server/ext/login.ext

#! perl # mandatory depends=highscore

# login handling

use Fcntl;
use Coro::AIO;
use Deliantra::Util ();

CONF MAX_DISCONNECT_TIME = 3600;

our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>;

sub query {
   my ($ns, $flags, $text) = @_;

   $ns->query ($flags, $text, Coro::rouse_cb);
   Coro::rouse_wait
}

sub can_cleanup {
   my ($pl, $mtime) = @_;

   my $age = time - $mtime;
   my $level = $pl->ob->level;

   ($level <= 3 && $age > 7 * 86400)            # 7 days for level 0..3
   || ($level <= 9 && $age > 90 * 86400)        # 3 months for level 4..9
   || ($level <= 20 && $age > 180 * 86400)      # 6 months for level 10..20
   || $age > 700 * 86400                        # 2 years for everybody else
}

sub check_playing {
   my ($ns, $user) = @_;

   return unless cf::player::find_active $user;

   $ns->send_drawinfo (
      "That player is already logged in on this server. "
    . "If you want to create a new player, choose another name. "
    . "If you have already a registered, make sure nobody "
    . "else is using your account at this time. If you lost your connection "
    . "then the server will likely timeout within a minute. If you still "
    . "cannot log-in after a minute, you are still logged in. Make sure "
    . "you do not have another client running. If you use windows, reboot, "
    . "this will fix anything.",
      cf::NDI_RED
   );

   1
}

sub safe_spot($) {
   my ($pl) = @_;
   
   my $ob = $pl->ob;

   my $m = $ob->map
      or return;
   my $x = $ob->x;
   my $y = $ob->y;

   # never happens normally, but helps when shell users make mistakes
   $m->linkable
      or return 1;

   scalar grep $_->type == cf::SAVEBED, $m->at ($x, $y)
}

sub enter_map {
   my ($pl) = @_;

   my $ob = $pl->ob;

   my ($map, $x, $y)
      = $ob->{_link_pos}
        ? @{delete $ob->{_link_pos}}
        : ($pl->maplevel, $ob->x, $ob->y);

   $ob->enter_link;

   my $m = cf::map::find $map;
   my $time = delete $pl->{unclean_save};

   if ($time && $m) {
      if ($time < $m->{instantiate_time}) {
         # the map was reset in the meantime
         my $age = $cf::RUNTIME - $time;

         cf::info $ob->name, " map reset after logout, logout age $age (>= $MAX_DISCONNECT_TIME)\n";#d#

         if ($age >= $MAX_DISCONNECT_TIME) {
            $ob->message (
               "You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
             . "Unfortunately, nobody was near to help you when the monsters arrived to eat you. "
             . "Maybe you can find comfort in the thought that your body was quite satisfying in taste... "
             . "H<You disconnected too long without having used a savebed.>",
               cf::NDI_RED
            );
            # kill them.
            # reminds me of the famous badness 10000 syndrome...
            $ob->stats->hp (-10000); #] if they survive this they deserved to live
            my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy;
         } else {
            ($map, $x, $y) = $pl->savebed;

            $ob->message (
               "You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
             . "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. "
             . "Better use a savebed next time, much worse things could have happened... "
             . "H<You disconnected without having used a savebed. When you do that for too long, you might die.>",
               cf::NDI_RED
            );
         }
      } else {
         $ob->message (
            "You didn't use a bed to reality to leave this realm. This is very dangerous, "
          . "as lots of things could happen when you leave by other means, such as cave-ins, "
          . "or monsters suddenly snapping your body. Better use a savebed next time. "
          . "H<Always apply a bed of reality to disconnect from the server.>",
            cf::NDI_RED
         );
      }
   }

   $ob->goto ($map, $x, $y);
}

sub encode_password($) {
   unpack "H*", Deliantra::Util::hash_pw $_[0]
}

sub compare_password($$) {
   my ($pass, $token) = @_;

   if ($token =~ /!!(.*)/) {
      return +(substr $pass, 0, 8) eq pack "H*", $1;
   } elsif ($token =~ /!(.*)/) {
      return $pass eq pack "H*", $1;
   } else {
      return $token eq crypt $pass, $token;
   }
}

# delete a player directory
sub nuke_playerdir {
   my ($user) = @_;

   my $lock = cf::lock_acquire "ext::login::nuke_playerdir";

   my $temp = "$PLAYERDIR/~$Coro::current~deleting~";
   aio_rename "$PLAYERDIR/$user", $temp;
   IO::AIO::aio_rmtree $temp;
}

sub login {
   my ($pl) = @_;

   # handle character creation, if neccessary
   # the rest of this function is character creation

   my $ns = $pl->ns;
   my $ob = $pl->ob;

   $Coro::current->{desc} = "addme(" . $ob->name . ") login";

   if ($pl->{chargen} eq "init") {
      $ob->goto ($pl->maplevel, $ob->x, $ob->y);

      # create the playerdir, if necessary, as chargen_race_done did it before
      # presumably because of unique maps
      aio_mkdir playerdir $pl, 0770;
      delete $pl->{deny_save}; # set by new
      $pl->save;

