1 |
root |
1.1 |
#!/usr/bin/perl -w
|
2 |
|
|
##################
|
3 |
|
|
# Playerfile download utility.
|
4 |
|
|
# Version 1.2
|
5 |
|
|
####
|
6 |
|
|
# Note: This file requires the CGI.pm module to operate. |
7 |
|
|
# The player_dl.html file is a basic web page which |
8 |
|
|
# can be used for downloads. |
9 |
|
|
# |
10 |
|
|
# This CGI script allows players to download their players
|
11 |
|
|
# files through a web interface. It does password checking
|
12 |
|
|
# and has some extra options.
|
13 |
|
|
# |
14 |
|
|
# Note 2: The player files and directories need to be readable |
15 |
|
|
# by whatever uid runs this program. In many cases, this may be |
16 |
|
|
# nobody or apache or whatever. This script does not differentiate |
17 |
|
|
# invalid password or lack of ability to read player files. If |
18 |
|
|
# you get invalid name/password combos and you're sure you're |
19 |
|
|
# entering them correctly, check file permissions. |
20 |
|
|
# |
21 |
|
|
# Note 3: on some systems, differnet password encryption schemes |
22 |
|
|
# are used. Eg, on windows, no encryption is used at all, while |
23 |
|
|
# on others, if des_crypt is available, that is used instead. |
24 |
|
|
# this script would need modification to cover those cases. |
25 |
|
|
# |
26 |
|
|
####
|
27 |
|
|
# Copyright (c) 2003 by Philip Stolarczyk
|
28 |
|
|
# This program is free software; you can redistribute it
|
29 |
|
|
# and/or modify it under the terms of the GNU General Public
|
30 |
|
|
# License as published by the Free Software Foundation;
|
31 |
|
|
# either version 2 of the License, or (at your option) any
|
32 |
|
|
# later version.
|
33 |
|
|
# This program is distributed in the hope that it will be
|
34 |
|
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
35 |
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
36 |
|
|
# PURPOSE. See the GNU General Public License for more
|
37 |
|
|
# details.
|
38 |
|
|
####
|
39 |
|
|
# Config options:
|
40 |
|
|
#
|
41 |
|
|
# Where the tar program is located.
|
42 |
|
|
$tar = '@TAR@';
|
43 |
|
|
|
44 |
|
|
$prefix="@prefix@"; |
45 |
|
|
# Where the crossfire directory is located.
|
46 |
|
|
$crossfire_home = "@pkgstatedir@/players"; |
47 |
|
|
|
48 |
|
|
# Where to save temporary files
|
49 |
|
|
$temp_dir = '/tmp';
|
50 |
|
|
|
51 |
|
|
# How often a player can have their file sent to them, in seconds. (ie. 3600 is once/hour), set to 0 to disable.
|
52 |
|
|
$timelimit = 3600;
|
53 |
|
|
|
54 |
|
|
# Where to save information on when which player files were downloaded, for the time limit function.
|
55 |
|
|
$statefile = "$temp_dir/pldl.dat";
|
56 |
|
|
|
57 |
|
|
# Whether to delete the player's file after they download it.
|
58 |
|
|
$delete_player = 0;
|
59 |
|
|
|
60 |
|
|
#
|
61 |
|
|
####
|
62 |
|
|
# BUGS:
|
63 |
|
|
# Systems that do NL to CRLF interpretation on CGI output
|
64 |
|
|
# will corrupt the .tar file. This includes Microsoft
|
65 |
|
|
# Windows systems. I haven't found any solution.
|
66 |
|
|
##################
|
67 |
|
|
# Code begins.
|
68 |
|
|
|
69 |
|
|
use CGI;
|
70 |
|
|
use CGI::Carp 'fatalsToBrowser';
|
71 |
|
|
$CGI::POST_MAX=1024; # max 1K posts
|
72 |
|
|
$CGI::DISABLE_UPLOADS = 1; # no uploads
|
73 |
|
|
|
74 |
|
|
$q = new CGI;
|
75 |
|
|
|
76 |
|
|
# Verify that player name contains no invalid characters.
|
77 |
|
|
$playername = '';
|
78 |
|
|
$playername = $q->param('playername') if $q->param('playername');
|
79 |
|
|
$playername =~ s/[^A-Za-z_\-]//g; # No invalid chars
|
80 |
|
|
$playername =~ s/^(.{1,64}).*$/$1/; # Max 64 chars, (really it's 16 or 32 in the server)
|
81 |
|
|
|
82 |
|
|
# Default to not validated, until the password is checked.
|
83 |
|
|
$valid = 0;
|
84 |
|
|
|
85 |
|
|
# No error to report yet.
|
86 |
|
|
$errormsg = '';
|
87 |
|
|
|
88 |
|
|
# We want to the time we ran to be consistent, even if it takes a couple seconds.
|
89 |
|
|
$time = time();
|
90 |
|
|
|
91 |
|
|
|
92 |
|
|
# Validate password
|
93 |
|
|
$password = $q->param('password');
|
94 |
|
|
if ($playername) { # Make sure that the user typed in a playername.
|
95 |
|
|
if ((open PLAYERFILE, "$crossfire_home/$playername/$playername.pl") # Make sure the player's file exists
|
96 |
|
|
or (open PLAYERFILE, "$crossfire_home/$playername/$playername.pl.dead")) { # Or use the dead file, if no player is alive
|
97 |
|
|
foreach (<PLAYERFILE>) {
|
98 |
|
|
chomp; chomp;
|
99 |
|
|
# Do actual checking of password.
|
100 |
|
|
if ( /^password (.*)$/ ) { |
101 |
|
|
$cp = crypt($password,$1); |
102 |
|
|
if ($cp eq $1) {
|
103 |
|
|
$valid = 1;
|
104 |
|
|
} |
105 |
|
|
} |
106 |
|
|
}
|
107 |
|
|
close PLAYERFILE;
|
108 |
|
|
}
|
109 |
|
|
}
|
110 |
|
|
if (!$valid) { $errormsg = 'Invalid username or password' };
|
111 |
|
|
|
112 |
|
|
# If the player is validated, and we're limiting how often players can download their files, do so.
|
113 |
|
|
if ($valid and $timelimit and $statefile) {
|
114 |
|
|
open STATEFILE, "<$statefile";
|
115 |
|
|
@contents = <STATEFILE>;
|
116 |
|
|
close STATEFILE;
|
117 |
|
|
# Don't allow more than 1024 players to download their files per $timelimit seconds.
|
118 |
|
|
# This is to prevent STATEFILE from getting too large.
|
119 |
|
|
if ($#contents > 1024) {
|
120 |
|
|
$valid = 0;
|
121 |
|
|
$errormsg = 'Too many players have tried to download their files recently. Please wait a bit before trying again.\n';
|
122 |
|
|
}
|
123 |
|
|
|
124 |
|
|
# Check timestamp of last download for this player
|
125 |
|
|
foreach (@contents) {
|
126 |
|
|
chomp; chomp;
|
127 |
|
|
if (/^DL $playername (.*)$/) {
|
128 |
|
|
# $1 is the last time the file was DLed.
|
129 |
|
|
if ($time > ($timelimit + $1)) {
|
130 |
|
|
$valid = 0;
|
131 |
|
|
$errormsg = 'You just downloaded your file. Wait a bit before trying again.';
|
132 |
|
|
}
|
133 |
|
|
}
|
134 |
|
|
}
|
135 |
|
|
}
|
136 |
|
|
|
137 |
|
|
if ($valid) {
|
138 |
|
|
# Create and send file
|
139 |
|
|
|
140 |
|
|
# Create a new archive
|
141 |
|
|
# Sending binary data.
|
142 |
|
|
# Add content-disposition, in this way, the browser (at least mozilla) |
143 |
|
|
# will use it as the default filename, instead of the cgi script name. |
144 |
|
|
print $q->header(-type=>"application/x-compressed-tar", |
145 |
|
|
"-content-disposition"=>"inline; filename=\"$playername.tar\""); |
146 |
|
|
|
147 |
|
|
# Change to player directory, so that long pathname is not included in |
148 |
|
|
# sent file. |
149 |
|
|
chdir("$crossfire_home"); |
150 |
|
|
# archive up the player |
151 |
|
|
system("$tar -cf - $playername"); |
152 |
|
|
|
153 |
|
|
# 'Delete' player's files, if applicable. (technically rename them, to hide from server.)
|
154 |
|
|
if ($valid and $delete_player) {
|
155 |
|
|
@files= glob("$crossfire_home/$playername/*");
|
156 |
|
|
# Rename all files except *.tar
|
157 |
|
|
foreach (@files) {
|
158 |
|
|
next if ( /\.tar$/i );
|
159 |
|
|
rename $_, "$_.downloaded";
|
160 |
|
|
}
|
161 |
|
|
}
|
162 |
|
|
|
163 |
|
|
# Set timestamp of last download for this player, if applicable.
|
164 |
|
|
# Also, remove outdated player download timestamps, if applicable.
|
165 |
|
|
if ($timelimit > 0 and $statefile) {
|
166 |
|
|
if (open STATEFILE, "<$statefile") {
|
167 |
|
|
@contents = <STATEFILE>;
|
168 |
|
|
close STATEFILE;
|
169 |
|
|
} else {
|
170 |
|
|
@contents = ();
|
171 |
|
|
}
|
172 |
|
|
|
173 |
|
|
if (open STATEFILE, ">$statefile") {
|
174 |
|
|
foreach (@contents) {
|
175 |
|
|
chomp; chomp;
|
176 |
|
|
if (/^DL (.*) (.*)$/) {
|
177 |
|
|
# All lines starting with DL are download time records.
|
178 |
|
|
my ($playerdownloaded, $timedownloaded) = ($1, $2);
|
179 |
|
|
|
180 |
|
|
# If this player just downloaded their file, don't copy them yet. We update their timestamp later.
|
181 |
|
|
next if ($valid and ($playerdownloaded eq $playername));
|
182 |
|
|
# If this record has expired, don't copy it.
|
183 |
|
|
next if (($timedownloaded + $timelimit) < $time);
|
184 |
|
|
# Otherwise, copy the record to the new state file.
|
185 |
|
|
print "$_\n";
|
186 |
|
|
} else {
|
187 |
|
|
# Allow other lines in this file.
|
188 |
|
|
print "$_\n";
|
189 |
|
|
}
|
190 |
|
|
}
|
191 |
|
|
# If this player downloaded their file, save it.
|
192 |
|
|
if ($valid) {
|
193 |
|
|
print STATEFILE "DL $playername $time\n";
|
194 |
|
|
}
|
195 |
|
|
close STATEFILE;
|
196 |
|
|
} else {
|
197 |
|
|
die "Unable to save state to file $statefile.\n";
|
198 |
|
|
}
|
199 |
|
|
} |
200 |
|
|
}
|
201 |
|
|
|
202 |
|
|
# If no file was sent, send a form and any error messages.
|
203 |
|
|
if (!$valid) {
|
204 |
|
|
print $q->header('text/html');
|
205 |
|
|
|
206 |
|
|
# Print header
|
207 |
|
|
print $q->start_html('Download your player file');
|
208 |
|
|
print "\n\n\n";
|
209 |
|
|
|
210 |
|
|
# print any error message that may have occured.
|
211 |
|
|
if ($errormsg) {
|
212 |
|
|
print $q->h3("ERROR: ". $errormsg), $q->br(), $q->br();
|
213 |
|
|
}
|
214 |
|
|
|
215 |
|
|
# Print warnings if $delete_player is enabled.
|
216 |
|
|
if ($delete_player) {
|
217 |
|
|
print <<'(END)';
|
218 |
|
|
<pre><font color="#FF0000">WARNING:</font>
|
219 |
|
|
Downloading your file will remove it from the server. If the
|
220 |
|
|
download fails, contact the system administrator, and they may
|
221 |
|
|
be able to retrieve the file.
|
222 |
|
|
</pre>
|
223 |
|
|
(END)
|
224 |
|
|
}
|
225 |
|
|
|
226 |
|
|
print $q->h2("Download your player file:");
|
227 |
|
|
|
228 |
|
|
# Print generic form to allow player to download their file.
|
229 |
|
|
print $q->start_form(),
|
230 |
|
|
'Character name: ', $q->textfield('playername'), $q->br(),
|
231 |
|
|
'Character password: ' , $q->password_field('password'), $q->br(),
|
232 |
|
|
$q->submit('Download'), $q->reset('Clear Entries'), $q->end_form();
|
233 |
|
|
|
234 |
|
|
print $q->end_html();
|
235 |
|
|
}
|