Skip to content

Commit

Permalink
Merge pull request #322 from Groruk/master
Browse files Browse the repository at this point in the history
Session based logins
  • Loading branch information
Groruk authored Jul 4, 2017
2 parents 58056a7 + c95362e commit 68e49ab
Show file tree
Hide file tree
Showing 21 changed files with 2,406 additions and 756 deletions.
15 changes: 15 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,21 @@ Legend:
! = Fixed bug
? = Other stuff
```
(04/07/17): Version 1.6.2
-----------------------
```
01. ! Fixed issue with group Banning
02. ! Fixed AmxBans import issue
03. ! Fixed possible XSS Injection
04. + Adjusted regex for CSGO
05. + Added option to disable 'comms' tab
06. ! Fixed bugs with SteamID format
07. ! Fixed version checks
08. ? Git version is now only shown in dev builds
09. ! Fixed issue with email links
10. * Added session based logins
```

(07/05/17): Version 1.6.1
-----------------------
```
Expand Down
4 changes: 2 additions & 2 deletions game/addons/sourcemod/scripting/sbpp_admcfg.sp
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ public Plugin myinfo =
name = "SourceBans++: Admin Config Loader",
author = "AlliedModders LLC, SourceBans++ Dev Team",
description = "Reads Admin Files",
version = "1.6.1",
url = "https://sbpp.sarabveer.me/"
version = "1.6.2",
url = "https://sbpp.github.io"
};


Expand Down
4 changes: 2 additions & 2 deletions game/addons/sourcemod/scripting/sbpp_checker.sp
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@

#include <sourcemod>

#define VERSION "1.6.1"
#define VERSION "1.6.2"
#define LISTBANS_USAGE "sm_listsbbans <#userid|name> - Lists a user's prior bans from Sourcebans"
#define INVALID_TARGET -1

Expand All @@ -42,7 +42,7 @@ public Plugin:myinfo =
author = "psychonic, Ca$h Munny, SourceBans++ Dev Team",
description = "Notifies admins of prior bans from Sourcebans upon player connect.",
version = VERSION,
url = "https://sbpp.sarabveer.me/"
url = "https://sbpp.github.io"
};

public OnPluginStart()
Expand Down
4 changes: 2 additions & 2 deletions game/addons/sourcemod/scripting/sbpp_comms.sp
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
// Do not edit below this line //
//-----------------------------//

#define PLUGIN_VERSION "1.6.1"
#define PLUGIN_VERSION "1.6.2"
#define PREFIX "\x04[SourceComms++]\x01 "

#define MAX_TIME_MULTI 30 // maximum mass-target punishment length
Expand Down Expand Up @@ -161,7 +161,7 @@ public Plugin:myinfo =
author = "Alex, SourceBans++ Dev Team",
description = "Advanced punishments management for the Source engine in SourceBans style",
version = PLUGIN_VERSION,
url = "https://sbpp.sarabveer.me/"
url = "https://sbpp.github.io"
};

public APLRes:AskPluginLoad2(Handle:myself, bool:late, String:error[], err_max)
Expand Down
6 changes: 3 additions & 3 deletions game/addons/sourcemod/scripting/sbpp_main.sp
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@
#include <adminmenu>
#tryinclude <updater>

#define SB_VERSION "1.6.1++"
#define SBR_VERSION "1.6.1"
#define SB_VERSION "1.6.2++"
#define SBR_VERSION "1.6.2"

#if defined _updater_included
#define UPDATE_URL "https://sbpp.github.io/updater/updatefile.txt"
Expand Down Expand Up @@ -137,7 +137,7 @@ public Plugin:myinfo =
author = "SourceBans Development Team, SourceBans++ Dev Team",
description = "Advanced ban management for the Source engine",
version = SBR_VERSION,
url = "https://sbpp.sarabveer.me/"
url = "https://sbpp.github.io"
};

#if SOURCEMOD_V_MAJOR >= 1 && SOURCEMOD_V_MINOR >= 3
Expand Down
4 changes: 2 additions & 2 deletions game/addons/sourcemod/scripting/sbpp_sleuth.sp
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
#undef REQUIRE_PLUGIN
#include <sourcebans>

#define PLUGIN_VERSION "1.6.1"
#define PLUGIN_VERSION "1.6.2"

