Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- date_default_timezone_set('America/Santiago');
- require_once 'engine/init.php';
- // Client 11 loginWebService
- if($_SERVER['HTTP_USER_AGENT'] == "Mozilla/5.0" && $config['TFSVersion'] === 'TFS_10') {
- function jsonError($message, $code = 3) {
- die(json_encode(array('errorCode' => $code, 'errorMessage' => $message)));
- }
- header("Content-Type: application/json");
- $input = file_get_contents("php://input");
- // Based on tests, input length should be at least 67+ chars.
- if (strlen($input) > 10) {
- /* {
- 'accountname' => 'username',
- 'password' => 'superpass',
- 'stayloggedin' => true,
- 'token' => '123123', (or not set)
- 'type' => 'login', (What other types do we have?)
- } */
- $jsonObject = json_decode($input);
- $result = json_decode($input, true);
- error_log( print_r($result, TRUE) );
- $username = sanitize($jsonObject->accountname);
- error_log("= user: " . $username);
- $password = SHA1($jsonObject->password);
- error_log("= pw: " . $password);
- $token = (isset($jsonObject->token)) ? sanitize($jsonObject->token) : false;
- if ($username === 'cast') {
- $casts = mysql_select_multi("SELECT `player_id`, `cast_version`, `cast_spectators`, `cast_password` FROM `players_online` WHERE `cast_on` = 1 LIMIT 256;");
- if ($casts === false) {
- jsonError('There are no live cast right now');
- }
- $passwd = $jsonObject->password;
- $available_casts = array();
- $i = 0;
- foreach ($casts as $cast) {
- if (empty($passwd) || $passwd === $cast['cast_password']) {
- $caster_data = mysql_select_single("SELECT `name`, `sex`, `world_id` FROM `players` WHERE `id` = ".$cast['player_id']." LIMIT 1;");
- if ($caster_data !== false) {
- $world = get_world_by_id($caster_data['world_id']);
- if ($world !== false) {
- $available_casts[] = array (
- 'world_id' => (int)$i,
- 'world_name' => $world['name'],
- 'world_ip' => $world['ip'],
- 'world_port' => (int)$world['cast_port'],
- 'caster_name' => $caster_data['name'],
- 'caster_ismale' => ($caster_data['sex'] === 1) ? true : false,
- 'caster_specs' => ($cast['cast_spectators'] < 10) ? '0'.$cast['cast_spectators'] : $cast['cast_spectators'],
- 'caster_version' => ((int)$cast['cast_version'] === 1100) ? "10" : "11"
- );
- $i++;
- }
- }
- }
- }
- if (empty($available_casts)) {
- jsonError('There is no live cast with this password');
- }
- $response = array(
- 'session' => array(
- 'fpstracking'=> false,
- 'isreturner' => true,
- 'returnernotification' => false,
- 'showrewardnews' => false,
- 'sessionkey' => $passwd,
- 'lastlogintime' => 0,
- 'ispremium' => false,
- 'premiumuntil' => 0,
- 'status' => 'active'
- ),
- 'playdata' => array(
- 'worlds' => array(
- ),
- 'characters' => array(
- )
- )
- );
- foreach ($available_casts as $cast) {
- $response['playdata']['worlds'][] = array(
- 'id' => $cast['world_id'],
- 'name' => $cast['caster_specs'].'/50 viewers, Client '.$cast['caster_version'].', '.$cast['world_name'],
- 'externaladdress' => $cast['world_ip'],
- 'externalport' => $cast['world_port'],
- 'previewstate' => 0,
- 'location' => 'ALL',
- 'anticheatprotection'=> false
- );
- $response['playdata']['characters'][] = array(
- 'worldid' => $cast['world_id'],
- 'name' => $cast['caster_name'],
- 'ismale' => $cast['caster_ismale'],
- 'tutorial' => false
- );
- }
- error_log("= SESSION KEY: " . $response['session']['sessionkey']);
- die(json_encode($response));
- }
- $fields = '`id`, `premdays`, `secret`';
- if ($config['twoFactorAuthenticator']) $fields .= ', `secret`';
- $account = mysql_select_single("SELECT {$fields} FROM `accounts` WHERE `name`='{$username}' AND `password`='{$password}' LIMIT 1;");
- if ($account === false) {
- jsonError('Wrong username and/or password.');
- }
- if ($config['twoFactorAuthenticator'] === true && $account['secret'] !== null) {
- if ($token === false) {
- jsonError('Submit a valid two-factor authentication token.', 6);
- } else {
- require_once("engine/function/rfc6238.php");
- if (TokenAuth6238::verify($account['secret'], $token) !== true) {
- jsonError('Two-factor authentication failed, token is wrong.', 6);
- }
- }
- }
- $players = mysql_select_multi("SELECT `name`, `sex`, `world_id` FROM `players` WHERE `account_id`='".$account['id']."';");
- if ($players !== false) {
- $worlds = $config['worlds'];
- $sessionKey = $username."\n".$jsonObject->password."\n0\n0";
- if (strlen($account['secret']) > 5) $sessionKey = $username."\n".$jsonObject->password."\n".$token."\n".floor(time() / 30);
- $response = array(
- 'session' => array(
- 'fpstracking'=> false,
- 'isreturner' => true,
- 'returnernotification' => false,
- 'showrewardnews' => false,
- 'sessionkey' => $sessionKey,
- 'lastlogintime' => 0,
- 'ispremium' => ($account['premdays'] > 0) ? true : false,
- 'premiumuntil' => time() + ($account['premdays'] * 86400),
- 'status' => 'active'
- ),
- 'playdata' => array(
- 'worlds' => array(
- //array( 'world_id' => id, 'name' => 'asd', 'ip' => '127.0.0.1', 'port' => 7172, 'is_preview' = 0 ),
- ),
- 'characters' => array(
- //array( 'worldid' => ASD, 'name' => asd, 'ismale' => true, 'tutorial' => false ),
- )
- )
- );
- foreach ($worlds as $world) {
- $response['playdata']['worlds'][] = array(
- 'id' => $world['id'],
- 'name' => $world['name'],
- 'externaladdress' => $world['ip'],
- 'externalport' => $world['port'],
- 'previewstate' => $world['is_preview'],
- 'location' => 'ALL',
- 'anticheatprotection'=> false
- );
- }
- foreach ($players as $player) {
- $response['playdata']['characters'][] = array(
- 'worldid' => (int)$player['world_id'],
- 'name' => $player['name'],
- 'ismale' => ($player['sex'] === 1) ? true : false,
- 'tutorial' => false
- );
- }
- error_log("= SESSION KEY: " . $response['session']['sessionkey']);
- die(json_encode($response));
- } else {
- jsonError("Character list is empty.");
- }
- error_log("= SESSION KEY: " . $response['session']['sessionkey']);
- } else {
- jsonError("Unrecognized event.");
- }
- } // End client 11 loginWebService
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
