PEMapModder/second_commit.patch

## second_commit.patch
diff --git a/LegionPE-Core/src/legionpe/MysqlConnection.php b/LegionPE-Core/src/legionpe/MysqlConnection.php
index 8955058..67eb3e5 100644
--- a/LegionPE-Core/src/legionpe/MysqlConnection.php
+++ b/LegionPE-Core/src/legionpe/MysqlConnection.php
@@ -2,7 +2,10 @@

 namespace legionpe;

-class MysqlConnection {
+class MysqlConnection{
+	const RAW = 0;
+	const ASSOC = 1;
+	const ALL = 2;
 	/** @var \mysqli */
 	private $mysqli;
 	public function __construct(LegionPE $main){
@@ -12,13 +15,34 @@ class MysqlConnection {
 		}
 		$mysqli->query("CREATE TABLE IF NOT EXISTS players (
 			player VARCHAR(63),
-			hash CHAR(128),
+			hash BINARY(128),
 			lastonline INT,
-			registry INT
+			registry INT,
+			lastip VARCHAR(32),
+			histip VARCHAR(1024),
+			ipconfig TINYINT
 		);");
 		$this->mysqli = $mysqli;
 	}
 	public function close(){
 		$this->mysqli->close();
 	}
-}
\ No newline at end of file
+	public function query($msg, $fetch = 0, ...$args){
+		foreach($args as &$arg){
+			if(is_string($arg)){
+				$arg = $this->mysqli->escape_string($arg);
+			}
+		}
+		$result = $this->mysqli->query(sprintf($msg, ...$args));
+		if($result instanceof \mysqli_result){
+			if($fetch === self::ASSOC){
+				return $result->fetch_assoc();
+			}
+			elseif($fetch === self::ALL){
+				return $result->fetch_all(MYSQLI_ASSOC);
+			}
+			return $result;
+		}
+		return $result;
+	}
+}
diff --git a/LegionPE-Core/src/legionpe/session/MysqlSession.php b/LegionPE-Core/src/legionpe/session/MysqlSession.php
new file mode 100644
index 0000000..3698d07
--- /dev/null
+++ b/LegionPE-Core/src/legionpe/session/MysqlSession.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace legionpe\session;
+
+use legionpe\MysqlConnection;
+
+class MysqlSession{
+	private $session;
+	private $data;
+	public function __construct(Session $session){
+		$this->session = $session;
+		$this->data = $this->session->getMain()->getMySQLi()->query(
+			"SELECT * FROM players WHERE player = %s;",
+			MysqlConnection::ASSOC, $session->getPlayer()->getName());
+	}
+	public function &getData(){
+		return $this->data;
+	}
+	public function setData(array $data){
+		$this->data = $data;
+		$stmt = "INSERT OR REPLACE INTO players (%s) VALUES (%s) WHERE name = %s;";
+		$a = implode(", ", array_keys($data));
+		$b = implode(", ", array_fill(0, count($data), "%s"));
+		$vals = array_values($data);
+		$vals[] = $this->session->getPlayer()->getName();
+		$this->session->getMain()->getMySQLi()->query(sprintf($stmt, $a, $b), 0, ...$vals);
+	}
+}
diff --git a/LegionPE-Core/src/legionpe/session/Session.php b/LegionPE-Core/src/legionpe/session/Session.php
index 2cbdfbe..82dd123 100644
--- a/LegionPE-Core/src/legionpe/session/Session.php
+++ b/LegionPE-Core/src/legionpe/session/Session.php
@@ -2,47 +2,117 @@

 namespace legionpe\session;

+use pocketmine\event\player\PlayerCommandPreprocessEvent;
 use pocketmine\event\player\PlayerJoinEvent;
 use pocketmine\event\player\PlayerLoginEvent;
 use pocketmine\event\player\PlayerQuitEvent;
 use pocketmine\Player;

 class Session{
+	const IPCONFIG_DISABLE = 0;
+	const IPCONFIG_LASTIP = 1;
+	const IPCONFIG_ANYIP = 2;
+
+	const SESSION_INIT      = 0;
+	const SESSION_GAME_HUB  = 0b01000000;
+	const SESSION_LOGIN     = 0b00100000;
+	const SESSION_LOGIN_MAX = 0b00100110;
+	const SESSION_REG_INTRO = 0b00010000;
+	const SESSION_REG_REP   = 0b00010001;
+	const SESSION_REG_IP    = 0b00010010;
+	const SES_STATE_REG     = 0b00010000;
+	const SES_STATE_LOGIN   = 0b00100000;
+	const SES_STATE_GAME    = 0b01000000;
+
 	/** @var SessionHandler */
 	private $auth;
 	/** @var \legionpe\LegionPE */
 	private $main;
 	/** @var Player */
 	private $player;
+	/** @var MysqlSession */
+	private $mysqlSession;
 	/** @var int */
-	private /** @noinspection PhpUnusedPrivateFieldInspection */
-		$statusFlags = 0;
+	private $session = self::SESSION_INIT;

 	public function __construct(SessionHandler $auth, PlayerLoginEvent $login){
 		$this->auth = $auth;
 		$this->main = $auth->getMain();
 		$this->player = $login->getPlayer();
+		$this->mysqlSession = new MysqlSession($this);
 	}
-	public function join(PlayerJoinEvent $event){
-		$event->setJoinMessage("");
-		$this->openDb();
+	public function auth($method){
+		$this->tell("You have been authenticated by $method.");
+		$this->session = self::SESSION_GAME_HUB;
+	}
+	public function tell($string, ...$args){
+		$this->player->sendMessage(sprintf($string, ...$args));
 	}
 	public function finalize(PlayerQuitEvent $event){
 		$event->setQuitMessage("");
-		$this->closeDb();
 	}
-	private function openDb(){

+	public function join(PlayerJoinEvent $event){
+		$event->setJoinMessage("");
+		$result = $this->mysqlSession->getData();
+		if(is_array($result)){
+			$ipconfig = $result["ipconfig"];
+			if($ipconfig === self::IPCONFIG_LASTIP and $result["lastip"] === $this->player->getAddress()){
+				$this->auth("matching the last IP authenticated with");
+				return;
+			}
+			elseif($ipconfig === self::IPCONFIG_ANYIP){
+				foreach(explode(",", $result["histip"]) as $ip){
+					if($this->player->getAddress() === $ip){
+						$this->auth("matching an IP once authenticated with");
+						return;
+					}
+				}
+			}
+			else{
+				$this->session = self::SESSION_LOGIN;
+				$this->tell("This account has been registered. Please login by typing the password directly into chat.");
+				return;
+			}
+		}
+		else{
+			$this->session = self::SESSION_REG_INTRO;
+			$this->tell(str_repeat("~", 40));
+			$this->tell("Welcome to LegionPE!");
+			$this->tell("To protect your account, please register your username (%s) by typing a password directly into chat and send it.", $this->player->getName());
+			$this->tell("Don't worry, nobody else will see that.");
+			$this->tell("And remember, don't forget your password!");
+			return;
+		}
 	}
-	private function closeDb(){
+	public function onChatSent(PlayerCommandPreprocessEvent $event){
+		switch($this->session & 0b11110000){
+			case self::SES_STATE_REG:

+				break;
+			case self::SES_STATE_LOGIN:
+				break;
+			default:
+				if(self::checkHash($event->getMessage(), strrev(strtolower($this->player->getName())), $this->mysqlSession->getData()["hash"])){
+					$event->setCancelled();
+					$this->tell("Never talk aloud your password to other players!");
+				}
+				break;
+		}
+	}
+
+	public function getMain(){
+		return $this->main;
+	}
+	public function getPlayer(){
+		return $this->player;
 	}

 	public static function offset(Player $player){
 		return $player->getID();
 	}
 	public static function hash($string, $salt){
-		return bin2hex(hash("sha512", $string . $salt, true) ^ hash("whirlpool", $salt . $string, true));
+		return hash("sha512", $string . $salt, true) ^ hash("whirlpool", $salt . $string, true);
 	}
 	public static function checkHash($string, $salt, $hash){
 		return self::hash($string, $salt) === $hash;
	diff --git a/LegionPE-Core/src/legionpe/MysqlConnection.php b/LegionPE-Core/src/legionpe/MysqlConnection.php
	index 8955058..67eb3e5 100644
	--- a/LegionPE-Core/src/legionpe/MysqlConnection.php
	+++ b/LegionPE-Core/src/legionpe/MysqlConnection.php
	@@ -2,7 +2,10 @@

	namespace legionpe;