#define LENGTH_ORIGINAL 1
#define LENGTH_CUSTOM 2
Expand Down Expand Up @@ -57,7 +57,7 @@ public Plugin:myinfo =
author = "ecca, SourceBans++ Dev Team",
description = "Useful for TF2 servers. Plugin will check for banned ips and ban the player.",
version = PLUGIN_VERSION,
url = "https://sbpp.sarabveer.me/"
url = "https://sbpp.github.io"
};

public OnPluginStart()
Expand Down
48 changes: 17 additions & 31 deletions web/includes/CUserManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,12 @@ class CUserManager
* @param $password the current user's password
* @return noreturn.
*/
public function __construct($aid, $password)
public function __construct($aid)
{
$this->dbh = new Database(DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASS, DB_PREFIX);

if ($this->CheckLogin($password, $aid)) {
$this->aid = $aid;
$this->GetUserArray($aid);
}
$this->aid = $aid;
$this->GetUserArray($aid);
}


Expand All @@ -63,7 +61,7 @@ public function GetUserArray($aid = null)
}
// Invalid aid
if ($aid < 0 || empty($aid)) {
return 0;
return false;
}

// We already got the data from the DB, and its saved in the manager
Expand All @@ -82,7 +80,7 @@ public function GetUserArray($aid = null)
$res = $this->dbh->single();

if (!$res) {
return 0; // ohnoes some type of db error
return false; // ohnoes some type of db error
}

$user = array();
Expand Down Expand Up @@ -212,30 +210,24 @@ public function CheckLogin($password, $aid)

public function login($aid, $password, $save = true)
{
if ($this->CheckLogin($this->encrypt_password($password), $aid)) {
if ($this->CheckLogin($this->encrypt_password($password), $aid) || $this->CheckLogin($this->hash($password), $aid)) {
//Old password hash detected update it.
$this->dbh->query('UPDATE `:prefix_admins` SET password = :password WHERE aid = :aid');
$this->dbh->bind(':password', $this->hash($password));
$this->dbh->bind(':password', password_hash($password, PASSWORD_BCRYPT));
$this->dbh->bind(':aid', $aid);
$this->dbh->execute();

setcookie("aid", $aid);
setcookie("password", $this->hash($password));
setcookie("user", $_SESSION['user']['user']);
\SessionManager::sessionStart('login', 604800, 0);
$_SESSION['aid'] = $aid;
return true;
}

if ($this->CheckLogin($this->hash($password), $aid)) {
if ($save) {
//Sets cookies
setcookie("aid", $aid, time()+LOGIN_COOKIE_LIFETIME);
setcookie("password", $this->hash($password), time()+LOGIN_COOKIE_LIFETIME);
setcookie("user", isset($_SESSION['user']['user'])?$_SESSION['user']['user']:null, time()+LOGIN_COOKIE_LIFETIME);
return true;
}
setcookie("aid", $aid);
setcookie("password", $this->hash($password));
setcookie("user", $_SESSION['user']['user']);
$this->dbh->query('SELECT password FROM `:prefix_admins` WHERE aid = :aid');
$this->dbh->bind(':aid', $aid);
$hash = $this->dbh->single();
if (password_verify($password, $hash['password'])) {
\SessionManager::sessionStart('login', 604800, 0);
$_SESSION['aid'] = $aid;
return true;
}
return false;
Expand Down Expand Up @@ -332,19 +324,13 @@ public function AddAdmin($name, $steam, $password, $email, $web_group, $web_flag
throw new RuntimeException('Password must be at least ' . MIN_PASS_LENGTH . ' characters long.');
}
if (empty($password)) {
// Silently generate a token for account if there is no password set
// the token is required in Steam OAuth routines.
// Due to ugly codebase and lack of migrations we store the token as password hash.
// Also we use a prefix here to prevent any possible collisions with `encrypt_password` implementation.
$password_hash = '$token$' . $this->random_string();
} else {
$password_hash = $this->hash($password);
throw new RuntimeException('Password must not be empty!');
}
$this->dbh->query('INSERT INTO `:prefix_admins` (user, authid, password, gid, email, extraflags, immunity, srv_group, srv_flags, srv_password)
VALUES (:user, :authid, :password, :gid, :email, :extraflags, :immunity, :srv_group, :srv_flags, :srv_password)');
$this->dbh->bind(':user', $name);
$this->dbh->bind(':authid', $steam);
$this->dbh->bind(':password', $password_hash);
$this->dbh->bind(':password', password_hash($password, PASSWORD_BCRYPT));
$this->dbh->bind(':gid', $web_group);
$this->dbh->bind(':email', $email);
$this->dbh->bind(':extraflags', $web_flags);
Expand Down
Loading

0 comments on commit 68e49ab

Please sign in to comment.