void HttpDebugSocket::OnFirst()
{
	Send(
		"HTTP/1.1 200 OK\n"
		"Content-type: text/html\n"
		"Connection: close\n"
		"Server: HttpDebugSocket/1.0\n"
		"\n");
	Send(
		"<html><head><title>Echo Request</title></head>"
		"<body><h3>Request Header</h3>");
	Send(	"<form method='post' action='/test_post'>"
		"<input type='text' name='text' value='test text'><br>"
		"<input type='submit' name='submit' value=' OK '></form>");

	// enctype 'multipart/form-data'
	Sendf("<form action='/test_post' method='post' enctype='multipart/form-data'>");
	Sendf("<input type=file name=the_file><br>");
	Sendf("<input type=text name=the_name><br>");
	Sendf("<input type=submit name=submit value=' test form-data '>");
	Sendf("</form>");

	Send(	"<pre style='background: #e0e0e0'>");
	Send(GetMethod() + " " + GetUrl() + " " + GetHttpVersion() + "\n");
}
示例#2
0
/// Accept an incoming connection
void RASocket::OnAccept()
{
    std::string ss=GetRemoteAddress();
    sLog.outRALog("Incoming connection from %s.\n",ss.c_str());
    ///- If there is already an active admin, drop the connection
    if(iUsers)
    {
        Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
        SetCloseAndDelete();
        return;
    }

    ///- Else print Motd
    Sendf("%s\r\n",sWorld.GetMotd());
    Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
}
示例#3
0
/// Accept an incoming connection
void RASocket::OnAccept()
{
    std::string ss=GetRemoteAddress();
    sLog.outRemote("Incoming connection from %s.\n",ss.c_str());
     ///- print Motd
    Sendf("%s\r\n",sWorld.GetMotd());
}
示例#4
0
void UBSocket::OnAccept()
{
    Global::Get()->logf("Login from: %s\n", GetRemoteAddress().c_str());
    Sendf("Welcome to %s.\n", game::vname);
    Editor* p = new EditorAccountLogin(this);
    Assert(m_editors.empty());

    m_editors.push(p);
}
示例#5
0
/// Accept an incoming connection
void RASocket::OnAccept()
{
    std::string ss=GetRemoteAddress();
    sLog.outRALog("Incoming connection from %s.\n",ss.c_str());
    ///- If there is already an active admin, drop the connection
    if(iUsers)
        dropclient

        ///- Else print Motd
            Sendf("%s\r\n",sWorld.GetMotd());
}
示例#6
0
void RASocket::OnAccept()
{
    if(bLog)
    {
        std::string ss=GetRemoteAddress();
        Log("Incoming connection from %s.\n",ss.c_str());
    }
    //if(bSingleUserMode)
    if(iUsers)
        dropclient

            Sendf("%s\x0d\x0a",(char*)sWorld.GetMotd());
}
示例#7
0
/// Read data from the network
void RASocket::OnRead()
{
    ///- Read data and check input length
    TcpSocket::OnRead();

    unsigned int sz=ibuf.GetLength();
    if (iInputLength+sz>=RA_BUFF_SIZE)
    {
        sLog.outRALog("Input buffer overflow, possible DOS attack.\n");
        SetCloseAndDelete();
        return;
    }

    ///- If there is already an active admin (other than you), drop the connection
    if (stage!=OK && iUsers)
    {
        Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_BUSY));
        SetCloseAndDelete();
        return;
    }

    char *inp = new char [sz+1];
    ibuf.Read(inp,sz);

    ///- Discard data after line break or line feed
    bool gotenter=false;
    unsigned int y=0;
    for(;y<sz;y++)
    {
        if (inp[y]=='\r'||inp[y]=='\n')
        {
            gotenter=true;
            break;
        }
    }

    //No buffer overflow (checked above)
    memcpy(&buff[iInputLength],inp,y);
    iInputLength+=y;
    delete [] inp;
    if (gotenter)
    {
        buff[iInputLength]=0;
        iInputLength=0;
        switch(stage)
        {
            /// <ul> <li> If the input is 'USER <username>'
            case NONE:
            {
                ///- If we're interactive we don't expect "USER " to be there
                szLogin=&buff[0];

                ///- Get the gmlevel from the account table
                std::string login = szLogin;

                ///- Convert Account name to Upper Format
                AccountMgr::normalizeString(login);

                ///- Escape the Login to allow quotes in names
                loginDatabase.escape_string(login);

                QueryResult* result = loginDatabase.PQuery("SELECT gmlevel FROM account WHERE username = '******'",login.c_str());

                ///- If the user is not found, deny access
                if(!result)
                {
                    Sendf("-No such user.\r\n");
                    sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
                    if(bSecure)SetCloseAndDelete();
                    Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
                }
                else
                {
                    Field *fields = result->Fetch();

                    ///- if gmlevel is too low, deny access
                    if (fields[0].GetUInt32()<iMinLevel)
                    {
                        Sendf("-Not enough privileges.\r\n");
                        sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
                        if(bSecure)SetCloseAndDelete();
                        Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_USER));
                    }
                    else
                    {
                        stage=LG;
                        Sendf(sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
                    }
                    delete result;
                }
                break;
            }
            ///<li> If the input is 'PASS <password>' (and the user already gave his username)
            case LG:
            {                                               //login+pass ok
                ///- If password is correct, increment the number of active administrators
                std::string login = szLogin;

                ///- If we're interactive we don't expect "PASS " to be there
                std::string pw = &buff[0];

                AccountMgr::normalizeString(login);
                AccountMgr::normalizeString(pw);
                loginDatabase.escape_string(login);
                loginDatabase.escape_string(pw);

                QueryResult *check = loginDatabase.PQuery(
                    "SELECT 1 FROM account WHERE username = '******' AND sha_pass_hash=SHA1(CONCAT(username,':','%s'))",
                    login.c_str(), pw.c_str());

                if (check)
                {
                    delete check;
                    r=GetSocket();
                    stage=OK;
                    ++iUsers;

                    Sendf("+Logged in.\r\n");
                    sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
                    Sendf("mangos>");
                }
                else
                {
                    ///- Else deny access
                    Sendf("-Wrong pass.\r\n");
                    sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
                    if(bSecure)SetCloseAndDelete();
                    Sendf("\r\n%s",sObjectMgr.GetMangosStringForDBCLocale(LANG_RA_PASS));
                }
                break;
            }
            ///<li> If user is logged, parse and execute the command
            case OK:
                if (strlen(buff))
                {
                    sLog.outRALog("Got '%s' cmd.\n",buff);
                    if (strncmp(buff,"quit",4)==0)
                        SetCloseAndDelete();
                    else
                        sWorld.QueueCliCommand(&RASocket::zprint, buff);
                }
                else
                    Sendf("mangos>");
                break;
            ///</ul>
        };

    }
}
示例#8
0
/// Read data from the network
void RASocket::OnRead()
{
    ///- Read data and check input length
    TcpSocket::OnRead();

    unsigned int sz=ibuf.GetLength();
    if (iInputLength+sz>=RA_BUFF_SIZE)
    {
        sLog.outRemote("Input buffer overflow, possible DOS attack.\n");
        SetCloseAndDelete();
        return;
    }

    char *inp = new char [sz+1];
    ibuf.Read(inp,sz);

    /// \todo Can somebody explain this 'Linux bugfix'?
    if (stage==NONE)
        if (sz>4)                                            //linux remote telnet
            if (memcmp(inp ,"USER ",5))
            {
                delete [] inp;return;
                printf("lin bugfix");
            }                                               //linux bugfix

    ///- Discard data after line break or line feed
    bool gotenter=false;
    unsigned int y=0;
    for (; y<sz; y++)
        if (inp[y]=='\r'||inp[y]=='\n')
    {
        gotenter=true;
        break;
    }

    //No buffer overflow (checked above)
    memcpy(&buff[iInputLength],inp,y);
    iInputLength+=y;
    delete [] inp;
    if (gotenter)
    {

        buff[iInputLength]=0;
        iInputLength=0;
        switch(stage)
        {
            /// <ul> <li> If the input is 'USER <username>'
            case NONE:
                if (!memcmp(buff,"USER ",5))                 //got "USER" cmd
                {
                    szLogin=&buff[5];

                    ///- Get the password from the account table
                    std::string login = szLogin;

                    ///- Convert Account name to Upper Format
                    AccountMgr::normalizeString(login);

                    ///- Escape the Login to allow quotes in names
                    LoginDatabase.escape_string(login);

                    QueryResult result = LoginDatabase.PQuery("SELECT a.id, aa.gmlevel, aa.RealmID FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = '******'",login.c_str ());

                    ///- If the user is not found, deny access
                    if (!result)
                    {
                        Sendf("-No such user.\r\n");
                        sLog.outRemote("User %s does not exist.\n",szLogin.c_str());
                        if (bSecure)SetCloseAndDelete();
                    }
                    else
                    {
                        Field *fields = result->Fetch();

                        //szPass=fields[0].GetString();

                        ///- if gmlevel is too low, deny access
                        if (fields[1].GetUInt32() < iMinLevel)
                        {
                            Sendf("-Not enough privileges.\r\n");
                            sLog.outRemote("User %s has no privilege.\n",szLogin.c_str());
                            if (bSecure)SetCloseAndDelete();
                        }
                        else if (fields[2].GetInt32() != -1)
                        {
                            ///- if RealmID isn't -1, deny access
                            Sendf("-Not enough privileges.\r\n");
                            sLog.outRemote("User %s has to be assigned on all realms (with RealmID = '-1').\n",szLogin.c_str());
                            if (bSecure)SetCloseAndDelete();
                        }
                        else
                        {
                            stage=LG;
                        }
                    }
                }
                break;
                ///<li> If the input is 'PASS <password>' (and the user already gave his username)
            case LG:
                if (!memcmp(buff,"PASS ",5))                 //got "PASS" cmd
                {                                           //login+pass ok
                    ///- If password is correct, increment the number of active administrators
                    std::string login = szLogin;
                    std::string pw = &buff[5];

                    AccountMgr::normalizeString(login);
                    AccountMgr::normalizeString(pw);
                    LoginDatabase.escape_string(login);
                    LoginDatabase.escape_string(pw);

                    QueryResult check = LoginDatabase.PQuery(
                        "SELECT 1 FROM account WHERE username = '******' AND sha_pass_hash=SHA1(CONCAT('%s',':','%s'))",
                        login.c_str(), login.c_str(), pw.c_str());

                    if (check)
                    {
                        GetSocket();
                        stage=OK;

                        Sendf("+Logged in.\r\n");
                        sLog.outRemote("User %s has logged in.\n",szLogin.c_str());
                        Sendf("TC>");
                    }
                    else
                    {
                        ///- Else deny access
                        Sendf("-Wrong pass.\r\n");
                        sLog.outRemote("User %s has failed to log in.\n",szLogin.c_str());
                        if (bSecure)SetCloseAndDelete();
                    }
                }
                break;
                ///<li> If user is logged, parse and execute the command
            case OK:
                if (strlen(buff))
                {
                    sLog.outRemote("Got '%s' cmd.\n",buff);
                       SetDeleteByHandler(false);
                    CliCommandHolder* cmd = new CliCommandHolder(this, buff, &RASocket::zprint, &RASocket::commandFinished);
                    sWorld.QueueCliCommand(cmd);
                    ++pendingCommands;
                }
                else
                    Sendf("TC>");
                break;
                ///</ul>
        };

    }
}
示例#9
0
/// Read data from the network
void RASocket::OnRead()
{
    ///- Read data and check input length
    TcpSocket::OnRead();

    unsigned int sz=ibuf.GetLength();
    if(iInputLength+sz>=RA_BUFF_SIZE)
    {
        sLog.outRALog("Input buffer overflow, possible DOS attack.\n");
        SetCloseAndDelete();
        return;
    }

    ///- If there is already an active admin (other than you), drop the connection
    if(stage!=OK && iUsers)
        dropclient

            char *inp = new char [sz+1];
    ibuf.Read(inp,sz);

    /// \todo Can somebody explain this 'Linux bugfix'?
    if(stage==NONE)
        if(sz>4)                                            //linux remote telnet
            if(memcmp(inp ,"USER ",5))
            {
                delete [] inp;return;
                printf("lin bugfix");
            }                                               //linux bugfix

    ///- Discard data after line break or line feed
    bool gotenter=false;
    unsigned int y=0;
    for(;y<sz;y++)
        if(inp[y]=='\r'||inp[y]=='\n')
    {
        gotenter=true;
        break;
    }

    //No buffer overflow (checked above)
    memcpy(&buff[iInputLength],inp,y);
    iInputLength+=y;
    delete [] inp;
    if(gotenter)
    {

        buff[iInputLength]=0;
        iInputLength=0;
        switch(stage)
        {
            /// <ul> <li> If the input is 'USER <username>'
            case NONE:
                if(!memcmp(buff,"USER ",5))                 //got "USER" cmd
                {
                    szLogin=&buff[5];

                    ///- Get the gmlevel and password from the account table
                    std::string login = szLogin;
                    loginDatabase.escape_string(login);
                    // No SQL injection (escaped login)

                    QueryResult* result = loginDatabase.PQuery("SELECT `gmlevel` FROM `account` WHERE UPPER(`username`) = UPPER('%s')",login.c_str());

                    ///- If the user is not found, deny access
                    if(!result)
                    {
                        Sendf("-No such user.\r\n");
                        sLog.outRALog("User %s does not exist.\n",szLogin.c_str());
                        if(bSecure)SetCloseAndDelete();
                    }
                    else
                    {
                        Field *fields = result->Fetch();

                        //szPass=fields[0].GetString();

                        ///- if gmlevel is too low, deny access
                        if(fields[0].GetUInt32()<iMinLevel)
                        {
                            Sendf("-Not enough privileges.\r\n");
                            sLog.outRALog("User %s has no privilege.\n",szLogin.c_str());
                            if(bSecure)SetCloseAndDelete();
                        }   else
                        {
                            stage=LG;
                        }
                        delete result;
                    }
                }
                break;
                ///<li> If the input is 'PASS <password>' (and the user already gave his username)
            case LG:
                if(!memcmp(buff,"PASS ",5))                 //got "PASS" cmd
                {                                           //login+pass ok
                    ///- If password is correct, increment the number of active administrators
                    std::string login = szLogin;
                    std::string pw = &buff[5];
                    loginDatabase.escape_string(login);
                    loginDatabase.escape_string(pw);
                    QueryResult *check = loginDatabase.PQuery("SELECT 1 FROM `account` WHERE UPPER(`username`)=UPPER('%s') AND `I`=SHA1(CONCAT(UPPER(`username`),':',UPPER('%s')))", login.c_str(), pw.c_str());
                    if(check)
                    {
                        delete check;
                        r=GetSocket();
                        stage=OK;
                        iUsers++;

                        Sendf("+Logged in.\r\n");
                        sLog.outRALog("User %s has logged in.\n",szLogin.c_str());
                    }
                    else
                    {
                        ///- Else deny access
                        Sendf("-Wrong pass.\r\n");
                        sLog.outRALog("User %s has failed to log in.\n",szLogin.c_str());
                        if(bSecure)SetCloseAndDelete();
                    }
                }
                break;
                ///<li> If user is logged, parse and execute the command
            case OK:
                if(strlen(buff))
                {
                    sLog.outRALog("Got '%s' cmd.\n",buff);
                    ParseCommand(&RASocket::zprintf , buff);
                }
                break;
                ///</ul>
        };

    }
}
示例#10
0
void RASocket::OnRead()
{
    TcpSocket::OnRead();

    unsigned int sz=ibuf.GetLength ();
    if(iInputLength+sz>=RA_BUFF_SIZE)
    {
        Log("Input buffer overflow, possible DOS attack\n");
        SetCloseAndDelete();
        return;
    }

    //if(bSingleUserMode)
    if(stage!=OK && iUsers)
        dropclient

            char * inp = new char [sz+1];
    ibuf.Read(inp,sz);

    if(stage==NONE)
        if(sz>4)                                            //linux remote telnet
            if(memcmp(inp ,"USER ",5))
            {
                delete [] inp;return;
                printf("lin bugfix");
            }                                               //linux bugfix

    bool gotenter=false;
    unsigned int y=0;
    for(;y<sz;y++)

        if(inp[y]==0xd||inp[y]==0xa)
    {
        gotenter=true;
        break;
    }

    memcpy(&buff[iInputLength],inp,y);
    iInputLength+=y;
    delete [] inp;
    if(gotenter)
    {

        buff[iInputLength]=0;
        iInputLength=0;
        switch(stage)
        {
            case NONE:
                if(!memcmp(buff,"USER ",5))                 //got "USER" cmd
                {
                    //if(bLog)Log("User %s",
                    strcpy(szLogin,&buff[5]);
                    //access db now
                    QueryResult* result = loginDatabase.PQuery("SELECT `password`,`gmlevel` FROM `account` WHERE `username` = '%s'",szLogin);
                    if(!result)
                    {
                        Sendf("-No such user.\x0d\x0a");
                        if(bLog)Log("User %s does not exist.\n",szLogin);
                        if(bSecure)SetCloseAndDelete();
                    }
                    else
                    {
                        Field *fields = result->Fetch();

                        strcpy(szPass,fields[0].GetString());

                        if(fields[1].GetUInt32()<iMinLevel)
                        {
                            Sendf("-Not enough privileges.\x0d\x0a");
                            if(bLog)Log("User %s has no privileges.\n",szLogin);
                            if(bSecure)SetCloseAndDelete();
                        }   else
                        {

                            stage=LG;
                        }
                        delete result;
                    }
                }
                break;
            case LG:

                if(!memcmp(buff,"PASS ",5))                 //got "PASS" cmd
                {                                           //login+pass ok
                    if(!strcmp(&buff[5],szPass))
                    {
                        r=GetSocket();
                        stage=OK;
                        iUsers++;

                        Sendf("+Logged in.\x0d\x0a");
                        if(bLog)Log("User %s has logged in.\n",szLogin);
                    }
                    else
                    {
                        Sendf("-Wrong pass.\x0d\x0a");
                        if(bLog)Log("User %s has failed to log in.\n",szLogin);
                        if(bSecure)SetCloseAndDelete();
                    }
                }

                break;

            case OK:
                if(strlen(buff))
                {
                    if(bLog)Log("Got '%s' cmd.\n",buff);
                    ParseCommand(  &RASocket::zprintf , buff);
                }
                break;
        };

    }

}