ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/deliantra/server/ext/login.ext
(Generate patch)

Comparing deliantra/server/ext/login.ext (file contents):
Revision 1.125 by root, Sat Nov 17 10:40:22 2012 UTC vs.
Revision 1.137 by root, Mon Dec 19 21:21:10 2022 UTC

7use Deliantra::Util (); 7use Deliantra::Util ();
8 8
9CONF MAX_DISCONNECT_TIME = 3600; 9CONF MAX_DISCONNECT_TIME = 3600;
10 10
11our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>; 11our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>;
12our %LOGIN_LOCK;
13
14# utility function to send messages to the client before
15# we have a player object to format them for. does not
16# escape anything.
17sub send_log ($$$) {
18 $_[0]->send_packet ("msg $_[2] log $_[1]");
19}
12 20
13sub query { 21sub query {
14 my ($ns, $flags, $text) = @_; 22 my ($ns, $flags, $text) = @_;
15 23
16 $ns->query ($flags, $text, Coro::rouse_cb); 24 $ns->query ($flags, $text, Coro::rouse_cb);
17 Coro::rouse_wait 25 Coro::rouse_wait
18} 26}
19 27
20sub can_cleanup { 28sub can_cleanup {
29 # highscore list is not cleared out, rethink
30 # also, admin accounts can be hacked this way, if unused for long.
31 return 0;
32
21 my ($pl, $mtime) = @_; 33 my ($pl, $mtime) = @_;
22 34
23 my $age = time - $mtime; 35 my $age = time - $mtime;
24 my $level = $pl->ob->level; 36 my $level = $pl->ob->level;
25 37
26 ($level <= 3 && $age > 7 * 86400) # 7 days for level 0..3 38 ($level <= 3 && $age > 7 * 86400) # 7 days for level 0..3
27 || ($level <= 9 && $age > 90 * 86400) # 3 months for level 4..9 39 || ($level <= 9 && $age > 90 * 86400) # 3 months for level 4..9
28 || ($level <= 20 && $age > 180 * 86400) # 6 months for level 10..20 40 || ($level <= 20 && $age > 180 * 86400) # 6 months for level 10..20
29 || $age > 700 * 86400 # 2 years for everybody else 41 #|| $age > 700 * 86400 # 2 years for everybody else
30} 42}
31 43
32sub check_playing { 44# return a guard object for a lock on the given username, if available
45sub login_guard {
33 my ($ns, $user) = @_; 46 my ($user) = @_;
34 47
48 exists $LOGIN_LOCK{$user}
49 and return undef;
50
35 return unless cf::player::find_active $user; 51 cf::player::find_active $user
52 and return undef;
36 53
37 $ns->send_drawinfo ( 54 undef $LOGIN_LOCK{$user};
38 "That player is already logged in on this server. " 55 Guard::guard { delete $LOGIN_LOCK{$user} }
39 . "If you want to create a new player, choose another name. "
40 . "If you have already a registered, make sure nobody "
41 . "else is using your account at this time. If you lost your connection "
42 . "then the server will likely timeout within a minute. If you still "
43 . "cannot log-in after a minute, you are still logged in. Make sure "
44 . "you do not have another client running. If you use windows, reboot, "
45 . "this will fix anything.",
46 cf::NDI_RED
47 );
48
49 1
50} 56}
51 57
52sub safe_spot($) { 58sub safe_spot($) {
53 my ($pl) = @_; 59 my ($pl) = @_;
54 60
92 $ob->message ( 98 $ob->message (
93 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. " 99 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
94 . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. " 100 . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. "
95 . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... " 101 . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... "
96 . "H<You disconnected too long without having used a savebed.>", 102 . "H<You disconnected too long without having used a savebed.>",
97 cf::NDI_RED 103 cf::NDI_RED | cf::NDI_REPLY
98 ); 104 );
99 # kill them. 105 # kill them.
100 # reminds me of the famous badness 10000 syndrome... 106 # reminds me of the famous badness 10000 syndrome...
101 $ob->stats->hp (-10000); #] if they survive this they deserved to live 107 $ob->stats->hp (-10000); #] if they survive this they deserved to live
102 my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy; 108 my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy;
106 $ob->message ( 112 $ob->message (
107 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. " 113 "You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
108 . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. " 114 . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. "
109 . "Better use a savebed next time, much worse things could have happened... " 115 . "Better use a savebed next time, much worse things could have happened... "
110 . "H<You disconnected without having used a savebed. When you do that for too long, you might die.>", 116 . "H<You disconnected without having used a savebed. When you do that for too long, you might die.>",
111 cf::NDI_RED 117 cf::NDI_RED | cf::NDI_REPLY
112 ); 118 );
113 } 119 }
114 } else { 120 } else {
115 $ob->message ( 121 $ob->message (
116 "You didn't use a bed to reality to leave this realm. This is very dangerous, " 122 "You didn't use a bed to reality to leave this realm. This is very dangerous, "
117 . "as lots of things could happen when you leave by other means, such as cave-ins, " 123 . "as lots of things could happen when you leave by other means, such as cave-ins, "
118 . "or monsters suddenly snapping your body. Better use a savebed next time. " 124 . "or monsters suddenly snapping your body. Better use a savebed next time. "
119 . "H<Always apply a bed of reality to disconnect from the server.>", 125 . "H<Always apply a bed of reality to disconnect from the server.>",
120 cf::NDI_RED 126 cf::NDI_RED | cf::NDI_REPLY
121 ); 127 );
122 } 128 }
123 } 129 }
124 130
125 $ob->goto ($map, $x, $y); 131 $ob->goto ($map, $x, $y);
126} 132}
127 133
128sub encode_password($) { 134sub encode_password($) {
129 "!" . unpack "H*", $_[0] 135 unpack "H*", Deliantra::Util::hash_pw $_[0]
130} 136}
131 137
132sub compare_password($$) { 138sub compare_password($$) {
133 my ($pass, $token) = @_; 139 my ($pass, $token) = @_;
134 140
135 if ($token =~ /!!(.*)/) { 141 if ($token =~ /!!(.*)/) {
136 return +(substr $pass, 0, 8) eq pack "H*", $1; 142 return +(substr $pass, 0, 8) eq pack "H*", $1;
137 } elsif ($token =~ /!(.*)/) { 143 } elsif ($token =~ /!(.*)/) {
138 return $pass eq pack "H*", $1; 144 return $pass eq pack "H*", $1;
139 } else { 145 } else {
140 return $token eq crypt $pass, $token; 146 return $token eq encode_password $pass;
141 } 147 }
142} 148}
143 149
144# delete a player directory 150# delete a player directory
145sub nuke_playerdir { 151sub nuke_playerdir {
159 # the rest of this function is character creation 165 # the rest of this function is character creation
160 166
161 my $ns = $pl->ns; 167 my $ns = $pl->ns;
162 my $ob = $pl->ob; 168 my $ob = $pl->ob;
163 169
164 $Coro::current->{desc} = "addme(" . $ob->name . ") login";
165
166 delete $pl->{deny_save}; # set by new
167
168 if ($pl->{chargen} eq "init") { 170 if ($pl->{chargen} eq "init") {
171 $ob->goto ($pl->maplevel, $ob->x, $ob->y);
172
169 # create the playerdir, if necessary, as chargen_race_done did it before 173 # create the playerdir, if necessary, as chargen_race_done did it before
170 # presumably because of unique maps 174 # presumably because of unique maps
171 aio_mkdir playerdir $pl, 0770; 175 aio_mkdir playerdir $pl, 0770;
176 delete $pl->{deny_save}; # set by new
172 $pl->save; 177 $pl->save;
173
174 $ob->goto ($pl->maplevel, $ob->x, $ob->y);
175 178
176 $pl->{chargen} = "stats"; 179 $pl->{chargen} = "stats";
177 } 180 }
178 181
179 if ($pl->{chargen} eq "stats") { 182 if ($pl->{chargen} eq "stats") {
197 } 200 }
198 201
199 Coro::Timer::sleep 0.05; 202 Coro::Timer::sleep 0.05;
200 } 203 }
201 204
202 $ob->set_animation (2); 205 $ob->set_anim_frame (2);
203 $ob->add_statbonus; 206 $ob->add_statbonus;
204 207
205 $pl->{chargen} = "race"; 208 $pl->{chargen} = "race";
206 } 209 }
207 210
249 $pl->esrv_new_player; 252 $pl->esrv_new_player;
250 253
251 $pl->{chargen} = "done"; 254 $pl->{chargen} = "done";
252 } 255 }
253 256
257 $ns->update_command_faces;
258
254 $ob->reply (undef, "Welcome to Deliantra!"); 259 $ob->reply (undef, "Welcome to Deliantra!");
255 260
256 if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) { 261 if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) {
257 $pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR); 262 $pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR);
258 } 263 }
259} 264}
260 265
261sub chargen { 266sub chargen {
262 my ($ns, $user, $hasah) = @_; 267 my ($ns, $user, $hash) = @_;
263
264 # lock again, too lazy to make this nicer
265 local $cf::LOGIN_LOCK{$user} = 1;
266 268
267 # just to make sure nothing is left over 269 # just to make sure nothing is left over
268 # normally, nothing is there. 270 # normally, nothing is there.
269 nuke_playerdir $user; 271 nuke_playerdir $user;
270 272
271 my $pl = cf::player::new $user; 273 my $pl = cf::player::new $user;
272 $pl->password (encode_password $pass); 274 $pl->password (unpack "H*", $hash);
273 $pl->connect ($ns); 275 $pl->connect ($ns);
274 276
275 $pl->{chargen} = "init"; 277 $pl->{chargen} = "init";
276 278
277 login $pl; 279 login $pl;
288 my ($user, $pass); 290 my ($user, $pass);
289 291
290 $ns->send_packet ("addme_success"); 292 $ns->send_packet ("addme_success");
291 293
292 for (;;) { 294 for (;;) {
293 $ns->send_drawinfo ( 295 delete $ns->{login_guard};
296
297 send_log $ns,
294 "Please enter your username now. If you are a new user, " 298 "Please enter your username now. If you are a new user, "
295 . "make one up that describes your character best. " 299 . "make one up that describes your character best. "
296 . "Only letters and digits are allowed, though.", 300 . "Only letters and digits are allowed, though.",
297 cf::NDI_BLUE 301 cf::NDI_BLUE | cf::NDI_REPLY
298 ); 302 ;
299 303
300 # read username 304 # read username
301 while () { 305 while () {
302 $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:"; 306 $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:";
303 307
304 if ($cf::LOGIN_LOCK{$user}) {
305 $ns->send_drawinfo (
306 "That username is currently used in another login session. "
307 . "Chose another, or wait till the other session has ended.",
308 cf::NDI_RED
309 );
310 } elsif ($user =~ $VALID_LOGIN) { 308 if ($user =~ $VALID_LOGIN) {
311 last; 309 last;
312 } else { 310 } else {
313 $ns->send_drawinfo ( 311 send_log $ns,
314 "Your username contains illegal characters " 312 "Your username contains illegal characters "
315 . "(only a-z, A-Z and 0-9 are allowed), " 313 . "(only a-z, A-Z and 0-9 are allowed), "
316 . "or is not between 3 and 20 characters in length.", 314 . "or is not between 3 and 20 characters in length.",
317 cf::NDI_RED 315 cf::NDI_RED | cf::NDI_REPLY
318 ); 316 ;
319 } 317 }
320 Coro::Timer::sleep 0.4; 318 Coro::Timer::sleep 0.4;
321 } 319 }
322 320
323 check_playing $ns, $user and next;
324
325 $Coro::current->{desc} = "addme($user) pass"; 321 $Coro::current->{desc} = "addme($user)";
326 322
327 $ns->send_drawinfo ( 323 send_log $ns,
328 "Welcome $user, please enter your password now. " 324 "Welcome $user, please enter your password now. "
329 . "New users should now choose a password. " 325 . "New users should now choose a password. "
330 . "Anything your client lets you enter is fine.", 326 . "Anything your client lets you enter is fine.",
331 cf::NDI_BLUE 327 cf::NDI_BLUE | cf::NDI_REPLY
332 ); 328 ;
333 329
334 # read password 330 # read password
335 while () { 331 while () {
336 $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:"; 332 $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:";
337 last if $pass =~ /.../; 333 last if $pass =~ /.../;
338 $ns->send_drawinfo ( 334 send_log $ns,
339 "Try to use at least three characters as your password please, " 335 "Try to use at least three characters as your password please, "
340 . "that cannot be too much to ask for :)", 336 . "that cannot be too much to ask for :)",
341 cf::NDI_RED 337 cf::NDI_RED | cf::NDI_REPLY
342 ); 338 ;
343 Coro::Timer::sleep 0.4; 339 Coro::Timer::sleep 0.4;
344 } 340 }
345 341
346 # lock this username for the remainder of this login session 342 $ns->{login_guard} = login_guard $user
347 if ($cf::LOGIN_LOCK{$user}) { 343 or do {
348 $ns->send_drawinfo ( 344 send_log $ns,
349 "That username is currently used in another login session. " 345 "That user is already logged in (or is logging in)."
350 . "Chose another, or wait till the other session has ended.", 346 . "Chose another, or wait till the other session has ended.",
351 cf::NDI_RED 347 cf::NDI_RED | cf::NDI_REPLY
348 ;
349 next;
352 ); 350 };
353 next;
354 }
355 local $cf::LOGIN_LOCK{$user} = 1;
356
357 check_playing $ns, $user and next;
358
359 $Coro::current->{desc} = "addme($user) check";
360 351
361 # try to read the user file and check the password 352 # try to read the user file and check the password
362 if (my $pl = cf::player::find $user) { 353 if (my $pl = cf::player::find $user) {
363 aio_stat $pl->path and next; 354 aio_stat $pl->path and next;
364 my $mtime = (stat _)[9]; 355 my $mtime = (stat _)[9];
374 login $pl; 365 login $pl;
375 return; 366 return;
376 } elsif (can_cleanup $pl, $mtime) { 367 } elsif (can_cleanup $pl, $mtime) {
377 Coro::Timer::sleep 1; 368 Coro::Timer::sleep 1;
378 369
379 $ns->send_drawinfo ( 370 send_log $ns,
380 "Player exists, but password does not match. If this is your account, " 371 "Player exists, but password does not match. If this is your account, "
381 . "please try again. If not, you can now decide to take over this account " 372 . "please try again. If not, you can now decide to take over this account "
382 . "because it has not been in-use for some time.", 373 . "because it has not been in-use for some time.",
383 cf::NDI_RED 374 cf::NDI_RED | cf::NDI_REPLY
384 ); 375 ;
385 376
386 (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/ 377 (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/
387 or next; 378 or next;
388 379
389 # check if the file hasn't changed 380 # check if the file hasn't changed
394 385
395 # fall through to creation 386 # fall through to creation
396 } else { 387 } else {
397 Coro::Timer::sleep 1; 388 Coro::Timer::sleep 1;
398 389
399 $ns->send_drawinfo ( 390 send_log $ns,
400 "Wrong username or password. Please try again " 391 "Wrong username or password. Please try again "
401 . "(check for Numlock and other semi-obvious error sources).", 392 . "(check for Numlock and other semi-obvious error sources).",
402 cf::NDI_RED 393 cf::NDI_RED | cf::NDI_REPLY
403 ); 394 ;
404 next; 395 next;
405 } 396 }
406 } else { 397 } else {
407 # unable to load the playerfile: 398 # unable to load the playerfile:
408 # check whether the player dir exists, which means the file is corrupted or 399 # check whether the player dir exists, which means the file is corrupted or
409 # something very similar. 400 # something very similar.
410 if (!aio_stat cf::player::playerdir $user) { 401 if (!aio_stat cf::player::playerdir $user) {
411 $ns->send_drawinfo ( 402 send_log $ns,
412 "Unable to retrieve this player. It might be a locked or broken account. " 403 "Unable to retrieve this player. It might be a locked or broken account. "
413 . "If this is your account, ask a dungeon master for assistance. " 404 . "If this is your account, ask a dungeon master for assistance. "
414 . "Otherwise choose a different login name.", 405 . "Otherwise choose a different login name.",
415 cf::NDI_RED 406 cf::NDI_RED | cf::NDI_REPLY
416 ); 407 ;
417 next; 408 next;
418 } 409 }
419 } 410 }
420 411
421 my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again."; 412 my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again.";
422 413
423 if ($pass2 ne $pass) { 414 if ($pass2 ne $pass) {
424 $ns->send_drawinfo ( 415 send_log $ns,
425 "The passwords do not match, please try again.", 416 "The passwords do not match, please try again.",
426 cf::NDI_RED 417 cf::NDI_RED | cf::NDI_REPLY
427 ); 418 ;
428 Coro::Timer::sleep 0.5; 419 Coro::Timer::sleep 0.5;
429 next; 420 next;
430 } 421 }
431 422
432 last; 423 last;
457 $reply->(0, $_[0]); 448 $reply->(0, $_[0]);
458 $ns->flush; # does not ensure that the data reaches the client - TODO 449 $ns->flush; # does not ensure that the data reaches the client - TODO
459 # need to do this in another thread, as this one gets canceled 450 # need to do this in another thread, as this one gets canceled
460 Coro::async_pool { 451 Coro::async_pool {
461 Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack 452 Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
462 $ns->destroy; 453 $ns->destroy if $ns->valid;
463 }; 454 };
464 Coro::schedule; # do the destroy, should not return 455 Coro::schedule; # do the destroy, should not return
465 }; 456 };
466 457
467 $user =~ $VALID_LOGIN 458 $user =~ $VALID_LOGIN
468 or return $fail ( 459 or return $fail (
469 "Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), " 460 "Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), "
470 . "or is not between 3 and 20 characters in length." 461 . "or is not between 3 and 20 characters in length."
471 ); 462 );
472 463
464 $ns->{login_guard} = login_guard $user
465 or return $fail->("User name '$user' is in use - try another login name.");
466
473 cf::player::find $user 467 cf::player::find $user
474 and return $fail->("User '$user' already exists - choose another login name."); 468 and return $fail->("User name '$user' is already registered - choose another login name.");
475 469
476 chargen $ns, $user, Deliantra::Util::hash_pw $pass; 470 $reply->(1, "Account Created");
471
472 chargen $ns, $user, $pass;
477 }); 473 });
478}; 474};
479 475
480cf::register_async_exticmd login => sub { 476cf::register_async_exticmd login => sub {
481 my ($ns, $reply, $user, $hash) = @_; 477 my ($ns, $reply, $user, $hash) = @_;
482 478
483 $ns->{addme}++ and return $ns->destroy; 479 $ns->{addme}++ and return $ns->destroy;
484 480
485 $ns->async (sub { 481 $ns->async (sub {
486 local $cf::LOGIN_LOCK{$user} = 1;
487
488 $Coro::current->{desc} = "login($user) check"; 482 $Coro::current->{desc} = "login($user)";
489 483
490 my $fail = sub { 484 my $fail = sub {
491 $reply->(0, $_[0]); 485 $reply->(0, $_[0]);
492 $ns->flush; # does not ensure that the data reaches the client - TODO 486 $ns->flush; # does not ensure that the data reaches the client - TODO
493 # need to do this in another thread, as this one gets canceled 487 # need to do this in another thread, as this one gets canceled
494 Coro::async_pool { 488 Coro::async_pool {
495 Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack 489 Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
496 $ns->destroy; 490 $ns->destroy if $ns->valid;
497 }; 491 };
498 Coro::schedule; # do the destroy, should not return 492 Coro::schedule; # do the destroy, should not return
499 }; 493 };
494
495 $ns->{login_guard} = login_guard $user
496 or return $fail->("User '$user' is currently playing or logging in in another session. If that is your "
497 . "user name, make sure you are not running two clients. When in doubt, reboot.");
500 498
501 # try to read the user file and check the password 499 # try to read the user file and check the password
502 my $pl = cf::player::find $user 500 my $pl = cf::player::find $user
503 or return $fail->("User '$user' does not exist - wrong spelling?"); 501 or return $fail->("User '$user' does not exist - wrong spelling?");
504 502

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines