unset($input['password']); } $values = $input; // Load the DataLayer @(include_once 'includes/datalayer.class.php'); // Make sure the DataLayer class loaded sucessfully if (!class_exists('DataLayer')) { die("ERROR: Unable to load DataLayer class.\n"); } $dl = new DataLayer($config['datalayer']); if ($dl === false) { die("ERROR: Unable to connect to database.\n"); } // Prune out dead servers bzlog('Deleting inactive servers from list', 3); $dl->Servers_Delete_ByAge(NOW - $config['maximumServerAge']); // Check if they are requesting a token if (isset($values['username']) && isset($values['password'])) { // Pull the player's information from the database $data['player'] = $dl->Player_Fetch_ByUsername($values['username']); // Verify that the user exists and that their password is correct if (!$data['player'] || md5($values['password']) != $data['player']['password']) { // If not, they do not get a token. Inform the client. die("NOTOK: Invalid username or password.\n"); } else { // We're done with the password, so get rid of it unset($values['password']); // If there is still enough time left before the token expires, give it // back to them. Verify this is a request from the same IP. if ($_SERVER['REMOTE_ADDR'] == $data['player']['tokenipaddress'] && !empty($data['player']['token']) && $data['player']['tokendate'] + ($config['token']['lifetime'] - $config['token']['regenerationGracePeriod']) > NOW) { echo "TOKEN: " . $data['player']['token'] . "\n";