNewPass, $chConfirmNewPass;
62 if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
64 $error = "Invalid login '$admlogin'";
65 eraseCookies();
66 return 0;
69 if (crypt($chOldPass, "NL") == $admpassword && $chNewPass == $chConfirmNewPass)
71 sqlquery("UPDATE user SET password='".crypt($chNewPass, "NL")."' WHERE uid='$uid'");
72 $admpassword = $chNewPass;
74 addToLog("Changed password to '$chNewPass':'".crypt($chNewPass, "NL")."'");
76 //session_unregister("sessionAuth");
77 unset($_SESSION["sessionAuth"]);
78 session_destroy();
81 case "login":
82 $admpassword = crypt($admpassword, "NL");
84 addToLog("Login! -- admlogin='$admlogin', admpassword='$admpassword'");
86 if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
88 $error = "Invalid login '$admlogin'";
89 print $error;
90 eraseCookies();
91 return 0;
94 $sessionAuth = array ("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
95 //session_register("sessionAuth");
96 $_SESSION["sessionAuth"] = $sessionAuth;
98 if ($useCookie)
99 setupCookies($admlogin, $admpassword);
101 logUser($uid, "LOGIN");
103 return 1;
104 break;
106 default:
108 if (!isset($sessionAuth) || $sessionAuth["admlogin"] == "")
110 print "no sessionauth or admlogin is blank";
111 if (!isset($admcookielogin))
113 addToLog("cookie not set");
114 return false;
116 else
118 $admlogin = $admcookielogin;
119 $admpassword = $admcookiepassword;
122 else
124 $admlogin = $sessionAuth["admlogin"];
125 $admpassword = $sessionAuth["admpassword"];
126 $uid = $sessionAuth["uid"];
129 if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group)))
131 if (!$uid)
133 $error = "Invalid login '$admlogin'";
134 eraseCookies();
135 return false;
139 $sessionAuth = array ("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
140 //session_register("sessionAuth");
141 $_SESSION["sessionAuth"] = $sessionAuth;
143 if ($useCookie)
144 setupCookies($admlogin, $admpassword);
145 else
146 eraseCookies();
148 //logUser($uid, "BROWSE");
150 return 1;
151 break;
156 // validate id
157 function validateId($admlogin, $admpassword, &$useCookies, &$gid, &$group)
159 global $REMOTE_ADDR;
161 if (!ereg('^[a-zA-Z0-9]+$', $admlogin))
163 //echo "DETECTED potential hacking login='$admlogin'<br>\n";
164 return false;
167 addToLog("Validate login: '$admlogin'/'$admpassword'...");
168 $res = mysql_query("SELECT auth.password AS password, auth.uid AS uid, auth.useCookie AS useCookie, auth.gid AS gid, ugroup.login AS gname, auth.allowed_ip AS allowed_ip FROM user AS auth, user AS ugroup WHERE BINARY auth.login='$admlogin' AND auth.gid=ugroup.uid");
169 if (!$res || !($arr=mysql_fetch_array($res)) || !($arr["uid"]) || $admpassword != $arr["password"])
171 addToLog("failed !!");
172 return false;
174 $allowed_ip = $arr["allowed_ip"];
175 if ($allowed_ip != "" && strstr($REMOTE_ADDR, $allowed_ip) == FALSE)
176 return false;
178 addToLog("success");
179 $useCookies = ($arr["useCookie"] == "yes");
180 $gid = $arr["gid"];
181 $group = $arr["gname"];
182 return $arr["uid"];
186 // setup cookies
187 function setupCookies($admlogin, $admpassword)
190 setcookie("admcookielogin", $admlogin, time()+3600*24*15);
191 setcookie("admcookiepassword", $admpassword, time()+3600*24*15);
193 addToLog("cookies set to admlogin=$admlogin admpassword=$admpassword");
196 // erase cookies
197 function eraseCookies()
199 setcookie("admcookielogin");
200 setcookie("admcookiepassword");
202 addToLog("cookies reset");
205 // log user
206 function logUser($uid, $act, $prefix="")
208 global $HTTP_USER_AGENT, $REMOTE_ADDR, $userlogpath;
210 $result = sqlquery("SELECT login FROM user WHERE uid='$uid'");
211 if ($result && ($result=sqlfetch($result)))
213 $login = $result["login"];
214 $filename = $userlogpath."/".$login.".log";
215 $file = fopen($filename, "a");
216 if ($file)
218 fwrite($file, ($prefix!="" ? $prefix." " : "").date("Y/m/d H:i:s")." $uid:$login:$HTTP_USER_AGENT:$REMOTE_ADDR $act\n");
219 fclose($file);
222 else
224 $filename = $userlogpath."/unreferenced_user.log";
225 $file = fopen($filename, "a");
226 if ($file)
228 fwrite($file, date("Y/m/d H:i:s")." $uid:<unknown login>:$HTTP_USER_AGENT:$REMOTE_ADDR $act\n");
229 fclose($file);
234 $result = sqlquery("SELECT http_agent, remote_address, act FROM user_log WHERE uid='$uid' ORDER BY log_date DESC LIMIT 1");
235 if (!$result || !($arr=mysql_fetch_array($result)) || $arr["http_agent"]!=$HTTP_USER_AGENT || $arr["remote_address"]!=$REMOTE_ADDR || $arr["act"]!=$act)
237 sqlquery("INSERT INTO user_log SET uid='$uid', http_agent='$HTTP_USER_AGENT', remote_address='$REMOTE_ADDR', log_date=NOW(), act='$act'");