Commit 58f6921e authored by Stuart John Watson's avatar Stuart John Watson

Fixed changes of splitting controll to a seperate file

parent 549cc46f
<?php
/* Functions in this file:
login($username,$passoword) - checks the credentials aganist sucs & uni ldaps
authCheck($authd,$username) - checks the username and authd area again ban & allow flags
renew() - checks the players session and tries to renew if allowed
logout() - removes the session from the database and clears the cookie
Login Flow:
call login passing it the username and password
This will call the ldapAuth function included from ldap-auth.php
It when then call authCheck with the info to see what the user can do
If they are allowed access they are then inserted into the database
Renew Flow:
call renew, it has no arguments as it works off session_id
Firstly it gets the username and which ldap server they authd aganist from the database
Then it calls authCheck with the retrived data to check what they can still do
If they are still allowed acess the timeout their database entry is update
Otherwise they are removed from the database
Logout Flow:
call logout, it has no arguments as it works off session_id
It remvoes the user's database entry
Then destroys the session logging them out fully
*/
include('ldap-auth.php');
error_reporting(E_ERROR);
......@@ -35,13 +59,13 @@
}
function sqlite3Exec($query){
global $DB_CON;
return $DB_CON->exec($query);
return $DB_CON->query($query);
}
//Checks how authed the user is and returns an obejct deescribing it
//Checks how authed the user is and returns an obejct describing it
function authCheck($authd,$username){
//Not a valid user
if ($authd != "sucs" && $auth != "uni"){
if ($authd != "sucs" && $authd != "uni"){
return [
level => "NO_LOGIN",
loginError => "BAD_LOGIN"
......@@ -87,7 +111,7 @@
if(filter_var($username, FILTER_VALIDATE_EMAIL)){
//Split the email using "@" as a delimiter
$s = explode("@",$username);
//Remove the domain (last element), tehn recombine it
//Remove the domain (last element), then recombine it
array_pop($s);
$username = implode("@",$s);
}
......@@ -101,7 +125,7 @@
$cip = $_SERVER['REMOTE_ADDR'];
$time = time();
sqlite3Exec("DELET FROM gamers WHERE username='$username'");
sqlite3Exec("INSERT INTO gamers (username,sessionid,IP,authd,lastseen) VALUES ('$authdUser','$sessionid','$cip','$accessLevel','$time')");
sqlite3Exec("INSERT INTO gamers (username,sessionid,IP,authd,lastseen) VALUES ('$authdUser','$sessionid','$cip','$authd','$time')");
}
//Return the authResult
......@@ -111,8 +135,8 @@
function renew(){
$sessionid = session_id();
if (sqlite3Exists("gamers","sessionid",$sessionid)){
$query = sqlite3Exec("SELECT authd,username FROM gamers WHERE sessionid='$sessionid'");
$row = fetchArray();
$query = sqlite3Exec("SELECT authd,username FROM gamers WHERE sessionid='$sessionid';");
$row = $query->fetchArray(SQLITE3_NUM);
$authd = $row[0];
$username = $row[1];
......@@ -120,8 +144,12 @@
//Check their login is still good and update if so
if($authResult["level"] == "GAME_ACCESS"){
$time = time();
$time = time();
sqlite3Exec("UPDATE gamers SET lastseen='$time' WHERE sessionid='$sessionid'");
} else {
//If it's bad (maybe they have been banned?) delete it and return an error.
sqlite3Exec("DELETE FROM gamers WHERE sessionid='$sessionid'");
return $authResult;
}
return $authResult;
} else {
......@@ -134,7 +162,7 @@
function logout(){
$sessionid = session_id();
sqlite3Exec("UPDATE gamers SET lastseen=0, sessionid='n0p3' WHERE sessionid='$sessionid'");
sqlite3Exec("DELETE FROM gamers WHERE sessionid='$sessionid'");
session_destroy();
return [
level => "NO_LOGIN",
......
No preview for this file type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment