From 4e80c5f0a0c47750dc4719db5dd8855b77cde7a0 Mon Sep 17 00:00:00 2001 From: flashwave Date: Sun, 6 Feb 2022 17:14:13 +0000 Subject: [PATCH] More fixes + authentication. --- ajaxchat.php | 1 + config/config.php | 5 ++- src/AJAXChat.php | 12 ++--- src/AJAXChatDataBase.php | 4 +- src/CustomAJAXChat.php | 92 ++++++++++++--------------------------- src/SockChatAuth.php | 58 ++++++++++++++++++++++++ src/satori.php | 4 +- template/legacyLogin.html | 4 +- template/loggedOut.html | 4 +- template/loggedOutFA.html | 2 +- template/loggedOut~.html | 4 +- template/~loggedOut.html | 4 +- 12 files changed, 111 insertions(+), 83 deletions(-) create mode 100644 src/SockChatAuth.php diff --git a/ajaxchat.php b/ajaxchat.php index 48a76a7..c5414fc 100644 --- a/ajaxchat.php +++ b/ajaxchat.php @@ -20,6 +20,7 @@ require_once AJAX_CHAT_PATH . '/src/AJAXChatFileSystem.php'; require_once AJAX_CHAT_PATH . '/src/AJAXChatHTTPHeader.php'; require_once AJAX_CHAT_PATH . '/src/AJAXChatLanguage.php'; require_once AJAX_CHAT_PATH . '/src/AJAXChatTemplate.php'; +require_once AJAX_CHAT_PATH . '/src/SockChatAuth.php'; require_once AJAX_CHAT_PATH . '/src/CustomAJAXChat.php'; require_once AJAX_CHAT_PATH . '/src/CustomAJAXChatShoutBox.php'; require_once AJAX_CHAT_PATH . '/src/CustomAJAXChatInterface.php'; diff --git a/config/config.php b/config/config.php index de741a1..6908d06 100644 --- a/config/config.php +++ b/config/config.php @@ -37,6 +37,9 @@ $config['dbConnection']['type'] = null; // Database link: $config['dbConnection']['link'] = null; +if(is_file(AJAX_CHAT_PATH . '/config/config-db.php')) + include_once AJAX_CHAT_PATH . '/config/config-db.php'; + // Database table names: $config['dbTableNames'] = array(); $config['dbTableNames']['online'] = 'ajax_chat_online'; @@ -105,7 +108,7 @@ $config['forceAutoLogin'] = false; $config['showChannelMessages'] = true; // If enabled, the chat will only be accessible for the admin: -$config['chatClosed'] = false; +$config['chatClosed'] = true; // Defines the timezone offset in seconds (-12*60*60 to 12*60*60) - if null, the server timezone is used: $config['timeZoneOffset'] = null; // Defines the hour of the day the chat is opened (0 - closingHour): diff --git a/src/AJAXChat.php b/src/AJAXChat.php index eac2922..553a518 100644 --- a/src/AJAXChat.php +++ b/src/AJAXChat.php @@ -333,9 +333,9 @@ class AJAXChat { case 'legacy2': return AJAX_CHAT_PATH . '/template/loggedOut~.html'; case 'legacy3': - return AJAX_CHAT_PATH . '/template/loggedOutFA.html'; - default: return AJAX_CHAT_PATH . '/template/loggedOut.html'; + default: + return AJAX_CHAT_PATH . '/template/loggedOutFA.html'; } } @@ -2651,8 +2651,8 @@ class AJAXChat { '', time()-42000, $this->getConfig('sessionCookiePath'), - $this->getConfig('sessionCookieDomain'), - $this->getConfig('sessionCookieSecure') + $this->getConfig('sessionCookieDomain') ?? '', + $this->getConfig('sessionCookieSecure') ?? false ); } @@ -2938,8 +2938,8 @@ class AJAXChat { $this->getLangCode(), time()+60*60*24*$this->getConfig('sessionCookieLifeTime'), $this->getConfig('sessionCookiePath'), - $this->getConfig('sessionCookieDomain'), - $this->getConfig('sessionCookieSecure') + $this->getConfig('sessionCookieDomain') ?? '', + $this->getConfig('sessionCookieSecure') ?? false ); } diff --git a/src/AJAXChatDataBase.php b/src/AJAXChatDataBase.php index df38ee7..8946948 100644 --- a/src/AJAXChatDataBase.php +++ b/src/AJAXChatDataBase.php @@ -59,9 +59,9 @@ class AJAXChatDataBase { // Method to retrieve the current DataBase name: function getName() { - return $this->_db->getName(); + //return $this->_db->getName(); //If your database has hyphens ( - ) in it, try using this instead: - //return '`'.$this->_db->getName().'`'; + return '`'.$this->_db->getName().'`'; } // Method to retrieve the last inserted ID: diff --git a/src/CustomAJAXChat.php b/src/CustomAJAXChat.php index 8fd1215..565a253 100644 --- a/src/CustomAJAXChat.php +++ b/src/CustomAJAXChat.php @@ -12,73 +12,39 @@ class CustomAJAXChat extends AJAXChat { // Returns an associative array containing userName, userID and userRole // Returns null if login is invalid function getValidLoginUserData() { - if($this->getRequestVar('password')) { + if(empty($_COOKIE['msz_auth'])) { + header('Location: https://flashii.net/auth/login.php'); + exit; + } + + $userInfo = SockChatAuth::attempt($this->getConfig('flashiiSecret'), (string)filter_input(INPUT_COOKIE, 'msz_auth')); + + if($userInfo->success) { // Check if we have a valid registered user: - $userName = $this->getRequestVar('userName'); - $userName = $this->convertEncoding($userName, $this->getConfig('contentEncoding'), $this->getConfig('sourceEncoding')); + $chatUser = [ + 'userID' => $userInfo->user_id, + 'userName' => $userInfo->username, + 'userRole' => AJAX_CHAT_GUEST, + ]; - $password = $this->getRequestVar('password'); - $password = $this->convertEncoding($password, $this->getConfig('contentEncoding'), $this->getConfig('sourceEncoding')); + // sock chat auth doesn't actually return role ids lol + if($userInfo->colour_raw === 0xEE9400) + $chatUser['userRole'] = DONATOR; + elseif($userInfo->colour_raw === 0x0099FF) + $chatUser['userRole'] = CMOD; + elseif($userInfo->colour_raw === 0x7353C4) + $chatUser['userRole'] = PURPLE; + elseif($userInfo->colour_raw === 0x9E8DA7) + $chatUser['userRole'] = BOTS; + elseif($userInfo->rank >= 10) + $chatUser['userRole'] = AJAX_CHAT_ADMIN; + elseif($userInfo->rank >= 5) + $chatUser['userRole'] = AJAX_CHAT_MODERATOR; + elseif($userInfo->rank >= 1) + $chatUser['userRole'] = AJAX_CHAT_USER; - $flashiiConfig = parse_ini_file('/www/flashii.net/config/config.ini', true, INI_SCANNER_TYPED); - - if (!empty($flashiiConfig['Database'])) { - $dbConfig = $flashiiConfig['Database']; - $flashiiDb = new PDO( - "mysql:unix_socket={$dbConfig['unix_socket']};dbname={$dbConfig['database']}", - $dbConfig['username'], - $dbConfig['password'], - [ - PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT, - PDO::ATTR_EMULATE_PREPARES => false, - ] - ); - - $getFlashiiUser = $flashiiDb->prepare(' - SELECT `user_id` as `userID`, `username` as `userName`, `display_role` as `userRole`, `password` - FROM `msz_users` - WHERE LOWER(`username`) = LOWER(:username) - '); - $getFlashiiUser->bindValue('username', $userName); - $flashiiUser = $getFlashiiUser->execute() ? $getFlashiiUser->fetch(PDO::FETCH_ASSOC) : []; - - if (!empty($flashiiUser) && password_verify($password, $flashiiUser['password'])) { - unset($flashiiUser['password']); - - // corrections, i'm not going to update the random IDs scattered about - switch ($flashiiUser['userRole']) { - case 2: - $flashiiUser['userRole'] = AJAX_CHAT_MODERATOR; - break; - case 3: - $flashiiUser['userRole'] = AJAX_CHAT_ADMIN; - break; - case 4: - $flashiiUser['userRole'] = BOTS; - break; - case 5: - $flashiiUser['userRole'] = AJAX_CHAT_GUEST; - break; - case 6: - case 7: - $flashiiUser['userRole'] = DONATOR; - break; - default: - $flashiiUser['userRole'] = AJAX_CHAT_USER; - } - - /*if ($flashiiUser['userID'] === 2) { - $flashiiUser['userRole'] = CMOD; - } else*/if ($flashiiUser['userID'] === 3) { - $flashiiUser['userRole'] = AJAX_CHAT_MODERATOR; - } - - return $flashiiUser; - } - } - - return null; + return $chatUser; } else { // Guest users: return $this->getGuestUser(); diff --git a/src/SockChatAuth.php b/src/SockChatAuth.php new file mode 100644 index 0000000..a02a642 --- /dev/null +++ b/src/SockChatAuth.php @@ -0,0 +1,58 @@ + 0) { + $loginRequest = [ + 'user_id' => $unpacked['user'], + 'token' => 'SESS:' . $cookie, + 'ip' => $_SERVER['REMOTE_ADDR'], + ]; + $loginSignature = hash_hmac('sha256', implode('#', $loginRequest), $secret); + + $login = curl_init(self::ENDPOINT); + curl_setopt_array($login, [ + CURLOPT_AUTOREFERER => false, + CURLOPT_FAILONERROR => false, + CURLOPT_FOLLOWLOCATION => true, + CURLOPT_HEADER => false, + CURLOPT_POST => true, + CURLOPT_POSTFIELDS => json_encode($loginRequest), + CURLOPT_RETURNTRANSFER => true, + CURLOPT_TCP_FASTOPEN => true, + CURLOPT_CONNECTTIMEOUT => 2, + CURLOPT_MAXREDIRS => 2, + CURLOPT_PROTOCOLS => CURLPROTO_HTTPS, + CURLOPT_TIMEOUT => 5, + CURLOPT_USERAGENT => 'AJAX Chat', + CURLOPT_HTTPHEADER => [ + 'Content-Type: application/json', + 'X-SharpChat-Signature: ' . $loginSignature, + ], + ]); + $userInfo = json_decode(curl_exec($login)); + curl_close($login); + } + } + + if(empty($userInfo->success)) { + $userInfo = new stdClass; + $userInfo->success = false; + $userInfo->user_id = 0; + $userInfo->username = 'Anonymous'; + $userInfo->colour_raw = 0x40000000; + $userInfo->rank = 0; + $userInfo->hierarchy = 0; + $userInfo->is_silenced = '1970-01-01T00:00:00+00:00'; + $userInfo->perms = 0; + } + + return $userInfo; + } +} diff --git a/src/satori.php b/src/satori.php index d51d00a..6ce076c 100644 --- a/src/satori.php +++ b/src/satori.php @@ -221,7 +221,7 @@ if(!$satoriSetting['enabled']) // Bring the process of sending a message down to one if if(isset($satoriResp)) { - foreach($satoriResp as $directives => $response) { + foreach($satoriResp as $response) { if($response == '[s]Trigger Kick') { $this->logout('Kicked'); } else { @@ -230,7 +230,7 @@ if(isset($satoriResp)) { $satoriSetting['userName'], $satoriSetting['userRank'], $this->getChannel(), - vsprintf($response, $directives), + $response, $satoriSetting['userIP'], 0 ); diff --git a/template/legacyLogin.html b/template/legacyLogin.html index 94569ac..0b79780 100644 --- a/template/legacyLogin.html +++ b/template/legacyLogin.html @@ -130,9 +130,9 @@

-
+

-
+


diff --git a/template/loggedOut.html b/template/loggedOut.html index b7e49f9..dd724b9 100644 --- a/template/loggedOut.html +++ b/template/loggedOut.html @@ -55,8 +55,8 @@ div.mioboxcontent {
- - + + diff --git a/template/loggedOutFA.html b/template/loggedOutFA.html index 8560bd8..0d58d2c 100644 --- a/template/loggedOutFA.html +++ b/template/loggedOutFA.html @@ -55,7 +55,7 @@ div.mioboxcontent {
- + diff --git a/template/loggedOut~.html b/template/loggedOut~.html index b08a0f0..4b3d52c 100644 --- a/template/loggedOut~.html +++ b/template/loggedOut~.html @@ -46,8 +46,8 @@
- - + +
diff --git a/template/~loggedOut.html b/template/~loggedOut.html index 2605f4a..bdbfe18 100644 --- a/template/~loggedOut.html +++ b/template/~loggedOut.html @@ -55,9 +55,9 @@

-
+

-
+