server/utils/player_dl.pl.in

#!/usr/bin/perl -w
##################
# Playerfile download utility.
# Version 1.2
####
# Note: This file requires the CGI.pm module to operate.
# The player_dl.html file is a basic web page which
# can be used for downloads.
#
# This CGI script allows players to download their players
# files through a web interface.  It does password checking
# and has some extra options.  
#
# Note 2: The player files and directories need to be readable
# by whatever uid runs this program.  In many cases, this may be
# nobody or apache or whatever.  This script does not differentiate
# invalid password or lack of ability to read player files.  If
# you get invalid name/password combos and you're sure you're
# entering them correctly, check file permissions.
#
# Note 3: on some systems, differnet password encryption schemes
# are used.  Eg, on windows, no encryption is used at all, while
# on others, if des_crypt is available, that is used instead.
# this script would need modification to cover those cases.
#
####
# Copyright (c) 2003 by Philip Stolarczyk
# This  program  is  free  software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License  as  published  by  the  Free Software Foundation;
# either version 2 of the License, or (at your  option)  any
# later version.
# This  program  is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty  of  MERCHANTABILITY  or FITNESS FOR A PARTICULAR
# PURPOSE.  See the GNU  General  Public  License  for  more
# details.
####
#   Config options:
#
# Where the tar program is located. 
$tar = '@TAR@';

$prefix="@prefix@";
# Where the crossfire directory is located.
$crossfire_home = "@pkgstatedir@/players";

# Where to save temporary files
$temp_dir = '/tmp';

# How often a player can have their file sent to them, in seconds. (ie. 3600 is once/hour), set to 0 to disable.
$timelimit = 3600;

# Where to save information on when which player files were downloaded, for the time limit function.
$statefile = "$temp_dir/pldl.dat";

# Whether to delete the player's file after they download it.
$delete_player = 0;

#
####
# BUGS:
#  Systems that do NL to CRLF interpretation on CGI output
#       will corrupt the .tar file.  This includes Microsoft
#       Windows systems.  I haven't found any solution.
##################
# Code begins.

use CGI;
use CGI::Carp 'fatalsToBrowser';
$CGI::POST_MAX=1024;  # max 1K posts
$CGI::DISABLE_UPLOADS = 1;  # no uploads

$q = new CGI;

# Verify that player name contains no invalid characters. 
$playername = '';
$playername = $q->param('playername') if $q->param('playername');
$playername =~ s/[^A-Za-z_\-]//g;       # No invalid chars
$playername =~ s/^(.{1,64}).*$/$1/;     # Max 64 chars, (really it's 16 or 32 in the server)

# Default to not validated, until the password is checked.
$valid = 0;

# No error to report yet.
$errormsg = '';

# We want to the time we ran to be consistent, even if it takes a couple seconds.
$time = time();


# Validate password
$password = $q->param('password');
if ($playername) { # Make sure that the user typed in a playername.
        if ((open PLAYERFILE, "$crossfire_home/$playername/$playername.pl") # Make sure the player's file exists
        or (open PLAYERFILE, "$crossfire_home/$playername/$playername.pl.dead")) { # Or use the dead file, if no player is alive
                foreach (<PLAYERFILE>) {
                        chomp; chomp;
                        # Do actual checking of password.
                        if ( /^password (.*)$/ ) {
                            $cp = crypt($password,$1);
                            if ($cp eq $1)  {
                                $valid = 1;
                            }
                        }
                }
                close PLAYERFILE;
        }
}
if (!$valid) { $errormsg = 'Invalid username or password' };

# If the player is validated, and we're limiting how often players can download their files, do so.
if ($valid and $timelimit and $statefile) {
        open STATEFILE, "<$statefile";
        @contents = <STATEFILE>;
        close STATEFILE;
        # Don't allow more than 1024 players to download their files per $timelimit seconds.
        # This is to prevent STATEFILE from getting too large.
        if ($#contents > 1024) {
                $valid = 0;
                $errormsg = 'Too many players have tried to download their files recently.  Please wait a bit before trying again.\n';
        }

        # Check timestamp of last download for this player
        foreach (@contents) {
                chomp; chomp;
                if (/^DL $playername (.*)$/) {
                        # $1 is the last time the file was DLed.
                        if ($time > ($timelimit + $1)) {
                                $valid = 0;
                                $errormsg = 'You just downloaded your file.  Wait a bit before trying again.';
                        }
                }
        }
}

if ($valid) {
        # Create and send file

        # Create a new archive
        # Sending binary data.
        # Add content-disposition, in this way, the browser (at least mozilla)
        # will use it as the default filename, instead of the cgi script name.
        print $q->header(-type=>"application/x-compressed-tar",
                         "-content-disposition"=>"inline; filename=\"$playername.tar\"");

        # Change to player directory, so that long pathname is not included in
        # sent file.
        chdir("$crossfire_home");
        # archive up the player
        system("$tar  -cf - $playername");

        # 'Delete' player's files, if applicable.  (technically rename them, to hide from server.)
        if ($valid and $delete_player) {
                @files= glob("$crossfire_home/$playername/*");
                # Rename all files except *.tar
                foreach (@files) { 
                        next if ( /\.tar$/i );
                        rename $_, "$_.downloaded";
                }
        }

    # Set timestamp of last download for this player, if applicable.
    # Also, remove outdated player download timestamps, if applicable.
    if ($timelimit > 0 and $statefile) {
        if (open STATEFILE, "<$statefile") {
                @contents = <STATEFILE>;
                close STATEFILE;
        } else {
                @contents = ();
        }

        if (open STATEFILE, ">$statefile") {
                foreach (@contents) {
                        chomp; chomp;
                        if (/^DL (.*) (.*)$/) {
                                # All lines starting with DL are download time records.
                                my ($playerdownloaded, $timedownloaded) = ($1, $2);

                                # If this player just downloaded their file, don't copy them yet.  We update their timestamp later.
                                next if ($valid and ($playerdownloaded eq $playername));
                                # If this record has expired, don't copy it.
                                next if (($timedownloaded + $timelimit) < $time);
                                # Otherwise, copy the record to the new state file.
                                print "$_\n";
                        } else {
                                # Allow other lines in this file.
                                print "$_\n";
                        }
                }
                # If this player downloaded their file, save it.
                if ($valid) {
                        print STATEFILE "DL $playername $time\n";
                }
                close STATEFILE;
        } else {
                die "Unable to save state to file $statefile.\n";
        }
    }
}

# If no file was sent, send a form and any error messages.
if (!$valid) {
        print $q->header('text/html');

        # Print header
        print $q->start_html('Download your player file');
        print "\n\n\n";

        # print any error message that may have occured.
        if ($errormsg) {
                print $q->h3("ERROR: ". $errormsg), $q->br(), $q->br();
        }

        # Print warnings if $delete_player is enabled.
        if ($delete_player) {
                print <<'(END)';
<pre><font color="#FF0000">WARNING:</font>
Downloading your file will remove it from the server.  If the
download fails, contact the system administrator, and they may
be able to retrieve the file.
</pre>
(END)
        }

        print $q->h2("Download your player file:");

        # Print generic form to allow player to download their file.
        print $q->start_form(),
                'Character name: ', $q->textfield('playername'), $q->br(),
                'Character password: ' , $q->password_field('password'), $q->br(),
                $q->submit('Download'), $q->reset('Clear Entries'), $q->end_form();

        print $q->end_html();
}
Revision:	1.2
Committed:	Mon Mar 5 19:03:09 2007 UTC (17 years, 2 months ago) by root
Branch:	MAIN
CVS Tags:	rel-2_82, rel-2_81, rel-2_80, rel-3_1, rel-3_0, rel-2_6, rel-2_7, rel-2_4, rel-2_5, rel-2_2, rel-2_3, rel-2_0, rel-2_1, rel-2_72, rel-2_73, rel-2_71, rel-2_76, rel-2_77, rel-2_74, rel-2_75, rel-2_54, rel-2_55, rel-2_56, rel-2_79, rel-2_52, rel-2_53, rel-2_32, rel-2_90, rel-2_92, rel-2_93, rel-2_78, rel-2_61, rel-2_43, rel-2_42, rel-2_41, HEAD
Changes since 1.1:	+201 -201 lines
Log Message:	major clenaup in utils/
#	User	Rev	Content
1	root	1.2	#!/usr/bin/perl -w
2			##################
3			# Playerfile download utility.
4			# Version 1.2
5			####
6	root	1.1	# Note: This file requires the CGI.pm module to operate.
7			# The player_dl.html file is a basic web page which
8			# can be used for downloads.
9			#
10	root	1.2	# This CGI script allows players to download their players
11			# files through a web interface. It does password checking
12			# and has some extra options.
13	root	1.1	#
14			# Note 2: The player files and directories need to be readable
15			# by whatever uid runs this program. In many cases, this may be
16			# nobody or apache or whatever. This script does not differentiate
17			# invalid password or lack of ability to read player files. If
18			# you get invalid name/password combos and you're sure you're
19			# entering them correctly, check file permissions.
20			#
21			# Note 3: on some systems, differnet password encryption schemes
22			# are used. Eg, on windows, no encryption is used at all, while
23			# on others, if des_crypt is available, that is used instead.
24			# this script would need modification to cover those cases.
25			#
26	root	1.2	####
27			# Copyright (c) 2003 by Philip Stolarczyk
28			# This program is free software; you can redistribute it
29			# and/or modify it under the terms of the GNU General Public
30			# License as published by the Free Software Foundation;
31			# either version 2 of the License, or (at your option) any
32			# later version.
33			# This program is distributed in the hope that it will be
34			# useful, but WITHOUT ANY WARRANTY; without even the implied
35			# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
36			# PURPOSE. See the GNU General Public License for more
37			# details.
38			####
39			# Config options:
40			#
41			# Where the tar program is located.
42			$tar = '@TAR@';
43
44	root	1.1	$prefix="@prefix@";
45	root	1.2	# Where the crossfire directory is located.
46	root	1.1	$crossfire_home = "@pkgstatedir@/players";
47	root	1.2
48			# Where to save temporary files
49			$temp_dir = '/tmp';
50
51			# How often a player can have their file sent to them, in seconds. (ie. 3600 is once/hour), set to 0 to disable.
52			$timelimit = 3600;
53
54			# Where to save information on when which player files were downloaded, for the time limit function.
55			$statefile = "$temp_dir/pldl.dat";
56
57			# Whether to delete the player's file after they download it.
58			$delete_player = 0;
59
60			#
61			####
62			# BUGS:
63			# Systems that do NL to CRLF interpretation on CGI output
64			# will corrupt the .tar file. This includes Microsoft
65			# Windows systems. I haven't found any solution.
66			##################
67			# Code begins.
68
69			use CGI;
70			use CGI::Carp 'fatalsToBrowser';
71			$CGI::POST_MAX=1024; # max 1K posts
72			$CGI::DISABLE_UPLOADS = 1; # no uploads
73
74			$q = new CGI;
75
76			# Verify that player name contains no invalid characters.
77			$playername = '';
78			$playername = $q->param('playername') if $q->param('playername');
79			$playername =~ s/[^A-Za-z_\-]//g; # No invalid chars
80			$playername =~ s/^(.{1,64}).*$/$1/; # Max 64 chars, (really it's 16 or 32 in the server)
81
82			# Default to not validated, until the password is checked.
83			$valid = 0;
84
85			# No error to report yet.
86			$errormsg = '';
87
88			# We want to the time we ran to be consistent, even if it takes a couple seconds.
89			$time = time();
90
91
92			# Validate password
93			$password = $q->param('password');
94			if ($playername) { # Make sure that the user typed in a playername.
95			if ((open PLAYERFILE, "$crossfire_home/$playername/$playername.pl") # Make sure the player's file exists
96			or (open PLAYERFILE, "$crossfire_home/$playername/$playername.pl.dead")) { # Or use the dead file, if no player is alive
97			foreach (<PLAYERFILE>) {
98			chomp; chomp;
99			# Do actual checking of password.
100	root	1.1	if ( /^password (.*)$/ ) {
101			$cp = crypt($password,$1);
