ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/deliantra/server/ext/login.ext
(Generate patch)

Comparing deliantra/server/ext/login.ext (file contents):
Revision 1.118 by root, Thu Nov 8 00:16:07 2012 UTC vs.
Revision 1.133 by root, Wed Nov 21 14:37:38 2012 UTC

2 2
3# login handling 3# login handling
4 4
5use Fcntl; 5use Fcntl;
6use Coro::AIO; 6use Coro::AIO;
7use Deliantra::Util ();
7 8
8CONF MAX_DISCONNECT_TIME = 3600; 9CONF MAX_DISCONNECT_TIME = 3600;
9 10
10# paranoia function to overwrite a string-in-place 11our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>;
11sub nuke_str { 12our %LOGIN_LOCK;
12 substr $_[0], 0, (length $_[0]), "x" x length $_[0] 13
14# utility function to send messages to the client before
15# we have a player object to format them for. does not
16# escape anything.
17sub send_log ($$$) {
18 $_[0]->send_packet ("msg $_[2] log $_[1]");
13} 19}
14 20
15sub query { 21sub query {
16 my ($ns, $flags, $text) = @_; 22 my ($ns, $flags, $text) = @_;
17 23
29 || ($level <= 9 && $age > 90 * 86400) # 3 months for level 4..9 35 || ($level <= 9 && $age > 90 * 86400) # 3 months for level 4..9
30 || ($level <= 20 && $age > 180 * 86400) # 6 months for level 10..20 36 || ($level <= 20 && $age > 180 * 86400) # 6 months for level 10..20
31 || $age > 700 * 86400 # 2 years for everybody else 37 || $age > 700 * 86400 # 2 years for everybody else
32} 38}
33 39
34sub check_playing { 40# return a guard object for a lock on the given username, if available
41sub login_guard {
35 my ($ns, $user) = @_; 42 my ($user) = @_;
36 43
44 exists $LOGIN_LOCK{$user}
45 and return undef;
46
37 return unless cf::player::find_active $user; 47 cf::player::find_active $user
48 and return undef;
38 49
39 $ns->send_drawinfo ( 50 undef $LOGIN_LOCK{$user};
40 "That player is already logged in on this server. " 51 Guard::guard { delete $LOGIN_LOCK{$user} }
41 . "If you want to create a new player, choose another name. "
42 . "If you have already a registered, make sure nobody "
43 . "else is using your account at this time. If you lost your connection "
44 . "then the server will likely timeout within a minute. If you still "
45 . "cannot log-in after a minute, you are still logged in. Make sure "
46 . "you do not have another client running. If you use windows, reboot, "
47 . "this will fix anything.",
48 cf::NDI_RED
49 );
50
51 1
52} 52}
53 53
54sub safe_spot($) { 54sub safe_spot($) {
55 my ($pl) = @_; 55 my ($pl) = @_;
56 56
62 my $y = $ob->y; 62 my $y = $ob->y;
63 63
64 # never happens normally, but helps when shell users make mistakes 64 # never happens normally, but helps when shell users make mistakes
65 $m->linkable 65 $m->linkable
66 or return 1; 66 or return 1;
67
68# return 0;#d#
69# warn join ":", $m->at ($x, $y);#d#
70# warn "FOO$m { ".scalar ($m->at ($x, $y))." }\n";
71# return 0;
72 67
73 scalar grep $_->type == cf::SAVEBED, $m->at ($x, $y) 68 scalar grep $_->type == cf::SAVEBED, $m->at ($x, $y)
74} 69}
75 70
76sub enter_map { 71sub enter_map {
99 $ob->message ( 94 $ob->message (
100 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. " 95 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
101 . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. " 96 . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. "
102 . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... " 97 . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... "
103 . "H<You disconnected too long without having used a savebed.>", 98 . "H<You disconnected too long without having used a savebed.>",
104 cf::NDI_RED 99 cf::NDI_RED | cf::NDI_REPLY
105 ); 100 );
106 # kill them. 101 # kill them.
107 # reminds me of the famous badness 10000 syndrome... 102 # reminds me of the famous badness 10000 syndrome...
108 $ob->stats->hp (-10000); #] if they survive this they deserved to live 103 $ob->stats->hp (-10000); #] if they survive this they deserved to live
109 my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy; 104 my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy;
113 $ob->message ( 108 $ob->message (
114 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. " 109 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
115 . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. " 110 . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. "
116 . "Better use a savebed next time, much worse things could have happened... " 111 . "Better use a savebed next time, much worse things could have happened... "
117 . "H<You disconnected without having used a savebed. When you do that for too long, you might die.>", 112 . "H<You disconnected without having used a savebed. When you do that for too long, you might die.>",
118 cf::NDI_RED 113 cf::NDI_RED | cf::NDI_REPLY
119 ); 114 );
120 } 115 }
121 } else { 116 } else {
122 $ob->message ( 117 $ob->message (
123 "You didn't use a bed to reality to leave this realm. This is very dangerous, " 118 "You didn't use a bed to reality to leave this realm. This is very dangerous, "
124 . "as lots of things could happen when you leave by other means, such as cave-ins, " 119 . "as lots of things could happen when you leave by other means, such as cave-ins, "
125 . "or monsters suddenly snapping your body. Better use a savebed next time. " 120 . "or monsters suddenly snapping your body. Better use a savebed next time. "
126 . "H<Always apply a bed of reality to disconnect from the server.>", 121 . "H<Always apply a bed of reality to disconnect from the server.>",
127 cf::NDI_RED 122 cf::NDI_RED | cf::NDI_REPLY
128 ); 123 );
129 } 124 }
130 } 125 }
131 126
132 $ob->goto ($map, $x, $y); 127 $ob->goto ($map, $x, $y);
133} 128}
134 129
135sub encode_password($) { 130sub encode_password($) {
136# crypt $_[0], 131 unpack "H*", Deliantra::Util::hash_pw $_[0]
137# join '',
138# ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64), (cf::rndm 64)]
139 "!" . unpack "H*", $_[0]
140} 132}
141 133
142sub compare_password($$) { 134sub compare_password($$) {
143 my ($pass, $token) = @_; 135 my ($pass, $token) = @_;
144 136
145 if ($token =~ /!!(.*)/) { 137 if ($token =~ /!!(.*)/) {
146 return +(substr $pass, 0, 8) eq pack "H*", $1; 138 return +(substr $pass, 0, 8) eq pack "H*", $1;
147 } elsif ($token =~ /!(.*)/) { 139 } elsif ($token =~ /!(.*)/) {
148 return $pass eq pack "H*", $1; 140 return $pass eq pack "H*", $1;
149 } else { 141 } else {
150 return $token eq crypt $pass, $token; 142 return $token eq encode_password $pass;
151 } 143 }
152} 144}
153 145
154# delete a player directory 146# delete a player directory
155sub nuke_playerdir { 147sub nuke_playerdir {
160 my $temp = "$PLAYERDIR/~$Coro::current~deleting~"; 152 my $temp = "$PLAYERDIR/~$Coro::current~deleting~";
161 aio_rename "$PLAYERDIR/$user", $temp; 153 aio_rename "$PLAYERDIR/$user", $temp;
162 IO::AIO::aio_rmtree $temp; 154 IO::AIO::aio_rmtree $temp;
163} 155}
164 156
157sub login {
158 my ($pl) = @_;
159
160 # handle character creation, if neccessary
161 # the rest of this function is character creation
162
163 my $ns = $pl->ns;
164 my $ob = $pl->ob;
165
166 if ($pl->{chargen} eq "init") {
167 $ob->goto ($pl->maplevel, $ob->x, $ob->y);
168
169 # create the playerdir, if necessary, as chargen_race_done did it before
170 # presumably because of unique maps
171 aio_mkdir playerdir $pl, 0770;
172 delete $pl->{deny_save}; # set by new
173 $pl->save;
174
175 $pl->{chargen} = "stats";
176 }
177
178 if ($pl->{chargen} eq "stats") {
179 while () {
180 $ob->update_stats;
181 $pl->save_stats;
182
183 my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
184 "[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?";
185
186 if ($res =~ /^[Nn]/) {
187 last;
188 } elsif ($res > 0 && $res <= 7) {
189 my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?";
190
191 if ($swap > 0 && $swap <= 7) {
192 $ob->swap_stats ($res - 1, $swap - 1);
193 }
194 } else {
195 $ob->roll_stats;
196 }
197
198 Coro::Timer::sleep 0.05;
199 }
200
201 $ob->set_animation (2);
202 $ob->add_statbonus;
203
204 $pl->{chargen} = "race";
205 }
206
207 if ($pl->{chargen} eq "race") {
