function ryzom_authenticate_with_char_and_password($character, $password, &$cid)
{
$db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING);
$char = $db->escape_string($character);
$sql = "SELECT char_id, char_name, user_id, home_mainland_session_id FROM characters WHERE char_name = '{$char}'";
$row = $db->query_single_row($sql);
$character = $row['char_name'];
$cid = $row['char_id'];
$uid = $row['user_id'];
$db->select_db('nel');
$sql = "SELECT Password FROM user WHERE UId = {$uid}";
$row = $db->query_single_row($sql);
$ok = $row['Password'] == crypt($password, $row['Password']);
return $ok;
}
function replaceBook(Book $newBook)
{
$db = new ServerDatabase();
$db->newQuery("UPDATE book SET author='%2', title='%3', image='%4', category=%5 WHERE id=%1");
$db->addParameter($newBook->id);
$db->addParameter($newBook->author);
$db->addParameter($newBook->title);
$db->addParameter($newBook->image);
$db->addParameter($newBook->category);
$db->execute();
return $db->getRowsAffected() > 0;
}
function ryzom_authenticate_with_char_and_password($character, $password, &$cid)
{
$db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING);
$char = $db->escape_string($character);
$schar = explode('@', $char);
$_SESSION['dev_shard'] = 0;
if (count($schar) == 2 && $schar[1] == RYAPI_DEV_SHARD) {
$_SESSION['dev_shard'] = 1;
$char = $schar[0];
$db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING_DEV);
}
$sql = "SELECT char_id, char_name, user_id, home_mainland_session_id FROM characters WHERE char_name = '{$char}'";
$row = $db->query_single_row($sql);
$character = $row['char_name'];
$cid = $row['char_id'];
$uid = $row['user_id'];
$db->select_db('nel');
$sql = "SELECT Password FROM user WHERE UId = {$uid}";
$row = $db->query_single_row($sql);
$ok = $row['Password'] == crypt($password, $row['Password']);
return $ok;
}
function ryzom_user_get_info($cid, $webprivs = false, $player_stats = false)
{
// User information
global $_RYZOM_API_CONFIG;
if (isset($_SESSION['dev_shard']) && $_SESSION['dev_shard']) {
$db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING_DEV);
} else {
$db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_RING);
}
$sql = "SELECT char_name, race, civilisation, cult, guild_id, creation_date, last_played_date FROM characters WHERE char_id = {$cid}";
$result = $db->query($sql) or die('Could not query on ryzom_user_get_info');
$found = $db->num_rows($result) >= 1;
if (!$found) {
return array('char_name' => _t('guest'), 'cid' => $cid, 'ERROR' => 'unknown_user', 'groups' => array('GUEST'));
}
$row = $db->fetch_assoc($result);
$db->free_result($result);
if ($row) {
$row['race'] = substr($row['race'], 2);
$row['cult'] = substr($row['cult'], 2);
$row['civ'] = substr($row['civilisation'], 2);
if ($row['guild_id'] != '0') {
$xml = @simplexml_load_file(ryzom_guild($row['guild_id'], false));
// $xml = false;
if ($xml !== false) {
$row['guild_icon'] = (string) $xml->icon;
$row['guild_name'] = (string) $xml->name;
$result = $xml->xpath("/guild/members/member[cid={$cid}]");
while (list(, $item) = each($result)) {
$row['grade'] = (string) $item->grade;
}
} else {
$row['guild_name'] = 'UNKNOWN_GUILD_' . $row['guild_id'];
// Unknow name (normal in yubo shard)
}
}
}
$uid = intval($cid / 16);
$db = new ServerDatabase(RYAPI_NELDB_HOST, RYAPI_NELDB_LOGIN, RYAPI_NELDB_PASS, RYAPI_NELDB_NEL);
$sql = "SELECT Privilege FROM user WHERE UId = {$uid}";
$result = $db->query($sql) or die("Could not query.");
$priv_row = $db->fetch_row($result, MYSQLI_NUM);
$priv = $priv_row[0];
$db->free_result($result);
$groups = array();
$row['uid'] = $uid;
$row['cid'] = $cid;
$row['slot'] = $cid % 16;
if (strpos($priv, ':DEV:') !== false) {
$groups[] = 'DEV';
$groups[] = 'SGM';
$groups[] = 'GM';
$groups[] = 'EM';
$groups[] = 'EG';
$groups[] = 'VG';
$groups[] = 'G';
}
if (strpos($priv, ':SGM:') !== false) {
$groups[] = 'SGM';
$groups[] = 'GM';
$groups[] = 'VG';
$groups[] = 'G';
}
if (strpos($priv, ':GM:') !== false) {
$groups[] = 'GM';
$groups[] = 'VG';
$groups[] = 'G';
}
if (strpos($priv, ':VG:') !== false) {
$groups[] = 'VG';
$groups[] = 'G';
}
if (strpos($priv, ':G:') !== false) {
$groups[] = 'G';
}
if (strpos($priv, ':SEM:') !== false) {
$groups[] = 'SEM';
$groups[] = 'EM';
$groups[] = 'EG';
}
if (strpos($priv, ':EM:') !== false) {
$groups[] = 'EM';
$groups[] = 'EG';
}
if (strpos($priv, ':EG:') !== false) {
$groups[] = 'EG';
}
$groups[] = 'PLAYER';
if (isset($_SESSION['dev_shard']) && $_SESSION['dev_shard']) {
$groups[] = 'DEV_SHARD';
}
if ($webprivs) {
