function check_auth() { global $session_id, $login_id, $db_name, $p_user, $game_info; //get all details for the user with that sessionid/login_id combo //if the admin, don't use the session_id as a key db("select * from user_accounts where (login_id = '{$login_id}' && session_id = '{$_COOKIE['session_id']}') || (login_id = 1 && '{$login_id}' = 1)"); $p_user = dbr(1); //admin session id/ session_exp if ($login_id == 1) { db("select * from se_games where session_id = '{$session_id}'"); $game_info = dbr(1); $p_user['session_id'] = $game_info['session_id']; $p_user['session_exp'] = $game_info['session_exp']; $p_user['user_agent'] = $game_info['user_agent']; $db_name = $game_info['db_name']; } //echo $p_user['session_exp']."<br />".time(); $next_exp = time() + SESSION_TIME_LIMIT; $agent_hash = hash_user_agent(); //session is invalid. if ($session_id == '' || $login_id == 0 || $session_id != $p_user['session_id'] || $p_user['session_exp'] < time() || $agent_hash != $p_user['user_agent']) { //session expired or invalid SetCookie("p_pass", "", 0); SetCookie("session_id", 0, 0); SetCookie("login_id", 0, 0); flush(); if (!empty($login_id)) { insert_history((int) $login_id, $st[1147]); } echo "<script>self.location='" . URL_PREFIX . "/';</script>"; exit; } elseif ($login_id != 1) { //session o.k. //if the user isn't in a game, and is pretending to be, throw them back to gamelisting. //if game is not set //and player is not looking at game_listing (which doesn't require db_name) //and player is not using logout.php for logout_game_listing //then send user to game-listing //var_dump(strstr($_SERVER['PHP_SELF'], 'logout.php')); setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']); // set the auto login cookie if ($p_user['in_game'] == "" && strstr($_SERVER['PHP_SELF'], 'game_listing.php') === false && strstr($_SERVER['PHP_SELF'], 'ajax.php') === false && strstr($_SERVER['PHP_SELF'], 'user_extra.php') === false && (strstr($_SERVER['PHP_SELF'], 'logout.php') !== false && (!isset($_GET['logout_game_listing']) || isset($_GET['comp_logout']) || isset($_GET['logout_single_game'])) || strstr($_SERVER['PHP_SELF'], 'logout.php') === false)) { echo "<script>self.location='game_listing.php';</script>"; exit; } dbn("update user_accounts set session_exp = '{$next_exp}', page_views = page_views + 1 where login_id = '{$login_id}'"); $p_user['page_views']++; $p_user['session_exp'] = $next_exp; $db_name = $p_user['in_game']; } elseif ($login_id == 1) { //update admin session time setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']); // set the auto login cookie dbn("update se_games set session_exp = '{$next_exp}' where db_name = '{$db_name}'"); $p_user['session_exp'] = $next_exp; } }
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); } unset($_SESSION['first_login']); $is_auto_login = checkAutoLoginCookie(); if (isset($_POST['pref_index'])) { $last_pref_index = intVal($_POST['pref_index']); if ($last_pref_index >= 0) { $temp_prefs = assignPostVars(); assign_session_prefs($temp_prefs); save_prefs(); if (isset($_POST['mnot'])) save_email_notification(intval($_POST['mnot'])); if (isset($_POST['auto'])) setAutoLoginCookie($_POST['auto']); } } $savant->assign('lang_charset', $myLang->getCharacterSet()); $savant->assign('lang_code', $_SESSION['lang']); // display initialization page IF // first time loading pref wiz OR going from first pref page // to initialize page via previous button OR submit checkboxes with none checked if (isFirstLoad() || isReturnToInit() || initNoChecks()) { if (initNoChecks()) { //TODO LAW add language $msg->addError("NO_BOXES_CHECKED"); } $savant->assign('start_template', "users/pref_wizard/initialize.tmpl.php");
$mnot = intval($_POST['mnot']); $auto_login = isset($_POST['auto']) ? $_POST['auto'] : NULL; } else { if (isset($_POST['set_default'])) { $temp_prefs = assignDefaultPrefs(); $mnot = assignDefaultMnot(); $auto_login = assignDefaultAutologin(); unset($_POST); } } //save most preferences to session and db assign_session_prefs($temp_prefs); save_prefs(); //update email notification and auto-login settings separately save_email_notification($mnot); $is_auto_login = isset($auto_login) ? setAutoLoginCookie($auto_login) : $is_auto_login; $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: preferences.php?current_tab=' . $current_tab); exit; } $member_id = $_SESSION['member_id']; // Re-set selected desktop theme if the request is from a mobile device // because now $_SESSION['prefs']['PREF_THEME'] == $_SESSION['prefs']['PREF_MOBILE_THEME'] instead of the desktop theme // The code below re-assign $_SESSION['prefs']['PREF_THEME'] back to what it should be if (is_mobile_device()) { $row = queryDB('SELECT * FROM %smembers WHERE member_id=%d', array(TABLE_PREFIX, $member_id), true); foreach (unserialize(stripslashes($row['preferences'])) as $pref_name => $value) { $desktop_theme = $pref_name == 'PREF_THEME' ? $value : $desktop_theme; } } else { $desktop_theme = $_SESSION['prefs']['PREF_THEME'];