	-class MysqlConnection {
	+class MysqlConnection{
	+ const RAW = 0;
	+ const ASSOC = 1;
	+ const ALL = 2;
	/** @var \mysqli */
	private $mysqli;
	public function __construct(LegionPE $main){
	@@ -12,13 +15,34 @@ class MysqlConnection {
	}
	$mysqli->query("CREATE TABLE IF NOT EXISTS players (
	player VARCHAR(63),
	- hash CHAR(128),
	+ hash BINARY(128),
	lastonline INT,
	- registry INT
	+ registry INT,
	+ lastip VARCHAR(32),
	+ histip VARCHAR(1024),
	+ ipconfig TINYINT
	);");
	$this->mysqli = $mysqli;
	}
	public function close(){
	$this->mysqli->close();
	}
	-}
	\ No newline at end of file
	+ public function query($msg, $fetch = 0, ...$args){
	+ foreach($args as &$arg){
	+ if(is_string($arg)){
	+ $arg = $this->mysqli->escape_string($arg);
	+ }
	+ }
	+ $result = $this->mysqli->query(sprintf($msg, ...$args));
	+ if($result instanceof \mysqli_result){
	+ if($fetch === self::ASSOC){
	+ return $result->fetch_assoc();
	+ }
	+ elseif($fetch === self::ALL){
	+ return $result->fetch_all(MYSQLI_ASSOC);
	+ }
	+ return $result;
	+ }
	+ return $result;
	+ }
	+}
	diff --git a/LegionPE-Core/src/legionpe/session/MysqlSession.php b/LegionPE-Core/src/legionpe/session/MysqlSession.php
	new file mode 100644
	index 0000000..3698d07
	--- /dev/null
	+++ b/LegionPE-Core/src/legionpe/session/MysqlSession.php
	@@ -0,0 +1,28 @@
	+<?php
	+
	+namespace legionpe\session;
	+
	+use legionpe\MysqlConnection;
	+
	+class MysqlSession{
	+ private $session;
	+ private $data;
	+ public function __construct(Session $session){
	+ $this->session = $session;
	+ $this->data = $this->session->getMain()->getMySQLi()->query(
	+ "SELECT * FROM players WHERE player = %s;",
	+ MysqlConnection::ASSOC, $session->getPlayer()->getName());
	+ }
	+ public function &getData(){
	+ return $this->data;
	+ }
	+ public function setData(array $data){
	+ $this->data = $data;
	+ $stmt = "INSERT OR REPLACE INTO players (%s) VALUES (%s) WHERE name = %s;";
	+ $a = implode(", ", array_keys($data));
	+ $b = implode(", ", array_fill(0, count($data), "%s"));
	+ $vals = array_values($data);
	+ $vals[] = $this->session->getPlayer()->getName();
	+ $this->session->getMain()->getMySQLi()->query(sprintf($stmt, $a, $b), 0, ...$vals);
	+ }
	+}
	diff --git a/LegionPE-Core/src/legionpe/session/Session.php b/LegionPE-Core/src/legionpe/session/Session.php
	index 2cbdfbe..82dd123 100644
	--- a/LegionPE-Core/src/legionpe/session/Session.php
	+++ b/LegionPE-Core/src/legionpe/session/Session.php
	@@ -2,47 +2,117 @@

	namespace legionpe\session;

	+use pocketmine\event\player\PlayerCommandPreprocessEvent;
	use pocketmine\event\player\PlayerJoinEvent;
	use pocketmine\event\player\PlayerLoginEvent;
	use pocketmine\event\player\PlayerQuitEvent;
	use pocketmine\Player;

	class Session{
	+ const IPCONFIG_DISABLE = 0;
	+ const IPCONFIG_LASTIP = 1;
	+ const IPCONFIG_ANYIP = 2;
	+
	+ const SESSION_INIT = 0;
	+ const SESSION_GAME_HUB = 0b01000000;
	+ const SESSION_LOGIN = 0b00100000;
	+ const SESSION_LOGIN_MAX = 0b00100110;
	+ const SESSION_REG_INTRO = 0b00010000;
	+ const SESSION_REG_REP = 0b00010001;
	+ const SESSION_REG_IP = 0b00010010;
	+ const SES_STATE_REG = 0b00010000;
	+ const SES_STATE_LOGIN = 0b00100000;
	+ const SES_STATE_GAME = 0b01000000;
	+
	/** @var SessionHandler */
	private $auth;
	/** @var \legionpe\LegionPE */
	private $main;
	/** @var Player */
	private $player;
	+ /** @var MysqlSession */
	+ private $mysqlSession;
	/** @var int */
	- private /** @noinspection PhpUnusedPrivateFieldInspection */
	- $statusFlags = 0;
	+ private $session = self::SESSION_INIT;

	public function __construct(SessionHandler $auth, PlayerLoginEvent $login){
	$this->auth = $auth;
	$this->main = $auth->getMain();
	$this->player = $login->getPlayer();
	+ $this->mysqlSession = new MysqlSession($this);
	}
	- public function join(PlayerJoinEvent $event){
	- $event->setJoinMessage("");
	- $this->openDb();
	+ public function auth($method){
	+ $this->tell("You have been authenticated by $method.");
	+ $this->session = self::SESSION_GAME_HUB;
	+ }
	+ public function tell($string, ...$args){
	+ $this->player->sendMessage(sprintf($string, ...$args));
	}
	public function finalize(PlayerQuitEvent $event){
	$event->setQuitMessage("");
	- $this->closeDb();
	}
	- private function openDb(){

	+ public function join(PlayerJoinEvent $event){
	+ $event->setJoinMessage("");
	+ $result = $this->mysqlSession->getData();
	+ if(is_array($result)){
	+ $ipconfig = $result["ipconfig"];
	+ if($ipconfig === self::IPCONFIG_LASTIP and $result["lastip"] === $this->player->getAddress()){
	+ $this->auth("matching the last IP authenticated with");
	+ return;
	+ }
	+ elseif($ipconfig === self::IPCONFIG_ANYIP){
	+ foreach(explode(",", $result["histip"]) as $ip){
	+ if($this->player->getAddress() === $ip){
	+ $this->auth("matching an IP once authenticated with");
	+ return;
	+ }
	+ }
	+ }
	+ else{
	+ $this->session = self::SESSION_LOGIN;
	+ $this->tell("This account has been registered. Please login by typing the password directly into chat.");
	+ return;
	+ }
	+ }
	+ else{
	+ $this->session = self::SESSION_REG_INTRO;
	+ $this->tell(str_repeat("~", 40));
	+ $this->tell("Welcome to LegionPE!");
	+ $this->tell("To protect your account, please register your username (%s) by typing a password directly into chat and send it.", $this->player->getName());
	+ $this->tell("Don't worry, nobody else will see that.");
	+ $this->tell("And remember, don't forget your password!");
	+ return;
	+ }
	}
	- private function closeDb(){
	+ public function onChatSent(PlayerCommandPreprocessEvent $event){
	+ switch($this->session & 0b11110000){
	+ case self::SES_STATE_REG:

	+ break;
	+ case self::SES_STATE_LOGIN:
	+ break;
	+ default:
	+ if(self::checkHash($event->getMessage(), strrev(strtolower($this->player->getName())), $this->mysqlSession->getData()["hash"])){
	+ $event->setCancelled();
	+ $this->tell("Never talk aloud your password to other players!");
	+ }
	+ break;
	+ }
	+ }
	+
	+ public function getMain(){
	+ return $this->main;
	+ }
	+ public function getPlayer(){
	+ return $this->player;
	}

	public static function offset(Player $player){
	return $player->getID();
	}
	public static function hash($string, $salt){
	- return bin2hex(hash("sha512", $string . $salt, true) ^ hash("whirlpool", $salt . $string, true));
	+ return hash("sha512", $string . $salt, true) ^ hash("whirlpool", $salt . $string, true);
	}
	public static function checkHash($string, $salt, $hash){
	return self::hash($string, $salt) === $hash;