function ryzom_authenticate_with_session(&$name, &$cid, &$error_message) { $c = ''; $action = ryzom_get_param('action'); if ($action == 'logout') { unset($_SESSION['name']); unset($_SESSION['cid']); } if (isset($_SESSION['name']) && ($name == '' || $_SESSION['name'] == $name)) { $name = $_SESSION['cid']; $cid = $_SESSION['cid']; return true; } $char = ryzom_get_param('char'); $password = ryzom_get_param('password'); if ($char && $password) { // check credentials if (ryzom_authenticate_with_char_and_password($char, $password, $cid)) { $_SESSION['name'] = $char; $_SESSION['cid'] = $cid; return true; } else { $error_message = 'bad_auth'; } } else { return NULL; } return false; }
function ryzom_get_user_id($cid, $name, $creation_date) { if (isset($_SESSION['user'])) { return $_SESSION['user']['id']; } $user = unserialize(base64_decode(ryzom_get_param('user'))); $_SESSION['user'] = $user; return $user['id']; }
function ryzom_authenticate_with_session($name, $redirect) { if (isset($_SESSION['user'])) { return true; } if (ryzom_get_param('user')) { return true; } return false; }
function doAction($url_params) { if (!$url_params['ryform_name']) { return array(DATA_RYFORM_VALUE, array()); } $ret = ''; $ryforms = explode('/', $url_params['ryform_name']); $this_ryform_name = array_shift($ryforms); list($ryform_name, $ryform_pos) = explode(':', $this_ryform_name); if (!isset($this->defines[$ryform_name])) { return 'Bad ryform name'; } $def = $this->defines[$ryform_name]; if ($ryforms) { $action = 'edit'; $next_action = $url_params['ryform_action']; } else { $action = $url_params['ryform_action']; $next_action = ''; } switch ($action) { case 'list': if (isset($url_params['ryform_parent']) && $url_params['ryform_parent']) { $ryform_parent = $url_params['ryform_parent'] . '/'; } else { $ryform_parent = ''; } $ret .= '<table cellpadding="0" cellspacing="0" width="100%">'; foreach ($def->params as $id => $ryform) { if (is_array($ryform)) { $ret .= _s('t row 1', '<td height="28px" width="22px" bgcolor=' . ryzom_get_color_style('section') . '></td><td bgcolor=' . ryzom_get_color_style('section') . '>' . ryzom_font(_t('ryform_cat_' . $id), '', '12') . '</td><td bgcolor=' . ryzom_get_color_style('section') . '></td>'); foreach ($ryform as $subid => $subryform) { $ret .= _s('t row ' . $subid % 2, '<td width="22px" height="34px">' . self::$ryformsIcons[$subryform] . '</td><td> ' . _l(_t($subryform . '_short_description'), $url_params, array('ryform_name' => $ryform_parent . $url_params['ryform_name'], 'ryform_action' => 'add', 'new_ryform' => $subryform)) . '</td><td>' . $subryform . '</td>'); } } else { $ret .= _s('t row ' . $id % 2, '<td width="22px" height="34px">' . self::$ryformsIcons[$ryform] . '</td><td> ' . _l(_t($ryform . '_short_description'), $url_params, array('ryform_name' => $ryform_parent . $url_params['ryform_name'], 'ryform_action' => 'add', 'new_ryform' => $ryform)) . '</td><td>' . $ryform . '</td>'); } } $ret .= '</table>'; return array(DATA_HTML_FORM, $ret); break; case 'list_multiadd': // TODO /* unset($url_params[$deffullname.'_action']); $ret .= '<table cellpadding="5"><tr>'; foreach ($def->params as $ryform) { $ret .= '<td bgcolor="#000000">'._l($ryform, $url_params, array('ryform_action' => 'multiadd', 'new_ryform' => $ryform)).'</td>'; } $ret .= '</tr></table>'; return array(DATA_HTML_FORM, $ret);*/ break; case 'add': $new_ryform = ryzom_get_param('new_ryform'); $valid_ryform = false; if ($new_ryform) { if (is_string($def->params) && $new_ryform == $def->params || in_array($new_ryform, $def->params)) { $valid_ryform = true; } else { foreach ($def->params as $param) { if (is_array($param) && in_array($new_ryform, $param)) { $valid_ryform = true; } } } if (!