server/utils/player_dl.pl.in

#!/usr/bin/perl -w
##################
# Playerfile download utility.
# Version 1.2
####
# Note: This file requires the CGI.pm module to operate.
# The player_dl.html file is a basic web page which
# can be used for downloads.
#
# This CGI script allows players to download their players
# files through a web interface.  It does password checking
# and has some extra options.  
#
# Note 2: The player files and directories need to be readable
# by whatever uid runs this program.  In many cases, this may be
# nobody or apache or whatever.  This script does not differentiate
# invalid password or lack of ability to read player files.  If
# you get invalid name/password combos and you're sure you're
# entering them correctly, check file permissions.
#
# Note 3: on some systems, differnet password encryption schemes
# are used.  Eg, on windows, no encryption is used at all, while
# on others, if des_crypt is available, that is used instead.
# this script would need modification to cover those cases.
#
####
# Copyright (c) 2003 by Philip Stolarczyk
# This  program  is  free  software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License  as  published  by  the  Free Software Foundation;
# either version 2 of the License, or (at your  option)  any
# later version.
# This  program  is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty  of  MERCHANTABILITY  or FITNESS FOR A PARTICULAR
# PURPOSE.  See the GNU  General  Public  License  for  more
# details.
####
#   Config options:
#
# Where the tar program is located. 
$tar = '@TAR@';

$prefix="@prefix@";
# Where the crossfire directory is located.
$crossfire_home = "@pkgstatedir@/players";

# Where to save temporary files
$temp_dir = '/tmp';

# How often a player can have their file sent to them, in seconds. (ie. 3600 is once/hour), set to 0 to disable.
$timelimit = 3600;

# Where to save information on when which player files were downloaded, for the time limit function.
$statefile = "$temp_dir/pldl.dat";

# Whether to delete the player's file after they download it.
$delete_player = 0;

#
####
# BUGS:
#  Systems that do NL to CRLF interpretation on CGI output
#       will corrupt the .tar file.  This includes Microsoft
#       Windows systems.  I haven't found any solution.
##################
# Code begins.

use CGI;
use CGI::Carp 'fatalsToBrowser';
$CGI::POST_MAX=1024;  # max 1K posts
$CGI::DISABLE_UPLOADS = 1;  # no uploads

$q = new CGI;

# Verify that player name contains no invalid characters. 
$playername = '';
$playername = $q->param('playername') if $q->param('playername');
$playername =~ s/[^A-Za-z_\-]//g;       # No invalid chars
$playername =~ s/^(.{1,64}).*$/$1/;     # Max 64 chars, (really it's 16 or 32 in the server)

# Default to not validated, until the password is checked.
$valid = 0;

# No error to report yet.
$errormsg = '';

# We want to the time we ran to be consistent, even if it takes a couple seconds.
$time = time();


# Validate password
$password = $q->param('password');
if ($playername) { # Make sure that the user typed in a playername.
        if ((open PLAYERFILE, "$crossfire_home/$playername/$playername.pl") # Make sure the player's file exists
        or (open PLAYERFILE, "$crossfire_home/$playername/$playername.pl.dead")) { # Or use the dead file, if no player is alive
                foreach (<PLAYERFILE>) {
                        chomp; chomp;
                        # Do actual checking of password.
                        if ( /^password (.*)$/ ) {
                            $cp = crypt($password,$1);
                            if ($cp eq $1)  {
                                $valid = 1;
                            }
                        }
                }
                close PLAYERFILE;
        }
}
if (!$valid) { $errormsg = 'Invalid username or password' };

# If the player is validated, and we're limiting how often players can download their files, do so.
if ($valid and $timelimit and $statefile) {
        open STATEFILE, "<$statefile";
        @contents = <STATEFILE>;
        close STATEFILE;
        # Don't allow more than 1024 players to download their files per $timelimit seconds.
        # This is to prevent STATEFILE from getting too large.
        if ($#contents > 1024) {
                $valid = 0;
                $errormsg = 'Too many players have tried to download their files recently.  Please wait a bit before trying again.\n';
        }

        # Check timestamp of last download for this player
        foreach (@contents) {
                chomp; chomp;
                if (/^DL $playername (.*)$/) {
                        # $1 is the last time the file was DLed.
                        if ($time > ($timelimit + $1)) {
                                $valid = 0;
                                $errormsg = 'You just downloaded your file.  Wait a bit before trying again.';
                        }
                }
        }
}

if ($valid) {
        # Create and send file

        # Create a new archive
        # Sending binary data.
        # Add content-disposition, in this way, the browser (at least mozilla)
        # will use it as the default filename, instead of the cgi script name.
        print $q->header(-type=>"application/x-compressed-tar",
                         "-content-disposition"=>"inline; filename=\"$playername.tar\"");

        # Change to player directory, so that long pathname is not included in
        # sent file.
        chdir("$crossfire_home");
        # archive up the player
        system("$tar  -cf - $playername");

        # 'Delete' player's files, if applicable.  (technically rename them, to hide from server.)
        if ($valid and $delete_player) {
                @files= glob("$crossfire_home/$playername/*");
                # Rename all files except *.tar
                foreach (@files) { 
                        next if ( /\.tar$/i );
                        rename $_, "$_.downloaded";
                }
        }

    # Set timestamp of last download for this player, if applicable.
    # Also, remove outdated player download timestamps, if applicable.
    if ($timelimit > 0 and $statefile) {
        if (open STATEFILE, "<$statefile") {
                @contents = <STATEFILE>;
                close STATEFILE;
        } else {
                @contents = ();
        }

        if (open STATEFILE, ">$statefile") {
                foreach (@contents) {
                        chomp; chomp;
                        if (/^DL (.*) (.*)$/) {
                                # All lines starting with DL are download time records.
                                my ($playerdownloaded, $timedownloaded) = ($1, $2);

                                # If this player just downloaded their file, don't copy them yet.  We update their timestamp later.
                                next if ($valid and ($playerdownloaded eq $playername));
                                # If this record has expired, don't copy it.
                                next if (($timedownloaded + $timelimit) < $time);
                                # Otherwise, copy the record to the new state file.
                                print "$_\n";
                        } else {
                                # Allow other lines in this file.
                                print "$_\n";
                        }
                }
                # If this player downloaded their file, save it.
                if ($valid) {
                        print STATEFILE "DL $playername $time\n";
                }
                close STATEFILE;
        } else {
                die "Unable to save state to file $statefile.\n";
        }
    }
}

# If no file was sent, send a form and any error messages.
if (!$valid) {
        print $q->header('text/html');

        # Print header
        print $q->start_html('Download your player file');
        print "\n\n\n";

        # print any error message that may have occured.
        if ($errormsg) {
                print $q->h3("ERROR: ". $errormsg), $q->br(), $q->br();
        }

        # Print warnings if $delete_player is enabled.
        if ($delete_player) {
                print <<'(END)';
<pre><font color="#FF0000">WARNING:</font>
Downloading your file will remove it from the server.  If the
download fails, contact the system administrator, and they may
be able to retrieve the file.
</pre>
(END)
        }

        print $q->h2("Download your player file:");

        # Print generic form to allow player to download their file.
        print $q->start_form(),
                'Character name: ', $q->textfield('playername'), $q->br(),
                'Character password: ' , $q->password_field('password'), $q->br(),
                $q->submit('Download'), $q->reset('Clear Entries'), $q->end_form();

