SHARE
TWEET

Fixed the Upload - DoS

a guest Nov 22nd, 2019 199 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. #ifndef SERVERDIRECTORY_H
  3. #define SERVERDIRECTORY_H
  4. #pragma once
  5.  
  6. #define MAIN_BUFFER 3000000
  7. #define LITTLE_BUFFER 20000
  8.  
  9. #include <iostream>
  10. #include <fstream>
  11. #include <vector>
  12. #include <string>
  13. #include <map>
  14.  
  15. #include "Message.h"
  16. #include "UDPSocketServer.h"
  17. #include <arpa/inet.h>
  18. #include <cstring>
  19. #include <netdb.h>
  20. #include <netinet/in.h>
  21. #include <stdio.h>
  22. #include <stdlib.h>
  23. #include <string.h>
  24. #include <sys/socket.h>
  25. #include <sys/types.h>
  26.  
  27. using namespace std;
  28.  
  29.  
  30. struct userInfo {
  31.     bool online = false;
  32.     string userIP = "";
  33.     string userPort = "";
  34.     vector<string> imgs;
  35. };
  36.  
  37. class DircServ {
  38. private:
  39.     UDPSocketServer* sv;
  40.     fstream verify, users;
  41.     map<string, string> verify_map;
  42.     map<string, userInfo> users_map;
  43.     bool connect;
  44.     int srvrPort;
  45.     char sender_ip[INET_ADDRSTRLEN];
  46.     uint16_t sender_port;
  47.  
  48. public:
  49.  
  50.     int r;
  51.     struct sockaddr_in recievedAddr;
  52.     socklen_t addresslength = sizeof(recievedAddr);
  53.  
  54.     DircServ() {
  55.         cout << "Enter your port: ";
  56.         cin >> srvrPort;
  57.  
  58.         connect = true;
  59.         sv = new UDPSocketServer(srvrPort);
  60.         verify.open("verify.txt", fstream::out | fstream::in | fstream::app);
  61.         if (verify.fail())
  62.             cout << "Verify file open failed!";
  63.  
  64.         users.open("users.txt", fstream::out | fstream::in | fstream::app);
  65.         if (users.fail())
  66.             cout << "Users file open failed!";
  67.  
  68.         storeVerify(verify);
  69.         storeUsers(users);
  70.     }
  71.  
  72.  
  73.     void getRequest() {
  74.  
  75.         unsigned char* buffer = new unsigned char[MAIN_BUFFER];
  76.         unsigned char* little_buffer = new unsigned char[LITTLE_BUFFER];
  77.  
  78.         printf("Getting requests: \n");
  79.         memset(buffer, 0, sizeof(buffer));
  80.  
  81.         //receive marshalled message
  82.         r = recvfrom(sv->s, buffer, MAIN_BUFFER, 0,
  83.             (struct sockaddr*) & recievedAddr, &addresslength);
  84.  
  85.         printf("Received Message = %s.\n", buffer);
  86.  
  87.         inet_ntop(AF_INET, &(recievedAddr.sin_addr), sender_ip, INET_ADDRSTRLEN);
  88.  
  89.         sender_port = htons((&recievedAddr)->sin_port);
  90.  
  91.         printf("Sender IP:%s & port: %d\n", sender_ip, sender_port);
  92.  
  93.         Message requestMsg(reinterpret_cast<char*>(buffer));
  94.         int OP_ID = requestMsg.getOperation();
  95.         string msg = requestMsg.getUnmarshalledMessage();
  96.         int RPC_ID = requestMsg.getRPCId();
  97.  
  98.         cout << "Operation ID: " << OP_ID << endl;
  99.         cout << "RPC ID: " << RPC_ID << endl;
  100.         cout << "Received Msg: " << msg << endl;
  101.         switch (OP_ID) {
  102.  
  103.         //Sign Up
  104.         case 1001:
  105.         {
  106.             int place = 0;
  107.             string username = "", password = "";
  108.             while (msg[place] != '*') {
  109.                 username.append(1, msg[place]);
  110.                 place++;
  111.             }
  112.             place++;
  113.             while (msg[place] != 0) {
  114.                 password.append(1, msg[place]);
  115.                 place++;
  116.             }
  117.             cout << "User: " << username << endl;
  118.             cout << "Pass: " << password << endl;
  119.             bool didsign = signUp(username, password);
  120.             cout << "Signed up?" << didsign << endl;
  121.             // Sign Up reply
  122.             memset(little_buffer, 0, sizeof(little_buffer));
  123.             if (didsign)
  124.                 little_buffer[0] = '1';
  125.             else
  126.                 little_buffer[0] = '0';
  127.  
  128.             // sprintf((char *)(little_buffer), "%d", didsign);
  129.             little_buffer[1] = 0;
  130.             if (sendto(sv->s, little_buffer, strlen((const char*)little_buffer), 0,
  131.                 (struct sockaddr*) & recievedAddr, addresslength) < 0) {
  132.                 perror("Sign up reply sendto failed");
  133.             }
  134.  
  135.         }
  136.         break;
  137.  
  138.         //Login
  139.         case 1002:
  140.         {
  141.             int place = 0;
  142.             string username = "", password = "";
  143.             while (msg[place] != '*') {
  144.                 username.append(1, msg[place]);
  145.                 place++;
  146.             }
  147.             place++;
  148.             while (msg[place] != 0) {
  149.                 password.append(1, msg[place]);
  150.                 place++;
  151.             }
  152.             cout << "User: " << username << endl;
  153.             cout << "Pass: " << password << endl;
  154.             int didlogin = login(username, password);
  155.  
  156.             cout << "Logged in status: " << didlogin << endl;
  157.  
  158.             // Sign Up reply
  159.             memset(little_buffer, 0, sizeof(little_buffer));
  160.             if (didlogin == 1)
  161.                 little_buffer[0] = '1';
  162.             else if (didlogin == 0)
  163.                 little_buffer[0] = '0';
  164.             else if (didlogin == 5)
  165.                 little_buffer[0] = '5';
  166.             else
  167.                 little_buffer[0] = '4';
  168.             little_buffer[1] = 0;
  169.             if (sendto(sv->s, little_buffer, strlen((const char*)little_buffer), 0,
  170.                 (struct sockaddr*) & recievedAddr, addresslength) < 0) {
  171.                 perror("Sign up reply sendto failed");
  172.             }
  173.         }
  174.  
  175.         break; // end of login
  176.  
  177.  
  178.         case 1003: // logout
  179.         {
  180.             int place = 0;
  181.             string username = "";
  182.             while (msg[place] != 0) {
  183.                 username.append(1, msg[place]);
  184.                 place++;
  185.             }
  186.  
  187.             cout << "User: " << username << endl;
  188.  
  189.             bool wasin = logout(username);
  190.  
  191.             cout << "Logged out? " << wasin << endl;
  192.  
  193.             // Sign Up reply
  194.             memset(little_buffer, 0, sizeof(little_buffer));
  195.             if (wasin == true)
  196.                 little_buffer[0] = '1';
  197.             else
  198.                 little_buffer[0] = '0';
  199.             little_buffer[1] = 0;
  200.             if (sendto(sv->s, little_buffer, strlen((const char*)little_buffer), 0,
  201.                 (struct sockaddr*) & recievedAddr, addresslength) < 0) {
  202.                 perror("Sign up reply sendto failed");
  203.             }
  204.  
  205.         }
  206.         break; // end of logout
  207.  
  208.         case 1100: // view
  209.         {
  210.  
  211.             string res = view();
  212.  
  213.             cout << "Viewing all. Text: " << res << endl;
  214.  
  215.             // Sign Up reply
  216.             memset(little_buffer, 0, sizeof(little_buffer));
  217.  
  218.             sprintf((char*)(little_buffer), "%s", res.c_str());
  219.  
  220.             if (sendto(sv->s, little_buffer, strlen((const char*)little_buffer), 0,
  221.                 (struct sockaddr*) & recievedAddr, addresslength) < 0) {
  222.                 perror("Sign up reply sendto failed");
  223.             }
  224.  
  225.         } break; // end of view
  226.  
  227.         case 2001: // upload
  228.         {
  229.             int place = 0;
  230.             string username = "", imagename = "";
  231.             while (msg[place] != '*') {
  232.                 username.append(1, msg[place]);
  233.                 place++;
  234.             }
  235.             place++;
  236.             while (msg[place] != 0) {
  237.                 imagename.append(1, msg[place]);
  238.                 place++;
  239.             }
  240.             cout << "User: " << username << endl;
  241.             cout << "Imagename: " << imagename << endl;
  242.             int uploaded = upload(username, imagename);
  243.  
  244.             cout << "Uploaded? " << uploaded << endl;
  245.             // Sign Up reply
  246.             memset(little_buffer, 0, sizeof(little_buffer));
  247.             if (uploaded == 1)
  248.                 little_buffer[0] = '1';
  249.             else if (uploaded == 0)
  250.                 little_buffer[0] = '0';
  251.             else if (uploaded == 9)
  252.                 little_buffer[0] = '9';
  253.             else
  254.                 little_buffer[0] = '8'; // if something is wrong
  255.             little_buffer[1] = 0;
  256.             if (sendto(sv->s, little_buffer, strlen((const char*)little_buffer), 0,
  257.                 (struct sockaddr*) & recievedAddr, addresslength) < 0) {
  258.                 perror("Sign up reply sendto failed");
  259.             }
  260.  
  261.         } break; // end of upload
  262.  
  263.         default:
  264.             break;
  265.         }
  266.     }
  267.  
  268.   bool serveRequests() { getRequest(); }
  269.  
  270.  
  271. //just sends a reply with the buffer
  272. void sendReply(unsigned char* buffer) {
  273.     if (sendto(sv->s, buffer, r, 0, (struct sockaddr*) & recievedAddr,
  274.         addresslength) < 0) {
  275.         perror("Failed to 'sendto'");
  276.     }
  277. }
  278.  
  279.  
  280. //loads in data from the user file into the user map the first time the server opens
  281. void storeUsers(fstream& users) {
  282.  
  283.     string line, username, imageName;
  284.     int nameLen, imageLen;
  285.  
  286.     users.seekp(0);
  287.     while (!users.eof()) {
  288.         getline(users, line);
  289.  
  290.         //if there is a user, get their username
  291.         if (line != "") {
  292.             nameLen = line.find(" ");
  293.             username = line.substr(0, nameLen);
  294.             line = line.erase(0, nameLen + 1);
  295.             users_map[username];
  296.  
  297.             //getting all the images uploaded by the user
  298.             while (line != "") {
  299.                 imageLen = line.find(" ");
  300.                 imageName = line.substr(0, imageLen);
  301.                 line = line.erase(0, imageLen + 1);
  302.                 users_map[username].imgs.push_back(imageName);
  303.             }
  304.         }
  305.  
  306.         else {
  307.  
  308.         }
  309.     }
  310.  
  311.     users.clear();
  312. }
  313.  
  314.  
  315. //loads in data from the verify file into the verify map the first time the server opens
  316. void storeVerify(fstream& verify) {
  317.  
  318.     string line, username, pass;
  319.     int nameLen, passLen;
  320.  
  321.     verify.seekp(0);
  322.     while (!verify.eof()) {
  323.  
  324.         getline(verify, line);
  325.  
  326.         //gets the usernames and their respective passwords
  327.         if (line != "") {
  328.             nameLen = line.find(" ");
  329.             username = line.substr(0, nameLen);
  330.             line = line.erase(0, nameLen + 1);
  331.  
  332.             passLen = line.find(" ");
  333.             pass = line.substr(0, passLen);
  334.             line = line.erase(0, passLen + 1);
  335.             verify_map[username] = pass;
  336.         }
  337.     }
  338.     verify.clear();
  339. }
  340.  
  341.  
  342. //attempts to sign user up, and put data into respective files
  343. bool signUp(string username, string password) {
  344.     bool validUsername = true;
  345.     string line, takenUsernames;
  346.     int nameLen;
  347.  
  348.     verify.seekp(0);
  349.     while (!verify.eof()) {
  350.         getline(verify, line);
  351.        
  352.         //if there's a user
  353.         if (line != "") {
  354.             nameLen = line.find(" ");
  355.             takenUsernames = line.substr(0, nameLen);
  356.             if (takenUsernames == username)
  357.                 validUsername = false;
  358.         }
  359.     }
  360.  
  361.     verify.clear();
  362.  
  363.     //username is valid, so we can complete the sign up
  364.     if (validUsername) {
  365.         verify_map[username] = password;
  366.         users_map[username];
  367.         int ind = verify.tellg();
  368.         verify.seekp(ind);
  369.         verify << username << " " << password << endl;
  370.         int inds = users.tellg();
  371.         users.seekp(inds);
  372.         users << username << " " << endl;
  373.         return true;
  374.     }
  375.  
  376.     //if username taken aka invalid
  377.     else {
  378.         cout << "Username already exists, please choose another...\n";
  379.         return false;
  380.     }
  381. }
  382.  
  383.  
  384. //checks if the username and password match.
  385. //Updates user map with user's ip, port, and login status
  386. int login(string username, string password) {
  387.     bool nameFlag = false, passFlag = false;
  388.     int nameLen, passLen;
  389.     string line, currName, pass;
  390.  
  391.     verify.seekp(0);
  392.     while (!verify.eof()) {
  393.  
  394.         getline(verify, line);
  395.         if (line != "") {
  396.             nameLen = line.find(" ");
  397.             currName = line.substr(0, nameLen);
  398.             line = line.erase(0, nameLen + 1);
  399.  
  400.             passLen = line.find(" ");
  401.             pass = line.substr(0, passLen);
  402.             line = line.erase(0, passLen + 1);
  403.  
  404.             //if we've found the user
  405.             if (currName == username)
  406.                 nameFlag = true;
  407.            
  408.             //if the password is also true to this username
  409.             if (currName == username && pass == password) {
  410.                 passFlag = true;
  411.                 break;
  412.             }
  413.         }
  414.     }
  415.  
  416.     verify.clear();
  417.  
  418.     //entered the username doesn't even exist
  419.     if (!nameFlag)
  420.         return 0;
  421.  
  422.     //password doesn't match
  423.     if (!passFlag)
  424.         return 5;  
  425.  
  426.     //user was already logged in
  427.     if (users_map[username].online == true) {
  428.         return 4;
  429.     }
  430.  
  431.     char portFromSender[LITTLE_BUFFER];
  432.     sprintf((char*)(portFromSender), "%u", sender_port);
  433.     users_map[username].userIP = string(sender_ip);
  434.     users_map[username].userPort = string(portFromSender);
  435.     users_map[username].online = true;
  436.     return 1;
  437. }
  438.  
  439.  
  440. //logs user out by reseting all variables back
  441. bool logout(string username) {
  442.     bool wasOnline = users_map[username].online;
  443.     users_map[username].online = false;
  444.     users_map[username].userIP = "";
  445.     users_map[username].userPort = "";
  446.  
  447.     return wasOnline;
  448. }
  449.  
  450.  
  451. string viewer() {
  452.  
  453.     string temp = "";
  454.     for (auto const& x : users_map) {
  455.         temp += x.first + "*";
  456.  
  457.         if (x.second.online) {
  458.             temp += "Login status: ONLINE.\tUser's IP: ";
  459.             temp += x.second.userIP + ".\tUser's port: ";
  460.             temp += x.second.userPort + ".\tUser's Images: ";
  461.         }
  462.  
  463.         else
  464.             temp += "Login Status: OFFLINE.\tUser's Images: ";
  465.  
  466.  
  467.         for (int i = 0; i < x.second.imgs.size(); i++) {
  468.             temp += x.second.imgs[i] + "#";
  469.         }
  470.         temp += "----------------";
  471.     }
  472.     return temp;
  473. }
  474.  
  475. string view() {
  476.     string ret = "";
  477.     for (auto const &x : users_map) {
  478.       ret += x.first + "*";
  479.       if (x.second.online) {
  480.         ret += "1&";
  481.         ret += x.second.userIP + "&";
  482.         ret += x.second.userPort + "&";
  483.       } else {
  484.         ret += "0&&&";
  485.       }
  486.       for (int i = 0; i < x.second.imgs.size(); i++) {
  487.         ret += x.second.imgs[i] + "#";
  488.       }
  489.       ret += "@";
  490.     }
  491.     return ret;
  492.   }
  493.  
  494. //uploads images into existing user profiles
  495. int upload(string username, string imgName) {
  496.  
  497.     bool exists = false;
  498.     string output = "";
  499.     int count = 0;
  500.  
  501.     for (auto const& curr : users_map) {
  502.         count++;    //keeps track of placement of username
  503.         if (curr.first == username) {
  504.             exists = true;
  505.             break;
  506.         }
  507.     }
  508.  
  509.     //if user exists
  510.     if (exists) {
  511.         bool iFind = false;
  512.         string line, orig, name;
  513.         int nameLen;
  514.        
  515.         for (int f = 0; f < users_map[username].imgs.size() && !iFind; f++) {
  516.             iFind = (users_map[username].imgs[f] == imgName);
  517.         }
  518.        
  519.         if (!iFind) {
  520.             users_map[username].imgs.push_back(imgName);
  521.  
  522.             //to quickly find username
  523.             for (int i = 0; i < count; i++) {
  524.                 getline(users, line);
  525.             }
  526.  
  527.             while (!users.eof()) {
  528.                 getline(users, line);
  529.  
  530.                 if (line == "")
  531.                     break;
  532.  
  533.                 orig = line;
  534.                 nameLen = line.find(" ");
  535.                 name = line.substr(0, nameLen);
  536.                 line = line.erase(0, nameLen + 1);
  537.  
  538.                 if (name == username) {
  539.                     output += username + " ";
  540.                     for (int i = 0; i < users_map[username].imgs.size(); i++)
  541.                         output += users_map[username].imgs[i] + " ";
  542.                     output += "\n";
  543.                 }
  544.  
  545.                 else {
  546.                     output += orig + "\n";
  547.                 }
  548.             }
  549.         }
  550.  
  551.         //the image was found
  552.         else {
  553.             return 9;
  554.         }
  555.     }
  556.  
  557.     //username wasn't found
  558.     else {
  559.         cout << "Username not found\n";
  560.         return 0;
  561.     }
  562.  
  563.     //if it all went successfully
  564.     users.close();
  565.     users.open("users.txt", fstream::out | fstream::in);
  566.     users << output;
  567.     users.close();
  568.     users.open("users.txt", fstream::out | fstream::in | fstream::app);
  569.     return 1;
  570. }
  571.  
  572. ~DircServ() { users.close(); }
  573.  
  574. };
  575. #endif
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top