function check_auth()
{
global $session_id, $login_id, $db_name, $p_user, $game_info;
//get all details for the user with that sessionid/login_id combo
//if the admin, don't use the session_id as a key
db("select * from user_accounts where (login_id = '{$login_id}' && session_id = '{$_COOKIE['session_id']}') || (login_id = 1 && '{$login_id}' = 1)");
$p_user = dbr(1);
//admin session id/ session_exp
if ($login_id == 1) {
db("select * from se_games where session_id = '{$session_id}'");
$game_info = dbr(1);
$p_user['session_id'] = $game_info['session_id'];
$p_user['session_exp'] = $game_info['session_exp'];
$p_user['user_agent'] = $game_info['user_agent'];
$db_name = $game_info['db_name'];
}
//echo $p_user['session_exp']."<br />".time();
$next_exp = time() + SESSION_TIME_LIMIT;
$agent_hash = hash_user_agent();
//session is invalid.
if ($session_id == '' || $login_id == 0 || $session_id != $p_user['session_id'] || $p_user['session_exp'] < time() || $agent_hash != $p_user['user_agent']) {
//session expired or invalid
SetCookie("p_pass", "", 0);
SetCookie("session_id", 0, 0);
SetCookie("login_id", 0, 0);
flush();
if (!empty($login_id)) {
insert_history((int) $login_id, $st[1147]);
}
echo "<script>self.location='" . URL_PREFIX . "/';</script>";
exit;
} elseif ($login_id != 1) {
//session o.k.
//if the user isn't in a game, and is pretending to be, throw them back to gamelisting.
//if game is not set
//and player is not looking at game_listing (which doesn't require db_name)
//and player is not using logout.php for logout_game_listing
//then send user to game-listing
//var_dump(strstr($_SERVER['PHP_SELF'], 'logout.php'));
setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']);
// set the auto login cookie
if ($p_user['in_game'] == "" && strstr($_SERVER['PHP_SELF'], 'game_listing.php') === false && strstr($_SERVER['PHP_SELF'], 'ajax.php') === false && strstr($_SERVER['PHP_SELF'], 'user_extra.php') === false && (strstr($_SERVER['PHP_SELF'], 'logout.php') !== false && (!isset($_GET['logout_game_listing']) || isset($_GET['comp_logout']) || isset($_GET['logout_single_game'])) || strstr($_SERVER['PHP_SELF'], 'logout.php') === false)) {
echo "<script>self.location='game_listing.php';</script>";
exit;
}
dbn("update user_accounts set session_exp = '{$next_exp}', page_views = page_views + 1 where login_id = '{$login_id}'");
$p_user['page_views']++;
$p_user['session_exp'] = $next_exp;
$db_name = $p_user['in_game'];
} elseif ($login_id == 1) {
//update admin session time
setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']);
// set the auto login cookie
dbn("update se_games set session_exp = '{$next_exp}' where db_name = '{$db_name}'");
$p_user['session_exp'] = $next_exp;
}
}
function login_to_server($pseudo = '', $mdp = '', $bpUserId = 0, $returnSession = false, $fbUserId = 0)
{
global $p_user, $db_name, $directories, $st, $cw;
$login_name = mysql_escape_string($pseudo ? $pseudo : (string) $_POST['pseudo']);
$agent_hash = hash_user_agent();
/********************** Admin Login *******************/
if ($login_name == "Admin") {
$password = mysql_escape_string((string) $_POST['mdp']);
db("select * from se_games where admin_pw = '{$password}'");
$games_info = dbr(1);
if (empty($games_info)) {
//invalid admin login
insert_history(1, "Bad login Attempt");
sleep(3);
//so as to minimise trouble caused by people trying to guess the pass, and who don't know about the back button. :)
exit("Login Failed. Do no pass go, do not collect your new Harvestor Mammoth.");
} else {
//Admin successfully logged into game
$db_name = $games_info['db_name'];
$session = create_rand_string(32);
SetCookie("login_id", 1, 0);
SetCookie("login_name", "Admin", time() + 2592000);
SetCookie("session_id", $session, 0);
flush();
//send cookies immediatly
$expire = time() + SESSION_TIME_LIMIT;
insert_history(1, "Successfully logged into {$db_name}");
dbn("update {$db_name}_users set game_login_count = game_login_count + 1 where login_id = '1'");
dbn("update se_games set session_id = '{$session}', session_exp = '{$expire}', user_agent = '{$agent_hash}' where db_name = '{$db_name}'");
echo "<script>self.location='location.php';</script> <noscript>You cannot login without JavaScript. Please enable Javascript, or use a browser that supports it.</noscript>";
exit;
}
} elseif (preg_match("/^admin\$/i", $login_name)) {
//other spelling of admin.
sleep(5);
exit("Sod off - you can't even spell 'admin' properly can you?");
}
/*************************User Login************************/
db("select * from user_accounts where login_name = '{$login_name}'");
$p_user = dbr(1);
if (!isset($_POST['enc_pass']) || $mdp) {
//user entered pass on login form
$enc_pass = md5($mdp ? $mdp : $_POST['mdp']);
$pre_enc_pass = 0;
} else {
//pass coming from being hidden in auth. so set pre_enc to ensure auth is checked.
