--- deliantra/server/ext/login.ext 2012/11/17 11:13:54 1.126 +++ deliantra/server/ext/login.ext 2018/11/18 15:19:48 1.136 @@ -9,6 +9,14 @@ CONF MAX_DISCONNECT_TIME = 3600; our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>; +our %LOGIN_LOCK; + +# utility function to send messages to the client before +# we have a player object to format them for. does not +# escape anything. +sub send_log ($$$) { + $_[0]->send_packet ("msg $_[2] log $_[1]"); +} sub query { my ($ns, $flags, $text) = @_; @@ -18,6 +26,10 @@ } sub can_cleanup { + # highscore list is not cleared out, rethink + # also, admin accounts can be hacked this way, if unused for long. + return 0; + my ($pl, $mtime) = @_; my $age = time - $mtime; @@ -29,24 +41,18 @@ || $age > 700 * 86400 # 2 years for everybody else } -sub check_playing { - my ($ns, $user) = @_; +# return a guard object for a lock on the given username, if available +sub login_guard { + my ($user) = @_; - return unless cf::player::find_active $user; + exists $LOGIN_LOCK{$user} + and return undef; - $ns->send_drawinfo ( - "That player is already logged in on this server. " - . "If you want to create a new player, choose another name. " - . "If you have already a registered, make sure nobody " - . "else is using your account at this time. If you lost your connection " - . "then the server will likely timeout within a minute. If you still " - . "cannot log-in after a minute, you are still logged in. Make sure " - . "you do not have another client running. If you use windows, reboot, " - . "this will fix anything.", - cf::NDI_RED - ); + cf::player::find_active $user + and return undef; - 1 + undef $LOGIN_LOCK{$user}; + Guard::guard { delete $LOGIN_LOCK{$user} } } sub safe_spot($) { @@ -94,7 +100,7 @@ . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. " . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... " . "H", - cf::NDI_RED + cf::NDI_RED | cf::NDI_REPLY ); # kill them. # reminds me of the famous badness 10000 syndrome... @@ -108,7 +114,7 @@ . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. " . "Better use a savebed next time, much worse things could have happened... " . "H", - cf::NDI_RED + cf::NDI_RED | cf::NDI_REPLY ); } } else { @@ -117,7 +123,7 @@ . "as lots of things could happen when you leave by other means, such as cave-ins, " . "or monsters suddenly snapping your body. Better use a savebed next time. " . "H", - cf::NDI_RED + cf::NDI_RED | cf::NDI_REPLY ); } } @@ -126,7 +132,7 @@ } sub encode_password($) { - "!" . unpack "H*", $_[0] + unpack "H*", Deliantra::Util::hash_pw $_[0] } sub compare_password($$) { @@ -137,7 +143,7 @@ } elsif ($token =~ /!(.*)/) { return $pass eq pack "H*", $1; } else { - return $token eq crypt $pass, $token; + return $token eq encode_password $pass; } } @@ -161,18 +167,15 @@ my $ns = $pl->ns; my $ob = $pl->ob; - $Coro::current->{desc} = "addme(" . $ob->name . ") login"; - - delete $pl->{deny_save}; # set by new - if ($pl->{chargen} eq "init") { + $ob->goto ($pl->maplevel, $ob->x, $ob->y); + # create the playerdir, if necessary, as chargen_race_done did it before # presumably because of unique maps aio_mkdir playerdir $pl, 0770; + delete $pl->{deny_save}; # set by new $pl->save; - $ob->goto ($pl->maplevel, $ob->x, $ob->y); - $pl->{chargen} = "stats"; } @@ -199,7 +202,7 @@ Coro::Timer::sleep 0.05; } - $ob->set_animation (2); + $ob->set_anim_frame (2); $ob->add_statbonus; $pl->{chargen} = "race"; @@ -251,6 +254,8 @@ $pl->{chargen} = "done"; } + $ns->update_command_faces; + $ob->reply (undef, "Welcome to Deliantra!"); if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) { @@ -259,17 +264,14 @@ } sub chargen { - my ($ns, $user, $hasah) = @_; - - # lock again, too lazy to make this nicer - local $cf::LOGIN_LOCK{$user} = 1; + my ($ns, $user, $hash) = @_; # just to make sure nothing is left over # normally, nothing is there. nuke_playerdir $user; my $pl = cf::player::new $user; - $pl->password (encode_password $pass); + $pl->password (unpack "H*", $hash); $pl->connect ($ns); $pl->{chargen} = "init"; @@ -290,73 +292,62 @@ $ns->send_packet ("addme_success"); for (;;) { - $ns->send_drawinfo ( + delete $ns->{login_guard}; + + send_log $ns, "Please enter your username now. If you are a new user, " . "make one up that describes your character best. " . "Only letters and digits are allowed, though.", - cf::NDI_BLUE - ); + cf::NDI_BLUE | cf::NDI_REPLY + ; # read username while () { $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:"; - if ($cf::LOGIN_LOCK{$user}) { - $ns->send_drawinfo ( - "That username is currently used in another login session. " - . "Chose another, or wait till the other session has ended.", - cf::NDI_RED - ); - } elsif ($user =~ $VALID_LOGIN) { + if ($user =~ $VALID_LOGIN) { last; } else { - $ns->send_drawinfo ( + send_log $ns, "Your username contains illegal characters " . "(only a-z, A-Z and 0-9 are allowed), " . "or is not between 3 and 20 characters in length.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; } Coro::Timer::sleep 0.4; } - check_playing $ns, $user and next; - - $Coro::current->{desc} = "addme($user) pass"; + $Coro::current->{desc} = "addme($user)"; - $ns->send_drawinfo ( + send_log $ns, "Welcome $user, please enter your password now. " . "New users should now choose a password. " . "Anything your client lets you enter is fine.", - cf::NDI_BLUE - ); + cf::NDI_BLUE | cf::NDI_REPLY + ; # read password while () { $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:"; last if $pass =~ /.../; - $ns->send_drawinfo ( + send_log $ns, "Try to use at least three characters as your password please, " . "that cannot be too much to ask for :)", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; Coro::Timer::sleep 0.4; } - # lock this username for the remainder of this login session - if ($cf::LOGIN_LOCK{$user}) { - $ns->send_drawinfo ( - "That username is currently used in another login session. " - . "Chose another, or wait till the other session has ended.", - cf::NDI_RED - ); - next; - } - local $cf::LOGIN_LOCK{$user} = 1; - - check_playing $ns, $user and next; - - $Coro::current->{desc} = "addme($user) check"; + $ns->{login_guard} = login_guard $user + or do { + send_log $ns, + "That user is already logged in (or is logging in)." + . "Chose another, or wait till the other session has ended.", + cf::NDI_RED | cf::NDI_REPLY + ; + next; + }; # try to read the user file and check the password if (my $pl = cf::player::find $user) { @@ -376,12 +367,12 @@ } elsif (can_cleanup $pl, $mtime) { Coro::Timer::sleep 1; - $ns->send_drawinfo ( + send_log $ns, "Player exists, but password does not match. If this is your account, " . "please try again. If not, you can now decide to take over this account " . "because it has not been in-use for some time.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/ or next; @@ -396,11 +387,11 @@ } else { Coro::Timer::sleep 1; - $ns->send_drawinfo ( + send_log $ns, "Wrong username or password. Please try again " . "(check for Numlock and other semi-obvious error sources).", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; next; } } else { @@ -408,12 +399,12 @@ # check whether the player dir exists, which means the file is corrupted or # something very similar. if (!aio_stat cf::player::playerdir $user) { - $ns->send_drawinfo ( + send_log $ns, "Unable to retrieve this player. It might be a locked or broken account. " . "If this is your account, ask a dungeon master for assistance. " . "Otherwise choose a different login name.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; next; } } @@ -421,10 +412,10 @@ my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again."; if ($pass2 ne $pass) { - $ns->send_drawinfo ( + send_log $ns, "The passwords do not match, please try again.", - cf::NDI_RED - ); + cf::NDI_RED | cf::NDI_REPLY + ; Coro::Timer::sleep 0.5; next; } @@ -470,10 +461,15 @@ . "or is not between 3 and 20 characters in length." ); + $ns->{login_guard} = login_guard $user + or return $fail->("User name '$user' is in use - try another login name."); + cf::player::find $user - and return $fail->("User '$user' already exists - choose another login name."); + and return $fail->("User name '$user' is already registered - choose another login name."); - chargen $ns, $user, Deliantra::Util::hash_pw $pass; + $reply->(1, "Account Created"); + + chargen $ns, $user, $pass; }); }; @@ -483,9 +479,7 @@ $ns->{addme}++ and return $ns->destroy; $ns->async (sub { - local $cf::LOGIN_LOCK{$user} = 1; - - $Coro::current->{desc} = "login($user) check"; + $Coro::current->{desc} = "login($user)"; my $fail = sub { $reply->(0, $_[0]); @@ -498,6 +492,10 @@ Coro::schedule; # do the destroy, should not return }; + $ns->{login_guard} = login_guard $user + or return $fail->("User '$user' is currently playing or logging in in another session. If that is your " + . "user name, make sure you are not running two clients. When in doubt, reboot."); + # try to read the user file and check the password my $pl = cf::player::find $user or return $fail->("User '$user' does not exist - wrong spelling?");