Merge branch 'main/rendor-staging' into main/atys-live
[ryzomcore.git] / web / public_php / tools / validate_cookie.php
bloba62f026b74ad69808f59bf94ca02d90b7b93a1a9
1 <?php
2 include('../login/config.php');
4 function convertCookieForActionHandler($cookie)
6 $ret = "";
7 for ($i = 0; $i<strlen($cookie); ++$i)
9 if ($cookie[$i] == '|')
10 $ret .= '_';
11 else
12 $ret .= $cookie[$i];
14 return $ret;
17 function validateCookie(&$userId, &$domainId, &$charId)
19 $domainInfo = getDomainInfo($domainId);
21 global $DBHost, $RingDBUserName, $RingDBPassword, $AcceptUnknownUser;
23 if (!isset($_COOKIE["ryzomId"]))
25 echo "Cookie not found<BR>";
26 return false;
29 // read the ip and compare with client ip
30 $cookie = $_COOKIE["ryzomId"];
31 echo "Cookie is $cookie<BR>";
32 sscanf($cookie, "%02X%02X%02X%02X", $b0, $b1, $b2, $b3);
33 $addr = $b0 + ($b1<<8) + ($b2<<16) + ($b3<<24);
34 printf("Addr is %X<BR>", $addr);
35 $addrStr = long2ip($addr);
36 echo "addrStr is $addrStr<br>";
38 if ($_SERVER["REMOTE_ADDR"] != $addrStr)
40 echo "Client ip don't match cookie<BR>";
41 return false;
44 // check the cookie in the database
45 $link = mysqli_connect($DBHost, $RingDBUserName, $RingDBPassword) or die ("Can't connect to database host:$DBHost user:$RingDBUserName");
46 mysqli_select_db($link, $domainInfo['ring_db_name']) or die ("Can't access to the table dbname:" . $domainInfo['ring_db_name']);
48 $cookie = mysqli_real_escape_string($link, $cookie);
49 $query = "SELECT user_id, current_status, current_domain_id FROM ring_users where cookie='$cookie'";
50 $result = mysqli_query($link, $query) or die ("Can't execute the query: ".$query);
52 if (mysqli_num_rows($result) == 0)
54 echo "Can't find cookie $cookie in database<BR>";
55 return false;
58 $row = mysqli_fetch_assoc($result);
60 if ($row["current_status"] != "cs_logged" && $row["current_status"] != "cs_online" )
62 echo "User $row[user_id] is not looged or online<BR>";
63 return false;
66 $userId = $row["user_id"];
67 $domainId = $row["current_domain_id"];
68 // $charId = ($userId*16) + (getCharSlot()) & 0xf;
69 $charId = $userId*16 + getCharSlot();
71 return true;
74 function getCharSlot()
76 global $_GET, $_POST;
77 if (isset($_GET["charSlot"]))
78 return $_GET["charSlot"];
79 else if (isset($_POST["charSlot"]))
80 return $_POST["charSlot"];
81 else
82 return 0; // temp dev: use 0 as the "ring character"