Commit d20fafdd authored by Stuart John Watson's avatar Stuart John Watson

Cloned controll in controll_2 which splits it into functions. Added endpoint.php to post to

parent 1c75764d
......@@ -30,6 +30,9 @@ $time = time();
$uniAllowFilePATH = '/home/game-server/uni.allow';
$gameauthDBPATH = 'gameauth.db'; #WIP CHANGE
$username = $_POST["username"];
$password = $_POST["password"];
$accessLevel; //Set to one of NO_LOGIN|NO_GAMES|GAMES_ACCESS|AS_BEFORE
$oldLevel; //set to level is accessLevel is AS_BEFORE to get allowed info
$failReason; // If they can't connect contains the reason why.
......@@ -60,9 +63,6 @@ $cip=$_SERVER['REMOTE_ADDR'];
$cip2=$_SERVER['HTTP_CLIENT_IP'];
$cip3=$_SERVER['HTTP_X_FORWARDED_FOR'];
$cookie=$_COOKIE["sucs_gameauth"];
$username=$_POST['username'];
$password=$_POST['password'];
$renew=$_POST['renew'];
/*echo("REMOTE_ADDR: $cip <br>");
echo("HTTP_CLIENT_IP: $cip2 <br>");
......@@ -104,7 +104,7 @@ if ($renew){
//Oterwise check their post data to try and auth them
} else {
//Insure they have passed a username and password
if ($_POST["username"] == "" && $_POST["password"] == "") {
if ($username == "" && $password == "") {
$authd = "";
$accessLevel = "NO_LOGIN";
$failReason = "MISSING_USERNAME_OR_PASSWORD";
......@@ -158,7 +158,7 @@ if ($renew){
}
// logouts are done by posting the username logout to the page
if ($_POST["username"] == "logout"){
if ($username == "logout"){
//$db->exec("DELETE FROM gamers WHERE sessionid='$sessionid'");
$db->exec("UPDATE gamers SET lastseen=0, sessionid='n0p3' WHERE sessionid='$sessionid'");
session_destroy();
......@@ -183,6 +183,7 @@ if ($accessLevel == "GAME_ACCESS" || ($accessLevel == "AS_BEFORE" && $oldLevel =
chdir("games");
include "_manager.php";
$services = getGameStatus();
chdir("..");
header('Content-Type: application/json');
//Echo response
......@@ -195,25 +196,4 @@ echo json_encode([
services => $services
]
]);
/*
level => "NO_LOGIN","NO_ACCESS","GAME_ACCESS"
loginError => <string>
username => <string>
extraPayload =>
onlineUsers => [<string>]
services =>
minecraft =>
online => <bool>
current => <number>
max => <number>
ect ...
*/
//echo ("Auth'd?: $authd <br>");
//echo("Cookie: $cookie <br>");
//echo ("Session id: ");
//echo (session_id());
?>
<?php
include('ldap-auth.php');
error_reporting(E_ERROR);
session_start();
$DB_PATH = "gameauth.db";
$DB_CON;
if (!file_exists($DB_PATH)){
$DB_CON = new SQLite3($DB_PATH);
$DB_CON->exec("CREATE TABLE gamers
(
username TEXT PRIMARY KEY NOT NULL,
sessionid TEXT NOT NULL,
IP TEXT NOT NULL,
authd TEXT NOT NULL,
lastseen INT NOT NULL
)"
);
$DB_CON->exec("CREATE TABLE bans
(
username TEXT PRIMARY KEY NOT NULL,
reason TEXT
)"
);
} else {
$DB_CON = new SQLite3($DB_PATH);
}
function sqlite3Exists($table,$col,$val){
global $DB_CON;
$query = $DB_CON->prepare("SELECT 1 LIMIT 1 AS dupli FROM $table WHERE $col = :val");
$query->bindParam(':val', $val);
$query->execute();
$fetch = $query->fetch(SQLITE3_NUM);
return bool($fetch);
}
function sqlite3Exec($query){
return $DB_CON->exec($query);
}
//Checks how authed the user is and returns an obejct deescribing it
function authCheck($authd,$username){
//Not a valid user
if ($authd != "sucs" && $auth != "uni"){
return [
level => "NO_LOGIN",
loginError => "BAD_LOGIN"
];
}
//Check if they are banned
if (sqlite3Exists("bans","username",$username)){
return [
level => "NO_GAMES",
loginError => "BANNED"
];
}
//if they are sucs they are always allowed on
//or if the uniAllowPath is there (since they will then be uni students)
if ($authd == "sucs" || file_exists($uniAllowFilePATH)) {
$accessLevel = "GAME_ACCESS";
} else {
//Otherwise they get no games.
