Merge branch 'fixes' into main/rendor-staging
[ryzomcore.git] / web / public_php / api / server / auth.php
blobf5d879374f078fff796924eb0f0d9a3d939f6074
1 <?php
2 /* Copyright (C) 2009 Winch Gate Property Limited
4 * This file is part of ryzom_api.
5 * ryzom_api is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU Lesser General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * ryzom_api is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public License
16 * along with ryzom_api. If not, see <http://www.gnu.org/licenses/>.
19 include_once(RYAPI_PATH.'server/guilds.php');
21 function ryzom_authenticate_with_serverkey($cid, $name, $authserver, $authkey) {
22 $rawkey = RYAPI_COOKIE_KEY.$name.$cid.$authserver;
23 $authkey = md5($rawkey);
24 if ($authkey != $authkey) return false;
25 return true;
28 function ryzom_authenticate_ingame($shardid, $cid, $name, $authkey) {
29 $db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING);
30 $uid = intval($cid / 16);
31 $sql = "SELECT cookie FROM ring_users WHERE user_id = $uid";
32 $row = $db->query_single_row($sql);
34 $rawkey = $shardid.$name.$cid.'\''.trim($row['cookie']).'\'';
35 $md5rawkey = md5($rawkey);
36 return $authkey == $md5rawkey;
39 // take the character name and the account password and check if it's valid
40 function ryzom_authenticate_with_char_and_password($character, $password, &$cid) {
41 $db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING);
42 $char = $db->escape_string($character);
43 $schar = explode('@', $char);
44 $_SESSION['dev_shard'] = 0;
45 if (count($schar) == 2 && $schar[1] == RYAPI_DEV_SHARD) {
46 $_SESSION['dev_shard'] = 1;
47 $char = $schar[0];
48 $db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING_DEV);
50 $sql = "SELECT char_id, char_name, user_id, home_mainland_session_id FROM characters WHERE char_name = '$char'";
51 $row = $db->query_single_row($sql);
52 $character = $row['char_name'];
53 $cid = $row['char_id'];
54 $uid = $row['user_id'];
55 $db->select_db('nel');
56 $sql = "SELECT Password FROM user WHERE UId = $uid";
57 $row = $db->query_single_row($sql);
58 $ok = $row['Password'] == crypt($password, $row['Password']);
59 return $ok;
62 function ryzom_authenticate_with_session(&$name, &$cid, &$error_message) {
63 $c = '';
65 $action = ryzom_get_param('action');
66 if ($action == 'logout') {
67 unset($_SESSION['name']);
68 unset($_SESSION['cid']);
69 unset($_SESSION['dev_shard']);
72 if (isset($_SESSION['name']) && ($name == '' || $_SESSION['name'] == $name)) {
73 $name = $_SESSION['cid'];
74 $cid = $_SESSION['cid'];
75 return true;
78 $char = ryzom_get_param('char');
79 $password = ryzom_get_param('password');
81 if ($char && $password) {
82 // check credentials
83 if (ryzom_authenticate_with_char_and_password($char, $password, $cid)) {
84 $_SESSION['name'] = $char;
85 $_SESSION['cid'] = $cid;
86 return true;
87 } else {
88 $error_message = 'bad_auth';
90 } else
91 return NULL;
93 return false;