From 37c267d710a8b6b48dd4f087d0035cb4fd768f87 Mon Sep 17 00:00:00 2001
From: Philipp Sehmisch <crush@themanaworld.org>
Date: Fri, 4 Dec 2009 18:10:26 +0100
Subject: register credential information service and basic code structure for
 captcha support

---
 src/account-server/accounthandler.cpp | 55 +++++++++++++++++++++++++++++------
 1 file changed, 46 insertions(+), 9 deletions(-)

(limited to 'src/account-server/accounthandler.cpp')

diff --git a/src/account-server/accounthandler.cpp b/src/account-server/accounthandler.cpp
index 39539941..9a3674db 100644
--- a/src/account-server/accounthandler.cpp
+++ b/src/account-server/accounthandler.cpp
@@ -88,6 +88,7 @@ private:
     void handleReconnectMessage(AccountClient &client, MessageIn &msg);
     void handleRegisterMessage(AccountClient &client, MessageIn &msg);
     void handleUnregisterMessage(AccountClient &client, MessageIn &msg);
+    void handleRequestRegisterInfoMessage(AccountClient &client, MessageIn &msg);
     void handleEmailChangeMessage(AccountClient &client, MessageIn &msg);
     void handlePasswordChangeMessage(AccountClient &client, MessageIn &msg);
     void handleCharacterCreateMessage(AccountClient &client, MessageIn &msg);
@@ -305,17 +306,23 @@ void AccountHandler::handleReconnectMessage(AccountClient &client, MessageIn &ms
     mTokenCollector.addPendingClient(magic_token, &client);
 }
 
+bool checkCaptcha(AccountClient &client, std::string captcha)
+{
+    // TODO
+    return true;
+}
+
 void AccountHandler::handleRegisterMessage(AccountClient &client, MessageIn &msg)
 {
     int clientVersion = msg.readLong();
     std::string username = msg.readString();
     std::string password = msg.readString();
     std::string email = msg.readString();
+    std::string captcha = msg.readString();
+    std::string allowed = Configuration::getValue("account_allowRegister", "1");
     int minClientVersion = Configuration::getValue("clientVersion", 0);
     unsigned minNameLength = Configuration::getValue("account_minNameLength", 4);
     unsigned maxNameLength = Configuration::getValue("account_maxNameLength", 15);
-    unsigned minPasswordLength = Configuration::getValue("account_minPasswordLength", 6);
-    unsigned maxPasswordLength = Configuration::getValue("account_maxPasswordLength", 25);
 
     MessageOut reply(APMSG_REGISTER_RESPONSE);
 
@@ -323,6 +330,10 @@ void AccountHandler::handleRegisterMessage(AccountClient &client, MessageIn &msg
     {
         reply.writeByte(ERRMSG_FAILURE);
     }
+    else if (allowed == "0" or allowed == "false")
+    {
+        reply.writeByte(ERRMSG_FAILURE);
+    }
     else if (clientVersion < minClientVersion)
     {
         reply.writeByte(REGISTER_INVALID_VERSION);
@@ -340,11 +351,6 @@ void AccountHandler::handleRegisterMessage(AccountClient &client, MessageIn &msg
     {
         reply.writeByte(ERRMSG_INVALID_ARGUMENT);
     }
-    else if (password.length() < minPasswordLength ||
-             password.length() > maxPasswordLength)
-    {
-        reply.writeByte(ERRMSG_INVALID_ARGUMENT);
-    }
     else if (stringFilter->findDoubleQuotes(password))
     {
         reply.writeByte(ERRMSG_INVALID_ARGUMENT);
@@ -368,12 +374,17 @@ void AccountHandler::handleRegisterMessage(AccountClient &client, MessageIn &msg
     {
         reply.writeByte(REGISTER_EXISTS_EMAIL);
     }
+    else if (!checkCaptcha(client, captcha))
+    {
+        reply.writeByte(REGISTER_CAPTCHA_WRONG);
+    }
     else
     {
         Account *acc = new Account;
         acc->setName(username);
-        // We hash the password using the username as salt.
-        acc->setPassword(sha256(username + password));
+        // We set the password
+        // TODO: apply hashing here and during login
+        acc->setPassword(password);
         // We hash email server-side without using a salt.
         acc->setEmail(sha256(email));
         acc->setLevel(AL_PLAYER);
@@ -437,6 +448,26 @@ void AccountHandler::handleUnregisterMessage(AccountClient &client, MessageIn &m
     client.send(reply);
 }
 
+void AccountHandler::handleRequestRegisterInfoMessage(AccountClient &client, MessageIn &msg)
+{
+    LOG_INFO("AccountHandler::handleRequestRegisterInfoMessage");
+    MessageOut reply(APMSG_REGISTER_INFO_RESPONSE);
+    std::string allowed = Configuration::getValue("account_allowRegister", "1");
+    if (allowed == "0" or allowed == "false")
+    {
+        reply.writeByte(false);
+        reply.writeString(Configuration::getValue(
+            "account_denyRegisterReason", ""));
+    } else {
+        reply.writeByte(true);
+        reply.writeByte(Configuration::getValue("account_minNameLength", 4));
+        reply.writeByte(Configuration::getValue("account_maxNameLength", 16));
+        reply.writeString("http://www.server.example/captcha.png");
+        reply.writeString("<instructions for solving captcha>");
+    }
+    client.send(reply);
+}
+
 void AccountHandler::handleEmailChangeMessage(AccountClient &client, MessageIn &msg)
 {
     MessageOut reply(APMSG_EMAIL_CHANGE_RESPONSE);
@@ -815,6 +846,12 @@ void AccountHandler::processMessage(NetComputer *comp, MessageIn &message)
             handleUnregisterMessage(client, message);
             break;
 
+        case PAMSG_REQUEST_REGISTER_INFO :
+            LOG_DEBUG("Received msg ... REQUEST_REGISTER_INFO");
+            handleRequestRegisterInfoMessage(client, message);
+            break;
+
+
         case PAMSG_EMAIL_CHANGE:
             LOG_DEBUG("Received msg ... PAMSG_EMAIL_CHANGE");
             handleEmailChangeMessage(client, message);
-- 
cgit v1.2.3-60-g2f50