From c814ec7ef9c58605fdf71981aafa136ac251f1c3 Mon Sep 17 00:00:00 2001 From: Sarjuuk Date: Sun, 18 Jan 2015 18:46:48 +0100 Subject: [PATCH] Loot: * fixed indizes after revamp of loot-tables some time ago User: * fixed IP-detection * moved name/pass checks to uniform function --- includes/loot.class.php | 50 ++++++++++++++++++++--------------------- includes/user.class.php | 33 ++++++++++++++++++++++++--- pages/account.php | 27 +++++++++++----------- 3 files changed, 68 insertions(+), 42 deletions(-) diff --git a/includes/loot.class.php b/includes/loot.class.php index c20fedf0..51628c9b 100644 --- a/includes/loot.class.php +++ b/includes/loot.class.php @@ -98,17 +98,17 @@ class Loot foreach ($rows as $entry) { $set = array( - 'quest' => $entry['needsquest'], - 'group' => $entry['groupid'], + 'quest' => $entry['QuestRequired'], + 'group' => $entry['GroupId'], 'parentRef' => $tableName == LOOT_REFERENCE ? $lootId : 0, 'realChanceMod' => $baseChance ); - // if ($entry['lootmode'] > 1) + // if ($entry['LootMode'] > 1) // { $buff = []; for ($i = 0; $i < 8; $i++) - if ($entry['lootmode'] & (1 << $i)) + if ($entry['LootMode'] & (1 << $i)) $buff[] = $i + 1; $set['mode'] = implode(', ', $buff); @@ -129,50 +129,50 @@ class Loot '25man heroic */ - if ($entry['reference']) + if ($entry['Reference']) { // bandaid.. remove when propperly handling lootmodes - if (!in_array($entry['reference'], $handledRefs)) + if (!in_array($entry['Reference'], $handledRefs)) { // todo (high): find out, why i used this in the first place. (don't do drugs, kids) - list($data, $raw) = self::getByContainerRecursive(LOOT_REFERENCE, $entry['reference'], $handledRefs, /*$entry['groupid'],*/ 0, $entry['chance'] / 100); + list($data, $raw) = self::getByContainerRecursive(LOOT_REFERENCE, $entry['Reference'], $handledRefs, /*$entry['GroupId'],*/ 0, $entry['Chance'] / 100); - $handledRefs[] = $entry['reference']; + $handledRefs[] = $entry['Reference']; $loot = array_merge($loot, $data); $rawItems = array_merge($rawItems, $raw); } - $set['reference'] = $entry['reference']; - $set['multiplier'] = $entry['maxcount']; + $set['reference'] = $entry['Reference']; + $set['multiplier'] = $entry['MaxCount']; } else { - $rawItems[] = $entry['item']; - $set['content'] = $entry['item']; - $set['min'] = $entry['mincount']; - $set['max'] = $entry['maxcount']; + $rawItems[] = $entry['Item']; + $set['content'] = $entry['Item']; + $set['min'] = $entry['MinCount']; + $set['max'] = $entry['MaxCount']; } - if (!isset($groupChances[$entry['groupid']])) + if (!isset($groupChances[$entry['GroupId']])) { - $groupChances[$entry['groupid']] = 0; - $nGroupEquals[$entry['groupid']] = 0; + $groupChances[$entry['GroupId']] = 0; + $nGroupEquals[$entry['GroupId']] = 0; } if ($set['quest'] || !$set['group']) - $set['groupChance'] = $entry['chance']; - else if ($entry['groupid'] && !$entry['chance']) + $set['groupChance'] = $entry['Chance']; + else if ($entry['GroupId'] && !$entry['Chance']) { - $nGroupEquals[$entry['groupid']]++; - $set['groupChance'] = &$groupChances[$entry['groupid']]; + $nGroupEquals[$entry['GroupId']]++; + $set['groupChance'] = &$groupChances[$entry['GroupId']]; } - else if ($entry['groupid'] && $entry['chance']) + else if ($entry['GroupId'] && $entry['Chance']) { - @$groupChances[$entry['groupid']] += $entry['chance']; - $set['groupChance'] = $entry['chance']; + @$groupChances[$entry['GroupId']] += $entry['Chance']; + $set['groupChance'] = $entry['Chance']; } else // shouldn't have happened { - Util::addNote(U_GROUP_EMPLOYEE, 'Loot::getByContainerRecursive: unhandled case in calculating chance for item '.