1 |
#!/usr/bin/perl -w
|
2 |
##################
|
3 |
# Playerfile download utility.
|
4 |
# Version 1.2
|
5 |
####
|
6 |
# Note: This file requires the CGI.pm module to operate. |
7 |
# The player_dl.html file is a basic web page which |
8 |
# can be used for downloads. |
9 |
# |
10 |
# This CGI script allows players to download their players
|
11 |
# files through a web interface. It does password checking
|
12 |
# and has some extra options.
|
13 |
# |
14 |
# Note 2: The player files and directories need to be readable |
15 |
# by whatever uid runs this program. In many cases, this may be |
16 |
# nobody or apache or whatever. This script does not differentiate |
17 |
# invalid password or lack of ability to read player files. If |
18 |
# you get invalid name/password combos and you're sure you're |
19 |
# entering them correctly, check file permissions. |
20 |
# |
21 |
# Note 3: on some systems, differnet password encryption schemes |
22 |
# are used. Eg, on windows, no encryption is used at all, while |
23 |
# on others, if des_crypt is available, that is used instead. |
24 |
# this script would need modification to cover those cases. |
25 |
# |
26 |
####
|
27 |
# Copyright (c) 2003 by Philip Stolarczyk
|
28 |
# This program is free software; you can redistribute it
|
29 |
# and/or modify it under the terms of the GNU General Public
|
30 |
# License as published by the Free Software Foundation;
|
31 |
# either version 2 of the License, or (at your option) any
|
32 |
# later version.
|
33 |
# This program is distributed in the hope that it will be
|
34 |
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
35 |
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
36 |
# PURPOSE. See the GNU General Public License for more
|
37 |
# details.
|
38 |
####
|
39 |
# Config options:
|
40 |
#
|
41 |
# Where the tar program is located.
|
42 |
$tar = '@TAR@';
|
43 |
|
44 |
$prefix="@prefix@"; |
45 |
# Where the crossfire directory is located.
|
46 |
$crossfire_home = "@pkgstatedir@/players"; |
47 |
|
48 |
# Where to save temporary files
|
49 |
$temp_dir = '/tmp';
|
50 |
|
51 |
# How often a player can have their file sent to them, in seconds. (ie. 3600 is once/hour), set to 0 to disable.
|
52 |
$timelimit = 3600;
|
53 |
|
54 |
# Where to save information on when which player files were downloaded, for the time limit function.
|
55 |
$statefile = "$temp_dir/pldl.dat";
|
56 |
|
57 |
# Whether to delete the player's file after they download it.
|
58 |
$delete_player = 0;
|
59 |
|
60 |
#
|
61 |
####
|
62 |
# BUGS:
|
63 |
# Systems that do NL to CRLF interpretation on CGI output
|
64 |
# will corrupt the .tar file. This includes Microsoft
|
65 |
# Windows systems. I haven't found any solution.
|
66 |
##################
|
67 |
# Code begins.
|
68 |
|
69 |
use CGI;
|
70 |
use CGI::Carp 'fatalsToBrowser';
|
71 |
$CGI::POST_MAX=1024; # max 1K posts
|
72 |
$CGI::DISABLE_UPLOADS = 1; # no uploads
|
73 |
|
74 |
$q = new CGI;
|
75 |
|
76 |
# Verify that player name contains no invalid characters.
|
77 |
$playername = '';
|
78 |
$playername = $q->param('playername') if $q->param('playername');
|
79 |
$playername =~ s/[^A-Za-z_\-]//g; # No invalid chars
|
80 |
$playername =~ s/^(.{1,64}).*$/$1/; # Max 64 chars, (really it's 16 or 32 in the server)
|
81 |
|
82 |
# Default to not validated, until the password is checked.
|
83 |
$valid = 0;
|
84 |
|
85 |
# No error to report yet.
|
86 |
$errormsg = '';
|
87 |
|
88 |
# We want to the time we ran to be consistent, even if it takes a couple seconds.
|
89 |
$time = time();
|
90 |
|
91 |
|
92 |
# Validate password
|
93 |
$password = $q->param('password');
|
94 |
if ($playername) { # Make sure that the user typed in a playername.
|
95 |
if ((open PLAYERFILE, "$crossfire_home/$playername/$playername.pl") # Make sure the player's file exists
|
96 |
or (open PLAYERFILE, "$crossfire_home/$playername/$playername.pl.dead")) { # Or use the dead file, if no player is alive
|
97 |
foreach (<PLAYERFILE>) {
|
98 |
chomp; chomp;
|
99 |
# Do actual checking of password.
|
100 |
if ( /^password (.*)$/ ) { |
101 |
$cp = crypt($password,$1); |
102 |
if ($cp eq $1) {
|
103 |
$valid = 1;
|
104 |
} |
105 |
} |
106 |
}
|
107 |
close PLAYERFILE;
|
108 |
}
|
109 |
}
|
110 |
if (!$valid) { $errormsg = 'Invalid username or password' };
|
111 |
|
112 |
# If the player is validated, and we're limiting how often players can download their files, do so.
|
113 |
if ($valid and $timelimit and $statefile) {
|
114 |
open STATEFILE, "<$statefile";
|
115 |
@contents = <STATEFILE>;
|
116 |
close STATEFILE;