$enc_pass = $_POST['enc_pass'];
$pre_enc_pass = 1;
}
if (empty($p_user)) {
//incorrect username
print_header($cw['login_problem']);
echo "<blockquote>" . sprintf($st[1816], $login_name) . "<br />\r\n\t\t" . $st[1817] . "<p />\r\n\t\t<p /> <a href='inscription.php'>\r\n\t\t" . $cw['sign_up2'] . "</a> <p /> <a href=\"" . URL_PREFIX . "/index.php\">" . $st[1818] . "</a></b></blockquote>";
print_footer();
} elseif ($enc_pass != $p_user['passwd'] && !$bpUserId && !$fbUserId) {
//incorrect password
print_header($cw['bad_passwd']);
echo "<blockquote><b>" . $st[1819] . "<br />" . $st[1820] . "\r\n\t\t<p /><a href=\"javascript:history.back()\">" . $st[1818] . "</a></b><p />" . $st[789] . " ? <a href=change_pass.php?stage_one=1>" . $cw['click_here'] . "</a></blockquote><p />";
insert_history($p_user['login_id'], $cw['bad_login']);
print_footer();
} elseif ($p_user['bp_user_id'] && !$bpUserId) {
// joueur BP connexion classique
print_header("Problème de connexion");
echo "<blockquote><b>Erreur</b><br /><br />Il semble que vous vous soyez inscrit via notre partenaire <a href='http://www.bigpoint.com/' target='_blank'>BigPoint</a>, veuillez utiliser <a href='http://fr.bigpoint.com/games/astravires/' target='_blank'>la fiche jeu Astra Vires</a> sur son portail pour vous connecter.</blockquote><p />";
insert_history($p_user['login_id'], 'Joueur BP connexion classique');
print_footer();
//valid username/pass combination.
//But MUST enter a auth code to continue, as pre_enc_pass was set.
//or no auth code yet entered, and sendmail is set
} elseif ($pre_enc_pass == 1 || $p_user['auth'] != 0 || $bpUserId) {
//get user to enter auth code.
if ((empty($_POST['auth_code']) || $_POST['auth_code'] != $p_user['auth'] && $p_user['auth'] != 0) && !$bpUserId) {
print_header("Authorisation Code Required");
$rs = "";
if (empty($_POST['auth_code'])) {
echo "Please enter the Authorisation Code that was sent to your email address:<br /><br />";
} else {
echo "Authorisation Code did not match.<br />";
}
echo "<form name=get_var_form action={$_SERVER['PHP_SELF']} method=POST>";
echo "<input type=hidden name=l_name value='{$login_name}'><input type=hidden name=enc_pass value='{$enc_pass}'>";
echo "<input type=text name=auth_code value='' size=20> - ";
echo "<input type=submit value=Submit></form>";
print_footer();
} elseif ($_POST['auth_code'] == $p_user['auth'] || $bpUserId) {
dbn("update user_accounts set auth = '0' where login_id = '{$p_user['login_id']}'");
} else {
print_page("hmm", "Something Broke");
}
}
/*****************User successfully logged in***********************/
if ($p_user['mdp']) {
setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']);
}
$session = create_rand_string(32);
SetCookie("login_id", $p_user['login_id'], time() + 2592000);
SetCookie("login_name", $p_user['login_name'], time() + 2592000);
SetCookie("session_id", $session, 0);
$expire = time() + SESSION_TIME_LIMIT;
if (!$returnSession) {
dbn("update user_accounts set last_login = "******", session_id = '{$session}', session_exp = '{$expire}', last_ip = '" . $_SERVER['REMOTE_ADDR'] . "', login_count = login_count + 1, user_agent = '{$agent_hash}' where login_id = '{$p_user['login_id']}'");
insert_history($p_user['login_id'], "Logged Into GameList");
} else {
dbn("update user_accounts set session_id = '{$session}', session_exp = '{$expire}' where login_id = '{$p_user['login_id']}'");
}
// update the password in clear to delete the encrypted one in the future
dbn("update user_accounts set mdp = '" . $_POST['mdp'] . "' where login_id = '" . $p_user[login_id] . "'");
if ($p_user['last_login'] == 0 && !$returnSession) {
//first login. show them the story.
print_header("Histoire");
//load story
$results = load_xml("{$directories['includes']}/stories.xml");
$story = $results['story']['Histoire'];
echo "<a href='game_listing.php'>Continuer</a><br /><br />";
echo "\n<a name=top><center><b>{$story['title']}</b></center></a><br>{$story['content']} <p />Ecrit par <b class=b1>{$story['author']}</b>";
echo "<br /><br /><a href='game_listing.php'>Continuer</a>";
$rs = '';
print_footer();
}
if ($returnSession) {
return $session;
}
}
