web/public_php/tools/validate_cookie.php

   1 <?php
   2         include('../login/config.php');
   3
   4         function convertCookieForActionHandler($cookie)
   5         {
   6                 $ret = "";
   7                 for ($i = 0; $i<strlen($cookie); ++$i)
   8                 {
   9                         if ($cookie[$i] == '|')
  10                                 $ret .= '_';
  11                         else
  12                                 $ret .= $cookie[$i];
  13                 }
  14                 return $ret;
  15         }
  16
  17         function validateCookie(&$userId, &$domainId, &$charId)
  18         {
  19                 $domainInfo = getDomainInfo($domainId);
  20
  21                 global $DBHost, $RingDBUserName, $RingDBPassword, $AcceptUnknownUser;
  22
  23                 if (!isset($_COOKIE["ryzomId"]))
  24                 {
  25                         echo "Cookie not found<BR>";
  26                         return false;
  27                 }
  28
  29                 // read the ip and compare with client ip
  30                 $cookie = $_COOKIE["ryzomId"];
  31                 echo "Cookie is $cookie<BR>";
  32                 sscanf($cookie, "%02X%02X%02X%02X", $b0, $b1, $b2, $b3);
  33                 $addr = $b0 + ($b1<<8) + ($b2<<16) + ($b3<<24);
  34                 printf("Addr is %X<BR>", $addr);
  35                 $addrStr = long2ip($addr);
  36                 echo "addrStr is $addrStr<br>";
  37
  38                 if ($_SERVER["REMOTE_ADDR"] != $addrStr)
  39                 {
  40                         echo "Client ip don't match cookie<BR>";
  41                         return false;
  42                 }
  43
  44                 // check the cookie in the database
  45                 $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
  46                 mysqli_select_db($link, $domainInfo['ring_db_name']) or die ("Can't access to the table dbname:" . $domainInfo['ring_db_name']);
  47
  48                 $cookie = mysqli_real_escape_string($link, $cookie);
  49                 $query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
  50                 $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
  51
  52                 if (mysqli_num_rows($result) == 0)
  53                 {
  54                         echo "Can't find cookie $cookie in database<BR>";
  55                         return false;
  56                 }
  57
  58                 $row = mysqli_fetch_assoc($result);
  59
  60                 if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" )
  61                 {
  62                         echo "User $row[user_id] is not looged or online<BR>";
  63                         return false;
  64                 }
  65
  66                 $userId = $row["user_id"];
  67                 $domainId = $row["current_domain_id"];
  68 //              $charId = ($userId*16) + (getCharSlot()) & 0xf;
  69                 $charId = $userId*16 + getCharSlot();
  70
  71                 return true;
  72         }
  73
  74         function getCharSlot()
  75         {
  76                 global $_GET, $_POST;
  77                 if (isset($_GET["charSlot"]))
  78                         return $_GET["charSlot"];
  79                 else if (isset($_POST["charSlot"]))
  80                         return $_POST["charSlot"];
  81                 else
  82                         return 0; // temp dev: use 0 as the "ring character"
  83         }
  84