$db = new ServerDatabase(RYAPI_WEBDB_HOST, RYAPI_WEBDB_LOGIN, RYAPI_WEBDB_PASS, 'webig');
$sql = 'SELECT web_privs FROM accounts WHERE uid = ' . intval($cid / 16);
$result = $db->query($sql) or die("Could not query." . $db->get_error());
if ($result->num_rows == 0) {
$db->query('INSERT INTO accounts (`uid`, `web_privs`) VALUES (' . intval($cid / 16) . ', \'\')') or die("Could not query." . $db->get_error());
}
$priv_row = $db->fetch_row($result, MYSQLI_NUM);
$privs = $priv_row[0];
$db->free_result($result);
$groups = array_merge($groups, explode(':', $privs));
}
if ($player_stats) {
include_once RYAPI_PATH . 'server/player_stats.php';
$row['fames'] = ryzom_player_fames_array($cid);
}
$row['groups'] = $groups;
return $row;
}
function emptyBasket($sessionId, $db = null)
{
if (!$db) {
$db = new ServerDatabase();
}
try {
$db->newQuery("DELETE FROM basket WHERE session = '%1'");
$db->addParameter($sessionId);
$db->execute();
return true;
} catch (Exception $e) {
return false;
}
}
<?php
/*
** Создание БД
*/
require "server.classes.php";
define("USER_DB", "users.db");
if (file_exists(USER_DB)) {
unlink(USER_DB);
}
$db = new ServerDatabase(USER_DB);
$db->newQuery("CREATE TABLE user\n\t\t(\n\t\t\tname \t\t\tTEXT,\t\t-- Имя пользователя\n\t\t\temail \t\t\tTEXT,\t\t-- E-mail/логин пользователя\n\t\t\tpassword \t\tTEXT, \t\t-- Хеш пароля пользователя\n\t\t\tsalt \t\t\tTEXT,\t\t-- Соль (энтропия) хеширования пароля\n\t\t\titerationCount\tNUMERIC, \t-- Число итераций засоливания\n\t\t\tPRIMARY KEY (email)\t\t\t-- Первичный ключ - это E-mail пользователя\n\t\t)");
$db->execute();
$db->newQuery("CREATE INDEX ixUserName ON user (name)");
$db->execute();
// Создание пользователей
createUser(new User("Вася Пупкин", "*****@*****.**", "password"));
createUser(new User("Федя Сумкин", "*****@*****.**", "password"));
createUser(new User("Маша Морковкина", "*****@*****.**", "password"));
echo "<h2>База данных создана!</h2>";
// Функция добавления пользователя в БД
function createUser($user)
{
global $db;
$user->setPassword($user->password);
$db->newQuery("INSERT INTO user (name, email, password, salt, iterationCount) VALUES ('%1', '%2', '%3', '%4', %5)");
$db->addParameter($user->name);
$db->addParameter($user->email);
$db->addParameter($user->password);
$db->addParameter($user->dbEntropy->salt);
$db->addParameter($user->dbEntropy->iterationCount);
static function updateDatabaseStruct($defs)
{
if (file_exists(RYAPP_PATH . 'database.versions')) {
$versions = unserialize(file_get_contents(RYAPP_PATH . 'database.versions'));
} else {
$versions = array();
}
$c = "Updating DB Structure...\n";
foreach ($defs as $dbname => $tables) {
$db = new ServerDatabase(RYAPI_WEBDB_HOST, RYAPI_WEBDB_LOGIN, RYAPI_WEBDB_PASS, $dbname);
$db->query("SET NAMES utf8");
$c .= "\n\tSelected DB '{$dbname}'\n";
foreach ($tables as $table => $sql) {
$version = count($sql);
if (array_key_exists($table, $versions)) {
$diff = $version - $versions[$table];
} else {
$versions[$table] = 0;
$diff = $version;
}
$c .= "\t\tTable '{$table}' need v{$version} (current v" . strval($versions[$table] . ') => ');
if ($diff > 0) {
$sql_to_run = array_slice($sql, $versions[$table], $diff);
foreach ($sql_to_run as $sql_run) {
if ($sql_run) {
$c .= "Run sql... ";
$result = $db->query($sql_run);
} else {
$c .= "KO!!!";
}
}
if ($result) {
$c .= "OK";
$versions[$table] = $version;
}
} else {
$c .= "OK";
}
$c .= "\n";
}
$c .= "\n";
$db->close();
}
file_put_contents(RYAPP_PATH . 'database.versions', serialize($versions));
return '<pre>' . $c . '<pre>';
}
/*
** Сервер авторизации пользователя
*/
require 'server.classes.php';
// Объект пользователя
$user = new User();
// Читаем данные, переданные в POST
$rawPost = file_get_contents('php://input');
// Если данные были переданы...
if ($rawPost) {
// Десериализация пакета JSON
$userInfo = json_decode($rawPost);
// Если email указан - находим пользователя в БД
if ($userInfo->email) {
$db = new ServerDatabase();
$db->newQuery("SELECT name, email, password, salt, iterationCount FROM user WHERE email = '%1'");
$db->addParameter($userInfo->email);
$result = $db->execute(true);
// Если пользователь найден - заполним его данные...
if (count($result) > 0) {
$user->fillFromArray($result[0]);
}
// Если пароль указан - проверяем его
if ($userInfo->password) {
// Восстанавливаем энтропию, которая использовалась при передаче
$user->transferEntropy = new Entropy($userInfo->transferEntropy->salt, $userInfo->transferEntropy->iterationCount);
// Если пароль указан неверно - стираем данные
if (!$user->isValidPassword($userInfo->password)) {
$user->name = "";
}
