#! perl # mandatory depends=highscore # login handling use Fcntl; use Coro::AIO; use Deliantra::Util (); CONF MAX_DISCONNECT_TIME = 3600; our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>; our %LOGIN_LOCK; # utility function to send messages to the client before # we have a player object to format them for. does not # escape anything. sub send_log ($$$) { $_[0]->send_packet ("msg $_[2] log $_[1]"); } sub query { my ($ns, $flags, $text) = @_; $ns->query ($flags, $text, Coro::rouse_cb); Coro::rouse_wait } sub can_cleanup { # highscore list is not cleared out, rethink # also, admin accounts can be hacked this way, if unused for long. return 0; my ($pl, $mtime) = @_; my $age = time - $mtime; my $level = $pl->ob->level; ($level <= 3 && $age > 7 * 86400) # 7 days for level 0..3 || ($level <= 9 && $age > 90 * 86400) # 3 months for level 4..9 || ($level <= 20 && $age > 180 * 86400) # 6 months for level 10..20 #|| $age > 700 * 86400 # 2 years for everybody else } # return a guard object for a lock on the given username, if available sub login_guard { my ($user) = @_; exists $LOGIN_LOCK{$user} and return undef; cf::player::find_active $user and return undef; undef $LOGIN_LOCK{$user}; Guard::guard { delete $LOGIN_LOCK{$user} } } sub safe_spot($) { my ($pl) = @_; my $ob = $pl->ob; my $m = $ob->map or return; my $x = $ob->x; my $y = $ob->y; # never happens normally, but helps when shell users make mistakes $m->linkable or return 1; scalar grep $_->type == cf::SAVEBED, $m->at ($x, $y) } sub enter_map { my ($pl) = @_; my $ob = $pl->ob; my ($map, $x, $y) = $ob->{_link_pos} ? @{delete $ob->{_link_pos}} : ($pl->maplevel, $ob->x, $ob->y); $ob->enter_link; my $m = cf::map::find $map; my $time = delete $pl->{unclean_save}; if ($time && $m) { if ($time < $m->{instantiate_time}) { # the map was reset in the meantime my $age = $cf::RUNTIME - $time; cf::info $ob->name, " map reset after logout, logout age $age (>= $MAX_DISCONNECT_TIME)\n";#d# if ($age >= $MAX_DISCONNECT_TIME) { $ob->message ( "You didn't use a bed to reality to leave this realm, leaving your body in great danger. " . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. " . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... " . "H", cf::NDI_RED | cf::NDI_REPLY ); # kill them. # reminds me of the famous badness 10000 syndrome... $ob->stats->hp (-10000); #] if they survive this they deserved to live my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy; } else { ($map, $x, $y) = $pl->savebed; $ob->message ( "You didn't use a bed to reality to leave this realm, leaving your body in great danger. " . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. " . "Better use a savebed next time, much worse things could have happened... " . "H", cf::NDI_RED | cf::NDI_REPLY ); } } else { $ob->message ( "You didn't use a bed to reality to leave this realm. This is very dangerous, " . "as lots of things could happen when you leave by other means, such as cave-ins, " . "or monsters suddenly snapping your body. Better use a savebed next time. " . "H", cf::NDI_RED | cf::NDI_REPLY ); } } $ob->goto ($map, $x, $y); } sub encode_password($) { unpack "H*", Deliantra::Util::hash_pw $_[0] } sub compare_password($$) { my ($pass, $token) = @_; if ($token =~ /!!(.*)/) { return +(substr $pass, 0, 8) eq pack "H*", $1; } elsif ($token =~ /!(.*)/) { return $pass eq pack "H*", $1; } else { return $token eq encode_password $pass; } } # delete a player directory sub nuke_playerdir { my ($user) = @_; my $lock = cf::lock_acquire "ext::login::nuke_playerdir"; my $temp = "$PLAYERDIR/~$Coro::current~deleting~"; aio_rename "$PLAYERDIR/$user", $temp; IO::AIO::aio_rmtree $temp; } sub login { my ($pl) = @_; # handle character creation, if neccessary # the rest of this function is character creation my $ns = $pl->ns; my $ob = $pl->ob; if ($pl->{chargen} eq "init") { $ob->goto ($pl->maplevel, $ob->x, $ob->y); # create the playerdir, if necessary, as chargen_race_done did it before # presumably because of unique maps aio_mkdir playerdir $pl, 0770; delete $pl->{deny_save}; # set by new $pl->save; $pl->{chargen} = "stats"; } if ($pl->{chargen} eq "stats") { while () { $ob->update_stats; $pl->save_stats; my $res = query $ns, cf::CS_QUERY_SINGLECHAR, "[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?"; if ($res =~ /^[Nn]/) { last; } elsif ($res > 0 && $res <= 7) { my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?"; if ($swap > 0 && $swap <= 7) { $ob->swap_stats ($res - 1, $swap - 1); } } else { $ob->roll_stats; } Coro::Timer::sleep 0.05; } $ob->set_anim_frame (2); $ob->add_statbonus; $pl->{chargen} = "race"; } if ($pl->{chargen} eq "race") { while () { $ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1); my $msg = $ob->msg; $msg =~ s/(?<=\S)\n(?=\S)/ /g; $ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE); my $res = query $ns, cf::CS_QUERY_SINGLECHAR, "Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n"; last if $res =~ /[dD]/; $pl->chargen_race_next; Coro::Timer::sleep 0.05; } $pl->chargen_race_done; $pl->{chargen} = "gender"; } if ($pl->{chargen} eq "race") { while () { my $res = query $ns, cf::CS_QUERY_SINGLECHAR, "Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n"; if ($res =~ /^[fF]/) { $pl->gender (1); last; } elsif ($res =~ /^[mM]/) { $pl->gender (0); last; } Coro::Timer::sleep 0.05; } $pl->{chargen} = "done"; } $ns->state (cf::ST_PLAYING); if ($pl->{chargen} eq "done") { # XXX: Workaround for delayed client ext protocol handshake $pl->esrv_new_player; $pl->{chargen} = "done"; } $ns->update_command_faces; $ob->reply (undef, "Welcome to Deliantra!"); if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) { $pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR); } } sub chargen { my ($ns, $user, $hash) = @_; # just to make sure nothing is left over # normally, nothing is there. nuke_playerdir $user; my $pl = cf::player::new $user; $pl->password (unpack "H*", $hash); $pl->connect ($ns); $pl->{chargen} = "init"; login $pl; } cf::client->attach (on_addme => sub { my ($ns) = @_; $ns->{addme}++ and return $ns->destroy; $ns->async (sub { $Coro::current->{desc} = "addme init"; my ($user, $pass); $ns->send_packet ("addme_success"); for (;;) { delete $ns->{login_guard}; send_log $ns, "Please enter your username now. If you are a new user, " . "make one up that describes your character best. " . "Only letters and digits are allowed, though.", cf::NDI_BLUE | cf::NDI_REPLY ; # read username while () { $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:"; if ($user =~ $VALID_LOGIN) { last; } else { send_log $ns, "Your username contains illegal characters " . "(only a-z, A-Z and 0-9 are allowed), " . "or is not between 3 and 20 characters in length.", cf::NDI_RED | cf::NDI_REPLY ; } Coro::Timer::sleep 0.4; } $Coro::current->{desc} = "addme($user)"; send_log $ns, "Welcome $user, please enter your password now. " . "New users should now choose a password. " . "Anything your client lets you enter is fine.", cf::NDI_BLUE | cf::NDI_REPLY ; # read password while () { $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:"; last if $pass =~ /.../; send_log $ns, "Try to use at least three characters as your password please, " . "that cannot be too much to ask for :)", cf::NDI_RED | cf::NDI_REPLY ; Coro::Timer::sleep 0.4; } $ns->{login_guard} = login_guard $user or do { send_log $ns, "That user is already logged in (or is logging in)." . "Chose another, or wait till the other session has ended.", cf::NDI_RED | cf::NDI_REPLY ; next; }; # try to read the user file and check the password if (my $pl = cf::player::find $user) { aio_stat $pl->path and next; my $mtime = (stat _)[9]; my $token = $pl->password; if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) { # player exists and passwords match - we can proceed # password matches, wonderful my $pl = cf::player::find $user or next; $pl->connect ($ns); enter_map $pl; login $pl; return; } elsif (can_cleanup $pl, $mtime) { Coro::Timer::sleep 1; send_log $ns, "Player exists, but password does not match. If this is your account, " . "please try again. If not, you can now decide to take over this account " . "because it has not been in-use for some time.", cf::NDI_RED | cf::NDI_REPLY ; (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/ or next; # check if the file hasn't changed aio_stat cf::player::path $user and next; $mtime == (stat _)[9] or next; $pl->quit_character; # fall through to creation } else { Coro::Timer::sleep 1; send_log $ns, "Wrong username or password. Please try again " . "(check for Numlock and other semi-obvious error sources).", cf::NDI_RED | cf::NDI_REPLY ; next; } } else { # unable to load the playerfile: # check whether the player dir exists, which means the file is corrupted or # something very similar. if (!aio_stat cf::player::playerdir $user) { send_log $ns, "Unable to retrieve this player. It might be a locked or broken account. " . "If this is your account, ask a dungeon master for assistance. " . "Otherwise choose a different login name.", cf::NDI_RED | cf::NDI_REPLY ; next; } } my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again."; if ($pass2 ne $pass) { send_log $ns, "The passwords do not match, please try again.", cf::NDI_RED | cf::NDI_REPLY ; Coro::Timer::sleep 0.5; next; } last; } chargen $ns, $user, Deliantra::Util::hash_pw $pass; }); }); cf::client->attach ( on_version => sub { my ($ns, $arg) = @_; # perl probably uses lrand48, which is not secure at all # maybe require linux and use /dev/urandom. $ns->{nonces} = [map { join "", map { chr rand 256 } 0..63 } 1..2]; $ns->ext_msg (nonces => @{ $ns->{nonces} }); }, ); cf::register_async_exticmd create_login => sub { my ($ns, $reply, $user, $pass) = @_; $ns->{addme}++ and return $ns->destroy; $ns->async (sub { my $fail = sub { $reply->(0, $_[0]); $ns->flush; # does not ensure that the data reaches the client - TODO # need to do this in another thread, as this one gets canceled Coro::async_pool { Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack $ns->destroy if $ns->valid; }; Coro::schedule; # do the destroy, should not return }; $user =~ $VALID_LOGIN or return $fail ( "Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), " . "or is not between 3 and 20 characters in length." ); $ns->{login_guard} = login_guard $user or return $fail->("User name '$user' is in use - try another login name."); cf::player::find $user and return $fail->("User name '$user' is already registered - choose another login name."); $reply->(1, "Account Created"); chargen $ns, $user, $pass; }); }; cf::register_async_exticmd login => sub { my ($ns, $reply, $user, $hash) = @_; $ns->{addme}++ and return $ns->destroy; $ns->async (sub { $Coro::current->{desc} = "login($user)"; my $fail = sub { $reply->(0, $_[0]); $ns->flush; # does not ensure that the data reaches the client - TODO # need to do this in another thread, as this one gets canceled Coro::async_pool { Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack $ns->destroy if $ns->valid; }; Coro::schedule; # do the destroy, should not return }; $ns->{login_guard} = login_guard $user or return $fail->("User '$user' is currently playing or logging in in another session. If that is your " . "user name, make sure you are not running two clients. When in doubt, reboot."); # try to read the user file and check the password my $pl = cf::player::find $user or return $fail->("User '$user' does not exist - wrong spelling?"); aio_stat $pl->path and return $ns->destroy; my $mtime = (stat _)[9]; my $token = $pl->password; $token = $token =~ /^!