$accessLevel = "NO_GAMES";
$failReason = "UNI_DISALLOWED";
}
return [
level => $accessLevel,
loginError => $failReason
];
}
function login($username,$password){
//Check to make sure we have a username and password
if ($username == "" || $password == "") {
return [
level => "NO_LOGIN",
loginError => "MISSING_USERNAME_OR_PASSWORD"
];
};
//Auth the user
$authd = ldapAuth($username,$password);
//If they logged in with a email we will detect it and string out username
if(filter_var($username, FILTER_VALIDATE_EMAIL)){
//Split the email using "@" as a delimiter
$s = explode("@",$username);
//Remove the domain (last element), tehn recombine it
array_pop($s);
$username = implode("@",$s);
}
$username = strtolower();
$authResult = authCheck($authd,$username);
//If they gave a good login
if($authResult["level"] == "GAME_ACCESS"){
//Add them into the database
$sessionid = session_id();
$cip = $_SERVER['REMOTE_ADDR'];
$time = time();
sqlite3Exec("DELET FROM gamers WHERE username='$username'");
sqlite3Exec("INSERT INTO gamers (username,sessionid,IP,authd,lastseen) VALUES ('$authdUser','$sessionid','$cip','$accessLevel','$time')");
}
//Return the authResult
return $authResult;
}
function renew(){
$sessionid = session_id();
if (sqlite3Exists("gamers","sessionid",$sessionid)){
$query = sqlite3Exec("SELECT authd,username FROM gamers WHERE sessionid='$sessionid'");
$row = fetchArray();
$authd = $row[0];
$username = $row[1];
$authResult = authCheck($authd,$username);
//Check their login is still good and update if so
if($authResult["level"] == "GAME_ACCESS"){
$time = time();
sqlite3Exec("UPDATE gamers SET lastseen='$time' WHERE sessionid='$sessionid'");
}
return $authResult;
} else {
return [
level => "NO_LOGIN",
loginError => "TIMEOUT"
];
}
}
function logout(){
$sessionid = session_id();
sqlite3Exec("UPDATE gamers SET lastseen=0, sessionid='n0p3' WHERE sessionid='$sessionid'");
session_destroy();
return [
level => "NO_LOGIN",
loginError => null
];
}
?>
<?php
include 'controll_2.php';
$username = $_POST["username"];
$password = $_POST["password"];
$renew = $_POST["renew"];
$logout = $_POST["logout"];
$response;
if($renew){
$response = renew();
} else if ($logout){
$response = logout();
} else {
$response = login($username,$password);
}
echo json_encode($respnose);
?>
File added
......@@ -11,7 +11,7 @@
foreach ($GAMES_TO_INCLUDE as $game){
include "$game.php";
$a = "$game\\getInfo";
$thisGame = $a();
$thisGame = @$a();
$gameInfo[$game] = $thisGame;
if ($templateHeader !== FALSE){
echo $templateHeader;
......@@ -21,6 +21,7 @@
$elem = $matches[1];
$key = $matches[2];
$val = $thisGame[$key];
if ($val === undefined) {$val="??";}
if ($key == "_online"){
if($val){
$val = "<span style='color:green'>Online</span>";
......
......@@ -124,6 +124,6 @@ $("form").submit(function(event){
t.val("")
}
});
$.post("controll.php",data,onPostResponse);
$.post("endpoint.php",data,onPostResponse);
return false;
});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment