Response::ResponseCode ServerSocketInterface::cmdBanFromServer(const Command_BanFromServer &cmd, ResponseContainer & /*rc*/)
{
    if (!sqlInterface->checkSql())
        return Response::RespInternalError;

    QString userName = QString::fromStdString(cmd.user_name());
    QString address = QString::fromStdString(cmd.address());
    QString trustedSources = settingsCache->value("server/trusted_sources","127.0.0.1,::1").toString();
    int minutes = cmd.minutes();
    if (trustedSources.contains(address,Qt::CaseInsensitive))
        address = "";

    QSqlQuery query(sqlInterface->getDatabase());
    query.prepare("insert into " + servatrice->getDbPrefix() + "_bans (user_name, ip_address, id_admin, time_from, minutes, reason, visible_reason) values(:user_name, :ip_address, :id_admin, NOW(), :minutes, :reason, :visible_reason)");
    query.bindValue(":user_name", userName);
    query.bindValue(":ip_address", address);
    query.bindValue(":id_admin", userInfo->id());
    query.bindValue(":minutes", minutes);
    query.bindValue(":reason", QString::fromStdString(cmd.reason()));
    query.bindValue(":visible_reason", QString::fromStdString(cmd.visible_reason()));
    sqlInterface->execSqlQuery(query);

    servatrice->clientsLock.lockForRead();
    QList<ServerSocketInterface *> userList = servatrice->getUsersWithAddressAsList(QHostAddress(address));
    ServerSocketInterface *user = static_cast<ServerSocketInterface *>(server->getUsers().value(userName));
    if (user && !userList.contains(user))
        userList.append(user);
    if (!userList.isEmpty()) {
        Event_ConnectionClosed event;
        event.set_reason(Event_ConnectionClosed::BANNED);
        if (cmd.has_visible_reason())
            event.set_reason_str(cmd.visible_reason());
        if (minutes)
            event.set_end_time(QDateTime::currentDateTime().addSecs(60 * minutes).toTime_t());
        for (int i = 0; i < userList.size(); ++i) {
            SessionEvent *se = userList[i]->prepareSessionEvent(event);
            userList[i]->sendProtocolItem(*se);
            delete se;
            QMetaObject::invokeMethod(userList[i], "prepareDestroy", Qt::QueuedConnection);
        }
    }
    servatrice->clientsLock.unlock();

    return Response::RespOk;
}
Exemple #2
0
AuthenticationResult Server::loginUser(Server_ProtocolHandler *session, QString &name, const QString &password, QString &reasonStr, int &secondsLeft, QString &clientid, QString &clientVersion, QString & /* connectionType */)
{
    if (name.size() > 35)
        name = name.left(35);

    Server_DatabaseInterface *databaseInterface = getDatabaseInterface();

    AuthenticationResult authState = databaseInterface->checkUserPassword(session, name, password, clientid, reasonStr, secondsLeft);
    if (authState == NotLoggedIn || authState == UserIsBanned || authState == UsernameInvalid || authState == UserIsInactive)
        return authState;

    ServerInfo_User data = databaseInterface->getUserData(name, true);
    data.set_address(session->getAddress().toStdString());
    name = QString::fromStdString(data.name()); // Compensate for case indifference

    if (authState == PasswordRight) {
        if (users.contains(name) || databaseInterface->userSessionExists(name)) {
            if (users.contains(name)) {
                qDebug("Session already logged in, logging old session out");
                Event_ConnectionClosed event;
                event.set_reason(Event_ConnectionClosed::LOGGEDINELSEWERE);
                event.set_reason_str("You have been logged out due to logging in at another location.");
                event.set_end_time(QDateTime::currentDateTime().toTime_t());

                SessionEvent *se = users.value(name)->prepareSessionEvent(event);
                users.value(name)->sendProtocolItem(*se);
                delete se;

                users.value(name)->prepareDestroy();
            } else {
                qDebug() << "Active session and sessions table inconsistent, please validate session table information for user " << name;
            }
        }

    } else if (authState == UnknownUser) {
        // Change user name so that no two users have the same names,
        // don't interfere with registered user names though.
        if (getRegOnlyServerEnabled()) {
            qDebug("Login denied: registration required");
            databaseInterface->unlockSessionTables();
            return RegistrationRequired;
        }

        QString tempName = name;
        int i = 0;
        while (users.contains(tempName) || databaseInterface->activeUserExists(tempName) || databaseInterface->userSessionExists(tempName))
            tempName = name + "_" + QString::number(++i);
        name = tempName;
        data.set_name(name.toStdString());
    }

    QWriteLocker locker(&clientsLock);
    databaseInterface->lockSessionTables();
    users.insert(name, session);
    qDebug() << "Server::loginUser:"******"name=" << name;

    data.set_session_id(databaseInterface->startSession(name, session->getAddress(), clientid, session->getConnectionType()));
    databaseInterface->unlockSessionTables();

    usersBySessionId.insert(data.session_id(), session);

    qDebug() << "session id:" << data.session_id();
    session->setUserInfo(data);

    Event_UserJoined event;
    event.mutable_user_info()->CopyFrom(session->copyUserInfo(false));
    SessionEvent *se = Server_ProtocolHandler::prepareSessionEvent(event);
    for (int i = 0; i < clients.size(); ++i)
        if (clients[i]->getAcceptsUserListChanges())
            clients[i]->sendProtocolItem(*se);
    delete se;

    event.mutable_user_info()->CopyFrom(session->copyUserInfo(true, true, true));
    locker.unlock();

    if (clientid.isEmpty()){
        // client id is empty, either out dated client or client has been modified
        if (getClientIDRequiredEnabled())
            return ClientIdRequired;
    }
    else {
        // update users database table with client id
        databaseInterface->updateUsersClientID(name, clientid);
    }

    databaseInterface->updateUsersLastLoginData(name, clientVersion);
    se = Server_ProtocolHandler::prepareSessionEvent(event);
    sendIsl_SessionEvent(*se);
    delete se;

    return authState;
}