208 while () {
209 $ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1);
210 my $msg = $ob->msg;
211 $msg =~ s/(?<=\S)\n(?=\S)/ /g;
212 $ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE);
213
214 my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
215 "Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n";
216
217 last if $res =~ /[dD]/;
218
219 $pl->chargen_race_next;
220 Coro::Timer::sleep 0.05;
221 }
222
223 $pl->chargen_race_done;
224 $pl->{chargen} = "gender";
225 }
226
227 if ($pl->{chargen} eq "race") {
228 while () {
229 my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
230 "Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n";
231
232 if ($res =~ /^[fF]/) {
233 $pl->gender (1);
234 last;
235 } elsif ($res =~ /^[mM]/) {
236 $pl->gender (0);
237 last;
238 }
239 Coro::Timer::sleep 0.05;
240 }
241 $pl->{chargen} = "done";
242 }
243
244 $ns->state (cf::ST_PLAYING);
245
246 if ($pl->{chargen} eq "done") {
247 # XXX: Workaround for delayed client ext protocol handshake
248 $pl->esrv_new_player;
249
250 $pl->{chargen} = "done";
251 }
252
253 $ns->update_command_faces;
254
255 $ob->reply (undef, "Welcome to Deliantra!");
256
257 if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) {
258 $pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR);
259 }
260}
261
262sub chargen {
263 my ($ns, $user, $hash) = @_;
264
265 # just to make sure nothing is left over
266 # normally, nothing is there.
267 nuke_playerdir $user;
268
269 my $pl = cf::player::new $user;
270 $pl->password (unpack "H*", $hash);
271 $pl->connect ($ns);
272
273 $pl->{chargen} = "init";
274
275 login $pl;
276}
277
165cf::client->attach (on_addme => sub { 278cf::client->attach (on_addme => sub {
166 my ($ns) = @_; 279 my ($ns) = @_;
167 280
168 $ns->pl and return $ns->destroy; 281 $ns->{addme}++ and return $ns->destroy;
169 282
170 $ns->async (sub { 283 $ns->async (sub {
171 $Coro::current->{desc} = "addme init"; 284 $Coro::current->{desc} = "addme init";
172 285
173 my ($user, $pass); 286 my ($user, $pass);
174 287
175 $ns->send_packet ("addme_success"); 288 $ns->send_packet ("addme_success");
176 289
177 for (;;) { 290 for (;;) {
178 $ns->send_drawinfo ( 291 delete $ns->{login_guard};
292
293 send_log $ns,
179 "Please enter your username now. If you are a new user, " 294 "Please enter your username now. If you are a new user, "
180 . "make one up that describes your character best. " 295 . "make one up that describes your character best. "
181 . "Only letters and digits are allowed, though.", 296 . "Only letters and digits are allowed, though.",
182 cf::NDI_BLUE 297 cf::NDI_BLUE | cf::NDI_REPLY
183 ); 298 ;
184 299
185 # read username 300 # read username
186 while () { 301 while () {
187 $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:"; 302 $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:";
188 303
189 if ($cf::LOGIN_LOCK{$user}) { 304 if ($user =~ $VALID_LOGIN) {
190 $ns->send_drawinfo (
191 "That username is currently used in another login session. "
192 . "Chose another, or wait till the other session has ended.",
193 cf::NDI_RED
194 );
195 } elsif ($user =~ /^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z/) {
196 last; 305 last;
197 } else { 306 } else {
198 $ns->send_drawinfo ( 307 send_log $ns,
199 "Your username contains illegal characters " 308 "Your username contains illegal characters "
200 . "(only a-z, A-Z and 0-9 are allowed), " 309 . "(only a-z, A-Z and 0-9 are allowed), "
201 . "or is not between 3 and 20 characters in length.", 310 . "or is not between 3 and 20 characters in length.",
202 cf::NDI_RED 311 cf::NDI_RED | cf::NDI_REPLY
203 ); 312 ;
204 } 313 }
205 Coro::Timer::sleep 0.4; 314 Coro::Timer::sleep 0.4;
206 } 315 }
207 316
208 check_playing $ns, $user and next;
209
210 $Coro::current->{desc} = "addme($user) pass"; 317 $Coro::current->{desc} = "addme($user)";
211 318
212 $ns->send_drawinfo ( 319 send_log $ns,
213 "Welcome $user, please enter your password now. " 320 "Welcome $user, please enter your password now. "
214 . "New users should now choose a password. " 321 . "New users should now choose a password. "
215 . "Anything your client lets you enter is fine.", 322 . "Anything your client lets you enter is fine.",
216 cf::NDI_BLUE 323 cf::NDI_BLUE | cf::NDI_REPLY
