/**
* Function to be called before calling controller
*/
public function before()
{
// check for SSL
if (!is_null($this->ssl)) {
force_https($this->ssl);
}
// se the active user
$this->user = \login::$logged_in ? \login::$user : null;
}
/** Kontroller SSL status */
protected function check_ssl()
{
// kontroller https status
if (defined("FORCE_HTTPS") || defined("FORCE_HTTPS_ALWAYS")) {
force_https();
} elseif (!defined("OPTIONAL_HTTPS")) {
// ikke benytt https hvis ikke brukeren krever det
if (!login::$logged_in || !login::$info['ses_secure']) {
force_https(false);
}
}
}
/**
* Main page
*/
public function action_index()
{
// logge inn?
// tar seg også av eventuell nødvendig reauth ved ukjent IP
if (!$this->user) {
force_https();
return \Kofradia\Controller::execute("Users\\Login@index");
}
// videresende?
if (isset($_GET['orign'])) {
\redirect::handle($_GET['orign'], \redirect::SERVER, \login::$info['ses_secure']);
}
new \page_forsiden(\login::$user->player);
}
/**
* Force Secure Site Access? If the config value 'forceGlobalSecureRequests'
* is true, will enforce that all requests to this site are made through
* HTTPS. Will redirect the user to the current page with HTTPS, as well
* as set the HTTP Strict Transport Security header for those browsers
* that support it.
*
* @param int $duration How long the Strict Transport Security
* should be enforced for this URL.
*/
protected function forceSecureAccess($duration = 31536000)
{
if ($this->config->forceGlobalSecureRequests !== true) {
return;
}
force_https($duration, $this->request, $this->response);
}
/**
* Sjekk om brukeren er logget inn
* @param boolean $ajax bruk data fra $_SESSION ?
*/
public static function check_status($ajax = false)
{
global $__server, $_base, $_game;
// ajax?
if ($ajax) {
// er ikke session starta?
if (!session_id()) {
// har ikke session?
if (!isset($_COOKIE[session_name()]) || !isset($_COOKIE[$__server['cookie_prefix'] . "s"])) {
return;
}
// start session
sess_start();
}
// har vi ikke brukerinfo?
if (!isset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'logged_in'])) {
return;
}
// kontroller at brukeren fremdeles kan være logget inn
if ($_SESSION[$GLOBALS['__server']['session_prefix'] . 'login_info']['ses_expire_time'] <= time()) {
self::logout();
return;
}
self::$logged_in = $_SESSION[$GLOBALS['__server']['session_prefix'] . 'logged_in'];
self::$info = $_SESSION[$GLOBALS['__server']['session_prefix'] . 'login_info'];
self::$user = $_SESSION[$GLOBALS['__server']['session_prefix'] . 'user'];
if (isset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'extended_access'])) {
self::$extended_access = $_SESSION[$GLOBALS['__server']['session_prefix'] . 'extended_access'];
}
if (isset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'data'])) {
self::$data =& $_SESSION[$GLOBALS['__server']['session_prefix'] . 'data'];
}
// if-test kan fjernes over tid grunnet overgangsfase
// kontroller extended access
if (isset(self::$extended_access['authed'])) {
// vært inaktiv for lenge?
$time = time();
if (self::$extended_access['auth_check'] + 1800 <= $time) {
self::$extended_access = array("authed" => NULL, "auth_time" => 0, "auth_check" => 0, "passkey" => self::$extended_access);
$_SESSION[$GLOBALS['__server']['session_prefix'] . 'extended_access'] = self::$extended_access;
}
}
// ajax sjekk fullført
return;
}
// finnes cookies?
if (isset($_COOKIE[$__server['cookie_prefix'] . "s"])) {
$secure = $_COOKIE[$__server['cookie_prefix'] . "s"];
if ($secure == 1) {
defined("LOGIN_FORCE_SSL") || define("LOGIN_FORCE_SSL", true);
force_https();
}
// sjekk at vi har alle cookies
if (isset($_COOKIE[$__server['cookie_prefix'] . "id"]) && mb_substr_count($_COOKIE[$__server['cookie_prefix'] . "id"], ":") == 1 && isset($_COOKIE[$__server['cookie_prefix'] . "h"])) {
// finn sid, uid og hash
list($sid, $uid) = explode(":", $_COOKIE[$__server['cookie_prefix'] . "id"]);
$hash = $_COOKIE[$__server['cookie_prefix'] . "h"];
$sid = intval($sid);
$uid = intval($uid);
// finn ut om dette finnes i databasen
$result = \Kofradia\DB::get()->query("\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tses_id, ses_u_id, ses_hash, ses_expire_type, ses_expire_time, ses_browsers, ses_phpsessid, ses_last_ip, ses_last_time, ses_secure,\n\t\t\t\t\t\tu_online_time, u_online_ip, u_access_level, u_force_ssl\n\t\t\t\t\tFROM sessions, users WHERE sessions.ses_u_id = users.u_id AND sessions.ses_u_id = {$uid} AND sessions.ses_id = {$sid} AND sessions.ses_active = 1 AND sessions.ses_expire_time > " . time());
// kontroller hash
if ($row = $result->fetch()) {
if ($hash != $row['ses_hash'] && $hash != mb_substr(md5($row['ses_hash']), 0, 13)) {
$row = null;
}
}
unset($result);
// har vi en rad?
if ($row) {
self::$info = $row;
self::$info['ses_secure'] = self::$info['ses_secure'] == 1;
$extra = "";
// start session
sess_start(self::$info['ses_phpsessid']);
// deaktivert?
if (self::$info['u_access_level'] == 0) {
// logg ut alle øktene
self::logout(true);
// hent begrunnelse og info
$result = \Kofradia\DB::get()->query("SELECT u_id, u_email, u_deactivated_reason, u_deactivated_time, up_name FROM users LEFT JOIN users_players ON up_id = u_active_up_id WHERE u_id = {$uid}");
$_SESSION[$GLOBALS['__server']['session_prefix'] . 'login_error'] = array("deactivated", $result->fetch());
unset($result);
redirect::handle("", redirect::ROOT);
}
// ny IP-adresse?
if ($_SERVER['REMOTE_ADDR'] != self::$info['ses_last_ip'] && self::$info['ses_last_ip'] != "0.0.0.0" && !empty(self::$info['ses_last_ip'])) {
// hent IP-liste
$result = \Kofradia\DB::get()->query("\n\t\t\t\t\t\t\tSELECT ses_ip_list\n\t\t\t\t\t\t\tFROM sessions\n\t\t\t\t\t\t\tWHERE ses_id = {$sid}");
$ip_list = explode(";", $result->fetchColumn(0));
unset($result);
// er vi allerede verifisert?
$ok = false;
if (in_array($_SERVER['REMOTE_ADDR'], $ip_list)) {
$ok = true;
} elseif ($__server['https_support']) {
if ($row['ses_hash'] == $hash && $secure) {
$ok = true;
} elseif (mb_substr(md5($row['ses_hash']), 0, 13) == $hash) {
// må bruke HTTPS?
if (!HTTPS) {
// _POST?
if ($_SERVER['REQUEST_METHOD'] == "POST") {
header("HTTP/1.1 406 Not Acceptable");
die("Du forsøker å utføre en handling men må reautentisere deg på grunn av ny IP-adresse. Åpne siden i et nytt vindu og vend tilbake hit og oppdater siden for å fullføre handlingen.");
}
// videresend til sikker kobling
redirect::handle("/?orign=" . urlencode($_SERVER['REQUEST_URI']), redirect::ROOT, true);
}
// kontroller reauth-cookie
if (isset($_COOKIE[$__server['cookie_prefix'] . "ra"]) && $_COOKIE[$__server['cookie_prefix'] . "ra"] == $row['ses_hash']) {
$ok = true;
}
}
// verifisert?
if ($ok) {
// legg til i listen
$ip_list[] = $_SERVER['REMOTE_ADDR'];
$extra .= ", ses_ip_list = " . \Kofradia\DB::quote(implode(";", $ip_list));
putlog("ABUSE", "%c6%bAUTENTISERT-IP:%b%c #%u{$uid}%u har fått ny IP-adresse autentisert i økten (%u{$_SERVER['REMOTE_ADDR']}%u - forrige: " . self::$info['ses_last_ip'] . ") {$__server['path']}/min_side?u_id={$uid}");
}
}
if (!$ok) {
// logg ut økten
self::logout();
putlog("CREWCHAN", "%c6%bMISLYKKET-AUTENTISERT-IP:%b%c #%u{$uid}%u har fått ny IP-adresse i økten (%u{$_SERVER['REMOTE_ADDR']}%u - forrige: " . self::$info['ses_last_ip'] . ") - %c4KUNNE IKKE VERIFISERES%c - {$__server['path']}/min_side?u_id={$uid}");
// hent e-post
$result = \Kofradia\DB::get()->query("SELECT u_email FROM users WHERE u_id = {$uid}");
$email = $result->fetchColumn(0);
unset($result);
// lagre e-post i sessions slik at det kan hentes ut til logg inn skjemaet
$_SESSION[$GLOBALS['__server']['session_prefix'] . 'logginn_id'] = $email;
// info og redirect
$_base->page->add_message("Du har fått ny IP-adresse og har blitt automatisk logget ut av sikkerhetsmessige årsaker. Vi klarte ikke å verifisere din identitet. Du kan nå logge inn igjen.", "info");
redirect::handle("?orign=" . urlencode($_SERVER['REQUEST_URI']), redirect::ROOT);
}
// sett som siste IP
$extra .= ", ses_last_ip = " . \Kofradia\DB::quote($_SERVER['REMOTE_ADDR']);
}
// bruker ikke sikker tilkobling slik det skal?
if (!$secure && self::$info['ses_secure'] && $__server['https_support']) {
// endre secure cookie
$cookie_expire = self::$info['ses_expire_type'] == LOGIN_TYPE_BROWSER ? 0 : time() + 31536000;
setcookie($__server['cookie_prefix'] . "s", 1, $cookie_expire, $__server['cookie_path'], $__server['cookie_domain']);
defined("LOGIN_FORCE_SSL") || define("LOGIN_FORCE_SSL", true);
force_https();
}
// skal være tvunget til https?
if ($__server['https_support'] && !self::$info['ses_secure'] && (self::$info['u_access_level'] != 0 && self::$info['u_access_level'] != 1 || self::$info['u_force_ssl'] != 0 || defined("FORCE_HTTPS_ALWAYS"))) {
// endre secure cookie
$cookie_expire = self::$info['ses_expire_type'] == LOGIN_TYPE_BROWSER ? 0 : time() + 31536000;
setcookie($__server['cookie_prefix'] . "s", 1, $cookie_expire, $__server['cookie_path'], $__server['cookie_domain']);
// endre session
\Kofradia\DB::get()->exec("UPDATE sessions SET ses_secure = 1 WHERE ses_id = {$sid}");
// krev https
defined("LOGIN_FORCE_SSL") || define("LOGIN_FORCE_SSL", true);
force_https();
self::$info['ses_secure'] = true;
}
// sjekk for hyppige oppdateringer
if ($uid != 1) {
$perioder = array(5 => 10, 10 => 15, 60 => 80);
foreach ($perioder as $tid => $maks) {
$periode = ceil(time() / $tid);
$c_now = isset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'user_hits_' . $tid][$periode]) ? $_SESSION[$GLOBALS['__server']['session_prefix'] . 'user_hits_' . $tid][$periode] + 1 : 1;
unset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'user_hits_' . $tid]);
$_SESSION[$GLOBALS['__server']['session_prefix'] . 'user_hits_' . $tid][$periode] = $c_now;
// for mange visninger
if ($c_now > $maks) {
// finn info
$result = \Kofradia\DB::get()->query("SELECT up_name FROM users, users_players WHERE u_id = {$uid} AND up_id = u_active_up_id");
$name = $result->fetchColumn(0);
unset($result);
putlog("ABUSE", "%bHITS LIMIT%b (%u{$tid}%u-%u{$periode}%u) - %u{$name}%u ({$uid}) - COUNT: %u{$c_now}%u -- {$_SERVER['REQUEST_METHOD']} -- {$_SERVER['REQUEST_URI']} -- {$__server['path']}/min_side?u_id={$uid}");
header("HTTP/1.0 503 Service Unavailiable");
echo sysreport::html_template("For mange visninger", "<p>Du har hatt for mange visninger på siden i løpet av kort tid. Vent litt og prøv igjen.</p>");
die;
}
}
}
// oppdater brukeren
$expire = self::$info['ses_expire_type'] == LOGIN_TYPE_ALWAYS ? time() + 31536000 : (self::$info['ses_expire_type'] == LOGIN_TYPE_BROWSER ? time() + 86400 : time() + 900);
self::$info['ses_expire_time'] = $expire;
$time = time();
// nettlesere
$browsers = self::$info['ses_browsers'];
if (empty($browsers)) {
$browsers = array();
} else {
$browsers = explode("\n", $browsers);
}
// endre nettleser?
if (!in_array($_SERVER['HTTP_USER_AGENT'], $browsers)) {
$browsers[] = $_SERVER['HTTP_USER_AGENT'];
$extra .= ", ses_browsers = " . \Kofradia\DB::quote(implode("\n", $browsers));
$result = \Kofradia\DB::get()->query("SELECT u_email, up_name FROM users, users_players WHERE u_id = {$uid} AND u_active_up_id = up_id");
$row = $result->fetch();
unset($result);
putlog("ABUSE", "%b%c11NETTLESER OPPDAGET:%c%b (%c4%u" . count($browsers) . "%u%c) - {$row['up_name']} ({$row['u_email']}); UID: %u{$uid}%u - SID: {$sid} - IP: {$_SERVER['REMOTE_ADDR']} - NETTLESER: {$_SERVER['HTTP_USER_AGENT']}");
}
if (session_id() != self::$info['ses_phpsessid']) {
$phpsessid = \Kofradia\DB::quote(session_id());
$extra .= ", ses_phpsessid = {$phpsessid}";
}
\Kofradia\DB::get()->exec("UPDATE sessions SET ses_expire_time = {$expire}, ses_hits = ses_hits + 1, ses_last_time = {$time}{$extra} WHERE ses_u_id = {$uid} AND ses_id = {$sid}");
// hent inn brukeren
self::$logged_in = true;
self::load_user($uid);
// oppdater statisikk
$date = $_base->date->get();
self::$info['secs_hour'] = self::get_secs_hour();
\Kofradia\DB::get()->exec("\n\t\t\t\t\t\tINSERT INTO users_hits SET uhi_hits = 1, uhi_up_id = " . login::$user->player->id . ", uhi_secs_hour = " . self::$info['secs_hour'] . "\n\t\t\t\t\t\tON DUPLICATE KEY UPDATE uhi_hits = uhi_hits + 1");
$upd_u = array();
$upd_up = array();
if ($_SERVER['REMOTE_ADDR'] != self::$info['ses_last_ip']) {
$last_ip = \Kofradia\DB::quote($_SERVER['REMOTE_ADDR']);
$upd_u[] = "u_online_ip = {$last_ip}";
self::$user->data['u_online_ip'] = $_SERVER['REMOTE_ADDR'];
if (self::$info['u_online_time'] > time() - 300) {
$delay = time() - self::$info['u_online_time'];
putlog("ABUSE", "%c6%bSESSION-NY-IP:%b%c #%u{$uid}%u har ny IP (%u{$_SERVER['REMOTE_ADDR']}%u) i løpet av kort tid (%u{$delay}%u sekunder) (samme session) {$__server['path']}/min_side?u_id={$uid}");
}
} elseif ($_SERVER['REMOTE_ADDR'] != self::$info['u_online_ip']) {
$last_ip = \Kofradia\DB::quote($_SERVER['REMOTE_ADDR']);
$upd_u[] = "u_online_ip = {$last_ip}";
self::$user->data['u_online_ip'] = $_SERVER['REMOTE_ADDR'];
if (self::$info['u_online_time'] > time() - 300) {
$delay = time() - self::$info['u_online_time'];
putlog("ABUSE", "%c6%bNY-IP:%b%c #%u{$uid}%u har ny IP (%u{$_SERVER['REMOTE_ADDR']}%u) i løpet av kort tid (%u{$delay}%u sekunder) (egen session) {$__server['path']}/min_side?u_id={$uid}");
}
}
// oppdatere spilleren eller brukeren?
if (self::$user->player->data['up_access_level'] != 0) {
$upd_up[] = "up_hits = up_hits + 1";
} else {
$upd_u[] = "u_hits = u_hits + 1";
}
self::$user->data['u_online_time'] = $time;
$upd_u[] = "u_online_time = {$time}";
// vise pålogget status for spilleren?
if (self::$user->player->data['up_access_level'] != 0 && ($uid != SYSTEM_USER_ID || isset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'show_online'])) && (!isset($_SESSION[$GLOBALS['__server']['session_prefix'] . 'hide_online']) || $uid != 1 && $uid != SYSTEM_USER_ID)) {
// oppdatere spilleren?
if (self::$user->player) {
self::$user->player->data['up_last_online'] = $time;
}
$upd_up[] = "up_last_online = {$time}";
}
if (count($upd_u) > 0) {
\Kofradia\DB::get()->exec("UPDATE users SET " . implode(",", $upd_u) . " WHERE u_id = " . self::$user->id);
}
if (count($upd_up) > 0) {
\Kofradia\DB::get()->exec("UPDATE users_players SET " . implode(",", $upd_up) . " WHERE up_id = " . self::$user->player->id);
}
} else {
// fant ingen tilsvarende rad - slett session og cookies
self::logout();
}
} else {
// mangler alle cookies
self::logout();
}
} else {
sess_start();
}
}
/**
* A convenience method to use when you need to ensure that a single
* method is reached only via HTTPS. If it isn't, then a redirect
* will happen back to this method and HSTS header will be sent
* to have modern browsers transform requests automatically.
*
* @param int $duration The number of seconds this link should be
* considered secure for. Only with HSTS header.
* Default value is 1 year.
*/
public function forceHTTPS(int $duration = 31536000)
{
force_https($duration, $this->request, $this->response);
}