$valid_ryform) { return array(DATA_HTML_FORM, 'Bad ryform'); } } else { $new_ryform = $def->params; } $ryform = new $new_ryform($new_ryform, ''); $ryform->preSerialization(); if ($def->type != DEF_TYPE_RYFORM) { p($def->value); if (!is_array($def->value)) { $savedRyform = array($def->value); } else { $savedRyform = $def->value; } if ($ryform_pos === 0) { $value = array_values(array_merge(array($ryform), $savedRyform)); } else { if ($ryform_pos !== NULL) { $begin = array_slice($savedRyform, 0, $ryform_pos); $end = array_slice($savedRyform, $ryform_pos, count($savedRyform) - $ryform_pos); $value = array_values(array_merge($begin, array($ryform), $end)); } else { $value[] = $ryform; } } p($ryform_name, $value); //return array(DATA_RYFORM_VALUE, array('stages' => array())); return array(DATA_RYFORM_VALUE, array($ryform_name => $value)); } else { p($ryform_name, $ryform); return array(DATA_RYFORM_VALUE, array($ryform_name => $ryform)); } break; case 'edit': $a_ryforms = $def->value; if (is_array($a_ryforms)) { $ryform = $a_ryforms[$ryform_pos]; } else { $ryform = $a_ryforms; } $ryform->postSerialization(); $validate = isset($url_params['validate']) && $url_params['validate']; $form = new ryForm('', $def->name); foreach ($ryform->getFormDefs() as $form_def) { $form->addDefine($form_def); $name = $form_def->name; // Init form with ryfom values if (property_exists($ryform, $name)) { $form->addValue($form_def->name, $ryform->{$name}); } } foreach ($ryform->getFormDefsExtraValues() as $def_name => $extra_values) { $form->addExtraValues($def_name, $extra_values); } $form->setTemplate($ryform->getTemplate()); list($result_type, $value) = $form->getForm(array('action' => $url_params['action'], 'script' => $url_params['script'], 'ryform_action' => $next_action, 'ryform_parent' => $this_ryform_name, 'ryform_name' => implode('/', $ryforms), 'validate' => $validate)); if ($result_type == DATA_HTML_FORM) { return array(DATA_HTML_FORM, $value); } else { if ($result_type == DATA_FORM_VALUES) { $value = $form->validateFormPost($value); } $ryform->setFormParams($value); $ryform->preSerialization(); } if (is_array($a_ryforms)) { $a_ryforms[$ryform_pos] = $ryform; } else { $a_ryforms = $ryform; } $value = array($ryform_name => $a_ryforms); return array(DATA_RYFORM_VALUE, $value); break; case 'del': $id = $ryform_pos; p($def->value); if (!is_array($def->value)) { $def->value = array(); } else { unset($def->value[$id]); } $value = array_values($def->value); return array(DATA_RYFORM_VALUE, array($ryform_name => $value)); break; case 'up': $a_ryforms = $def->value; if (!is_array($a_ryforms)) { ryzom_redirect(_url($url_params, array('ryform_action' => ''))); } $temp_ryform = $a_ryforms[$ryform_pos - 1]; $a_ryforms[$ryform_pos - 1] = $a_ryforms[$ryform_pos]; $a_ryforms[$ryform_pos] = $temp_ryform; $a_ryforms = array_values($a_ryforms); p($ryform_name, $a_ryforms); return array(DATA_RYFORM_VALUE, array($ryform_name => $a_ryforms)); break; case 'down': $a_ryforms = $def->value; if (!is_array($a_ryforms)) { ryzom_redirect(_url($url_params, array('ryform_action' => ''))); } $temp_ryform = $a_ryforms[$ryform_pos + 1]; $a_ryforms[$ryform_pos + 1] = $a_ryforms[$ryform_pos]; $a_ryforms[$ryform_pos] = $temp_ryform; $a_ryforms = array_values($a_ryforms); return array(DATA_RYFORM_VALUE, array($ryform_name => $a_ryforms)); break; case 'source': $a_ryforms = $def->value; if (is_array($a_ryforms)) { $ryform = $a_ryforms[$ryform_pos]; } else { $ryform = $a_ryforms; } $ryform->postSerialization(); $form = new ryForm('', $def->name); $form->addDefine(new ryFormDef('ryform_source', DEF_TYPE_TEXTAREA, '', base64_encode(serialize($ryform)))); $validate = isset($url_params['validate']) && $url_params['validate']; list($result_type, $value) = $form->getForm(array('ryform_action' => $next_action, 'ryform_parent' => $this_ryform_name, 'ryform_name' => implode('/', $ryforms), 'validate' => $validate)); if ($result_type == DATA_HTML_FORM) { return array(DATA_HTML_FORM, $value); } else { if ($result_type == DATA_FORM_VALUES) { $params = $form->validateFormPost($value); } else { $params = $value; } $ryform = unserialize(base64_decode($params['ryform_source'])); if (!is_object($ryform)) { unset($url_params['validate']); ryzom_redirect(_url($url_params, array('ryform_action' => '', 'message' => 'bad_paste'))); } $is_valid = false; p($def->params); foreach ($def->params as $id => $ryform_class) { if (is_array($ryform_class)) { if (in_array(get_class($ryform), array_values($ryform_class))) { $is_valid = true; } } else { if (get_class($ryform) == $ryform_class) { $is_valid = true; } } } if (!$is_valid) { p(get_class($ryform), $def->params); ryzom_redirect(_url($url_params, array($deffullname . '_action' => '', 'message' => 'not_valid_stage'))); return; } if (is_array($a_ryforms)) { $a_ryforms[$ryform_pos] = $ryform; } else { $a_ryforms = $ryform; } $value = array($ryform_name => $a_ryforms); return array(DATA_RYFORM_VALUE, $value); } return; break; } return $ret; }
* ryzom_api is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with ryzom_api. If not, see <http://www.gnu.org/licenses/>. */ require_once 'ryzom_api.php'; $cid = ryzom_get_param('cid'); $name = ryzom_get_param('name'); $authserver = ryzom_get_param('authserver'); $authkey = ryzom_get_param('authkey'); if ($authserver) { if (ryzom_authenticate_with_serverkey($cid, $name, $authserver, $authkey)) { die('1'); } die('0'); } if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Ryzom') || ryzom_get_param('ig')) { echo 'ig'; if (ryzom_authenticate_ingame($cid, $name, $authkey)) { echo 'ok'; $user_infos = ryzom_user_get_info($cid); echo ryzom_get_user_id($cid, $name, $user_infos['creation_date']); die('1'); } die('0'); } else { echo ryzom_authenticate_with_session($name, $cid, $error_message); }
function validateCallback() { $index_infos = $this->dfm->loadUserDataFromApp('hmagic.index', 'app_profile'); $playerEid = ryzom_get_param('player_eid'); $event = ryzom_get_param('event'); $desc_error = ryzom_get_param('desc'); $desc = ''; if ($desc_error) { $desc = '&desc=' . $desc_error; } list($index, $tid) = explode('_', ryzom_get_param('tid')); $web_app_url = $index_infos['url'][$index]; if ($index . '_' . $tid != $index_infos['time'][$index]) { return false; } $trans_id = ''; if ($tid) { $trans_id = '&tid=' . $index . '_' . $tid; } $hmac = ryzom_get_param('hmac'); $checksum = $web_app_url . $trans_id . '&player_eid=' . $playerEid . '&event=' . $event . $desc; $real_hmac = strtoupper(hash_hmac('sha1', $checksum, RYAPI_EGS_SALT)); if ($real_hmac != $hmac) { return false; } else { return true; } }
function ryzom_app_authenticate(&$user, $ask_login = true, $welcome_message = '', $webprivs = true) { $name = ryzom_get_param('name'); $urluser = ryzom_get_param('user'); // user serialization send by auth server $urlusercheksum = ryzom_get_param('checksum'); // user serialization checksum $authkey = ryzom_get_param('authkey'); // InGame authkey $lang = ryzom_get_param('lang'); $cid = intval(ryzom_get_param('cid')); $is_auth_ingame = false; // we have to set the $user['lang'] even for anonymous user or we cannot display the test in the right langage if ($lang == '') { if (!isset($_SESSION['lang'])) { $l = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) : 'en'; if ($l == 'fr' || $l == 'en' || $l == 'de' || $l == 'ru' || $l == 'es') { $lang = $l; } else { $lang = 'en'; } } else { $lang = $_SESSION['lang']; } } if ($lang != 'fr' && $lang != 'en' && $lang != 'de' && $lang != 'ru' && $lang != 'es') { $lang = 'en'; } $user['message'] = ''; $user['lang'] = $lang; $user['groups'] = array(); if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Ryzom') || ryzom_get_param('ig')) { $user['ig'] = true; } else { $user['ig'] = false; } if (isset($_SESSION['user'])) { if (ryzom_get_param('action') == 'logout') { unset($_SESSION['user']); } else { $_SESSION['user']['ig'] = $user['ig']; define('RYZOM_IG', $user['ig']); $user = $_SESSION['user']; return true; } } if ($urluser && $urlusercheksum) { // Check $authuser (used to test app from another server ingame) if (hash_hmac('sha1', $urluser, RYAPI_AUTH_KEY) == $urlusercheksum) { $ig = $user['ig']; $user = array_merge($user, unserialize(base64_decode($urluser))); $user['ig'] = $ig; if (!isset($user['groups'])) { $user['groups'] = array(); } define('RYZOM_IG', $user['ig']); $_SESSION['user'] = $user; return true; } } if ($user['ig']) { // Ingame $shardid = ryzom_get_param('shardid'); $error_message = ''; if (ryzom_authenticate_ingame($shardid, $cid, $name, $authkey) || ryzom_authenticate_with_session($name, $cid, $error_message)) { $is_auth_ingame = true; } } else { // Outgame or bad ingame auth (external server) : Use session $error_message = ''; if (!ryzom_authenticate_with_session($name, $cid, $error_message)) { define('RYZOM_IG', false); if ($ask_login) { if ($error_message) { $c = '<h3>' . _t($error_message) . '</h3>'; } else { $c = ''; } if (!$welcome_message) { $welcome_message = '<span style="font-size:11pt; color: #AAAAFF">The application <strong style="color: #99FFFF">' . _t(APP_NAME) . '</strong> require authentication. Please enter your credentials</span>'; } $c .= '<div style="text-align: center">' . $welcome_message . '</div><br />'; if ($user['message']) { $c .= '<div style="text-align: center"><strong style="color: #FF5555">' . _t($user['message']) . '</strong></div><br />'; } $c .= ryzom_render_login_form($name, false); echo ryzom_app_render(_t('app_' . APP_NAME), $c); die; } return false; } } $_SESSION['lang'] = $lang; define('RYZOM_IG', $user['ig']); // get user informations $ig = $user['ig']; $user = ryzom_user_get_info($cid, $webprivs, RYAPI_USE_PLAYER_STATS); if (isset($user['creation_date'])) { $user['id'] = ryzom_get_user_id($cid, $user['char_name'], $user['creation_date'], $user); } $user['gender'] = ryzom_get_user_gender($user['id']); $user['ig'] = $ig; $user['lang'] = $_SESSION['lang']; if (!isset($user['groups'])) { $user['groups'] = array(); } if ($is_auth_ingame && $user['last_played_date'] != '0') { $user['auth_ig'] = true; } else { $user['auth_ig'] = false; } if (!isset($_SESSION['translater_mode']) || ryzom_get_param('translate_this') == '0') { $_SESSION['translater_mode'] = false; } // Set/unset translation mode if (in_array('WTRS', $user['groups']) && ryzom_get_param('translate_this') == '1') { $_SESSION['translater_mode'] = true; } $user['translation_mode'] = $_SESSION['translater_mode']; // $user['after_merge'] = $user['uid'] >= 671686; ryzom_unset_url_param('translate_this'); if (isset($user['last_played_date'])) { $_SESSION['last_played_date'] = $user['last_played_date']; } // don't send this informations to external apps unset($user['last_played_date']); unset($user['creation_date']); return true; }
<?php include_once 'config.php'; include_once 'lang.php'; // List of apps $apps = array('app_test'); $c = ''; // Ask to authenticate user (using ingame or session method) and fill $user with all information $logged = ryzom_app_authenticate($user, false); if ($logged) { $c .= '<h1>' . _t('welcome', $user['char_name']) . '</h1>'; } else { if (!$user['ig']) { if ($user['message']) { $c .= '<div style="text-align: center"><strong style="color: #FF5555">' . _t($user['message']) . '</strong></div><br />'; } $c .= ryzom_render_login_form(ryzom_get_param('name')); } } foreach ($apps as $app) { $c .= '<a href="' . RYAPP_URL . '/' . $app . '/index.php"><img src="' . RYAPP_URL . '/' . $app . '/favicon.png" />' . _t($app) . '</a><br />'; } if ($logged && !$user['ig']) { $c .= '<br /><a href="' . RYAPP_URL . '/index.php?action=logout">' . _t('logout') . '</a>'; } // Print GET values on debug view p($_GET); echo ryzom_app_render('Ryzom', $c, $user['ig']);