Response::ResponseCode ServerSocketInterface::cmdBanFromServer(const Command_BanFromServer &cmd, ResponseContainer & /*rc*/)
{
if (!sqlInterface->checkSql())
return Response::RespInternalError;
QString userName = QString::fromStdString(cmd.user_name());
QString address = QString::fromStdString(cmd.address());
QString trustedSources = settingsCache->value("server/trusted_sources","127.0.0.1,::1").toString();
int minutes = cmd.minutes();
if (trustedSources.contains(address,Qt::CaseInsensitive))
address = "";
QSqlQuery query(sqlInterface->getDatabase());
query.prepare("insert into " + servatrice->getDbPrefix() + "_bans (user_name, ip_address, id_admin, time_from, minutes, reason, visible_reason) values(:user_name, :ip_address, :id_admin, NOW(), :minutes, :reason, :visible_reason)");
query.bindValue(":user_name", userName);
query.bindValue(":ip_address", address);
query.bindValue(":id_admin", userInfo->id());
query.bindValue(":minutes", minutes);
query.bindValue(":reason", QString::fromStdString(cmd.reason()));
query.bindValue(":visible_reason", QString::fromStdString(cmd.visible_reason()));
sqlInterface->execSqlQuery(query);
servatrice->clientsLock.lockForRead();
QList<ServerSocketInterface *> userList = servatrice->getUsersWithAddressAsList(QHostAddress(address));
ServerSocketInterface *user = static_cast<ServerSocketInterface *>(server->getUsers().value(userName));
if (user && !userList.contains(user))
userList.append(user);
if (!userList.isEmpty()) {
Event_ConnectionClosed event;
event.set_reason(Event_ConnectionClosed::BANNED);
if (cmd.has_visible_reason())
event.set_reason_str(cmd.visible_reason());
if (minutes)
event.set_end_time(QDateTime::currentDateTime().addSecs(60 * minutes).toTime_t());
for (int i = 0; i < userList.size(); ++i) {
SessionEvent *se = userList[i]->prepareSessionEvent(event);
userList[i]->sendProtocolItem(*se);
delete se;
QMetaObject::invokeMethod(userList[i], "prepareDestroy", Qt::QueuedConnection);
}
}
servatrice->clientsLock.unlock();
return Response::RespOk;
}
AuthenticationResult Server::loginUser(Server_ProtocolHandler *session, QString &name, const QString &password, QString &reasonStr, int &secondsLeft, QString &clientid, QString &clientVersion, QString & /* connectionType */)
{
if (name.size() > 35)
name = name.left(35);
Server_DatabaseInterface *databaseInterface = getDatabaseInterface();
AuthenticationResult authState = databaseInterface->checkUserPassword(session, name, password, clientid, reasonStr, secondsLeft);
if (authState == NotLoggedIn || authState == UserIsBanned || authState == UsernameInvalid || authState == UserIsInactive)
return authState;
ServerInfo_User data = databaseInterface->getUserData(name, true);
data.set_address(session->getAddress().toStdString());
name = QString::fromStdString(data.name()); // Compensate for case indifference
if (authState == PasswordRight) {
if (users.contains(name) || databaseInterface->userSessionExists(name)) {
if (users.contains(name)) {
qDebug("Session already logged in, logging old session out");
Event_ConnectionClosed event;
event.set_reason(Event_ConnectionClosed::LOGGEDINELSEWERE);
event.set_reason_str("You have been logged out due to logging in at another location.");
event.set_end_time(QDateTime::currentDateTime().toTime_t());
SessionEvent *se = users.value(name)->prepareSessionEvent(event);
users.value(name)->sendProtocolItem(*se);
delete se;
users.value(name)->prepareDestroy();
} else {
qDebug() << "Active session and sessions table inconsistent, please validate session table information for user " << name;
}
}
} else if (authState == UnknownUser) {
// Change user name so that no two users have the same names,
// don't interfere with registered user names though.
if (getRegOnlyServerEnabled()) {
qDebug("Login denied: registration required");
databaseInterface->unlockSessionTables();
return RegistrationRequired;
}
QString tempName = name;
int i = 0;
while (users.contains(tempName) || databaseInterface->activeUserExists(tempName) || databaseInterface->userSessionExists(tempName))
tempName = name + "_" + QString::number(++i);
name = tempName;
data.set_name(name.toStdString());
}
QWriteLocker locker(&clientsLock);
databaseInterface->lockSessionTables();
users.insert(name, session);
qDebug() << "Server::loginUser:"******"name=" << name;
data.set_session_id(databaseInterface->startSession(name, session->getAddress(), clientid, session->getConnectionType()));
databaseInterface->unlockSessionTables();
usersBySessionId.insert(data.session_id(), session);
qDebug() << "session id:" << data.session_id();
session->setUserInfo(data);
Event_UserJoined event;
event.mutable_user_info()->CopyFrom(session->copyUserInfo(false));
SessionEvent *se = Server_ProtocolHandler::prepareSessionEvent(event);
for (int i = 0; i < clients.size(); ++i)
if (clients[i]->getAcceptsUserListChanges())
clients[i]->sendProtocolItem(*se);
delete se;
event.mutable_user_info()->CopyFrom(session->copyUserInfo(true, true, true));
locker.unlock();
if (clientid.isEmpty()){
// client id is empty, either out dated client or client has been modified
if (getClientIDRequiredEnabled())
return ClientIdRequired;
}
else {
// update users database table with client id
databaseInterface->updateUsersClientID(name, clientid);
}
databaseInterface->updateUsersLastLoginData(name, clientVersion);
se = Server_ProtocolHandler::prepareSessionEvent(event);
sendIsl_SessionEvent(*se);
delete se;
return authState;
}