$entry['item'].'!'); + Util::addNote(U_GROUP_EMPLOYEE, 'Loot::getByContainerRecursive: unhandled case in calculating chance for item '.$entry['Item'].'!'); continue; } diff --git a/includes/user.class.php b/includes/user.class.php index e6f80d4b..b6811b45 100644 --- a/includes/user.class.php +++ b/includes/user.class.php @@ -134,14 +134,17 @@ class User foreach ($method as $m) { - if ($ipAddr = getenv($m)) + if ($rawIp = getenv($m)) { + if ($m == 'HTTP_X_FORWARDED') + $rawIp = explode(',', $rawIp)[0]; // [ip, proxy1, proxy2] + // check IPv4 - if ($ipAddr = filter_var($ipAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) + if ($ipAddr = filter_var($rawIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) break; // check IPv6 - if ($ipAddr = filter_var($ipAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) + if ($ipAddr = filter_var($rawIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) break; } } @@ -363,6 +366,30 @@ class User return self::$passHash == self::hashSHA1($name, $pass); } + public static function isValidName($name, &$errCode = 0) + { + $errCode = 0; + + if (strlen($name) < 4 || strlen($name) > 16) + $errCode = 1; + else if (preg_match('/[^\w\d]/i', $name)) + $errCode = 2; + + return $errCode == 0; + } + + public static function isValidPass($pass, &$errCode = 0) + { + $errCode = 0; + + if (strlen($pass) < 6 || strlen($pass) > 16) + $errCode = 1; + // else if (preg_match('/[^\w\d!"#\$%]/', $pass)) // such things exist..? :o + // $errCode = 2; + + return $errCode == 0; + } + public static function save() { $_SESSION['user'] = self::$id; diff --git a/pages/account.php b/pages/account.php index 739208bd..0411da19 100644 --- a/pages/account.php +++ b/pages/account.php @@ -312,12 +312,17 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup private function doSignIn() { - if (!isset($_POST['username']) || !isset($_POST['password'])) + $username = @$_POST['username']; + $password = @$_POST['password']; + $doExpire = @$_POST['remember_me'] != 'yes'; + + // check username + if (!User::isValidName($username)) return Lang::$account['userNotFound']; - $username = $_POST['username']; - $password = $_POST['password']; - $doExpire = $_POST['remember_me'] != 'yes'; + // check password + if (!User::isValidPass($password)) + return Lang::$account['wrongPass']; switch (User::Auth($username, $password)) { @@ -369,18 +374,12 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup $doExpire = @$_POST['remember_me'] != 'yes'; // check username - if (strlen($username) < 4 || strlen($username) > 16) - return Lang::$account['errNameLength']; - - if (preg_match('/[^\w\d]/i', $username)) - return Lang::$account['errNameChars']; + if (!User::isValidName($username, $e)) + return Lang::$account[$e == 1 ? 'errNameLength' : 'errNameChars']; // check password - if (strlen($password) < 6 || strlen($password) > 16) - return Lang::$account['errPassLength']; - - // if (preg_match('/[^\w\d!"#\$%]/', $password)) // such things exist..? :o - // return Lang::$account['errPassChars']; + if (!User::isValidPass($password, $e)) + return Lang::$account[$e == 1 ? 'errPassLength' : 'errPassChars']; if ($password != $cPassword) return Lang::$account['passMismatch'];