Last active
February 15, 2018 04:09
-
-
Save MrStonedOne/db8671add6c1f011d62ce16611daf76f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('FROM_MEDIAWIKI', true); //to hook into the phpbbSSO wiki extension | |
//stuff phpbb wants defined. | |
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; | |
define('IN_PHPBB', true); | |
$phpEx = substr(strrchr(__FILE__, '.'), 1); | |
include_once($phpbb_root_path.'common.'.$phpEx); //we include the phpbb frame work | |
$user->session_begin(); //now we let phpbb do all the fancy work of figuring out who the fuck this are. | |
$userid = (int)$user->data['user_id']; | |
$usertype = $user->data['user_type']; | |
if($userid <= 1 || $usertype == 1 || $usertype == 2) { | |
header("location: ucp.php?mode=login&redirect=".urlencode("linkbyondaccount.php?".$_SERVER["QUERY_STRING"])); | |
//print_r($user); | |
die(); | |
} | |
if (isset($_GET['token']) && strlen($_GET['token']) == 128) { | |
$token = $_GET['token']; | |
$sql = "SELECT `key` FROM `byond_oauth_tokens` WHERE token = '".$db->sql_escape($token)."' AND timestamp > DATE_SUB(CURDATE(),INTERVAL 30 MINUTE)"; | |
$result = $db->sql_query($sql); | |
$key = $db->sql_fetchfield('key'); | |
$db->sql_freeresult($result); | |
$sql = "SELECT redirect FROM `byond_oauth_redirects` WHERE userid = ".$userid." AND timestamp > DATE_SUB(CURDATE(),INTERVAL 30 MINUTE)"; | |
$result = $db->sql_query($sql); | |
$redirect = $db->sql_fetchfield('redirect'); | |
$db->sql_freeresult($result); | |
if (!$key) { | |
print("Invalid token or unknown error linking byond account<br><a href='linkbyondaccount.php?redirect=".htmlspecialchars(urlencode($redirect))."'>Retry?</a>"); | |
die(); | |
} | |
$sql = "DELETE FROM `byond_oauth_tokens` WHERE token = '".$db->sql_escape($token)."' OR timestamp < DATE_SUB(CURDATE(),INTERVAL 5 MINUTE)"; | |
$db->sql_freeresult($db->sql_query($sql)); | |
$sql = "DELETE FROM `byond_oauth_redirects` WHERE userid = ".$userid." OR timestamp < DATE_SUB(CURDATE(),INTERVAL 30 MINUTE)"; | |
$db->sql_freeresult($db->sql_query($sql)); | |
$bannedusernames = array(); | |
$sql = "SELECT u.username AS username FROM `phpbb_banlist` AS b LEFT JOIN `phpbb_profile_fields_data` AS f ON (b.ban_userid = f.user_id) LEFT JOIN `phpbb_users` AS u on (u.user_id = b.ban_userid) WHERE b.ban_userid > 0 AND f.pf_byond_username IS NOT NULL AND ban_exclude <= 0 AND (ban_end = 0 OR ban_end > UNIX_TIMESTAMP()) AND f.pf_byond_username = '".$db->sql_escape($key)."'"; | |
$result = $db->sql_query($sql); | |
while ($row = $db->sql_fetchrow($result)) | |
$bannedusernames[] = $row['username']; | |
if (count($bannedusernames) > 0) { | |
print("You can not link this byond account while it is banned on another forum account.<br>"); | |
print("The following forum accounts are registered to this byond account and forum banned:<br>"); | |
foreach ($bannedusernames as $bannedusername) | |
print($bannedusername."<br>"); | |
die(); | |
} | |
$sql = "INSERT INTO phpbb_profile_fields_data (user_id,pf_byond_username) VALUES (".$userid.", '".$db->sql_escape($key)."') ON DUPLICATE KEY UPDATE pf_byond_username='".$db->sql_escape($key)."'"; | |
$db->sql_freeresult($db->sql_query($sql)); | |
$sql = "INSERT INTO phpbb_user_group (group_id,user_id,user_pending) VALUES (11, ".$userid.", 0) ON DUPLICATE KEY UPDATE user_pending=0"; | |
$db->sql_freeresult($db->sql_query($sql)); | |
$auth->acl_clear_prefetch($userid); | |
if (empty($redirect) || !$redirect) | |
$redirect = "memberlist.php?mode=viewprofile&u=".$userid; | |
header("location: ".$redirect); | |
die(); | |
} | |
if (isset($_GET['go'])) { | |
$redirect = ''; | |
if (isset($_GET['redirect'])) | |
$redirect = $_GET['redirect']; | |
if (empty($redirect) || !$redirect) | |
$redirect = "memberlist.php?mode=viewprofile&u=".$userid; | |
$sql = "INSERT INTO byond_oauth_redirects (userid,redirect) VALUES (".$userid.", '".$db->sql_escape($redirect)."') ON DUPLICATE KEY UPDATE redirect='".$db->sql_escape($redirect)."'"; | |
$db->sql_freeresult($db->sql_query($sql)); | |
header("location: https://secure.byond.com/login.cgi?login=1;noscript=1;url=".urlencode("http://www.byond.com/play/tgstation13.org:31337")); | |
die(); | |
} | |
print("To validate your byond account you will be connected to a byond webclient hosted by this server.<br/>Before you can connect you will need to log in to your byond account, this will done at byond's website and we can not see your username and password.<br/>Byond will show you an ad before connecting you unless you are a byond member and disabled them<br/>If you use adblock, it will complain about not being able to show you an ad, just wait 30 seconds and it will still connect you.<br/>After you do this, you will be taken back to the page you came here from or to the site home page<br/>Ready?<br/><a href='?go=1&".htmlspecialchars($_SERVER['QUERY_STRING'])."'>Validate my byond account to my forum account</a><br/><p/> <br/>Error trouble shooting:<br/><ul><li>'Invalid token or unknown error linking byond account'</li><ul><li>Try again or bug MrStonedOne via <a href='ucp.php?i=pm&mode=compose&u=2'>forum pm</a> to restart the webclient server</li></ul><br/><li>Byond says the game is not currently available</li><ul><li>Bug MrStonedOne via <a href='ucp.php?i=pm&mode=compose&u=2'>forum pm</a> to restart the webclient server</li></ul><br/><li>It just sits at connected to world, downloading client</li><ul><li>Stop using Internet Explorer dumbass</li><li>Other wise, Hit control+f5 on that page to get it to clear the cache and reload.</li></ul><br/><li>It says connecting account and then it displays an error</li><ul><li>Breaking change in chrome (and soon to be other browsers), Bitch here: https://github.com/WICG/interventions/issues/16 and/or disable chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture</li></ul><br/></ul>"); | |
die(); | |
/*$sql = "INSERT INTO `common_passwords_log` (`username` ,`passwordid` ,`passwordtext` ,`passwordregex`) VALUES ('".$db->sql_escape($username)."', '".$row['id']."', '".$db->sql_escape($password)."', '".$sqlpassword."')"; | |
$result = $db->sql_query($sql); | |
$db->sql_freeresult($result);*/ | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
These are simple defaults for your project. | |
*/ | |
world { | |
fps = 10; // 25 frames per second | |
icon_size = 32; // 32x32 icon size by default | |
view = 6; // show up to 6 tiles outward from center (13x13 view) | |
} | |
/var/DBConnection/dbcon = new(); | |
proc/setup_database_connection() { | |
if(!dbcon) | |
dbcon = new(); | |
if (dbcon.IsConnected()) | |
dbcon.Disconnect(); | |
var/user = sqluser | |
var/pass = sqlpass | |
var/db = sqldb | |
var/address = sqladdress | |
var/port = sqlport | |
dbcon.Connect("dbi:mysql:[db]:[address]:[port]","[user]","[pass]"); | |
. = dbcon.IsConnected(); | |
if (!.) | |
world.log << "SQL error: " + dbcon.ErrorMsg(); | |
return .; | |
} | |
proc/establish_db_connection() { | |
return setup_database_connection(); | |
} | |
/world/New() { | |
establish_db_connection() | |
} | |
/proc/IsGuestKey(key) { | |
if (findtext(key, "Guest-", 1, 7) != 1) | |
return 0 | |
return 1 | |
} | |
/client/proc/redirectclient(url, text="redirecting.....") { | |
var/html = {" | |
<html> | |
<head></head> | |
<body onload="window.top.location.href = '[url]'"> | |
[text] | |
</body> | |
</html> | |
"} | |
src << browse(html,"window=redirect"); | |
} | |
/client/New(TopicData) { | |
world.log << "client connection detected. ckey: [ckey] connection type = [connection]"; | |
if (connection != "web") { | |
src << "Sorry, but only web client connections are supported"; | |
return 0; | |
} | |
src << browse("Linking accounts.", "window=redirect"); | |
if (!establish_db_connection()) { | |
src << "error: unable to connect to database"; | |
return 0; | |
} | |
if (IsGuestKey(key)) { | |
redirectclient("https://secure.byond.com/login.cgi?login=1;noscript=1;url=http%3A%2F%2Fwww.byond.com%2Fplay%2Ftgstation13.org%3A31337") | |
return ..(); | |
} | |
sleep(3); | |
src << browse("Linking accounts..", "window=redirect"); | |
var/filesuffix = md5(ckey); | |
var/shellreturncode = shell("dd if=/dev/urandom bs=1024 count=512 status=noxfer 2>/dev/null |sha512sum -b|cut -s -d \" \" -f 1|tr -d '\n' 1>byondrandomsha512.[filesuffix].txt"); | |
var/token = file2text("byondrandomsha512.[filesuffix].txt"); | |
sleep(3); | |
src << browse("Linking accounts...", "window=redirect"); | |
var/DBQuery/query_insert = dbcon.NewQuery("INSERT INTO byond_oauth_tokens (`token`, `key`) VALUES ([dbcon.Quote(token)], [dbcon.Quote(key)])"); | |
var/queryres = query_insert.Execute() | |
if (!queryres) { | |
world.log << "SQL token error!"; | |
world.log << "Error message: [query_insert.ErrorMsg()]"; | |
world.log << "Query return value: [queryres]"; | |
world.log << "Key/Ckey [key]/[ckey]"; | |
world.log << "File Suffix: [filesuffix]"; | |
world.log << "Shell Return Code: [shellreturncode]"; | |
world.log << "Token: [token]"; | |
src << "SQL token error!"; | |
} | |
//world.log << "SQL error: " + query_insert.ErrorMsg(); | |
sleep(3); | |
src << browse("Linking accounts....", "window=redirect"); | |
spawn (10) | |
src << browse("Linking accounts.....", "window=redirect"); | |
spawn (20) | |
redirectclient("https://tgstation13.org/phpBB/linkbyondaccount.php?token=[token]"); | |
..() | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment