Added password append option to enable http login from any ip: 'authserial <name> httppass'

Author: ccw808

Server/mods/deathmatch/logic/CAccount.cpp

@@ -14,7 +14,7 @@
 
 #include "StdInc.h"
 
-CAccount::CAccount ( CAccountManager* pManager, EAccountType accountType, const std::string& strName, const std::string& strPassword, int iUserID, const std::string& strIP, const std::string& strSerial )
+CAccount::CAccount ( CAccountManager* pManager, EAccountType accountType, const std::string& strName, const std::string& strPassword, int iUserID, const std::string& strIP, const std::string& strSerial, const SString& strHttpPassAppend )
 {
     m_uiScriptID = CIdArray::PopUniqueId ( this, EIdClass::ACCOUNT );
     m_pClient = NULL;
@@ -26,6 +26,7 @@ CAccount::CAccount ( CAccountManager* pManager, EAccountType accountType, const
     m_iUserID = iUserID;
     m_strIP = strIP;
     m_strSerial = strSerial;
+    m_strHttpPassAppend = strHttpPassAppend;
 
     m_pManager->AddToList ( this );
 
@@ -65,9 +66,31 @@ void CAccount::SetClient( CClient* pClient )
 }
 
 
-bool CAccount::IsPassword ( const SString& strPassword )
+bool CAccount::IsPassword(const SString& strPassword, bool* pbUsedHttpPassAppend)
 {
-    return m_Password.IsPassword( strPassword );
+    if (pbUsedHttpPassAppend == nullptr)
+    {
+        return m_Password.IsPassword(strPassword);
+    }
+    else
+    {
+        if (m_Password.IsPassword(strPassword))
+        {
+            *pbUsedHttpPassAppend = false;
+            return true;
+        }
+        else
+        {
+            SString strPasswordHead = strPassword.Left(strPassword.length() - m_strHttpPassAppend.length());
+            SString strPasswordTail = strPassword.Right(m_strHttpPassAppend.length());
+            if (m_Password.IsPassword(strPasswordHead) && strPasswordTail == m_strHttpPassAppend)
+            {
+                *pbUsedHttpPassAppend = true;
+                return true;
+            }
+            return false;
+        }
+    }
 }
 
 
@@ -87,6 +110,13 @@ SString CAccount::GetPasswordHash ( void )
 }
 
 
+void CAccount::SetHttpPassAppend( const SString& strHttpPassAppend )
+{
+    m_strHttpPassAppend = strHttpPassAppend;
+    m_pManager->MarkAsChanged ( this );
+}
+
+
 CAccountData* CAccount::GetDataPointer ( const std::string& strKey )
 {
     return MapFind( m_Data, strKey );

Server/mods/deathmatch/logic/CAccount.h

@@ -67,7 +67,7 @@ class CAccount
     };
 
     ZERO_ON_NEW
-                                CAccount                ( class CAccountManager* pManager, EAccountType accountType, const std::string& strName, const std::string& strPassword = "", int iUserID = 0, const std::string& strIP = "", const std::string& strSerial = "" );
+                                CAccount                ( class CAccountManager* pManager, EAccountType accountType, const std::string& strName, const std::string& strPassword = "", int iUserID = 0, const std::string& strIP = "", const std::string& strSerial = "", const SString& strHttpPassAppend = "" );
                                 ~CAccount               ( void );
 
     bool                        IsRegistered            ( void )                    { return m_AccountType != EAccountType::Guest; }
@@ -79,8 +79,10 @@ class CAccount
     void                        SetName                 ( const std::string& strName );
 
     void                        SetPassword             ( const SString& strPassword );
-    bool                        IsPassword              ( const SString& strPassword );
+    bool                        IsPassword              ( const SString& strPassword, bool* pbUsedHttpPassAppend=nullptr );
     SString                     GetPasswordHash         ( void );
+    const SString&              GetHttpPassAppend       ( void )                    { return m_strHttpPassAppend; }
+    void                        SetHttpPassAppend       ( const SString& strHttpPassAppend );
 
     inline const std::string&   GetIP                   ( void )                    { return m_strIP; }
     inline const std::string&   GetSerial               ( void )                    { return m_strSerial; }
@@ -119,6 +121,7 @@ class CAccount
     EAccountType                m_AccountType;
     SString                     m_strName;
     CAccountPassword            m_Password;
+    SString                     m_strHttpPassAppend;
     std::string                 m_strIP;
     std::string                 m_strSerial;
     int                         m_iUserID;

Server/mods/deathmatch/logic/CAccountManager.cpp

@@ -94,11 +94,18 @@ CAccountManager::CAccountManager ( const SString& strDbPathFilename )
         // Add unique index
 	    m_pDatabaseManager->Execf ( m_hDbConnection, "CREATE UNIQUE INDEX IF NOT EXISTS IDX_USERDATA_USERID_KEY_U on userdata(userid,key)" );
     }
-    
+
     // Ensure old indexes are removed
     m_pDatabaseManager->Execf ( m_hDbConnection, "DROP INDEX IF EXISTS IDX_ACCOUNTS_NAME" );
     m_pDatabaseManager->Execf ( m_hDbConnection, "DROP INDEX IF EXISTS IDX_USERDATA_USERID" );
     m_pDatabaseManager->Execf ( m_hDbConnection, "DROP INDEX IF EXISTS IDX_USERDATA_USERID_KEY" );
+
+    // Check if httppass has been added yet
+	m_pDatabaseManager->QueryWithResultf(m_hDbConnection, &result, "PRAGMA table_info(accounts)");
+    if (ListContains(result->ColNames, "httppass") == false)
+    {
+        m_pDatabaseManager->Execf(m_hDbConnection, "ALTER TABLE accounts ADD COLUMN httppass TEXT");
+    }
 }
 
 
@@ -129,7 +136,7 @@ bool CAccountManager::Load( void )
     //Create a registry result
     CRegistryResult result;
     //Select all our required information from the accounts database
-    m_pDatabaseManager->QueryWithResultf ( m_hDbConnection, &result, "SELECT id,name,password,ip,serial from accounts" );
+    m_pDatabaseManager->QueryWithResultf ( m_hDbConnection, &result, "SELECT id,name,password,ip,serial,httppass from accounts" );
 
     //Initialize all our variables
     m_iAccounts = 0;
@@ -145,6 +152,7 @@ bool CAccountManager::Load( void )
         SString strPassword = (const char *)row[2].pVal;
         SString strIP = (const char *)row[3].pVal;
         SString strSerial = (const char *)row[4].pVal;
+        SString strHttpPassAppend = (const char *)row[5].pVal;
 
         // Check for overlong names and incorrect escapement
         bool bRemoveAccount = false;
@@ -181,7 +189,7 @@ bool CAccountManager::Load( void )
         }
 
         //Create a new account with the specified information
-        CAccount* pAccount = g_pGame->GetAccountManager ()->AddPlayerAccount ( strName, strPassword, iUserID, strIP, strSerial );
+        CAccount* pAccount = g_pGame->GetAccountManager ()->AddPlayerAccount ( strName, strPassword, iUserID, strIP, strSerial, strHttpPassAppend );
 
         if ( bChanged )
             pAccount->SetChanged ( bChanged );
@@ -245,27 +253,26 @@ void CAccountManager::Save ( CAccount* pAccount, bool bCheckForErrors )
 {
     SString strName = pAccount->GetName();
     SString strPassword = pAccount->GetPasswordHash();
+    SString strHttpPassAppend = pAccount->GetHttpPassAppend();
     SString strIP = pAccount->GetIP();
     SString strSerial = pAccount->GetSerial();
     unsigned int iID = pAccount->GetID();
 
     m_pDatabaseManager->Execf ( m_hDbConnection, "INSERT OR IGNORE INTO accounts (id, name, ip, serial, password) VALUES(?,?,?,?,?)", SQLITE_INTEGER, iID, SQLITE_TEXT, strName.c_str (), SQLITE_TEXT, strIP.c_str (), SQLITE_TEXT, strSerial.c_str (), SQLITE_TEXT, strPassword.c_str () );
 
-    if ( bCheckForErrors )
+    SString strQuery;
+    strQuery += m_pDatabaseManager->PrepareStringf(m_hDbConnection, "UPDATE accounts SET ip=?", SQLITE_TEXT, *strIP);
+    if (!strSerial.empty())
+        strQuery += m_pDatabaseManager->PrepareStringf(m_hDbConnection, ",serial=?", SQLITE_TEXT, *strSerial);
+    strQuery += m_pDatabaseManager->PrepareStringf(m_hDbConnection, ",password=?, httppass=? WHERE name=?", SQLITE_TEXT, *strPassword, SQLITE_TEXT, *strHttpPassAppend, SQLITE_TEXT, *strName);
+
+    if (bCheckForErrors)
     {
-        if ( strSerial != "" )
-            m_pDatabaseManager->QueryWithCallbackf ( m_hDbConnection, StaticDbCallback, this, "UPDATE accounts SET ip=?, serial=?, password=? WHERE name=?", SQLITE_TEXT, strIP.c_str (), SQLITE_TEXT, strSerial.c_str (), SQLITE_TEXT, strPassword.c_str (), SQLITE_TEXT, strName.c_str () );
-        else
-            //If we don't have a serial then IP and password will suffice
-            m_pDatabaseManager->QueryWithCallbackf ( m_hDbConnection, StaticDbCallback, this, "UPDATE accounts SET ip=?, password=? WHERE name=?", SQLITE_TEXT, strIP.c_str (), SQLITE_TEXT, strPassword.c_str (), SQLITE_TEXT, strName.c_str () );
+        m_pDatabaseManager->QueryWithCallbackf(m_hDbConnection, StaticDbCallback, this, strQuery);
     }
     else
     {
-        if ( strSerial != "" )
-            m_pDatabaseManager->Execf ( m_hDbConnection, "UPDATE accounts SET ip=?, serial=?, password=? WHERE name=?", SQLITE_TEXT, strIP.c_str (), SQLITE_TEXT, strSerial.c_str (), SQLITE_TEXT, strPassword.c_str (), SQLITE_TEXT, strName.c_str () );
-        else
-            //If we don't have a serial then IP and password will suffice
-            m_pDatabaseManager->Execf ( m_hDbConnection, "UPDATE accounts SET ip=?, password=? WHERE name=?", SQLITE_TEXT, strIP.c_str (), SQLITE_TEXT, strPassword.c_str (), SQLITE_TEXT, strName.c_str () );
+        m_pDatabaseManager->Execf(m_hDbConnection, strQuery);
     }
 
     SaveAccountSerialUsage( pAccount );
@@ -872,9 +879,9 @@ CAccount* CAccountManager::AddConsoleAccount( const SString& strName )
     return pAccount;
 }
 
-CAccount* CAccountManager::AddPlayerAccount( const SString& strName, const SString& strPassword, int iUserID, const SString& strIP, const SString& strSerial )
+CAccount* CAccountManager::AddPlayerAccount( const SString& strName, const SString& strPassword, int iUserID, const SString& strIP, const SString& strSerial, const SString& strHttpPassAppend )
 {
-    CAccount* pAccount = new CAccount ( this, EAccountType::Player, strName, strPassword, iUserID, strIP, strSerial );
+    CAccount* pAccount = new CAccount ( this, EAccountType::Player, strName, strPassword, iUserID, strIP, strSerial, strHttpPassAppend );
     return pAccount;
 }
 

Server/mods/deathmatch/logic/CAccountManager.h

@@ -150,7 +150,7 @@ class CAccountManager
 
     CAccount*                   AddGuestAccount             ( const SString& strName );
     CAccount*                   AddConsoleAccount           ( const SString& strName );
-    CAccount*                   AddPlayerAccount            ( const SString& strName, const SString& strPassword, int iUserID, const SString& strIP, const SString& strSerial );
+    CAccount*                   AddPlayerAccount            ( const SString& strName, const SString& strPassword, int iUserID, const SString& strIP, const SString& strSerial, const SString& strHttpPassAppend );
     CAccount*                   AddNewPlayerAccount         ( const SString& strName, const SString& strPassword );
     bool                        RemoveAccount               ( CAccount* pAccount );
     bool                        IsAuthorizedSerialRequired  ( CAccount* pAccount );

Server/mods/deathmatch/logic/CConsoleCommands.cpp

@@ -1715,10 +1715,11 @@ bool CConsoleCommands::AuthorizeSerial( CConsole* pConsole, const char* szArgume
     bool bList  = strAction == "list";
     bool bAllow = strAction == "";
     bool bRemove = strAction == "removelast";
+    bool bHttpPass = strAction == "httppass";
 
-    if ( ( !bList && !bAllow && !bRemove ) || strAccountName.empty() )
+    if ( ( !bList && !bAllow && !bRemove && !bHttpPass ) || strAccountName.empty() )
     {
-        pEchoClient->SendConsole( "Usage: authserial account_name [list|removelast]" );
+        pEchoClient->SendConsole( "Usage: authserial account_name [list|removelast|httppass]" );
         return false;
     }
 
@@ -1783,7 +1784,8 @@ bool CConsoleCommands::AuthorizeSerial( CConsole* pConsole, const char* szArgume
         pEchoClient->SendConsole( SString( "authserial: No serials require authorization for '%s'", *strAccountName ) );
         return false;
     }
-    else // Remove
+    else
+    if ( bRemove )
     {
         // Find newest serial
         time_t tNewestDate = 0;
@@ -1807,6 +1809,22 @@ bool CConsoleCommands::AuthorizeSerial( CConsole* pConsole, const char* szArgume
         pEchoClient->SendConsole( SString( "authserial: No serial usage for '%s'", *strAccountName ) );
         return false;
     }
+    else
+    if ( bHttpPass )
+    {
+        // Generate 7 digit random number
+        uint randomNumber;
+        g_pNetServer->GenerateRandomData(&randomNumber, sizeof(randomNumber));
+        randomNumber = (randomNumber % 8999999) + 1000000;
+        SString strHttpPassAppend("%u", randomNumber);
+
+        if (pClient->GetClientType() != CClient::CLIENT_CONSOLE)
+            pEchoClient->SendConsole(SString("authserial: HTTP password append for '%s' is now %s", *strAccountName, *strHttpPassAppend));
+        CLogger::LogPrintf("AUTHSERIAL: HTTP password append for '%s' is now %s\n", *strAccountName, *strHttpPassAppend);
+        pAccount->SetHttpPassAppend(strHttpPassAppend);
+        return true;
+    }
+    return false;
 }
 
 

Server/mods/deathmatch/logic/CHTTPD.cpp

@@ -181,9 +181,8 @@ ResponseCode CHTTPD::HandleRequest ( HttpRequest * ipoHttpRequest,
 
 ResponseCode CHTTPD::RequestLogin ( HttpRequest * ipoHttpRequest, HttpResponse * ipoHttpResponse )
 {
-    if ( m_strWarnMessageForIp == ipoHttpRequest->GetAddress() )
+    if ( m_WarnMessageTimer.Get() < 4000 && m_strWarnMessageForIp == ipoHttpRequest->GetAddress() )
     {
-        m_strWarnMessageForIp.clear();
         SString strMessage;
         strMessage += SString( "Your IP address ('%s') is not associated with an authorized serial.", ipoHttpRequest->GetAddress().c_str() );
         strMessage += SString( "<br/><a href='%s'>See here for more information</a>", "https:""//mtasa.com/authserialhttp" );
@@ -221,15 +220,21 @@ CAccount * CHTTPD::CheckAuthentication ( HttpRequest * ipoHttpRequest )
             if ( account )
             {
                 // Check that the password is right
-                if ( account->IsPassword ( authPassword.c_str () ) )
+                bool bSkipIpCheck;
+                if ( account->IsPassword( authPassword.c_str (), &bSkipIpCheck ) )
                 {
                     // Check that it isn't the Console account
                     std::string strAccountName = account->GetName ();
                     if ( strAccountName.compare ( CONSOLE_ACCOUNT_NAME ) != 0 )
                     {
-                        if ( !g_pGame->GetAccountManager()->IsHttpLoginAllowed( account, ipoHttpRequest->GetAddress() ) )
+                        // Do IP check if required
+                        if ( !bSkipIpCheck && !g_pGame->GetAccountManager()->IsHttpLoginAllowed( account, ipoHttpRequest->GetAddress() ) )
                         {
-                            m_strWarnMessageForIp = ipoHttpRequest->GetAddress();
+                            if (m_WarnMessageTimer.Get() > 8000 || m_strWarnMessageForIp != ipoHttpRequest->GetAddress())
+                            {
+                                m_strWarnMessageForIp = ipoHttpRequest->GetAddress();
+                                m_WarnMessageTimer.Reset();
+                            }
                             CLogger::AuthPrintf( "HTTP: Failed login for user '%s' because %s not associated with authorized serial\n", authName.c_str(), ipoHttpRequest->GetAddress().c_str() );
                             return m_pGuestAccount;
                         }

Server/mods/deathmatch/logic/CHTTPD.h

@@ -60,6 +60,7 @@ class CHTTPD : public EHS
     std::mutex                  m_mutexHttpDosProtect;
     std::mutex                  m_mutexLoggedInMap;
     SString                     m_strWarnMessageForIp;
+    CElapsedTime                m_WarnMessageTimer;
 };
 
 #endif