217 ); 324 ;
218 325
219 # read password 326 # read password
220 while () { 327 while () {
221 $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:"; 328 $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:";
222 last if $pass =~ /.../; 329 last if $pass =~ /.../;
223 $ns->send_drawinfo ( 330 send_log $ns,
224 "Try to use at least three characters as your password please, " 331 "Try to use at least three characters as your password please, "
225 . "that cannot be too much to ask for :)", 332 . "that cannot be too much to ask for :)",
226 cf::NDI_RED 333 cf::NDI_RED | cf::NDI_REPLY
227 ); 334 ;
228 Coro::Timer::sleep 0.4; 335 Coro::Timer::sleep 0.4;
229 } 336 }
230 337
231 # lock this username for the remainder of this login session 338 $ns->{login_guard} = login_guard $user
232 if ($cf::LOGIN_LOCK{$user}) { 339 or do {
233 $ns->send_drawinfo ( 340 send_log $ns,
234 "That username is currently used in another login session. " 341 "That user is already logged in (or is logging in)."
235 . "Chose another, or wait till the other session has ended.", 342 . "Chose another, or wait till the other session has ended.",
236 cf::NDI_RED 343 cf::NDI_RED | cf::NDI_REPLY
344 ;
345 next;
237 ); 346 };
238 next;
239 }
240 local $cf::LOGIN_LOCK{$user} = 1;
241
242 check_playing $ns, $user and next;
243
244 $Coro::current->{desc} = "addme($user) check";
245 347
246 # try to read the user file and check the password 348 # try to read the user file and check the password
247 if (my $pl = cf::player::find $user) { 349 if (my $pl = cf::player::find $user) {
248 aio_stat $pl->path and next; 350 aio_stat $pl->path and next;
249 my $mtime = (stat _)[9]; 351 my $mtime = (stat _)[9];
250 my $token = $pl->password; 352 my $token = $pl->password;
251 353
252 if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) { 354 if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) {
253 $pl->password (encode_password $pass); # make sure we store the new encoding #d# 355 # player exists and passwords match - we can proceed
254 nuke_str $pass; 356
255 # password matches, wonderful 357 # password matches, wonderful
256 my $pl = cf::player::find $user or next; 358 my $pl = cf::player::find $user or next;
257 $pl->connect ($ns); 359 $pl->connect ($ns);
258 enter_map $pl; 360 enter_map $pl;
361 login $pl;
259 last; 362 return;
260 } elsif (can_cleanup $pl, $mtime) { 363 } elsif (can_cleanup $pl, $mtime) {
261 Coro::Timer::sleep 1; 364 Coro::Timer::sleep 1;
262 365
263 $ns->send_drawinfo ( 366 send_log $ns,
264 "Player exists, but password does not match. If this is your account, " 367 "Player exists, but password does not match. If this is your account, "
265 . "please try again. If not, you can now decide to take over this account " 368 . "please try again. If not, you can now decide to take over this account "
266 . "because it has not been in-use for some time.", 369 . "because it has not been in-use for some time.",
267 cf::NDI_RED 370 cf::NDI_RED | cf::NDI_REPLY
268 ); 371 ;
269 372
270 #TODO: nuke_str
271 (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/ 373 (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/
272 or next; 374 or next;
273 375
274 # check if the file hasn't changed 376 # check if the file hasn't changed
275 aio_stat cf::player::path $user and next; 377 aio_stat cf::player::path $user and next;
277 379
278 $pl->quit_character; 380 $pl->quit_character;
279 381
280 # fall through to creation 382 # fall through to creation
281 } else { 383 } else {
282 nuke_str $pass;
283
284 Coro::Timer::sleep 1; 384 Coro::Timer::sleep 1;
285 385
286 $ns->send_drawinfo ( 386 send_log $ns,
287 "Wrong username or password. Please try again " 387 "Wrong username or password. Please try again "
288 . "(check for Numlock and other semi-obvious error sources).", 388 . "(check for Numlock and other semi-obvious error sources).",
289 cf::NDI_RED 389 cf::NDI_RED | cf::NDI_REPLY
290 ); 390 ;
291 next; 391 next;
292 } 392 }
293 } else { 393 } else {
294 # unable to load the playerfile: 394 # unable to load the playerfile:
295 # check whether the player dir exists, which means the file is corrupted or 395 # check whether the player dir exists, which means the file is corrupted or
296 # something very similar. 396 # something very similar.
297 if (!aio_stat cf::player::playerdir $user) { 397 if (!aio_stat cf::player::playerdir $user) {
298 $ns->send_drawinfo ( 398 send_log $ns,
299 "Unable to retrieve this player. It might be a locked or broken account. " 399 "Unable to retrieve this player. It might be a locked or broken account. "
300 . "If this is your account, ask a dungeon master for assistance. " 400 . "If this is your account, ask a dungeon master for assistance. "
301 . "Otherwise choose a different login name.", 401 . "Otherwise choose a different login name.",
302 cf::NDI_RED 402 cf::NDI_RED | cf::NDI_REPLY
303 ); 403 ;
304 next; 404 next;
305 } 405 }
306 } 406 }
307 407
308 # the rest of this function is character creation
309 $Coro::current->{desc} = "addme($user) chargen";
310
311 # just to make sure nothing is left over
312 # normally, nothing is there.
313 nuke_playerdir $user;
314
315 my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again."; 408 my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again.";
316 409
317 if ($pass2 ne $pass) { 410 if ($pass2 ne $pass) {
318 nuke_str $pass; 411 send_log $ns,
319 nuke_str $pass2;
320 $ns->send_drawinfo (
321 "The passwords do not match, please try again.", 412 "The passwords do not match, please try again.",
322 cf::NDI_RED 413 cf::NDI_RED | cf::NDI_REPLY
323 ); 414 ;
324 Coro::Timer::sleep 0.5; 415 Coro::Timer::sleep 0.5;
325 next; 416 next;
326 } 417 }
327 418
328 nuke_str $pass2;
329
330 my $pl = cf::player::new $user;
331 $pl->password (encode_password $pass);
332 nuke_str $pass;
333 $pl->connect ($ns);
334 my $ob = $pl->ob;
335
336 $ob->goto ($pl->maplevel, $ob->x, $ob->y);
337
338 while () {
339 $ob->update_stats;
340 $pl->save_stats;
341
342 my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
343 "[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?";
344
345 if ($res =~ /^[Nn]/) {
346 last;
347 } elsif ($res > 0 && $res <= 7) {
348 my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?";
349
350 if ($swap > 0 && $swap <= 7) {
351 $ob->swap_stats ($res - 1, $swap - 1);
352 }
353 } else {
354 $ob->roll_stats;
355 }
356
357 Coro::Timer::sleep 0.05;
358 }
359
360 $ob->set_animation (2);
361 $ob->add_statbonus;
362
363 while () {
364 $ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1);
365 my $msg = $ob->msg;
366 $msg =~ s/(?<=\S)\n(?=\S)/ /g;
367 $ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE);
368
369 my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
370 "Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n";
371
372 last if $res =~ /[dD]/;
373
374 $pl->chargen_race_next;
375 Coro::Timer::sleep 0.05;
376 }
377
378 # create the playerdir, if necessary, as chargen_race_done did it before
379 # presumably because of unique maps
380 aio_mkdir playerdir $pl, 0770;
381 $pl->chargen_race_done;
382
383 while () {
384 my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
385 "Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n";
386
387 if ($res =~ /^[fF]/) {
388 $pl->gender (1);
389 last;
390 } elsif ($res =~ /^[mM]/) {
391 $pl->gender (0);
392 last;
393 }
394 Coro::Timer::sleep 0.05;
395 }
396
397 $ob->reply (undef, "Welcome to Deliantra!");
398
399 # XXX: Workaround for delayed client ext protocol handshake
400 $pl->esrv_new_player;
401
402 delete $pl->{deny_save};
403
404 last; 419 last;
405 } 420 }
406 421
407 if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) { 422 chargen $ns, $user, Deliantra::Util::hash_pw $pass;
408 $ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR);
409 }
410 }); 423 });
411}); 424});
425
426cf::client->attach (
427 on_version => sub {
428 my ($ns, $arg) = @_;
429
430 # perl probably uses lrand48, which is not secure at all
431 # maybe require linux and use /dev/urandom.
