void HttpDebugSocket::OnFirst()
{
Send(
"HTTP/1.1 200 OK\n"
"Content-type: text/html\n"
"Connection: close\n"
"Server: HttpDebugSocket/1.0\n"
"\n");
Send(
"<html><head><title>Echo Request</title></head>"
"<body><h3>Request Header</h3>");
Send( "<form method='post' action='/test_post'>"
"<input type='text' name='text' value='test text'><br>"
"<input type='submit' name='submit' value=' OK '></form>");
// enctype 'multipart/form-data'
Sendf("<form action='/test_post' method='post' enctype='multipart/form-data'>");
Sendf("<input type=file name=the_file><br>");
Sendf("<input type=text name=the_name><br>");
Sendf("<input type=submit name=submit value=' test form-data '>");
Sendf("</form>");
Send( "<pre style='background: #e0e0e0'>");
Send(GetMethod() + " " + GetUrl() + " " + GetHttpVersion() + "\n");
}
/// Accept an incoming connection
void RASocket::OnAccept()
{
std::string ss=GetRemoteAddress();
sLog.outRALog("Incoming connection from %s.\n",ss.c_str());
///- If there is already an active admin, drop the connection
if(iUsers)
{
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
SetCloseAndDelete();
return;
}
///- Else print Motd
Sendf("%s\r\n",sWorld.GetMotd());
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
/// Accept an incoming connection
void RASocket::OnAccept()
{
std::string ss=GetRemoteAddress();
sLog.outRemote("Incoming connection from %s.\n",ss.c_str());
///- print Motd
Sendf("%s\r\n",sWorld.GetMotd());
}
void UBSocket::OnAccept()
{
Global::Get()->logf("Login from: %s\n", GetRemoteAddress().c_str());
Sendf("Welcome to %s.\n", game::vname);
Editor* p = new EditorAccountLogin(this);
Assert(m_editors.empty());
m_editors.push(p);
}
/// Accept an incoming connection
void RASocket::OnAccept()
{
std::string ss=GetRemoteAddress();
sLog.outRALog("Incoming connection from %s.\n",ss.c_str());
///- If there is already an active admin, drop the connection
if(iUsers)
dropclient
///- Else print Motd
Sendf("%s\r\n",sWorld.GetMotd());
}
void RASocket::OnAccept()
{
if(bLog)
{
std::string ss=GetRemoteAddress();
Log("Incoming connection from %s.\n",ss.c_str());
}
//if(bSingleUserMode)
if(iUsers)
dropclient
Sendf("%s\x0d\x0a",(char*)sWorld.GetMotd());
}
/// Read data from the network
void RASocket::OnRead()
{
///- Read data and check input length
TcpSocket::OnRead();
unsigned int sz=ibuf.GetLength();
if (iInputLength+sz>=RA_BUFF_SIZE)
{
sLog.outRALog("Input buffer overflow, possible DOS attack.\n");
SetCloseAndDelete();
return;
}
///- If there is already an active admin (other than you), drop the connection
if (stage!=OK && iUsers)
{
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
SetCloseAndDelete();
return;
}
char *inp = new char [sz+1];
ibuf.Read(inp,sz);
///- Discard data after line break or line feed
bool gotenter=false;
unsigned int y=0;
for(;y<sz;y++)
{
if (inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
}
}
//No buffer overflow (checked above)
memcpy(&buff[iInputLength],inp,y);
iInputLength+=y;
delete [] inp;
if (gotenter)
{
buff[iInputLength]=0;
iInputLength=0;
switch(stage)
{
/// <ul> <li> If the input is 'USER <username>'
case NONE:
{
///- If we're interactive we don't expect "USER " to be there
szLogin=&buff[0];
///- Get the gmlevel from the account table
std::string login = szLogin;
///- Convert Account name to Upper Format
AccountMgr::normalizeString(login);
///- Escape the Login to allow quotes in names
loginDatabase.escape_string(login);
QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '******'",login.c_str());
///- If the user is not found, deny access
if(!result)
{
Sendf("-No such user.\r\n");
sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
Field *fields = result->Fetch();
///- if gmlevel is too low, deny access
if (fields[0].GetUInt32()<iMinLevel)
{
Sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
else
{
stage=LG;
Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
}
delete result;
}
break;
}
///<li> If the input is 'PASS <password>' (and the user already gave his username)
case LG:
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
///- If we're interactive we don't expect "PASS " to be there
std::string pw = &buff[0];
AccountMgr::normalizeString(login);
AccountMgr::normalizeString(pw);
loginDatabase.escape_string(login);
loginDatabase.escape_string(pw);
QueryResult *check = loginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '******' AND sha_pass_hash=SHA1(CONCAT(username,':','%s'))",
login.c_str(), pw.c_str());
if (check)
{
delete check;
r=GetSocket();
stage=OK;
++iUsers;
Sendf("+Logged in.\r\n");
sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
Sendf("mangos>");
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
}
break;
}
///<li> If user is logged, parse and execute the command
case OK:
if (strlen(buff))
{
sLog.outRALog("Got '%s' cmd.\n",buff);
if (strncmp(buff,"quit",4)==0)
SetCloseAndDelete();
else
sWorld.QueueCliCommand(&RASocket::zprint, buff);
}
else
Sendf("mangos>");
break;
///</ul>
};
}
}
/// Read data from the network
void RASocket::OnRead()
{
///- Read data and check input length
TcpSocket::OnRead();
unsigned int sz=ibuf.GetLength();
if (iInputLength+sz>=RA_BUFF_SIZE)
{
sLog.outRemote("Input buffer overflow, possible DOS attack.\n");
SetCloseAndDelete();
return;
}
char *inp = new char [sz+1];
ibuf.Read(inp,sz);
/// \todo Can somebody explain this 'Linux bugfix'?
if (stage==NONE)
if (sz>4) //linux remote telnet
if (memcmp(inp ,"USER ",5))
{
delete [] inp;return;
printf("lin bugfix");
} //linux bugfix
///- Discard data after line break or line feed
bool gotenter=false;
unsigned int y=0;
for (; y<sz; y++)
if (inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
}
//No buffer overflow (checked above)
memcpy(&buff[iInputLength],inp,y);
iInputLength+=y;
delete [] inp;
if (gotenter)
{
buff[iInputLength]=0;
iInputLength=0;
switch(stage)
{
/// <ul> <li> If the input is 'USER <username>'
case NONE:
if (!memcmp(buff,"USER ",5)) //got "USER" cmd
{
szLogin=&buff[5];
///- Get the password from the account table
std::string login = szLogin;
///- Convert Account name to Upper Format
AccountMgr::normalizeString(login);
///- Escape the Login to allow quotes in names
LoginDatabase.escape_string(login);
QueryResult result = LoginDatabase.PQuery("SELECT a.id, aa.gmlevel, aa.RealmID FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = '******'",login.c_str ());
///- If the user is not found, deny access
if (!result)
{
Sendf("-No such user.\r\n");
sLog.outRemote("User %s does not exist.\n",szLogin.c_str());
if (bSecure)SetCloseAndDelete();
}
else
{
Field *fields = result->Fetch();
//szPass=fields[0].GetString();
///- if gmlevel is too low, deny access
if (fields[1].GetUInt32() < iMinLevel)
{
Sendf("-Not enough privileges.\r\n");
sLog.outRemote("User %s has no privilege.\n",szLogin.c_str());
if (bSecure)SetCloseAndDelete();
}
else if (fields[2].GetInt32() != -1)
{
///- if RealmID isn't -1, deny access
Sendf("-Not enough privileges.\r\n");
sLog.outRemote("User %s has to be assigned on all realms (with RealmID = '-1').\n",szLogin.c_str());
if (bSecure)SetCloseAndDelete();
}
else
{
stage=LG;
}
}
}
break;
///<li> If the input is 'PASS <password>' (and the user already gave his username)
case LG:
if (!memcmp(buff,"PASS ",5)) //got "PASS" cmd
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
std::string pw = &buff[5];
AccountMgr::normalizeString(login);
AccountMgr::normalizeString(pw);
LoginDatabase.escape_string(login);
LoginDatabase.escape_string(pw);
QueryResult check = LoginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '******' AND sha_pass_hash=SHA1(CONCAT('%s',':','%s'))",
login.c_str(), login.c_str(), pw.c_str());
if (check)
{
GetSocket();
stage=OK;
Sendf("+Logged in.\r\n");
sLog.outRemote("User %s has logged in.\n",szLogin.c_str());
Sendf("TC>");
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRemote("User %s has failed to log in.\n",szLogin.c_str());
if (bSecure)SetCloseAndDelete();
}
}
break;
///<li> If user is logged, parse and execute the command
case OK:
if (strlen(buff))
{
sLog.outRemote("Got '%s' cmd.\n",buff);
SetDeleteByHandler(false);
CliCommandHolder* cmd = new CliCommandHolder(this, buff, &RASocket::zprint, &RASocket::commandFinished);
sWorld.QueueCliCommand(cmd);
++pendingCommands;
}
else
Sendf("TC>");
break;
///</ul>
};
}
}
/// Read data from the network
void RASocket::OnRead()
{
///- Read data and check input length
TcpSocket::OnRead();
unsigned int sz=ibuf.GetLength();
if(iInputLength+sz>=RA_BUFF_SIZE)
{
sLog.outRALog("Input buffer overflow, possible DOS attack.\n");
SetCloseAndDelete();
return;
}
///- If there is already an active admin (other than you), drop the connection
if(stage!=OK && iUsers)
dropclient
char *inp = new char [sz+1];
ibuf.Read(inp,sz);
/// \todo Can somebody explain this 'Linux bugfix'?
if(stage==NONE)
if(sz>4) //linux remote telnet
if(memcmp(inp ,"USER ",5))
{
delete [] inp;return;
printf("lin bugfix");
} //linux bugfix
///- Discard data after line break or line feed
bool gotenter=false;
unsigned int y=0;
for(;y<sz;y++)
if(inp[y]=='\r'||inp[y]=='\n')
{
gotenter=true;
break;
}
//No buffer overflow (checked above)
memcpy(&buff[iInputLength],inp,y);
iInputLength+=y;
delete [] inp;
if(gotenter)
{
buff[iInputLength]=0;
iInputLength=0;
switch(stage)
{
/// <ul> <li> If the input is 'USER <username>'
case NONE:
if(!memcmp(buff,"USER ",5)) //got "USER" cmd
{
szLogin=&buff[5];
///- Get the gmlevel and password from the account table
std::string login = szLogin;
loginDatabase.escape_string(login);
// No SQL injection (escaped login)
QueryResult* result = loginDatabase.PQuery("SELECT `gmlevel` FROM `account` WHERE UPPER(`username`) = UPPER('%s')",login.c_str());
///- If the user is not found, deny access
if(!result)
{
Sendf("-No such user.\r\n");
sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
}
else
{
Field *fields = result->Fetch();
//szPass=fields[0].GetString();
///- if gmlevel is too low, deny access
if(fields[0].GetUInt32()<iMinLevel)
{
Sendf("-Not enough privileges.\r\n");
sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
} else
{
stage=LG;
}
delete result;
}
}
break;
///<li> If the input is 'PASS <password>' (and the user already gave his username)
case LG:
if(!memcmp(buff,"PASS ",5)) //got "PASS" cmd
{ //login+pass ok
///- If password is correct, increment the number of active administrators
std::string login = szLogin;
std::string pw = &buff[5];
loginDatabase.escape_string(login);
loginDatabase.escape_string(pw);
QueryResult *check = loginDatabase.PQuery("SELECT 1 FROM `account` WHERE UPPER(`username`)=UPPER('%s') AND `I`=SHA1(CONCAT(UPPER(`username`),':',UPPER('%s')))", login.c_str(), pw.c_str());
if(check)
{
delete check;
r=GetSocket();
stage=OK;
iUsers++;
Sendf("+Logged in.\r\n");
sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
}
else
{
///- Else deny access
Sendf("-Wrong pass.\r\n");
sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
if(bSecure)SetCloseAndDelete();
}
}
break;
///<li> If user is logged, parse and execute the command
case OK:
if(strlen(buff))
{
sLog.outRALog("Got '%s' cmd.\n",buff);
ParseCommand(&RASocket::zprintf , buff);
}
break;
///</ul>
};
}
}
void RASocket::OnRead()
{
TcpSocket::OnRead();
unsigned int sz=ibuf.GetLength ();
if(iInputLength+sz>=RA_BUFF_SIZE)
{
Log("Input buffer overflow, possible DOS attack\n");
SetCloseAndDelete();
return;
}
//if(bSingleUserMode)
if(stage!=OK && iUsers)
dropclient
char * inp = new char [sz+1];
ibuf.Read(inp,sz);
if(stage==NONE)
if(sz>4) //linux remote telnet
if(memcmp(inp ,"USER ",5))
{
delete [] inp;return;
printf("lin bugfix");
} //linux bugfix
bool gotenter=false;
unsigned int y=0;
for(;y<sz;y++)
if(inp[y]==0xd||inp[y]==0xa)
{
gotenter=true;
break;
}
memcpy(&buff[iInputLength],inp,y);
iInputLength+=y;
delete [] inp;
if(gotenter)
{
buff[iInputLength]=0;
iInputLength=0;
switch(stage)
{
case NONE:
if(!memcmp(buff,"USER ",5)) //got "USER" cmd
{
//if(bLog)Log("User %s",
strcpy(szLogin,&buff[5]);
//access db now
QueryResult* result = loginDatabase.PQuery("SELECT `password`,`gmlevel` FROM `account` WHERE `username` = '%s'",szLogin);
if(!result)
{
Sendf("-No such user.\x0d\x0a");
if(bLog)Log("User %s does not exist.\n",szLogin);
if(bSecure)SetCloseAndDelete();
}
else
{
Field *fields = result->Fetch();
strcpy(szPass,fields[0].GetString());
if(fields[1].GetUInt32()<iMinLevel)
{
Sendf("-Not enough privileges.\x0d\x0a");
if(bLog)Log("User %s has no privileges.\n",szLogin);
if(bSecure)SetCloseAndDelete();
} else
{
stage=LG;
}
delete result;
}
}
break;
case LG:
if(!memcmp(buff,"PASS ",5)) //got "PASS" cmd
{ //login+pass ok
if(!strcmp(&buff[5],szPass))
{
r=GetSocket();
stage=OK;
iUsers++;
Sendf("+Logged in.\x0d\x0a");
if(bLog)Log("User %s has logged in.\n",szLogin);
}
else
{
Sendf("-Wrong pass.\x0d\x0a");
if(bLog)Log("User %s has failed to log in.\n",szLogin);
if(bSecure)SetCloseAndDelete();
}
}
break;
case OK:
if(strlen(buff))
{
if(bLog)Log("Got '%s' cmd.\n",buff);
ParseCommand( &RASocket::zprintf , buff);
}
break;
};
}
}