src » server » server

ServerAuthHandlerForumLogin.cpp

Go to the documentation of this file.
00001 ////////////////////////////////////////////////////////////////////////////////
00002 //    Scorched3D (c) 2000-2009
00003 //
00004 //    This file is part of Scorched3D.
00005 //
00006 //    Scorched3D is free software; you can redistribute it and/or modify
00007 //    it under the terms of the GNU General Public License as published by
00008 //    the Free Software Foundation; either version 2 of the License, or
00009 //    (at your option) any later version.
00010 //
00011 //    Scorched3D is distributed in the hope that it will be useful,
00012 //    but WITHOUT ANY WARRANTY; without even the implied warranty of
00013 //    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014 //    GNU General Public License for more details.
00015 //
00016 //    You should have received a copy of the GNU General Public License
00017 //    along with Scorched3D; if not, write to the Free Software
00018 //    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00019 ////////////////////////////////////////////////////////////////////////////////
00020 
00021 #include <server/ServerAuthHandlerForumLogin.h>
00022 #include <server/ScorchedServer.h>
00023 #include <common/Logger.h>
00024 #include <common/OptionsScorched.h>
00025 #include <common/Defines.h>
00026 #include <XML/XMLFile.h>
00027 
00028 #ifdef HAVE_MYSQL
00029 
00030 ServerAuthHandlerForumLogin::ServerAuthHandlerForumLogin() : 
00031         mysql_(0), success_(false)
00032 {
00033 }
00034 
00035 ServerAuthHandlerForumLogin::~ServerAuthHandlerForumLogin()
00036 {
00037 }
00038 
00039 void ServerAuthHandlerForumLogin::createAuthentication(ComsConnectAuthMessage &authMessage)
00040 {
00041         authMessage.setPassword("required");
00042         authMessage.setUserName("required");
00043 }
00044 
00045 bool ServerAuthHandlerForumLogin::authenticateUser(ComsConnectAuthMessage &authMessage, 
00046         std::string &message)
00047 {
00048         if (!connectHandler()) return false;
00049 
00050         // Check to see if a username has been provided
00051         if (!authMessage.getUserName()[0] ||
00052                 !authMessage.getPassword()[0])
00053         {
00054                 message = S3D::formatStringBuffer(
00055                         "This server is running in secure mode.\n"
00056                         "You need to supply a username and password to connect.\n"
00057                         "These should match your forum username and password.\n"
00058                         "Please go to %s to register a forum account.\n", 
00059                         authMessage.getUserName());;
00060                 return false;
00061         }
00062 
00063         // Check to see if username exists
00064         int user_id = 0;
00065         {
00066                 std::string text = S3D::formatStringBuffer(
00067                         "SELECT user_id FROM phpbb2_users WHERE username = \"%s\"",
00068                         authMessage.getUserName());
00069                 mysql_real_query(mysql_, text.c_str(), text.size());
00070                 MYSQL_RES *result = mysql_store_result(mysql_);
00071                 if (result)
00072                 {
00073                         int rows = (int) mysql_num_rows(result);
00074                         for (int r=0; r<rows; r++)
00075                         {
00076                                 MYSQL_ROW row = mysql_fetch_row(result);
00077                                 user_id = atoi(row[0]);
00078                         }
00079                         mysql_free_result(result);
00080                 }               
00081         }
00082         if (!user_id)
00083         {
00084                 message = S3D::formatStringBuffer(
00085                         "This server is running in secure mode.\n"
00086                         "Your supplied username was not recognised.\n"
00087                         "Please go to %s to register a forum account.\n", name_.c_str());;
00088                 return false;
00089         }
00090 
00091         // Check to see if password matches for username
00092         int password_user_id = 0;
00093         int scorched3dbanned = 0;
00094         std::string password_user_statsid;
00095         {
00096                 std::string text = S3D::formatStringBuffer(
00097                         "SELECT user_id, user_scorched3duid, user_scorched3dbanned "
00098                         "FROM phpbb2_users WHERE username = \"%s\" "
00099                         "AND user_password = MD5(\"%s\")",
00100                         authMessage.getUserName(), authMessage.getPassword());
00101                 mysql_real_query(mysql_, text.c_str(), text.size());
00102                 MYSQL_RES *result = mysql_store_result(mysql_);
00103                 if (result)
00104                 {
00105                         int rows = (int) mysql_num_rows(result);
00106                         for (int r=0; r<rows; r++)
00107                         {
00108                                 MYSQL_ROW row = mysql_fetch_row(result);
00109                                 password_user_id = atoi(row[0]);
00110                                 password_user_statsid = row[1];
00111                                 scorched3dbanned = atoi(row[2]);
00112                         }
00113                         mysql_free_result(result);
00114                 }               
00115         }
00116         if (!password_user_id)
00117         {
00118                 message = 
00119                         "This server is running in secure mode.\n"
00120                         "Your supplied password was not correct.\n";
00121                         "Please ensure you are using the same password as your forum account.\n";
00122                 return false;
00123         }
00124         // Check to see if this user has been banned
00125         if (scorched3dbanned == 1)
00126         {
00127                 message = 
00128                         "This server is running in secure mode.\n"
00129                         "Your supplied username has been banned.\n";
00130                 return false;
00131         }
00132 
00133         // Update unique id on forum or from fourm
00134         if (password_user_statsid.c_str()[0])
00135         {
00136                 authMessage.setUniqueId(password_user_statsid.c_str());
00137         }
00138         else if (authMessage.getUniqueId()[0])
00139         {
00140                 std::string text = S3D::formatStringBuffer(
00141                         "UPDATE phpbb2_users SET user_scorched3duid = \"%s\" WHERE user_id = %i ",
00142                         authMessage.getUniqueId(),
00143                         password_user_id);
00144                 mysql_real_query(mysql_, text.c_str(), text.size());
00145         }
00146 
00147         // Check if this unique id has been banned
00148         if (authMessage.getUniqueId()[0])
00149         {
00150                 bool bannedUniqueId = false;
00151                 {
00152                         std::string text = S3D::formatStringBuffer(
00153                                 "SELECT user_id, user_scorched3dbanned "
00154                                 "FROM phpbb2_users WHERE user_scorched3duid = \"%s\" ",
00155                                 authMessage.getUniqueId());
00156                         mysql_real_query(mysql_, text.c_str(), text.size());
00157                         MYSQL_RES *result = mysql_store_result(mysql_);
00158                         if (result)
00159                         {
00160                                 int rows = (int) mysql_num_rows(result);
00161                                 for (int r=0; r<rows; r++)
00162                                 {
00163                                         MYSQL_ROW row = mysql_fetch_row(result);
00164                                         if (atoi(row[1]) == 1) bannedUniqueId = true;
00165                                 }
00166                                 mysql_free_result(result);
00167                         }               
00168                 }
00169                 if (bannedUniqueId)
00170                 {
00171                         message = 
00172                                 "This server is running in secure mode.\n"
00173                                 "Your supplied uniqueid has been banned.\n";
00174                         return false;
00175                 }
00176         }
00177 
00178         return true;
00179 }
00180 
00181 bool ServerAuthHandlerForumLogin::authenticateUserName(const char *uniqueId, 
00182         const LangString &lsplayername)
00183 {
00184         if (!connectHandler()) return false;
00185 
00186         std::string splayername = LangStringUtil::convertFromLang(lsplayername);
00187         const char *playername = splayername.c_str();
00188 
00189         bool userResult = true;
00190         {
00191                 std::string text = S3D::formatStringBuffer(
00192                         "SELECT user_id , user_scorched3duid "
00193                         "FROM phpbb2_users WHERE username = \"%s\"",
00194                         playername);
00195                 mysql_real_query(mysql_, text.c_str(), text.size());
00196                 MYSQL_RES *result = mysql_store_result(mysql_);
00197                 if (result)
00198                 {
00199                         int rows = (int) mysql_num_rows(result);
00200                         for (int r=0; r<rows; r++)
00201                         {
00202                                 MYSQL_ROW row = mysql_fetch_row(result);
00203                                 userResult = (strcmp(row[1], uniqueId) == 0);
00204                         }
00205                         mysql_free_result(result);
00206                 }               
00207         }       
00208 
00209         return userResult;
00210 }
00211 
00212 void ServerAuthHandlerForumLogin::banUser(const char *uniqueId)
00213 {
00214         if (!connectHandler()) return;
00215 
00216         {
00217                 std::string text = S3D::formatStringBuffer(
00218                         "UPDATE phpbb2_users SET user_scorched3dbanned = 1 WHERE user_scorched3duid = \"%s\" ",
00219                         uniqueId);
00220                 mysql_real_query(mysql_, text.c_str(), text.size());
00221         }
00222 }
00223 
00224 bool ServerAuthHandlerForumLogin::connectHandler()
00225 {
00226         if (mysql_) return success_;
00227 
00228     mysql_ = mysql_init(0);
00229         if (!mysql_)
00230         {
00231                 Logger::log( "Failed to init mysql");
00232                 return false;
00233         }
00234 
00235         XMLFile file;
00236         std::string fileName = S3D::getSettingsFile(S3D::formatStringBuffer("forumlogin-%i.xml",
00237                 ScorchedServer::instance()->getOptionsGame().getPortNo()));
00238 
00239         std::string host, user, passwd, db, prefix;
00240         if (!file.readFile(fileName) ||
00241                 !file.getRootNode())
00242         {
00243                 Logger::log(S3D::formatStringBuffer("Failed to parse %s settings file. Error: %s", 
00244                         fileName.c_str(),
00245                         file.getParserError()));
00246                 return false;
00247         }
00248 
00249         if (!file.getRootNode()->getNamedChild("host", host) ||
00250                 !file.getRootNode()->getNamedChild("user", user) ||
00251                 !file.getRootNode()->getNamedChild("name", name_) ||
00252                 !file.getRootNode()->getNamedChild("passwd", passwd) ||
00253                 !file.getRootNode()->getNamedChild("db", db)) 
00254         {
00255                 Logger::log(S3D::formatStringBuffer("Failed to parse %s settings file.", fileName));
00256                 return false;
00257         }
00258 
00259         if (!mysql_real_connect(
00260                 mysql_,
00261                 host.c_str(),
00262                 user.c_str(),
00263                 passwd.c_str(),
00264                 db.c_str(),
00265                 0, "/tmp/mysql.sock", 0))
00266         {
00267                 Logger::log(S3D::formatStringBuffer("forum login auth handler failed to start. "
00268                         "Error: %s",
00269                         mysql_error(mysql_)));
00270                 Logger::log(S3D::formatStringBuffer("mysql params : host %s, user %s, passwd %s, db %s",
00271                         host.c_str(), user.c_str(),
00272                         passwd.c_str(), db.c_str()));
00273                 return false;
00274         }
00275 
00276         success_ = true;
00277         return success_;
00278 }
00279 
00280 #endif // #ifdef HAVE_MYSQL
00281
Generated on Mon Feb 16 15:14:53 2009 for Scorched3D by  doxygen 1.5.3