432 $ns->{nonces} = [map { join "", map { chr rand 256 } 0..63 } 1..2];
433 $ns->ext_msg (nonces => @{ $ns->{nonces} });
434 },
435);
436
437cf::register_async_exticmd create_login => sub {
438 my ($ns, $reply, $user, $pass) = @_;
439
440 $ns->{addme}++ and return $ns->destroy;
441
442 $ns->async (sub {
443 my $fail = sub {
444 $reply->(0, $_[0]);
445 $ns->flush; # does not ensure that the data reaches the client - TODO
446 # need to do this in another thread, as this one gets canceled
447 Coro::async_pool {
448 Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
449 $ns->destroy if $ns->valid;
450 };
451 Coro::schedule; # do the destroy, should not return
452 };
453
454 $user =~ $VALID_LOGIN
455 or return $fail (
456 "Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), "
457 . "or is not between 3 and 20 characters in length."
458 );
459
460 $ns->{login_guard} = login_guard $user
461 or return $fail->("User name '$user' is in use - try another login name.");
462
463 cf::player::find $user
464 and return $fail->("User name '$user' is already registered - choose another login name.");
465
466 $reply->(1, "Account Created");
467
468 chargen $ns, $user, $pass;
469 });
470};
471
472cf::register_async_exticmd login => sub {
473 my ($ns, $reply, $user, $hash) = @_;
474
475 $ns->{addme}++ and return $ns->destroy;
476
477 $ns->async (sub {
478 $Coro::current->{desc} = "login($user)";
479
480 my $fail = sub {
481 $reply->(0, $_[0]);
482 $ns->flush; # does not ensure that the data reaches the client - TODO
483 # need to do this in another thread, as this one gets canceled
484 Coro::async_pool {
485 Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
486 $ns->destroy if $ns->valid;
487 };
488 Coro::schedule; # do the destroy, should not return
489 };
490
491 $ns->{login_guard} = login_guard $user
492 or return $fail->("User '$user' is currently playing or logging in in another session. If that is your "
493 . "user name, make sure you are not running two clients. When in doubt, reboot.");
494
495 # try to read the user file and check the password
496 my $pl = cf::player::find $user
497 or return $fail->("User '$user' does not exist - wrong spelling?");
498
499 aio_stat $pl->path
500 and return $ns->destroy;
501
502 my $mtime = (stat _)[9];
503 my $token = $pl->password;
504
505 $token = $token =~ /^!/
506 ? Deliantra::Util::hash_pw pack "H*", substr $token, 1
507 : pack "H*", $token;
508
509 $token = Deliantra::Util::auth_pw $token, $ns->{nonces}[0], $ns->{nonces}[1];
510
511 $token eq $hash
512 or $cf::CFG{ext_login_nocheck}
513 or return $fail->("User exists, but the password doesn't match - check your spelling, NumLock/CapsLock etc.");
514
515 # player exists and passwords match - we can proceed
516
517 $reply->(1, "Success");
518
519 $pl->connect ($ns);
520 enter_map $pl;
521 login $pl;
522 });
523};
412 524
413cf::register_command password => sub { 525cf::register_command password => sub {
414 my ($pl, $arg) = @_; 526 my ($pl, $arg) = @_;
415 527
416 unless ($pl->flag (cf::FLAG_WIZ)) { 528 unless ($pl->flag (cf::FLAG_WIZ)) {
417 $pl->message ( 529 $pl->message (
418 "The password can currently only changed by a DM.", 530 "The password can currently only changed by a DM.",
419 cf::NDI_UNIQUE | cf::NDI_REPLY); 531 cf::NDI_UNIQUE | cf::NDI_REPLY);
420 return; 532 return;
421 } 533 }
534
535 $pl->message (#d#
536 "Passwords cannot currently be changed.",#d#
537 cf::NDI_UNIQUE | cf::NDI_REPLY);#d#
538 return;#d#
422 539
423 my (@args) = split /\s+/, $arg; 540 my (@args) = split /\s+/, $arg;
424 my ($player, $new_pw) = @args; 541 my ($player, $new_pw) = @args;
425 542
426 if ($pl->flag (cf::FLAG_WIZ) && $player eq '') { 543 if ($pl->flag (cf::FLAG_WIZ) && $player eq '') {

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines