define('LEGAL_PATH', "/tmp/legal_brisk");
define('PROXY_PATH', "/var/lib/brisk_proxy");
define('TABLES_N', 36);
-define('TABLES_AUTH_N', 4);
+define('TABLES_AUTH_N', 8);
+define('TABLES_CERT_N', 4);
define('PLAYERS_N', 3);
define('MAX_POINTS', 5);
define('MAX_PLAYERS', (20 + (PLAYERS_N * TABLES_N)));
$G_lng = langtolng($G_lang);
$G_all_points = array( 11,10,4,3,2, 0,0,0,0,0 );
-$G_brisk_version = "4.14.2";
+$G_brisk_version = "4.14.3";
/* MLANG: ALL THE INFO STRINGS IN brisk.phh */
-$root_wellarr = array( 'it' => array ( 'Brisk (Ver. '.$G_brisk_version.'), <b>NOVITA\'</b>: nuovo sistema di registrazione degli utenti, aggiunto reinvio dell\' email di verifica',
+$root_wellarr = array( 'it' => array ( 'Brisk (Ver. '.$G_brisk_version.'), <b>NOVITA\'</b>: nuovo sistema di registrazione degli utenti, aggiunto reinvio dell\' email di verifica, ban con classi di IP',
'Se vuoi iscriverti alla <a target="_blank" href="mailto:ml-briscola+subscribe@milug.org">Mailing List</a>, cliccala!' ),
'en' => array ( 'Brisk (Ver. '.$G_brisk_version.'), <b>NEWS</b>: new users subscription system.',
'If you want to subscribe our <a target="_blank" href="ml-briscola+subscribe@milug.org">Mailing List</a>, click it!' ) );
}
+class IPClass {
+ var $addr;
+ var $mask;
+
+ function IPClass($ipset)
+ {
+ //split
+ $elem = split("/", $ipset, 2);
+ $addr = $elem[0];
+ $mask = (int)$elem[1];
+
+ //convert mask
+
+ $this->mask = ((1<<($mask))-1) << (32 - $mask);
+ $this->addr = ip2long($addr) & $this->mask;
+
+ fprintf(STDERR, "New ipclass: %x (%x)\n", $this->addr, $this->mask);
+ }
+
+ function match($ip)
+ {
+ fprintf(STDERR, "IP: %x, ADDR: %x, MASK: %x -> (%d)\n",
+ $ip, $this->addr, $this->mask, ((ip2long($ip) & $this->mask) == $this->addr));
+ return (($ip & $this->mask) == $this->addr);
+ }
+}
+
class Vect {
function Vect($a)
{
}
}
+define('TABLE_AUTH_TY_PUBL', 0);
+define('TABLE_AUTH_TY_AUTH', 1);
+define('TABLE_AUTH_TY_CERT', 2);
+
+
class Table {
var $idx;
var $player;
var $player_n;
- var $auth_only; // se tavolo riservato o libero
+ var $auth_type; // required authorization to sit down
var $wag_own;
var $wag_com;
$thiz->idx = $idx;
$thiz->player = array();
$thiz->player_n = 0;
- $thiz->auth_only = FALSE;
+
+ if ($idx < TABLES_CERT_N)
+ $thiz->auth_type = TABLE_AUTH_TY_CERT;
+ else if ($idx < TABLES_AUTH_N)
+ $thiz->auth_type = TABLE_AUTH_TY_AUTH;
+ else
+ $thiz->auth_type = TABLE_AUTH_TY_PUBL;
$thiz->wag_own = -1;
$thiz->wag_com = "";
log_main("PLAYER_N - parent::copy.".$this->player_n);
- $this->auth_only = $from->auth_only;
+ $this->auth_type = $from->auth_type;
$this->wag_own = $from->wag_own;
$this->wag_com = $from->wag_com;
$thiz->player[$i] = $i;
$thiz->player_n = $from->player_n;
- $thiz->auth_only = $from->auth_only;
+ $thiz->auth_type = $from->auth_type;
$thiz->wag_own = $from->wag_own;
$thiz->wag_com = $from->wag_com;
}
}
-
-
- // $ret .= table_act_content(($user->subst == 'standup'), $this->table[$i]->player_n, $i, $user->table,
- // ($this->table[$i]->auth_only == FALSE ? TRUE : $user->flags & USER_FLAG_AUTH));
-
- // function act_content($isstanding, $sitted, $table, $cur_table, $allowed)
+ // Table->act_content - return 'id' of type of output required for table button
function act_content($user)
{
$ret = "";
if ($isstanding) {
if ($sitted < PLAYERS_N) {
- if ($this->auth_only) {
- if ($user->flags & USER_FLAG_AUTH)
- $act = "sitreser";
- else
- $act = 'reserved';
- }
- else {
- $act = 'sit';
- }
+ switch ($this->auth_type) {
+ case TABLE_AUTH_TY_CERT:
+ if ($user->is_cert())
+ $act = "sitcert";
+ else
+ $act = 'resercert';
+ break;
+ case TABLE_AUTH_TY_AUTH:
+ if ($user->is_auth())
+ $act = "sitreser";
+ else
+ $act = 'reserved';
+ break;
+ default:
+ $act = 'sit';
+ break;
+ }
}
else {
$act = 'none';
var $step; // current step of the comm array
var $garbage_timeout;
var $shm_sz;
-
+
+ var $ban_list; // ban list (authized allowed)
+ var $black_list; // black list (anti-dos, noone allowed)
+
var $delay_mgr;
public static $sess_cur;
}
// constructor
- static function create($crystal_filename)
- {
+ static function create($crystal_filename, $ban_list, $black_list) {
if (($brisk_ser = @file_get_contents($crystal_filename)) != FALSE) {
if (($brisk = unserialize($brisk_ser)) != FALSE) {
fprintf(STDERR, "ROOM FROM FILE\n");
rename($crystal_filename, $crystal_filename.".old");
+ $brisk->reload($ban_list, $black_list);
+
return($brisk);
}
}
$thiz->user = array();
$thiz->table = array();
$thiz->match = array();
-
+
+ $thiz->ban_list = NULL;
+ $thiz->black_list = NULL;
+
+ fprintf(STDERR, "PRE IPCLASS_UPDATE (%d, %d)\n", count($ban_list), count($black_list));
+ $thiz->ipclass_update('ban_list', $ban_list);
+ $thiz->ipclass_update('black_list', $black_list);
+ fprintf(STDERR, "POST IPCLASS_UPDATE %d %d\n", count($thiz->ban_list), count($thiz->black_list));
+
for ($i = 0 ; $i < MAX_PLAYERS ; $i++) {
$thiz->user[$i] = User::create($thiz, $i, "", "");
}
for ($i = 0 ; $i < TABLES_N ; $i++) {
$thiz->table[$i] = Table::create($i);
- /* OLD METHOD
- if ($i < 12) {
- $row = ( (((int)($i / 4)) % 2) == 0 );
- $col = ($i % 2 == 0);
- $thiz->table[$i]->auth_only = (($row && $col) || (!$row && !$col));
- }
- else {
- $thiz->table[$i]->auth_only = FALSE;
- }
- */
- if ($i < TABLES_AUTH_N)
- $thiz->table[$i]->auth_only = TRUE;
- else
- $thiz->table[$i]->auth_only = FALSE;
}
$thiz->garbage_timeout = 0;
$thiz->shm_sz = SHM_DIMS_MIN;
return ($thiz);
}
+ function ipclass_update($ip_out_s, $ip_in)
+ {
+ fprintf(STDERR, "N_IN: %d\n", count($ip_in));
+
+ $ip_out = &$this->$ip_out_s;
+
+ // if already set clean the ban_list property
+ if ($ip_out) {
+ $ct = count($ip_out);
+ for ($i = 0 ; $i < $ct ; $i++) {
+ unset($ip_out[$i]);
+ }
+ unset($ip_out);
+ }
+
+ $ip_out = array();
+ for ($i = 0 ; $i < count($ip_in) ; $i++) {
+ $ip_out[$i] = new IPClass($ip_in[$i]);
+ }
+ }
+
+ function reload($ban_list, $black_list)
+ {
+ fprintf(STDERR, "RELOAD STUFF (%d)(%d)\n", count($ban_list), count($black_list));
+
+ $this->ipclass_update("ban_list", $ban_list);
+ $this->ipclass_update("black_list", $black_list);
+
+ $this->banned_kickoff();
+ $this->garbage_manager(TRUE);
+ }
+
+ function banned_kickoff()
+ {
+ $is_ban = FALSE;
+
+ for ($table_idx = 0 ; $table_idx < TABLES_N ; $table_idx++) {
+ $table_cur = $this->table[$table_idx];
+ // if the table is complete and exists we check users IP
+
+ if ($table_cur->player_n == PLAYERS_N) {
+ if (isset($this->match[$table_idx]) &&
+ $table_cur->table_token == $bin5->table_token) {
+ log_main("PLAYERS == N TABLE ".$table_idx);
+
+ $bin5 = $this->match[$table_idx];
+
+ $is_ban |= $bin5->banned_kickoff();
+ }
+ }
+ }
+
+ for ($i = 0 ; $i < MAX_PLAYERS ; $i++) {
+ $user_cur = $this->user[$i];
+
+ if ($user_cur->sess == "")
+ continue;
+
+ // check if the IP is blacklisted
+ if ($this->black_check($user_cur->ip)) {
+ $user_cur->lacc = 0;
+ $is_ban = TRUE;
+ continue;
+ }
+
+ // if authorized not check if banlisted
+ if ($user_cur->is_auth()) {
+ continue;
+ }
+
+ if ($this->ban_check($user_cur->ip)) {
+ $user_cur->lacc = 0;
+ $is_ban = TRUE;
+ }
+ }
+
+ return $is_ban;
+ }
+
+ function ban_check($ip_str)
+ {
+ $ip = ip2long($ip_str);
+ fprintf(STDERR, "Brisk::ban_check %d\n", count($this->ban_list));
+ for ($i = 0 ; $i < count($this->ban_list) ; $i++) {
+ fprintf(STDERR, "ban_list[%d] = %x (%x)\n", $i,
+ $this->ban_list[$i]->addr, $this->ban_list[$i]->mask);
+ if ($this->ban_list[$i]->match($ip)) {
+ fprintf(STDERR, "\n\nMATCHA!\n\n");
+ return(TRUE);
+ }
+ }
+ return (FALSE);
+ }
+
+ function black_check($ip_str)
+ {
+ $ip = ip2long($ip_str);
+ fprintf(STDERR, "Brisk::black_check %d\n", count($this->black_list));
+ for ($i = 0 ; $i < count($this->black_list) ; $i++) {
+ fprintf(STDERR, "black_list[%d] = %x (%x)\n", $i,
+ $this->black_list[$i]->addr, $this->black_list[$i]->mask);
+ if ($this->black_list[$i]->match($ip)) {
+ fprintf(STDERR, "\n\nMATCHA!\n\n");
+ return(TRUE);
+ }
+ }
+ return (FALSE);
+ }
+
function garbage_manager($force)
{
GLOBAL $G_lang, $mlang_brisk, $G_base;
for ($i = 0 ; $i < TABLES_N ; $i++) {
$ret .= $this->table_content($user, $i);
- // $ret .= table_act_content(($user->subst == 'standup'), $this->table[$i]->player_n, $i, $user->table,
- // ($this->table[$i]->auth_only == FALSE ? TRUE : $user->flags & USER_FLAG_AUTH));
+
$ret .= $this->table[$i]->act_content($user);
if ($this->table[$i]->wag_own != -1)
$ret .= sprintf('tra.add(%d, "%s: %s"); ', $i, $this->user[$this->table[$i]->wag_own]->name, $this->table[$i]->wag_com);
// clean the action buttons in other tables
for ($e = 0 ; $e < TABLES_N ; $e++) {
if ($this->table[$e]->player_n < PLAYERS_N) {
- // $ret .= table_act_content(TRUE, 0, $e, $user->table,
- // ($this->table[$e]->auth_only == FALSE ? TRUE : $user->flags & USER_FLAG_AUTH));
$ret .= $this->table[$e]->act_content($user);
}
}
}
else {
- // $ret .= table_act_content(($user_cur->subst == 'standup'), $table->player_n, $table_idx, $user_cur->table,
- // ($table->auth_only == FALSE ? TRUE : $user_cur->flags & USER_FLAG_AUTH));
$ret .= $table->act_content($user_cur);
}
}
$ret .= $this->table_content($user_cur, $table_idx);
$ret .= $this->standup_content($user_cur);
- // $ret .= table_act_content(FALSE, 0, $table_idx, $user_cur->table,
- // ($table->auth_only == FALSE ? TRUE : $user_cur->flags & USER_FLAG_AUTH));
$ret .= $table->act_content($user_cur);
log_main("JOIN_WAKEUP wup_idx ".$wup_idx." wup_n ".$user_wup_n);
log_main("JOIN_WAKEUP more");
- // $ret .= table_act_content(($user_cur->subst == 'standup'), $table->player_n, $table_idx, $user_cur->table,
- // ($table->auth_only == FALSE ? TRUE : $user_cur->flags & USER_FLAG_AUTH));
+
$ret .= $table->act_content($user_cur);
log_main("JOIN_WAKEUP end more");
}
else if ($table_idx > -1) {
if ($table->player_n == PLAYERS_N) {
- // $ret .= table_act_content(($user_cur->subst == 'standup'), PLAYERS_N, $table_idx, $user_cur->table,
- /// ($table->auth_only == FALSE ? TRUE : $user_cur->flags & USER_FLAG_AUTH));
+
$ret .= $table->act_content($user_cur);
}
}
}
}
else if (strcmp($msg, "/authreq") == 0) {
- if ($user->flags & USER_FLAG_AUTH) {
- $to_user = sprintf('authbox(300,200);');
- }
- else {
- /* MLANG: "<b>Per autenticare qualcuno devi a tua volta essere autenticato.</b>", "Il nickname deve contenere almeno una lettera dell\'alfabeto o una cifra.", "Nickname <b>%s</b> già in uso." */
- $to_user = sprintf('chatt_sub("%s", [2, "%s"],"%s");', $dt, NICKSERV, $mlang_brisk['authmust'][$G_lang]);
- }
+ if ($user->is_cert()) {
+ $to_user = sprintf('authbox(300,200);');
+ }
+ else {
+ /* MLANG: "<b>Per autenticare qualcuno devi a tua volta essere autenticato.</b>", "Il nickname deve contenere almeno una lettera dell\'alfabeto o una cifra.", "Nickname <b>%s</b> già in uso." */
+ $to_user = sprintf('chatt_sub("%s", [2, "%s"],"%s");', $dt, NICKSERV, $mlang_brisk['authmust'][$G_lang]);
+ }
}
else if (strncmp($msg, "/mesgtoadm", 8) == 0) {
- if ($user->flags & USER_FLAG_AUTH) {
+ if ($user->is_auth()) {
$to_user = sprintf('mesgtoadmbox(500,300);');
}
else {
}
/* MLANG: "<b>Non puoi cambiare nick a un tavolo per soli autenticati.</b>", "Il nickname <b>\'%s\'</b> è già registrato, <b>se il suo proprietario si autentificherà verrai rinominato d\'ufficio come ghost<i>N</i>.</b>" */
- if ($user->flags & USER_FLAG_AUTH) {
+ if ($user->is_auth()) {
if (strcasecmp($user->name,$name_new) != 0) {
if (( ($user->flags & USER_FLAG_MAP_AUTH) != USER_FLAG_ISOLAUTH) &&
($user->subst == 'standup' ||
- ($user->subst != 'standup' && $this->table[$user->table]->auth_only == FALSE)
+ ($user->subst != 'standup' && $this->table[$user->table]->auth_type == TABLE_AUTH_TY_PUBL)
)
) {
$user->flags &= ~(USER_FLAG_AUTH | USER_FLAG_TY_ALL); // Remove auth if name changed
}
$user->name = $name_new; // OK - nick changed
/* se nome gia' in uso, segnala cosa potrebbe capitare */
- if (($user->flags & USER_FLAG_AUTH) == 0) {
+ if ( ! $user->is_auth() ) {
if (($bdb = BriskDB::create()) != FALSE) {
$bdb->users_load();
/* MLANG: "Il nickname <b>\'%s\'</b> è già registrato, <b>se il suo proprietario si autentificherà verrai rinominato d\'ufficio come ghost<i>N</i>.</b>" */
if ($is_normchat == TRUE) {
// use MAP_AUTH to check if auth or isolation
if ($user_cur->flags & USER_FLAG_MAP_AUTH) {
- if (($user->flags & USER_FLAG_AUTH) == 0) {
- continue;
- }
+ if ( ! $user->is_auth() ) {
+ continue;
+ }
}
}
/*
if (strcasecmp($this->user[$i]->name, $name_new) == 0) {
if ($authenticate != FALSE) {
$ghost = $i;
- $ghost_auth = ($this->user[$i]->flags & USER_FLAG_AUTH);
+ $ghost_auth = $this->user[$i]->is_auth();
}
else {
$idx = $i;
$this->user[$idx]->ip = $ip;
$this->user[$idx]->rec = $authenticate;
- fprintf(STDERR, "MOP: [%s]\n", $authenticate->supp_comp);
$this->user[$idx]->flags = $user_type;
$this->user[$idx]->flags |= ($authenticate != FALSE ? USER_FLAG_AUTH : 0x00);
$this->user[$idx]->flags |= ( ($pass != FALSE && $bdb == FALSE) ? USER_FLAG_DBFAILED : 0x00);
function request_mgr(&$s_a_p, $header, &$header_out, &$new_socket, $path, $addr, $get, $post, $cookie)
{
- GLOBAL $G_black_list;
+ GLOBAL $G_ban_list, $G_black_list;
printf("NEW_SOCKET (root): %d PATH [%s]\n", intval($new_socket), $path);
+ $remote_addr = addrtoipv4($addr);
+
+ fprintf(STDERR, "\n\n\n PRE_BLACK_CHECK \n\n\n");
+ if ($this->black_check($remote_addr)) {
+ // TODO: waiting async 5 sec before close
+ fprintf(STDERR, "\n\n\n BLACK_CHECK \n\n\n");
+ return (FALSE);
+ }
$enc = get_encoding($header);
if (isset($header['User-Agent'])) {
if (($fp = @fopen(LEGAL_PATH."/legal.log", 'a')) != FALSE) {
/* Unix time | session | nickname | IP | where was | mesg */
fwrite($fp, sprintf("%ld|%s|%s|%s|%s|%s|%s|\n", $curtime, $user->sess,
- ($user->flags & USER_FLAG_AUTH ? 'A' : 'N'),
+ ($user->is_auth() ? 'A' : 'N'),
$user->name, $addr, $where , $mesg));
fclose($fp);
}
projects / brisk.git / blobdiff