102	root	1.2	if ($cp eq $1) {
103			$valid = 1;
104	root	1.1	}
105			}
106	root	1.2	}
107			close PLAYERFILE;
108			}
109			}
110			if (!$valid) { $errormsg = 'Invalid username or password' };
111
112			# If the player is validated, and we're limiting how often players can download their files, do so.
113			if ($valid and $timelimit and $statefile) {
114			open STATEFILE, "<$statefile";
115			@contents = <STATEFILE>;
116			close STATEFILE;
117			# Don't allow more than 1024 players to download their files per $timelimit seconds.
118			# This is to prevent STATEFILE from getting too large.
119			if ($#contents > 1024) {
120			$valid = 0;
121			$errormsg = 'Too many players have tried to download their files recently. Please wait a bit before trying again.\n';
122			}
123
124			# Check timestamp of last download for this player
125			foreach (@contents) {
126			chomp; chomp;
127			if (/^DL $playername (.*)$/) {
128			# $1 is the last time the file was DLed.
129			if ($time > ($timelimit + $1)) {
130			$valid = 0;
131			$errormsg = 'You just downloaded your file. Wait a bit before trying again.';
132			}
133			}
134			}
135			}
136
137			if ($valid) {
138			# Create and send file
139
140			# Create a new archive
141			# Sending binary data.
142	root	1.1	# Add content-disposition, in this way, the browser (at least mozilla)
143			# will use it as the default filename, instead of the cgi script name.
144			print $q->header(-type=>"application/x-compressed-tar",
145			"-content-disposition"=>"inline; filename=\"$playername.tar\"");
146
147			# Change to player directory, so that long pathname is not included in
148			# sent file.
149			chdir("$crossfire_home");
150			# archive up the player
151			system("$tar -cf - $playername");
152	root	1.2
153			# 'Delete' player's files, if applicable. (technically rename them, to hide from server.)
154			if ($valid and $delete_player) {
155			@files= glob("$crossfire_home/$playername/*");
156			# Rename all files except *.tar
157			foreach (@files) {
158			next if ( /\.tar$/i );
159			rename $_, "$_.downloaded";
160			}
161			}
162
163			# Set timestamp of last download for this player, if applicable.
164			# Also, remove outdated player download timestamps, if applicable.
165			if ($timelimit > 0 and $statefile) {
166			if (open STATEFILE, "<$statefile") {
167			@contents = <STATEFILE>;
168			close STATEFILE;
169			} else {
170			@contents = ();
171			}
172
173			if (open STATEFILE, ">$statefile") {
174			foreach (@contents) {
175			chomp; chomp;
176			if (/^DL (.) (.)$/) {
177			# All lines starting with DL are download time records.
178			my ($playerdownloaded, $timedownloaded) = ($1, $2);
179
180			# If this player just downloaded their file, don't copy them yet. We update their timestamp later.
181			next if ($valid and ($playerdownloaded eq $playername));
182			# If this record has expired, don't copy it.
183			next if (($timedownloaded + $timelimit) < $time);
184			# Otherwise, copy the record to the new state file.
185			print "$_\n";
186			} else {
187			# Allow other lines in this file.
188			print "$_\n";
189			}
190			}
191			# If this player downloaded their file, save it.
192			if ($valid) {
193			print STATEFILE "DL $playername $time\n";
194			}
195			close STATEFILE;
196			} else {
197			die "Unable to save state to file $statefile.\n";
198			}
199	root	1.1	}
200	root	1.2	}
201
202			# If no file was sent, send a form and any error messages.
203			if (!$valid) {
204			print $q->header('text/html');
205
206			# Print header
207			print $q->start_html('Download your player file');
208			print "\n\n\n";
209
210			# print any error message that may have occured.
211			if ($errormsg) {
212			print $q->h3("ERROR: ". $errormsg), $q->br(), $q->br();
213			}
214
215			# Print warnings if $delete_player is enabled.
216			if ($delete_player) {
217			print <<'(END)';
218			<pre><font color="#FF0000">WARNING:</font>
219			Downloading your file will remove it from the server. If the
220			download fails, contact the system administrator, and they may
221			be able to retrieve the file.
222			</pre>
223			(END)
224			}
225
226			print $q->h2("Download your player file:");
227
228			# Print generic form to allow player to download their file.
229			print $q->start_form(),
230			'Character name: ', $q->textfield('playername'), $q->br(),
231			'Character password: ' , $q->password_field('password'), $q->br(),
232			$q->submit('Download'), $q->reset('Clear Entries'), $q->end_form();
233
234			print $q->end_html();
235			}