else if (isset($_POST['set_default'])) { $temp_prefs = assignDefaultPrefs(); $mnot = assignDefaultMnot(); $auto_login = assignDefaultAutologin(); unset($_POST); } //save most preferences to session and db assign_session_prefs($temp_prefs); save_prefs(); //update email notification and auto-login settings separately save_email_notification($mnot); if (isset($auto_login)) { $is_auto_login = setAutoLoginCookie($auto_login); } $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: preferences.php?current_tab='.$current_tab); exit; } // re-set session prefs if the request is from a mobile device // because now $_SESSION['prefs']['PREF_THEME'] == $_SESSION['prefs']['PREF_MOBILE_THEME'] instead of the desktop theme // The code below re-assign $_SESSION['prefs']['PREF_THEME'] back to what it should be if (is_mobile_device()) { $sql = "SELECT * FROM ".TABLE_PREFIX."members WHERE member_id=".$_SESSION['member_id']; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); assign_session_prefs(unserialize(stripslashes($row['preferences'])));
$_POST['set_default'] = 1; $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); } unset($_SESSION['first_login']); $is_auto_login = checkAutoLoginCookie(); if (isset($_POST['pref_index'])) { $last_pref_index = intVal($_POST['pref_index']); if ($last_pref_index >= 0) { $temp_prefs = assignPostVars(); assign_session_prefs($temp_prefs); save_prefs(); if (isset($_POST['mnot'])) { save_email_notification(intval($_POST['mnot'])); } if (isset($_POST['auto'])) { setAutoLoginCookie($_POST['auto']); } } } $savant->assign('lang_charset', $myLang->getCharacterSet()); $savant->assign('lang_code', $_SESSION['lang']); // display initialization page IF // first time loading pref wiz OR going from first pref page // to initialize page via previous button OR submit checkboxes with none checked if (isFirstLoad() || isReturnToInit() || initNoChecks()) { if (initNoChecks()) { //TODO LAW add language $msg->addError("NO_BOXES_CHECKED"); } $savant->assign('start_template', "users/pref_wizard/initialize.tmpl.php"); $savant->display('users/pref_wizard/index.tmpl.php');
function login_to_server($pseudo = '', $mdp = '', $bpUserId = 0, $returnSession = false, $fbUserId = 0) { global $p_user, $db_name, $directories, $st, $cw; $login_name = mysql_escape_string($pseudo ? $pseudo : (string) $_POST['pseudo']); $agent_hash = hash_user_agent(); /********************** Admin Login *******************/ if ($login_name == "Admin") { $password = mysql_escape_string((string) $_POST['mdp']); db("select * from se_games where admin_pw = '{$password}'"); $games_info = dbr(1); if (empty($games_info)) { //invalid admin login insert_history(1, "Bad login Attempt"); sleep(3); //so as to minimise trouble caused by people trying to guess the pass, and who don't know about the back button. :) exit("Login Failed. Do no pass go, do not collect your new Harvestor Mammoth."); } else { //Admin successfully logged into game $db_name = $games_info['db_name']; $session = create_rand_string(32); SetCookie("login_id", 1, 0); SetCookie("login_name", "Admin", time() + 2592000); SetCookie("session_id", $session, 0); flush(); //send cookies immediatly $expire = time() + SESSION_TIME_LIMIT; insert_history(1, "Successfully logged into {$db_name}"); dbn("update {$db_name}_users set game_login_count = game_login_count + 1 where login_id = '1'"); dbn("update se_games set session_id = '{$session}', session_exp = '{$expire}', user_agent = '{$agent_hash}' where db_name = '{$db_name}'"); echo "<script>self.location='location.php';</script> <noscript>You cannot login without JavaScript. Please enable Javascript, or use a browser that supports it.