Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

loginWebService type handler

Browse Source 
Fix #380
This commit is contained in:
Znote 2020-06-12 01:45:55 +02:00
parent 9c9941e292
commit 0d3940a0e6
1 changed files with 193 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
login.php
View File

@ -2,45 +2,135 @@
require_once 'engine/init.php';
// Client 11 loginWebService
// DEV: Uncomment all //error_log lines and tail error.log file to see communication from and to client.
// ...: Configure webserver to don't display PHP errors/warnings so the client can parse the json response.
if($_SERVER['HTTP_USER_AGENT'] == "Mozilla/5.0" && $config['ServerEngine'] === 'TFS_10' && $config['login_web_service'] == true) {
function jsonError($message, $code = 3) {
die(json_encode(array('errorCode' => $code, 'errorMessage' => $message)));
function sendError($message, $code = 3) {
$response = json_encode(array('errorCode' => $code, 'errorMessage' => $message));
//error_log("\nServer = " . $response . "\n-");
die($response);
}
function sendMessage($message) {
$response = json_encode($message);
//error_log("\nServer = " . $response . "\n\n-");
die($response);
}
header("Content-Type: application/json");
$input = file_get_contents("php://input");
//error_log("\n\n\nClient = " . $input . "\n");
// Based on tests, input length should be at least 67+ chars.
if (strlen($input) > 10) {
$client = json_decode($input);
if (!isset($client->type)) {
sendError("Type missing.");
}
switch($client->type) {
// {"count":0,"isreturner":true,"offset":0,"showrewardnews":false,"type":"news"}
case "cacheinfo":
// {"type":"cacheinfo"}
sendMessage(array(
'playersonline' => user_count_online(),
'twitchstreams' => 0,
'twitchviewer' => 0,
'gamingyoutubestreams' => 0,
'gamingyoutubeviewer' => 0
));
break;
case 'eventschedule':
// {"type":"eventschedule"}
sendMessage(array(
'eventlist' => array()
));
/*
array(
array(
'description' => "Description text.\n\nTest",
'startdate' => 1590979202,
'colordark' => "#735D10", // HEX color code
'name' => "Full Moon",
'enddate' => 1590979202 + (300 * 24 * 60 * 60),
'isseasonal' => false,
'colorlight' => "#8B6D05"
),
array(
'description' => "Winterberries can now be found all over Tibia!",
'startdate' => 1590979202,
'colordark' => "#7A4C1F",
'name' => "Annual Autumn Vintage",
'enddate' => 1590979202 + (7 * 24 * 60 * 60),
'isseasonal' => false,
'colorlight' => "#935416"
),
array(
'description' => "This is the time of witches, ghosts and vampires.",
'startdate' => 1590979202,
'colordark' => "#235c00",
'name' => "Halloween Event",
'enddate' => 1590979202 + (30 * 24 * 60 * 60),
'isseasonal' => false,
'colorlight' => "#2d7400"
)
)
*/
break;
case 'boostedcreature':
// {"type":"boostedcreature"}
sendMessage(array(
//'boostedcreature' => false,
'raceid' => 219
));
break;
case 'news':
// {"count":0,"isreturner":true,"offset":0,"showrewardnews":false,"type":"news"}
sendMessage(array(
'gamenews' => array(), // element structure?
'categorycounts' => array(
'support' => 1,
'game contents' => 2,
'useful info' => 3,
'major updates' => 4,
'client features' => 5
),
'maxeditdate' => 1590979202
));
break;
case "login":
/* {
'accountname' => 'username',
'password' => 'superpass',
'stayloggedin' => true,
'token' => '123123', (or not set)
'type' => 'login', (What other types do we have?)
'type' => 'login',
} */
$jsonObject = json_decode($input);
$username = sanitize($jsonObject->accountname);
$password = SHA1($jsonObject->password);
$token = (isset($jsonObject->token)) ? sanitize($jsonObject->token) : false;
$username = sanitize($client->accountname);
$password = SHA1($client->password);
$token = (isset($client->token)) ? sanitize($client->token) : false;
$fields = '`id`, `premdays`';
if ($config['twoFactorAuthenticator']) $fields .= ', `secret`';
$account = mysql_select_single("SELECT {$fields} FROM `accounts` WHERE `name`='{$username}' AND `password`='{$password}' LIMIT 1;");
if ($account === false) {
jsonError('Wrong username and/or password.');
sendError('Wrong username and/or password.');
}
if ($config['twoFactorAuthenticator'] === true && $account['secret'] !== null) {
if ($token === false) {
jsonError('Submit a valid two-factor authentication token.', 6);
sendError('Submit a valid two-factor authentication token.', 6);
} else {
require_once("engine/function/rfc6238.php");
if (TokenAuth6238::verify($account['secret'], $token) !== true) {
jsonError('Two-factor authentication failed, token is wrong.', 6);
sendError('Two-factor authentication failed, token is wrong.', 6);
}
}
}
@ -50,8 +140,9 @@ if($_SERVER['HTTP_USER_AGENT'] == "Mozilla/5.0" && $config['ServerEngine'] === '
$gameserver = $config['gameserver'];
// todo: Fix dynamic desition to pass along token. (and verify that it works). Hostname: otx11.lan
$sessionKey = $username."\n".$jsonObject->password;
if (strlen($account['secret']) > 5) $sessionKey .= "\n".$token."\n".floor(time() / 30);
$sessionKey = $username."\n".$client->password;
if (isset($account['secret']) && strlen($account['secret']) > 5) $sessionKey .= "\n".$token."\n".floor(time() / 30);
$response = array(
'session' => array(
'fpstracking' => false,
@ -113,14 +204,16 @@ if($_SERVER['HTTP_USER_AGENT'] == "Mozilla/5.0" && $config['ServerEngine'] === '
);
}
//error_log("= SESSION KEY: " . $response['session']['sessionkey']);
die(json_encode($response));
sendMessage($response);
} else {
jsonError("Character list is empty.");
sendError("Character list is empty.");
}
} else {
jsonError("Unrecognized event.");
break;
default:
sendError("Unsupported type: " . sanitize($client->type));
}
} // End client 11 loginWebService
logged_in_redirect();