      $pl->{chargen} = "stats";
   }

   if ($pl->{chargen} eq "stats") {
      while () {
         $ob->update_stats;
         $pl->save_stats;

         my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
                      "[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?";

         if ($res =~ /^[Nn]/) {
            last;
         } elsif ($res > 0 && $res <= 7) {
            my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?";

            if ($swap > 0 && $swap <= 7) {
               $ob->swap_stats ($res - 1, $swap - 1);
            }
         } else {
            $ob->roll_stats;
         }

         Coro::Timer::sleep 0.05;
      }

      $ob->set_animation (2);
      $ob->add_statbonus;

      $pl->{chargen} = "race";
   }

   if ($pl->{chargen} eq "race") {
      while () {
         $ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1);
         my $msg = $ob->msg;
         $msg =~ s/(?<=\S)\n(?=\S)/ /g;
         $ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE);

         my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
                      "Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n";

         last if $res =~ /[dD]/;

         $pl->chargen_race_next;
         Coro::Timer::sleep 0.05;
      }

      $pl->chargen_race_done;
      $pl->{chargen} = "gender";
   }

   if ($pl->{chargen} eq "race") {
      while () {
         my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
                      "Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n";

         if ($res =~ /^[fF]/) {
            $pl->gender (1);
            last;
         } elsif ($res =~ /^[mM]/) {
            $pl->gender (0);
            last;
         }
         Coro::Timer::sleep 0.05;
      }
      $pl->{chargen} = "done";
   }

   $ns->state (cf::ST_PLAYING);

   if ($pl->{chargen} eq "done") {
      # XXX: Workaround for delayed client ext protocol handshake
      $pl->esrv_new_player;

      $pl->{chargen} = "done";
   }

   $ob->reply (undef, "Welcome to Deliantra!");

   if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) {
      $pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR);
   }
}

sub chargen {
   my ($ns, $user, $hash) = @_;

   # lock again, too lazy to make this nicer
   local $cf::LOGIN_LOCK{$user} = 1;

   # just to make sure nothing is left over
   # normally, nothing is there.
   nuke_playerdir $user;

   my $pl = cf::player::new $user;
   $pl->password (unpack "H*", $hash);
   $pl->connect ($ns);

   $pl->{chargen} = "init";

   login $pl;
}

cf::client->attach (on_addme => sub {
   my ($ns) = @_;

   $ns->{addme}++ and return $ns->destroy;

   $ns->async (sub {
      $Coro::current->{desc} = "addme init";

      my ($user, $pass);

      $ns->send_packet ("addme_success");

      for (;;) {
         $ns->send_drawinfo (
            "Please enter your username now. If you are a new user, "
          . "make one up that describes your character best. "
          . "Only letters and digits are allowed, though.",
            cf::NDI_BLUE
         );

         # read username
         while () {
            $user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:";

            if ($cf::LOGIN_LOCK{$user}) {
               $ns->send_drawinfo (
                  "That username is currently used in another login session. "
                . "Chose another, or wait till the other session has ended.",
                  cf::NDI_RED
               );
            } elsif ($user =~ $VALID_LOGIN) {
               last;
            } else {
               $ns->send_drawinfo (
                  "Your username contains illegal characters "
                . "(only a-z, A-Z and 0-9 are allowed), "
                . "or is not between 3 and 20 characters in length.",
                  cf::NDI_RED
               );
            }
            Coro::Timer::sleep 0.4;
         }

         check_playing $ns, $user and next;

         $Coro::current->{desc} = "addme($user) pass";

         $ns->send_drawinfo (
            "Welcome $user, please enter your password now. "
          . "New users should now choose a password. "
          . "Anything your client lets you enter is fine.",
            cf::NDI_BLUE
         );

         # read password
         while () {
            $pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:";
            last if $pass =~ /.../;
            $ns->send_drawinfo (
               "Try to use at least three characters as your password please, "
             . "that cannot be too much to ask for :)",
               cf::NDI_RED
            );
            Coro::Timer::sleep 0.4;
         }

         # lock this username for the remainder of this login session
         if ($cf::LOGIN_LOCK{$user}) {
            $ns->send_drawinfo (
               "That username is currently used in another login session. "
             . "Chose another, or wait till the other session has ended.",
               cf::NDI_RED
            );
            next;
         }
         local $cf::LOGIN_LOCK{$user} = 1;

         check_playing $ns, $user and next;

         $Coro::current->{desc} = "addme($user) check";

         # try to read the user file and check the password
         if (my $pl = cf::player::find $user) {
            aio_stat $pl->path and next;
            my $mtime = (stat _)[9];
            my $token = $pl->password;

            if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) {
               # player exists and passwords match - we can proceed

               # password matches, wonderful
               my $pl = cf::player::find $user or next;
               $pl->connect ($ns);
               enter_map $pl;
               login $pl;
               return;
            } elsif (can_cleanup $pl, $mtime) {
               Coro::Timer::sleep 1;

               $ns->send_drawinfo (
                  "Player exists, but password does not match. If this is your account, "
                . "please try again. If not, you can now decide to take over this account "
                . "because it has not been in-use for some time.",
                  cf::NDI_RED
               );