/ ? Deliantra::Util::hash_pw pack "H*", substr $token, 1 : pack "H*", $token; $token = Deliantra::Util::auth_pw $token, $ns->{nonces}[0], $ns->{nonces}[1]; $token eq $hash or $cf::CFG{ext_login_nocheck} or return $fail->("User exists, but the password doesn't match - check your spelling, NumLock/CapsLock etc."); # player exists and passwords match - we can proceed $reply->(1, "Success"); $pl->connect ($ns); enter_map $pl; login $pl; }); }; cf::register_command password => sub { my ($pl, $arg) = @_; unless ($pl->flag (cf::FLAG_WIZ)) { $pl->message ( "The password can currently only changed by a DM.", cf::NDI_UNIQUE | cf::NDI_REPLY); return; } $pl->message (#d# "Passwords cannot currently be changed.",#d# cf::NDI_UNIQUE | cf::NDI_REPLY);#d# return;#d# my (@args) = split /\s+/, $arg; my ($player, $new_pw) = @args; if ($pl->flag (cf::FLAG_WIZ) && $player eq '') { $pl->message ( "Usage: password []", cf::NDI_UNIQUE | cf::NDI_REPLY); return; } if ($new_pw eq '') { $new_pw = join '', map { ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64)] } 1..9; } cf::async { my $plc = cf::player::find $player; if ($plc) { $plc->password (encode_password $new_pw); $pl->message ( "Ok, changed password of '$player' to '$new_pw'!", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY); } else { $pl->message ( "Fail! Couldn't set password for '$player', " . "he doesn't seem to exist!", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY); } }; }; cf::register_command quit => sub { my ($ob, $arg) = @_; $ob->send_msg (undef, "Quitting will delete your character PERMANENTLY: It will be gone forever and any progress will be lost. " . "If you are sure you want to do this, then use the quit_character command instead of quit.", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY); }; cf::register_command quit_character => sub { my ($ob, $arg) = @_; my $pl = $ob->contr; $pl->ns->query (cf::CS_QUERY_SINGLECHAR, "Do you want to PERMANENTLY delete your character and all associated data (y/n)?", sub { if ($_[0] !~ /^[yY]/) { $ob->send_msg (undef, "Ok, not not quitting then.", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY); } else { $ob->send_msg (undef, "Ok, quitting, hope to see you again.", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY); cf::async { $pl->quit_character; }; } }); }; cf::object->attach ( type => cf::SAVEBED, on_apply => sub { my ($bed, $ob) = @_; return cf::override 0 unless $ob->type == cf::PLAYER; my $pl = $ob->contr; # update respawn position $pl->savebed ($bed->map->path, $bed->x, $bed->y); cf::async { my $killer = cf::arch::get "killer_logout"; $pl->killer ($killer); $killer->destroy; ext::highscore::check $ob; $pl->save; $ob->send_msg ($cf::SAY_CHANNEL => "In the future, you will wake up here when you die.", cf::NDI_DEF | cf::NDI_REPLY); my $ns = $pl->ns or return; $ns->query (cf::CS_QUERY_SINGLECHAR, "Do you want to continue playing (y/n)?", sub { if ($_[0] !~ /^[yY]/) { $pl->invoke (cf::EVENT_PLAYER_LOGOUT, 1); $pl->deactivate; $pl->ns->destroy; } }); }; }, ); cf::player->attach ( on_login => sub { my ($pl) = @_; my $name = $pl->ob->name; $_->ob->message ("$name has entered the game.", cf::NDI_DK_ORANGE | cf::NDI_UNIQUE) for cf::player::list; }, on_logout => sub { my ($pl, $cleanly) = @_; my $name = $pl->ob->name; if ($cleanly) { $_->ob->message ("$name left the game.", cf::NDI_DK_ORANGE | cf::NDI_UNIQUE) for cf::player::list; } else { $_->ob->message ("$name uncerimoniously disconnected.", cf::NDI_DK_ORANGE | cf::NDI_UNIQUE) for cf::player::list; $pl->{unclean_save} = $cf::RUNTIME unless safe_spot $pl; } }, );