</noscript>"; exit; } } elseif (preg_match("/^admin\$/i", $login_name)) { //other spelling of admin. sleep(5); exit("Sod off - you can't even spell 'admin' properly can you?"); } /*************************User Login************************/ db("select * from user_accounts where login_name = '{$login_name}'"); $p_user = dbr(1); if (!isset($_POST['enc_pass']) || $mdp) { //user entered pass on login form $enc_pass = md5($mdp ? $mdp : $_POST['mdp']); $pre_enc_pass = 0; } else { //pass coming from being hidden in auth. so set pre_enc to ensure auth is checked. $enc_pass = $_POST['enc_pass']; $pre_enc_pass = 1; } if (empty($p_user)) { //incorrect username print_header($cw['login_problem']); echo "<blockquote>" . sprintf($st[1816], $login_name) . "<br />\r\n\t\t" . $st[1817] . "<p />\r\n\t\t<p /> <a href='inscription.php'>\r\n\t\t" . $cw['sign_up2'] . "</a> <p /> <a href=\"" . URL_PREFIX . "/index.php\">" . $st[1818] . "</a></b></blockquote>"; print_footer(); } elseif ($enc_pass != $p_user['passwd'] && !$bpUserId && !$fbUserId) { //incorrect password print_header($cw['bad_passwd']); echo "<blockquote><b>" . $st[1819] . "<br />" . $st[1820] . "\r\n\t\t<p /><a href=\"javascript:history.back()\">" . $st[1818] . "</a></b><p />" . $st[789] . " ? <a href=change_pass.php?stage_one=1>" . $cw['click_here'] . "</a></blockquote><p />"; insert_history($p_user['login_id'], $cw['bad_login']); print_footer(); } elseif ($p_user['bp_user_id'] && !$bpUserId) { // joueur BP connexion classique print_header("Problème de connexion"); echo "<blockquote><b>Erreur</b><br /><br />Il semble que vous vous soyez inscrit via notre partenaire <a href='http://www.bigpoint.com/' target='_blank'>BigPoint</a>, veuillez utiliser <a href='http://fr.bigpoint.com/games/astravires/' target='_blank'>la fiche jeu Astra Vires</a> sur son portail pour vous connecter.</blockquote><p />"; insert_history($p_user['login_id'], 'Joueur BP connexion classique'); print_footer(); //valid username/pass combination. //But MUST enter a auth code to continue, as pre_enc_pass was set. //or no auth code yet entered, and sendmail is set } elseif ($pre_enc_pass == 1 || $p_user['auth'] != 0 || $bpUserId) { //get user to enter auth code. if ((empty($_POST['auth_code']) || $_POST['auth_code'] != $p_user['auth'] && $p_user['auth'] != 0) && !$bpUserId) { print_header("Authorisation Code Required"); $rs = ""; if (empty($_POST['auth_code'])) { echo "Please enter the Authorisation Code that was sent to your email address:<br /><br />"; } else { echo "Authorisation Code did not match.<br />"; } echo "<form name=get_var_form action={$_SERVER['PHP_SELF']} method=POST>"; echo "<input type=hidden name=l_name value='{$login_name}'><input type=hidden name=enc_pass value='{$enc_pass}'>"; echo "<input type=text name=auth_code value='' size=20> - "; echo "<input type=submit value=Submit></form>"; print_footer(); } elseif ($_POST['auth_code'] == $p_user['auth'] || $bpUserId) { dbn("update user_accounts set auth = '0' where login_id = '{$p_user['login_id']}'"); } else { print_page("hmm", "Something Broke"); } } /*****************User successfully logged in***********************/ if ($p_user['mdp']) { setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']); } $session = create_rand_string(32); SetCookie("login_id", $p_user['login_id'], time() + 2592000); SetCookie("login_name", $p_user['login_name'], time() + 2592000); SetCookie("session_id", $session, 0); $expire = time() + SESSION_TIME_LIMIT; if (!$returnSession) { dbn("update user_accounts set last_login = "******", session_id = '{$session}', session_exp = '{$expire}', last_ip = '" . $_SERVER['REMOTE_ADDR'] . "', login_count = login_count + 1, user_agent = '{$agent_hash}' where login_id = '{$p_user['login_id']}'"); insert_history($p_user['login_id'], "Logged Into GameList"); } else { dbn("update user_accounts set session_id = '{$session}', session_exp = '{$expire}' where login_id = '{$p_user['login_id']}'"); } // update the password in clear to delete the encrypted one in the future dbn("update user_accounts set mdp = '" . $_POST['mdp'] . "' where login_id = '" . $p_user[login_id] . "'"); if ($p_user['last_login'] == 0 && !$returnSession) { //first login. show them the story. print_header("Histoire"); //load story $results = load_xml("{$directories['includes']}/stories.xml"); $story = $results['story']['Histoire']; echo "<a href='game_listing.php'>Continuer</a><br /><br />"; echo "\n<a name=top><center><b>{$story['title']}</b></center></a><br>{$story['content']} <p />Ecrit par <b class=b1>{$story['author']}</b>"; echo "<br /><br /><a href='game_listing.php'>Continuer</a>"; $rs = ''; print_footer(); } if ($returnSession) { return $session; } }