               (query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/
                  or next;

               # check if the file hasn't changed
               aio_stat cf::player::path $user and next;
               $mtime == (stat _)[9] or next;

               $pl->quit_character;

               # fall through to creation
            } else {
               Coro::Timer::sleep 1;

               $ns->send_drawinfo (
                  "Wrong username or password. Please try again "
                . "(check for Numlock and other semi-obvious error sources).",
                  cf::NDI_RED
               );
               next;
            }
         } else {
            # unable to load the playerfile:
            # check whether the player dir exists, which means the file is corrupted or
            # something very similar.
            if (!aio_stat cf::player::playerdir $user) {
               $ns->send_drawinfo (
                  "Unable to retrieve this player. It might be a locked or broken account. "
                . "If this is your account, ask a dungeon master for assistance. "
                . "Otherwise choose a different login name.",
                  cf::NDI_RED
               );
               next;
            }
         }

         my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again.";

         if ($pass2 ne $pass) {
            $ns->send_drawinfo (
               "The passwords do not match, please try again.",
               cf::NDI_RED
            );
            Coro::Timer::sleep 0.5;
            next;
         }

         last;
      }

      chargen $ns, $user, Deliantra::Util::hash_pw $pass;
   });
});

cf::client->attach (
   on_version => sub {
      my ($ns, $arg) = @_;

      # perl probably uses lrand48, which is not secure at all
      # maybe require linux and use /dev/urandom.
      $ns->{nonces} = [map { join "", map { chr rand 256 } 0..63  } 1..2];
      $ns->ext_msg (nonces => @{ $ns->{nonces} });
   },
);

cf::register_async_exticmd create_login => sub {
   my ($ns, $reply, $user, $pass) = @_;

   $ns->{addme}++ and return $ns->destroy;

   $ns->async (sub {
      my $fail = sub {
         $reply->(0, $_[0]);
         $ns->flush; # does not ensure that the data reaches the client - TODO
         # need to do this in another thread, as this one gets canceled
         Coro::async_pool {
            Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
            $ns->destroy if $ns->valid;
         };
         Coro::schedule; # do the destroy, should not return
      };

      $user =~ $VALID_LOGIN
         or return $fail (
               "Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), "
             . "or is not between 3 and 20 characters in length."
            );

      cf::player::find $user
         and return $fail->("User '$user' already exists - choose another login name.");

      $reply->(1, "Account Created");

      chargen $ns, $user, $pass;
   });
};

cf::register_async_exticmd login => sub {
   my ($ns, $reply, $user, $hash) = @_;

   $ns->{addme}++ and return $ns->destroy;

   $ns->async (sub {
      local $cf::LOGIN_LOCK{$user} = 1;

      $Coro::current->{desc} = "login($user) check";

      my $fail = sub {
         $reply->(0, $_[0]);
         $ns->flush; # does not ensure that the data reaches the client - TODO
         # need to do this in another thread, as this one gets canceled
         Coro::async_pool {
            Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
            $ns->destroy if $ns->valid;
         };
         Coro::schedule; # do the destroy, should not return
      };

      # try to read the user file and check the password
      my $pl = cf::player::find $user
         or return $fail->("User '$user' does not exist - wrong spelling?");

      aio_stat $pl->path
         and return $ns->destroy;

      my $mtime = (stat _)[9];
      my $token = $pl->password;

      $token = $token =~ /^!/
               ? Deliantra::Util::hash_pw pack "H*", substr $token, 1
               : pack "H*", $token;

      $token = Deliantra::Util::auth_pw $token, $ns->{nonces}[0], $ns->{nonces}[1];

      $token eq $hash
         or $cf::CFG{ext_login_nocheck}
         or return $fail->("User exists, but the password doesn't match - check your spelling, NumLock/CapsLock etc.");
      
      # player exists and passwords match - we can proceed

      $reply->(1, "Success");

      $pl->connect ($ns);
      enter_map $pl;
      login $pl;
   });
};

cf::register_command password => sub {
   my ($pl, $arg) = @_;

   unless ($pl->flag (cf::FLAG_WIZ)) {
      $pl->message (
         "The password can currently only changed by a DM.",
         cf::NDI_UNIQUE | cf::NDI_REPLY);
      return;
   }

   $pl->message (#d#
      "Passwords cannot currently be changed.",#d#
      cf::NDI_UNIQUE | cf::NDI_REPLY);#d#
   return;#d#

   my (@args) = split /\s+/, $arg;
   my ($player, $new_pw) = @args;

   if ($pl->flag (cf::FLAG_WIZ) && $player eq '') {
      $pl->message (
         "Usage: password <player> [<new password>]",
         cf::NDI_UNIQUE | cf::NDI_REPLY);
      return;
   }

   if ($new_pw eq '') {
      $new_pw =
         join '',
            map { ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64)] }
               1..9;
   }

   cf::async {
      my $plc = cf::player::find $player;
      if ($plc) {
         $plc->password (encode_password $new_pw);
         $pl->message (
            "Ok, changed password of '$player' to '$new_pw'!",
            cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY);
      } else {
         $pl->message (
            "Fail! Couldn't set password for '$player', "
            . "he doesn't seem to exist!",
            cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY);
      }
   };
};

cf::register_command quit => sub {
   my ($ob, $arg) = @_;