        print $q->end_html();
}
Revision:	1.2
Committed:	Mon Mar 5 19:03:09 2007 UTC (19 years, 2 months ago) by root
Branch:	MAIN
CVS Tags:	rel-2_82, rel-2_81, rel-2_80, rel-3_1, rel-3_0, rel-2_6, rel-2_7, rel-2_4, rel-2_5, rel-2_2, rel-2_3, rel-2_0, rel-2_1, rel-2_72, rel-2_73, rel-2_71, rel-2_76, rel-2_77, rel-2_74, rel-2_75, rel-2_54, rel-2_55, rel-2_56, rel-2_79, rel-2_52, rel-2_53, rel-2_32, rel-2_90, rel-2_92, rel-2_93, rel-2_78, rel-2_61, rel-2_43, rel-2_42, rel-2_41, HEAD
Changes since 1.1:	+201 -201 lines
Log Message:	major clenaup in utils/
#	Content
1	#!/usr/bin/perl -w
2	##################
3	# Playerfile download utility.
4	# Version 1.2
5	####
6	# Note: This file requires the CGI.pm module to operate.
7	# The player_dl.html file is a basic web page which
8	# can be used for downloads.
9	#
10	# This CGI script allows players to download their players
11	# files through a web interface. It does password checking
12	# and has some extra options.
13	#
14	# Note 2: The player files and directories need to be readable
15	# by whatever uid runs this program. In many cases, this may be
16	# nobody or apache or whatever. This script does not differentiate
17	# invalid password or lack of ability to read player files. If
18	# you get invalid name/password combos and you're sure you're
19	# entering them correctly, check file permissions.
20	#
21	# Note 3: on some systems, differnet password encryption schemes
22	# are used. Eg, on windows, no encryption is used at all, while
23	# on others, if des_crypt is available, that is used instead.
24	# this script would need modification to cover those cases.
25	#
26	####
27	# Copyright (c) 2003 by Philip Stolarczyk
28	# This program is free software; you can redistribute it
29	# and/or modify it under the terms of the GNU General Public
30	# License as published by the Free Software Foundation;
31	# either version 2 of the License, or (at your option) any
32	# later version.
33	# This program is distributed in the hope that it will be
34	# useful, but WITHOUT ANY WARRANTY; without even the implied
35	# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
36	# PURPOSE. See the GNU General Public License for more
37	# details.
38	####
39	# Config options:
40	#
41	# Where the tar program is located.
42	$tar = '@TAR@';
43
44	$prefix="@prefix@";
45	# Where the crossfire directory is located.
46	$crossfire_home = "@pkgstatedir@/players";
47
48	# Where to save temporary files
49	$temp_dir = '/tmp';
50
51	# How often a player can have their file sent to them, in seconds. (ie. 3600 is once/hour), set to 0 to disable.
52	$timelimit = 3600;
53
54	# Where to save information on when which player files were downloaded, for the time limit function.
55	$statefile = "$temp_dir/pldl.dat";
56
57	# Whether to delete the player's file after they download it.
58	$delete_player = 0;
59
60	#
61	####
62	# BUGS:
63	# Systems that do NL to CRLF interpretation on CGI output
64	# will corrupt the .tar file. This includes Microsoft
65	# Windows systems. I haven't found any solution.
66	##################
67	# Code begins.
68
69	use CGI;
70	use CGI::Carp 'fatalsToBrowser';
71	$CGI::POST_MAX=1024; # max 1K posts
72	$CGI::DISABLE_UPLOADS = 1; # no uploads
73
74	$q = new CGI;
75
76	# Verify that player name contains no invalid characters.
77	$playername = '';
78	$playername = $q->param('playername') if $q->param('playername');
79	$playername =~ s/[^A-Za-z_\-]//g; # No invalid chars
80	$playername =~ s/^(.{1,64}).*$/$1/; # Max 64 chars, (really it's 16 or 32 in the server)
81
82	# Default to not validated, until the password is checked.
83	$valid = 0;
84
85	# No error to report yet.
86	$errormsg = '';
87
88	# We want to the time we ran to be consistent, even if it takes a couple seconds.
89	$time = time();
90
91
92	# Validate password
93	$password = $q->param('password');
94	if ($playername) { # Make sure that the user typed in a playername.
95	if ((open PLAYERFILE, "$crossfire_home/$playername/$playername.pl") # Make sure the player's file exists
96	or (open PLAYERFILE, "$crossfire_home/$playername/$playername.pl.dead")) { # Or use the dead file, if no player is alive
97	foreach (<PLAYERFILE>) {
98	chomp; chomp;
99	# Do actual checking of password.
100	if ( /^password (.*)$/ ) {
101	$cp = crypt($password,$1);
102	if ($cp eq $1) {
103	$valid = 1;
104	}
105	}
106	}
107	close PLAYERFILE;
108	}
109	}
110	if (!$valid) { $errormsg = 'Invalid username or password' };
111
112	# If the player is validated, and we're limiting how often players can download their files, do so.
113	if ($valid and $timelimit and $statefile) {
114	open STATEFILE, "<$statefile";
115	@contents = <STATEFILE>;
116	close STATEFILE;
117	# Don't allow more than 1024 players to download their files per $timelimit seconds.
118	# This is to prevent STATEFILE from getting too large.
119	if ($#contents > 1024) {
120	$valid = 0;
121	$errormsg = 'Too many players have tried to download their files recently. Please wait a bit before trying again.\n';
122	}
123
124	# Check timestamp of last download for this player
125	foreach (@contents) {
126	chomp; chomp;
127	if (/^DL $playername (.*)$/) {
128	# $1 is the last time the file was DLed.
129	if ($time > ($timelimit + $1)) {
130	$valid = 0;
131	$errormsg = 'You just downloaded your file. Wait a bit before trying again.';
132	}
133	}
134	}
135	}
136
137	if ($valid) {
138	# Create and send file
139
140	# Create a new archive
141	# Sending binary data.
142	# Add content-disposition, in this way, the browser (at least mozilla)
143	# will use it as the default filename, instead of the cgi script name.
144	print $q->header(-type=>"application/x-compressed-tar",
145	"-content-disposition"=>"inline; filename=\"$playername.tar\"");
146
147	# Change to player directory, so that long pathname is not included in
148	# sent file.
149	chdir("$crossfire_home");
150	# archive up the player
151	system("$tar -cf - $playername");
152
153	# 'Delete' player's files, if applicable. (technically rename them, to hide from server.)
154	if ($valid and $delete_player) {
155	@files= glob("$crossfire_home/$playername/*");
156	# Rename all files except *.tar
157	foreach (@files) {
158	next if ( /\.tar$/i );
159	rename $_, "$_.downloaded";
160	}
161	}
162
163	# Set timestamp of last download for this player, if applicable.
164	# Also, remove outdated player download timestamps, if applicable.
165	if ($timelimit > 0 and $statefile) {
166	if (open STATEFILE, "<$statefile") {
167	@contents = <STATEFILE>;
168	close STATEFILE;
169	} else {
170	@contents = ();
171	}
172
173	if (open STATEFILE, ">$statefile") {
174	foreach (@contents) {
175	chomp; chomp;
176	if (/^DL (.) (.)$/) {
177	# All lines starting with DL are download time records.
178	my ($playerdownloaded, $timedownloaded) = ($1, $2);
179
180	# If this player just downloaded their file, don't copy them yet. We update their timestamp later.
181	next if ($valid and ($playerdownloaded eq $playername));
182	# If this record has expired, don't copy it.
183	next if (($timedownloaded + $timelimit) < $time);
184	# Otherwise, copy the record to the new state file.
185	print "$_\n";
186	} else {
187	# Allow other lines in this file.
188	print "$_\n";
189	}
190	}
191	# If this player downloaded their file, save it.
192	if ($valid) {
193	print STATEFILE "DL $playername $time\n";
194	}
195	close STATEFILE;
196	} else {
197	die "Unable to save state to file $statefile.\n";
198	}
199	}
200	}
201
202	# If no file was sent, send a form and any error messages.
203	if (!$valid) {
204	print $q->header('text/html');
205
206	# Print header
207	print $q->start_html('Download your player file');
208	print "\n\n\n";
209
210	# print any error message that may have occured.
211	if ($errormsg) {
212	print $q->h3("ERROR: ". $errormsg), $q->br(), $q->br();
213	}
214
215	# Print warnings if $delete_player is enabled.
216	if ($delete_player) {
217	print <<'(END)';
218	<pre><font color="#FF0000">WARNING:</font>
219	Downloading your file will remove it from the server. If the
220	download fails, contact the system administrator, and they may
221	be able to retrieve the file.
222	</pre>
223	(END)
224	}
225
226	print $q->h2("Download your player file:");
227
228	# Print generic form to allow player to download their file.
229	print $q->start_form(),
230	'Character name: ', $q->textfield('playername'), $q->br(),
231	'Character password: ' , $q->password_field('password'), $q->br(),
232	$q->submit('Download'), $q->reset('Clear Entries'), $q->end_form();
233
234	print $q->end_html();
235	}