|
117 |
# Don't allow more than 1024 players to download their files per $timelimit seconds.
|
118 |
# This is to prevent STATEFILE from getting too large.
|
119 |
if ($#contents > 1024) {
|
120 |
$valid = 0;
|
121 |
$errormsg = 'Too many players have tried to download their files recently. Please wait a bit before trying again.\n';
|
122 |
}
|
123 |
|
124 |
# Check timestamp of last download for this player
|
125 |
foreach (@contents) {
|
126 |
chomp; chomp;
|
127 |
if (/^DL $playername (.*)$/) {
|
128 |
# $1 is the last time the file was DLed.
|
129 |
if ($time > ($timelimit + $1)) {
|
130 |
$valid = 0;
|
131 |
$errormsg = 'You just downloaded your file. Wait a bit before trying again.';
|
132 |
}
|
133 |
}
|
134 |
}
|
135 |
}
|
136 |
|
137 |
if ($valid) {
|
138 |
# Create and send file
|
139 |
|
140 |
# Create a new archive
|
141 |
# Sending binary data.
|
142 |
# Add content-disposition, in this way, the browser (at least mozilla) |
143 |
# will use it as the default filename, instead of the cgi script name. |
144 |
print $q->header(-type=>"application/x-compressed-tar", |
145 |
"-content-disposition"=>"inline; filename=\"$playername.tar\""); |
146 |
|
147 |
# Change to player directory, so that long pathname is not included in |
148 |
# sent file. |
149 |
chdir("$crossfire_home"); |
150 |
# archive up the player |
151 |
system("$tar -cf - $playername"); |
152 |
|
153 |
# 'Delete' player's files, if applicable. (technically rename them, to hide from server.)
|
154 |
if ($valid and $delete_player) {
|
155 |
@files= glob("$crossfire_home/$playername/*");
|
156 |
# Rename all files except *.tar
|
157 |
foreach (@files) {
|
158 |
next if ( /\.tar$/i );
|
159 |
rename $_, "$_.downloaded";
|
160 |
}
|
161 |
}
|
162 |
|
163 |
# Set timestamp of last download for this player, if applicable.
|
164 |
# Also, remove outdated player download timestamps, if applicable.
|
165 |
if ($timelimit > 0 and $statefile) {
|
166 |
if (open STATEFILE, "<$statefile") {
|
167 |
@contents = <STATEFILE>;
|
168 |
close STATEFILE;
|
169 |
} else {
|
170 |
@contents = ();
|
171 |
}
|
172 |
|
173 |
if (open STATEFILE, ">$statefile") {
|
174 |
foreach (@contents) {
|
175 |
chomp; chomp;
|
176 |
if (/^DL (.*) (.*)$/) {
|
177 |
# All lines starting with DL are download time records.
|
178 |
my ($playerdownloaded, $timedownloaded) = ($1, $2);
|
179 |
|
180 |
# If this player just downloaded their file, don't copy them yet. We update their timestamp later.
|
181 |
next if ($valid and ($playerdownloaded eq $playername));
|
182 |
# If this record has expired, don't copy it.
|
183 |
next if (($timedownloaded + $timelimit) < $time);
|
184 |
# Otherwise, copy the record to the new state file.
|
185 |
print "$_\n";
|
186 |
} else {
|
187 |
# Allow other lines in this file.
|
188 |
print "$_\n";
|
189 |
}
|
190 |
}
|
191 |
# If this player downloaded their file, save it.
|
192 |
if ($valid) {
|
193 |
print STATEFILE "DL $playername $time\n";
|
194 |
}
|
195 |
close STATEFILE;
|
196 |
} else {
|
197 |
die "Unable to save state to file $statefile.\n";
|
198 |
}
|
199 |
} |
200 |
}
|
201 |
|
202 |
# If no file was sent, send a form and any error messages.
|
203 |
if (!$valid) {
|
204 |
print $q->header('text/html');
|
205 |
|
206 |
# Print header
|
207 |
print $q->start_html('Download your player file');
|
208 |
print "\n\n\n";
|
209 |
|
210 |
# print any error message that may have occured.
|
211 |
if ($errormsg) {
|
212 |
print $q->h3("ERROR: ". $errormsg), $q->br(), $q->br();
|
213 |
}
|
214 |
|
215 |
# Print warnings if $delete_player is enabled.
|
216 |
if ($delete_player) {
|
217 |
print <<'(END)';
|
218 |
<pre><font color="#FF0000">WARNING:</font>
|
219 |
Downloading your file will remove it from the server. If the
|
220 |
download fails, contact the system administrator, and they may
|
221 |
be able to retrieve the file.
|
222 |
</pre>
|
223 |
(END)
|
224 |
}
|
225 |
|
226 |
print $q->h2("Download your player file:");
|
227 |
|
228 |
# Print generic form to allow player to download their file.
|
229 |
print $q->start_form(),
|
230 |
'Character name: ', $q->textfield('playername'), $q->br(),
|
231 |
'Character password: ' , $q->password_field('password'), $q->br(),
|
232 |
$q->submit('Download'), $q->reset('Clear Entries'), $q->end_form();
|
233 |
|
234 |
print $q->end_html();
|
235 |
}
|