   $ob->send_msg (undef,
                  "Quitting will delete your character PERMANENTLY: It will be gone forever and any progress will be lost. "
                  . "If you are sure you want to do this, then use the quit_character command instead of quit.",
                  cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY);
};

cf::register_command quit_character => sub {
   my ($ob, $arg) = @_;

   my $pl = $ob->contr;

   $pl->ns->query (cf::CS_QUERY_SINGLECHAR, "Do you want to PERMANENTLY delete your character and all associated data (y/n)?", sub {
      if ($_[0] !~ /^[yY]/) {
         $ob->send_msg (undef, "Ok, not not quitting then.", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY);
      } else {
         $ob->send_msg (undef, "Ok, quitting, hope to see you again.", cf::NDI_UNIQUE | cf::NDI_RED | cf::NDI_REPLY);
         cf::async {
            $pl->quit_character;
         };
      }
   });
};

cf::object->attach (
   type     => cf::SAVEBED,
   on_apply => sub {
      my ($bed, $ob) = @_;

      return cf::override 0 unless $ob->type == cf::PLAYER;

      my $pl = $ob->contr;

      # update respawn position
      $pl->savebed ($bed->map->path, $bed->x, $bed->y);

      cf::async {
         my $killer = cf::arch::get "killer_logout"; $pl->killer ($killer); $killer->destroy;
         ext::highscore::check $ob;

         $pl->save;

         $ob->send_msg ($cf::SAY_CHANNEL => "In the future, you will wake up here when you die.", cf::NDI_DEF | cf::NDI_REPLY);

         my $ns = $pl->ns
            or return;

         $ns->query (cf::CS_QUERY_SINGLECHAR, "Do you want to continue playing (y/n)?", sub {
            if ($_[0] !~ /^[yY]/) {
               $pl->invoke (cf::EVENT_PLAYER_LOGOUT, 1);
               $pl->deactivate;
               $pl->ns->destroy;
            }
         });
      };
   },
);

cf::player->attach (
   on_login  => sub {
      my ($pl) = @_;
      my $name = $pl->ob->name;

      $_->ob->message ("$name has entered the game.", cf::NDI_DK_ORANGE | cf::NDI_UNIQUE) for cf::player::list;
   },
   on_logout => sub {
      my ($pl, $cleanly) = @_;
      my $name = $pl->ob->name;

      if ($cleanly) {
         $_->ob->message ("$name left the game.", cf::NDI_DK_ORANGE | cf::NDI_UNIQUE) for cf::player::list;
      } else {
         $_->ob->message ("$name uncerimoniously disconnected.", cf::NDI_DK_ORANGE | cf::NDI_UNIQUE) for cf::player::list;
         $pl->{unclean_save} = $cf::RUNTIME
            unless safe_spot $pl;
      }
   },
);

Revision:	1.128
Committed:	Sat Nov 17 12:02:43 2012 UTC (11 years, 6 months ago) by root
Branch:	MAIN
Changes since 1.127:	+2 -0 lines
Log Message:	* empty log message *
#	Content
1	#! perl # mandatory depends=highscore
2
3	# login handling
4
5	use Fcntl;
6	use Coro::AIO;
7	use Deliantra::Util ();
8
9	CONF MAX_DISCONNECT_TIME = 3600;
10
11	our $VALID_LOGIN = qr<^[a-zA-Z0-9][a-zA-Z0-9\-_]{2,19}\z>;
12
13	sub query {
14	my ($ns, $flags, $text) = @_;
15
16	$ns->query ($flags, $text, Coro::rouse_cb);
17	Coro::rouse_wait
18	}
19
20	sub can_cleanup {
21	my ($pl, $mtime) = @_;
22
23	my $age = time - $mtime;
24	my $level = $pl->ob->level;
25
26	($level <= 3 && $age > 7 * 86400) # 7 days for level 0..3
27	\|\| ($level <= 9 && $age > 90 * 86400) # 3 months for level 4..9
28	\|\| ($level <= 20 && $age > 180 * 86400) # 6 months for level 10..20
29	\|\| $age > 700 * 86400 # 2 years for everybody else
30	}
31
32	sub check_playing {
33	my ($ns, $user) = @_;
34
35	return unless cf::player::find_active $user;
36
37	$ns->send_drawinfo (
38	"That player is already logged in on this server. "
39	. "If you want to create a new player, choose another name. "
40	. "If you have already a registered, make sure nobody "
41	. "else is using your account at this time. If you lost your connection "
42	. "then the server will likely timeout within a minute. If you still "
43	. "cannot log-in after a minute, you are still logged in. Make sure "
44	. "you do not have another client running. If you use windows, reboot, "
45	. "this will fix anything.",
46	cf::NDI_RED
47	);
48
49	1
50	}
51
52	sub safe_spot($) {
53	my ($pl) = @_;
54
55	my $ob = $pl->ob;
56
57	my $m = $ob->map
58	or return;
59	my $x = $ob->x;
60	my $y = $ob->y;
61
62	# never happens normally, but helps when shell users make mistakes
63	$m->linkable
64	or return 1;
65
66	scalar grep $_->type == cf::SAVEBED, $m->at ($x, $y)
67	}
68
69	sub enter_map {
70	my ($pl) = @_;
71
72	my $ob = $pl->ob;
73
74	my ($map, $x, $y)
75	= $ob->{_link_pos}
76	? @{delete $ob->{_link_pos}}
77	: ($pl->maplevel, $ob->x, $ob->y);
78
79	$ob->enter_link;
80
81	my $m = cf::map::find $map;
82	my $time = delete $pl->{unclean_save};
83
84	if ($time && $m) {
85	if ($time < $m->{instantiate_time}) {
86	# the map was reset in the meantime
87	my $age = $cf::RUNTIME - $time;
88
89	cf::info $ob->name, " map reset after logout, logout age $age (>= $MAX_DISCONNECT_TIME)\n";#d#
90
91	if ($age >= $MAX_DISCONNECT_TIME) {
92	$ob->message (
93	"You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
94	. "Unfortunately, nobody was near to help you when the monsters arrived to eat you. "
95	. "Maybe you can find comfort in the thought that your body was quite satisfying in taste... "
96	. "H<You disconnected too long without having used a savebed.>",
97	cf::NDI_RED
98	);
99	# kill them.
100	# reminds me of the famous badness 10000 syndrome...
101	$ob->stats->hp (-10000); #] if they survive this they deserved to live
102	my $killer = cf::arch::get "killer_login"; $pl->killer ($killer); $killer->destroy;
103	} else {
104	($map, $x, $y) = $pl->savebed;
105
106	$ob->message (
107	"You didn't use a bed to reality to leave this realm, leaving your body in great danger. "
108	. "Fortunately, some friendly dwellers found you, checked your passport, and brought you to safety. "
109	. "Better use a savebed next time, much worse things could have happened... "
110	. "H<You disconnected without having used a savebed. When you do that for too long, you might die.>",
111	cf::NDI_RED
112	);
113	}
114	} else {
115	$ob->message (
116	"You didn't use a bed to reality to leave this realm. This is very dangerous, "
117	. "as lots of things could happen when you leave by other means, such as cave-ins, "
118	. "or monsters suddenly snapping your body. Better use a savebed next time. "
119	. "H<Always apply a bed of reality to disconnect from the server.>",
120	cf::NDI_RED
121	);
122	}
123	}
124
125	$ob->goto ($map, $x, $y);
126	}
127
128	sub encode_password($) {
129	unpack "H*", Deliantra::Util::hash_pw $_[0]
130	}
131
132	sub compare_password($$) {
133	my ($pass, $token) = @_;
134
135	if ($token =~ /!!(.*)/) {
136	return +(substr $pass, 0, 8) eq pack "H*", $1;
137	} elsif ($token =~ /!(.*)/) {
138	return $pass eq pack "H*", $1;
139	} else {
140	return $token eq crypt $pass, $token;
141	}
142	}
143
144	# delete a player directory
145	sub nuke_playerdir {
146	my ($user) = @_;
147
148	my $lock = cf::lock_acquire "ext::login::nuke_playerdir";
149
150	my $temp = "$PLAYERDIR/~$Coro::current~deleting~";
151	aio_rename "$PLAYERDIR/$user", $temp;
152	IO::AIO::aio_rmtree $temp;
153	}
154
155	sub login {
156	my ($pl) = @_;
157
158	# handle character creation, if neccessary
159	# the rest of this function is character creation
160
161	my $ns = $pl->ns;
162	my $ob = $pl->ob;
163
164	$Coro::current->{desc} = "addme(" . $ob->name . ") login";
165
166	if ($pl->{chargen} eq "init") {
167	$ob->goto ($pl->maplevel, $ob->x, $ob->y);
168
169	# create the playerdir, if necessary, as chargen_race_done did it before
170	# presumably because of unique maps
171	aio_mkdir playerdir $pl, 0770;
172	delete $pl->{deny_save}; # set by new
173	$pl->save;
174
175	$pl->{chargen} = "stats";
176	}
177
178	if ($pl->{chargen} eq "stats") {
179	while () {
180	$ob->update_stats;
181	$pl->save_stats;
182
183	my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
184	"[y] to roll new stats [n] to use stats\n[1-7] [1-7] to swap stats.\nRoll again (y/n/1-7)?";
185
186	if ($res =~ /^[Nn]/) {
187	last;
188	} elsif ($res > 0 && $res <= 7) {
189	my $swap = query $ns, cf::CS_QUERY_SINGLECHAR, "Swap stat with (will not roll new stats) [1-7]?";
190
191	if ($swap > 0 && $swap <= 7) {
192	$ob->swap_stats ($res - 1, $swap - 1);
193	}
194	} else {
195	$ob->roll_stats;
196	}
197
198	Coro::Timer::sleep 0.05;
199	}
200
201	$ob->set_animation (2);
202	$ob->add_statbonus;
203
204	$pl->{chargen} = "race";
205	}
206
207	if ($pl->{chargen} eq "race") {
208	while () {
209	$ns->send_msg ("chargen-race-title", ucfirst $pl->title, -1);
210	my $msg = $ob->msg;
211	$msg =~ s/(?<=\S)\n(?=\S)/ /g;
212	$ns->send_msg ("chargen-race-description", $msg, cf::NDI_BLUE);
213
214	my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
215	"Now choose a character.\nPress any key to change outlook.\nPress `d' when you're pleased.\n";
216
217	last if $res =~ /[dD]/;
218
219	$pl->chargen_race_next;
220	Coro::Timer::sleep 0.05;
221	}
222
223	$pl->chargen_race_done;
224	$pl->{chargen} = "gender";
225	}
226
227	if ($pl->{chargen} eq "race") {
228	while () {
229	my $res = query $ns, cf::CS_QUERY_SINGLECHAR,
230	"Now choose a gender.\nPress 'f' to become female, and 'm' to become male.\n";
231
232	if ($res =~ /^[fF]/) {
233	$pl->gender (1);
234	last;
235	} elsif ($res =~ /^[mM]/) {
236	$pl->gender (0);
237	last;
238	}
239	Coro::Timer::sleep 0.05;
240	}
241	$pl->{chargen} = "done";
242	}
243
244	$ns->state (cf::ST_PLAYING);
245
246	if ($pl->{chargen} eq "done") {
247	# XXX: Workaround for delayed client ext protocol handshake
248	$pl->esrv_new_player;
249
250	$pl->{chargen} = "done";
251	}
252
253	$ob->reply (undef, "Welcome to Deliantra!");
254
255	if (0 < Coro::AIO::aio_load "$cf::CONFDIR/motd", my $motd) {
256	$pl->ns->send_msg ("c/motd" => $motd, cf::NDI_CLEAR);
257	}
258	}
259
260	sub chargen {
261	my ($ns, $user, $hash) = @_;
262
263	# lock again, too lazy to make this nicer
264	local $cf::LOGIN_LOCK{$user} = 1;
265
266	# just to make sure nothing is left over
267	# normally, nothing is there.
268	nuke_playerdir $user;
269
270	my $pl = cf::player::new $user;
271	$pl->password (unpack "H*", $hash);
272	$pl->connect ($ns);
273
274	$pl->{chargen} = "init";
275
276	login $pl;
277	}
278
279	cf::client->attach (on_addme => sub {
280	my ($ns) = @_;
281
282	$ns->{addme}++ and return $ns->destroy;
283
284	$ns->async (sub {
285	$Coro::current->{desc} = "addme init";
286
287	my ($user, $pass);
288
289	$ns->send_packet ("addme_success");
290
291	for (;;) {
292	$ns->send_drawinfo (
293	"Please enter your username now. If you are a new user, "
294	. "make one up that describes your character best. "
295	. "Only letters and digits are allowed, though.",
296	cf::NDI_BLUE
297	);
298
299	# read username
300	while () {
301	$user = query $ns, 0, "What is your name? (login names are case-sensitive)\n:";
302
303	if ($cf::LOGIN_LOCK{$user}) {
304	$ns->send_drawinfo (
305	"That username is currently used in another login session. "
306	. "Chose another, or wait till the other session has ended.",
307	cf::NDI_RED
308	);
309	} elsif ($user =~ $VALID_LOGIN) {
310	last;
311	} else {
312	$ns->send_drawinfo (
313	"Your username contains illegal characters "
314	. "(only a-z, A-Z and 0-9 are allowed), "
315	. "or is not between 3 and 20 characters in length.",
316	cf::NDI_RED
317	);
318	}
319	Coro::Timer::sleep 0.4;
320	}
321
322	check_playing $ns, $user and next;
323
324	$Coro::current->{desc} = "addme($user) pass";
325
326	$ns->send_drawinfo (
327	"Welcome $user, please enter your password now. "
328	. "New users should now choose a password. "
329	. "Anything your client lets you enter is fine.",
330	cf::NDI_BLUE
331	);
332
333	# read password
334	while () {
335	$pass = query $ns, cf::CS_QUERY_HIDEINPUT, "What is your password?\n:";
336	last if $pass =~ /.../;
337	$ns->send_drawinfo (
338	"Try to use at least three characters as your password please, "
339	. "that cannot be too much to ask for :)",
340	cf::NDI_RED
341	);
342	Coro::Timer::sleep 0.4;
343	}
344
345	# lock this username for the remainder of this login session
346	if ($cf::LOGIN_LOCK{$user}) {
347	$ns->send_drawinfo (
348	"That username is currently used in another login session. "
349	. "Chose another, or wait till the other session has ended.",
350	cf::NDI_RED
351	);
352	next;
353	}
354	local $cf::LOGIN_LOCK{$user} = 1;
355
356	check_playing $ns, $user and next;
357
358	$Coro::current->{desc} = "addme($user) check";
359
360	# try to read the user file and check the password
361	if (my $pl = cf::player::find $user) {
362	aio_stat $pl->path and next;
363	my $mtime = (stat _)[9];
364	my $token = $pl->password;
365
366	if ($cf::CFG{ext_login_nocheck} or compare_password $pass, $token) {
367	# player exists and passwords match - we can proceed
368
369	# password matches, wonderful
370	my $pl = cf::player::find $user or next;
371	$pl->connect ($ns);
372	enter_map $pl;
373	login $pl;
374	return;
375	} elsif (can_cleanup $pl, $mtime) {
376	Coro::Timer::sleep 1;
377
378	$ns->send_drawinfo (
379	"Player exists, but password does not match. If this is your account, "
380	. "please try again. If not, you can now decide to take over this account "
381	. "because it has not been in-use for some time.",
382	cf::NDI_RED
383	);
384
385	(query $ns, cf::CS_QUERY_SINGLECHAR, "Delete existing account and create a new one (Y/N)?") =~ /^[yY]/
386	or next;
387
388	# check if the file hasn't changed
389	aio_stat cf::player::path $user and next;
390	$mtime == (stat _)[9] or next;
391
392	$pl->quit_character;
393
394	# fall through to creation
395	} else {
396	Coro::Timer::sleep 1;
397
398	$ns->send_drawinfo (
399	"Wrong username or password. Please try again "
400	. "(check for Numlock and other semi-obvious error sources).",
401	cf::NDI_RED
402	);
403	next;
404	}
405	} else {
406	# unable to load the playerfile:
407	# check whether the player dir exists, which means the file is corrupted or
408	# something very similar.
409	if (!aio_stat cf::player::playerdir $user) {
410	$ns->send_drawinfo (
411	"Unable to retrieve this player. It might be a locked or broken account. "
412	. "If this is your account, ask a dungeon master for assistance. "
413	. "Otherwise choose a different login name.",
414	cf::NDI_RED
415	);
416	next;
417	}
418	}
419
420	my $pass2 = query $ns, cf::CS_QUERY_HIDEINPUT, "Please type your password again.";
421
422	if ($pass2 ne $pass) {
423	$ns->send_drawinfo (
424	"The passwords do not match, please try again.",
425	cf::NDI_RED
426	);
427	Coro::Timer::sleep 0.5;
428	next;
429	}
430
431	last;
432	}
433
434	chargen $ns, $user, Deliantra::Util::hash_pw $pass;
435	});
436	});
437
438	cf::client->attach (
439	on_version => sub {
440	my ($ns, $arg) = @_;
441
442	# perl probably uses lrand48, which is not secure at all
443	# maybe require linux and use /dev/urandom.
444	$ns->{nonces} = [map { join "", map { chr rand 256 } 0..63 } 1..2];
445	$ns->ext_msg (nonces => @{ $ns->{nonces} });
446	},
447	);
448
449	cf::register_async_exticmd create_login => sub {
450	my ($ns, $reply, $user, $pass) = @_;
451
452	$ns->{addme}++ and return $ns->destroy;
453
454	$ns->async (sub {
455	my $fail = sub {
456	$reply->(0, $_[0]);
457	$ns->flush; # does not ensure that the data reaches the client - TODO
458	# need to do this in another thread, as this one gets canceled
459	Coro::async_pool {
460	Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
461	$ns->destroy if $ns->valid;
462	};
463	Coro::schedule; # do the destroy, should not return
464	};
465
466	$user =~ $VALID_LOGIN
467	or return $fail (
468	"Your username contains illegal characters (only a-z, A-Z and 0-9 are allowed), "
469	. "or is not between 3 and 20 characters in length."
470	);
471
472	cf::player::find $user
473	and return $fail->("User '$user' already exists - choose another login name.");
474
475	$reply->(1, "Account Created");
476
477	chargen $ns, $user, $pass;
478	});
479	};
480
481	cf::register_async_exticmd login => sub {
482	my ($ns, $reply, $user, $hash) = @_;
483
484	$ns->{addme}++ and return $ns->destroy;
485
486	$ns->async (sub {
487	local $cf::LOGIN_LOCK{$user} = 1;
488
489	$Coro::current->{desc} = "login($user) check";
490
491	my $fail = sub {
492	$reply->(0, $_[0]);
493	$ns->flush; # does not ensure that the data reaches the client - TODO
494	# need to do this in another thread, as this one gets canceled
495	Coro::async_pool {
496	Coro::AnyEvent::sleep 0.1; # TODO, see above, extra hack
497	$ns->destroy if $ns->valid;
498	};
499	Coro::schedule; # do the destroy, should not return
500	};
501
502	# try to read the user file and check the password
503	my $pl = cf::player::find $user
504	or return $fail->("User '$user' does not exist - wrong spelling?");
505
506	aio_stat $pl->path
507	and return $ns->destroy;
508
509	my $mtime = (stat _)[9];
510	my $token = $pl->password;
511
512	$token = $token =~ /^!/
513	? Deliantra::Util::hash_pw pack "H*", substr $token, 1
514	: pack "H*", $token;
515
516	$token = Deliantra::Util::auth_pw $token, $ns->{nonces}[0], $ns->{nonces}[1];
517
518	$token eq $hash
519	or $cf::CFG{ext_login_nocheck}
520	or return $fail->("User exists, but the password doesn't match - check your spelling, NumLock/CapsLock etc.");
521
522	# player exists and passwords match - we can proceed
523
524	$reply->(1, "Success");
525
526	$pl->connect ($ns);
527	enter_map $pl;
528	login $pl;
529	});
530	};
531
532	cf::register_command password => sub {
533	my ($pl, $arg) = @_;
534
535	unless ($pl->flag (cf::FLAG_WIZ)) {
536	$pl->message (
537	"The password can currently only changed by a DM.",
538	cf::NDI_UNIQUE \| cf::NDI_REPLY);
539	return;
540	}
541
542	$pl->message (#d#
543	"Passwords cannot currently be changed.",#d#
544	cf::NDI_UNIQUE \| cf::NDI_REPLY);#d#
545	return;#d#
546
547	my (@args) = split /\s+/, $arg;
548	my ($player, $new_pw) = @args;
549
550	if ($pl->flag (cf::FLAG_WIZ) && $player eq '') {
551	$pl->message (
552	"Usage: password <player> [<new password>]",
553	cf::NDI_UNIQUE \| cf::NDI_REPLY);
554	return;
555	}
556
557	if ($new_pw eq '') {
558	$new_pw =
559	join '',
560	map { ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[(cf::rndm 64)] }
561	1..9;
562	}
563
564	cf::async {
565	my $plc = cf::player::find $player;
566	if ($plc) {
567	$plc->password (encode_password $new_pw);
568	$pl->message (
569	"Ok, changed password of '$player' to '$new_pw'!",
570	cf::NDI_UNIQUE \| cf::NDI_RED \| cf::NDI_REPLY);
571	} else {
572	$pl->message (
573	"Fail! Couldn't set password for '$player', "
574	. "he doesn't seem to exist!",
575	cf::NDI_UNIQUE \| cf::NDI_RED \| cf::NDI_REPLY);
576	}
577	};
578	};
579
580	cf::register_command quit => sub {
581	my ($ob, $arg) = @_;
582
583	$ob->send_msg (undef,
584	"Quitting will delete your character PERMANENTLY: It will be gone forever and any progress will be lost. "
585	. "If you are sure you want to do this, then use the quit_character command instead of quit.",
586	cf::NDI_UNIQUE \| cf::NDI_RED \| cf::NDI_REPLY);
587	};
588
589	cf::register_command quit_character => sub {
590	my ($ob, $arg) = @_;
591
592	my $pl = $ob->contr;
593
594	$pl->ns->query (cf::CS_QUERY_SINGLECHAR, "Do you want to PERMANENTLY delete your character and all associated data (y/n)?", sub {
595	if ($_[0] !~ /^[yY]/) {
596	$ob->send_msg (undef, "Ok, not not quitting then.", cf::NDI_UNIQUE \| cf::NDI_RED \| cf::NDI_REPLY);
597	} else {
598	$ob->send_msg (undef, "Ok, quitting, hope to see you again.", cf::NDI_UNIQUE \| cf::NDI_RED \| cf::NDI_REPLY);
599	cf::async {
600	$pl->quit_character;
601	};
602	}
603	});
604	};
605
606	cf::object->attach (
607	type => cf::SAVEBED,
608	on_apply => sub {
609	my ($bed, $ob) = @_;
610
611	return cf::override 0 unless $ob->type == cf::PLAYER;
612
613	my $pl = $ob->contr;
614
615	# update respawn position
616	$pl->savebed ($bed->map->path, $bed->x, $bed->y);
617
618	cf::async {
619	my $killer = cf::arch::get "killer_logout"; $pl->killer ($killer); $killer->destroy;
620	ext::highscore::check $ob;
621
622	$pl->save;
623
624	$ob->send_msg ($cf::SAY_CHANNEL => "In the future, you will wake up here when you die.", cf::NDI_DEF \| cf::NDI_REPLY);
625
626	my $ns = $pl->ns
627	or return;
628
629	$ns->query (cf::CS_QUERY_SINGLECHAR, "Do you want to continue playing (y/n)?", sub {
630	if ($_[0] !~ /^[yY]/) {
631	$pl->invoke (cf::EVENT_PLAYER_LOGOUT, 1);
632	$pl->deactivate;
633	$pl->ns->destroy;
634	}
635	});
636	};
637	},
638	);
639
640	cf::player->attach (
641	on_login => sub {
642	my ($pl) = @_;
643	my $name = $pl->ob->name;
644
645	$_->ob->message ("$name has entered the game.", cf::NDI_DK_ORANGE \| cf::NDI_UNIQUE) for cf::player::list;
646	},
647	on_logout => sub {
648	my ($pl, $cleanly) = @_;
649	my $name = $pl->ob->name;
650
651	if ($cleanly) {
652	$_->ob->message ("$name left the game.", cf::NDI_DK_ORANGE \| cf::NDI_UNIQUE) for cf::player::list;
653	} else {
654	$_->ob->message ("$name uncerimoniously disconnected.", cf::NDI_DK_ORANGE \| cf::NDI_UNIQUE) for cf::player::list;
655	$pl->{unclean_save} = $cf::RUNTIME
656	unless safe_spot $pl;
657	}
658	},
659	);
660