LoginService.cs 37 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSim Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections;
  29. using System.Collections.Generic;
  30. using System.IO;
  31. using System.Reflection;
  32. using System.Text.RegularExpressions;
  33. using System.Threading;
  34. using System.Web;
  35. using libsecondlife;
  36. using libsecondlife.StructuredData;
  37. using log4net;
  38. using Nwc.XmlRpc;
  39. using OpenSim.Framework.Communications.Cache;
  40. using OpenSim.Framework.Statistics;
  41. namespace OpenSim.Framework.Communications
  42. {
  43. public abstract class LoginService
  44. {
  45. private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  46. protected string m_welcomeMessage = "Welcome to OpenSim";
  47. protected UserManagerBase m_userManager = null;
  48. protected Mutex m_loginMutex = new Mutex(false);
  49. /// <summary>
  50. /// Used during login to send the skeleton of the OpenSim Library to the client.
  51. /// </summary>
  52. protected LibraryRootFolder m_libraryRootFolder;
  53. /// <summary>
  54. /// Constructor
  55. /// </summary>
  56. /// <param name="userManager"></param>
  57. /// <param name="libraryRootFolder"></param>
  58. /// <param name="welcomeMess"></param>
  59. public LoginService(UserManagerBase userManager, LibraryRootFolder libraryRootFolder,
  60. string welcomeMess)
  61. {
  62. m_userManager = userManager;
  63. m_libraryRootFolder = libraryRootFolder;
  64. if (welcomeMess != String.Empty)
  65. {
  66. m_welcomeMessage = welcomeMess;
  67. }
  68. }
  69. /// <summary>
  70. /// Customises the login response and fills in missing values.
  71. /// </summary>
  72. /// <param name="response">The existing response</param>
  73. /// <param name="theUser">The user profile</param>
  74. public abstract void CustomiseResponse(LoginResponse response, UserProfileData theUser, string startLocationRequest);
  75. /// <summary>
  76. /// If the user is already logged in, try to notify the region that the user they've got is dead.
  77. /// </summary>
  78. /// <param name="theUser"></param>
  79. public virtual void LogOffUser(UserProfileData theUser, string message)
  80. {
  81. }
  82. /// <summary>
  83. /// Get the initial login inventory skeleton (in other words, the folder structure) for the given user.
  84. /// </summary>
  85. /// <param name="userID"></param>
  86. /// <returns></returns>
  87. /// <exception cref='System.Exception'>This will be thrown if there is a problem with the inventory service</exception>
  88. protected abstract InventoryData GetInventorySkeleton(LLUUID userID, string inventoryServerUrl);
  89. /// <summary>
  90. /// Called when we receive the client's initial XMLRPC login_to_simulator request message
  91. /// </summary>
  92. /// <param name="request">The XMLRPC request</param>
  93. /// <returns>The response to send</returns>
  94. public XmlRpcResponse XmlRpcLoginMethod(XmlRpcRequest request)
  95. {
  96. // Temporary fix
  97. m_loginMutex.WaitOne();
  98. try
  99. {
  100. //CFK: CustomizeResponse contains sufficient strings to alleviate the need for this.
  101. //CKF: m_log.Info("[LOGIN]: Attempting login now...");
  102. XmlRpcResponse response = new XmlRpcResponse();
  103. Hashtable requestData = (Hashtable) request.Params[0];
  104. bool GoodXML = (requestData.Contains("first") && requestData.Contains("last") &&
  105. (requestData.Contains("passwd") || requestData.Contains("web_login_key")));
  106. bool GoodLogin = false;
  107. string startLocationRequest = "last";
  108. UserProfileData userProfile;
  109. LoginResponse logResponse = new LoginResponse();
  110. string firstname = String.Empty;
  111. string lastname = String.Empty;
  112. if (GoodXML)
  113. {
  114. firstname = (string) requestData["first"];
  115. lastname = (string) requestData["last"];
  116. m_log.InfoFormat(
  117. "[LOGIN BEGIN]: Received login request message from user {0} {1}",
  118. firstname, lastname);
  119. string clientVersion = "Unknown";
  120. if (requestData.Contains("version"))
  121. {
  122. clientVersion = (string)requestData["version"];
  123. }
  124. if (requestData.Contains("start"))
  125. {
  126. startLocationRequest = (string)requestData["start"];
  127. }
  128. m_log.DebugFormat(
  129. "[LOGIN]: Client is {0}, start location is {1}", clientVersion, startLocationRequest);
  130. userProfile = GetTheUser(firstname, lastname);
  131. if (userProfile == null)
  132. {
  133. m_log.Info("[LOGIN END]: Could not find a profile for " + firstname + " " + lastname);
  134. return logResponse.CreateLoginFailedResponse();
  135. }
  136. if (requestData.Contains("passwd"))
  137. {
  138. string passwd = (string)requestData["passwd"];
  139. GoodLogin = AuthenticateUser(userProfile, passwd);
  140. }
  141. else if (requestData.Contains("web_login_key"))
  142. {
  143. LLUUID webloginkey = null;
  144. try
  145. {
  146. webloginkey = new LLUUID((string)requestData["web_login_key"]);
  147. }
  148. catch (Exception e)
  149. {
  150. m_log.InfoFormat(
  151. "[LOGIN END]: Bad web_login_key: {0} for user {1} {2}, exception {3}",
  152. requestData["web_login_key"], firstname, lastname, e);
  153. return logResponse.CreateFailedResponse();
  154. }
  155. GoodLogin = AuthenticateUser(userProfile, webloginkey);
  156. }
  157. }
  158. else
  159. {
  160. m_log.Info(
  161. "[LOGIN END]: login_to_simulator login message did not contain all the required data");
  162. return logResponse.CreateGridErrorResponse();
  163. }
  164. if (!GoodLogin)
  165. {
  166. m_log.InfoFormat("[LOGIN END]: User {0} {1} failed authentication", firstname, lastname);
  167. return logResponse.CreateLoginFailedResponse();
  168. }
  169. else
  170. {
  171. // If we already have a session...
  172. if (userProfile.CurrentAgent != null && userProfile.CurrentAgent.AgentOnline)
  173. {
  174. //TODO: The following statements can cause trouble:
  175. // If agentOnline could not turn from true back to false normally
  176. // because of some problem, for instance, the crashment of server or client,
  177. // the user cannot log in any longer.
  178. userProfile.CurrentAgent.AgentOnline = false;
  179. m_userManager.CommitAgent(ref userProfile);
  180. // try to tell the region that their user is dead.
  181. LogOffUser(userProfile, "You were logged off because you logged in from another location");
  182. // Reject the login
  183. m_log.InfoFormat(
  184. "[LOGIN END]: Notifying user {0} {1} that they are already logged in",
  185. firstname, lastname);
  186. return logResponse.CreateAlreadyLoggedInResponse();
  187. }
  188. // Otherwise...
  189. // Create a new agent session
  190. CreateAgent(userProfile, request);
  191. try
  192. {
  193. LLUUID agentID = userProfile.ID;
  194. InventoryData inventData = null;
  195. try
  196. {
  197. string inventoryServerUrl = "";
  198. //if (!String.IsNullOrEmpty(userProfile.UserInventoryURI))
  199. //{
  200. // inventoryServerUrl = userProfile.UserInventoryURI;
  201. //}
  202. inventData = GetInventorySkeleton(agentID, inventoryServerUrl);
  203. }
  204. catch (Exception e)
  205. {
  206. m_log.ErrorFormat(
  207. "[LOGIN END]: Error retrieving inventory skeleton of agent {0}, {1} - {2}",
  208. agentID, e.GetType(), e.Message);
  209. return logResponse.CreateLoginInventoryFailedResponse();
  210. }
  211. ArrayList AgentInventoryArray = inventData.InventoryArray;
  212. Hashtable InventoryRootHash = new Hashtable();
  213. InventoryRootHash["folder_id"] = inventData.RootFolderID.ToString();
  214. ArrayList InventoryRoot = new ArrayList();
  215. InventoryRoot.Add(InventoryRootHash);
  216. userProfile.RootInventoryFolderID = inventData.RootFolderID;
  217. // Inventory Library Section
  218. Hashtable InventoryLibRootHash = new Hashtable();
  219. InventoryLibRootHash["folder_id"] = "00000112-000f-0000-0000-000100bba000";
  220. ArrayList InventoryLibRoot = new ArrayList();
  221. InventoryLibRoot.Add(InventoryLibRootHash);
  222. logResponse.InventoryLibRoot = InventoryLibRoot;
  223. logResponse.InventoryLibraryOwner = GetLibraryOwner();
  224. logResponse.InventoryRoot = InventoryRoot;
  225. logResponse.InventorySkeleton = AgentInventoryArray;
  226. logResponse.InventoryLibrary = GetInventoryLibrary();
  227. // Circuit Code
  228. uint circode = (uint) (Util.RandomClass.Next());
  229. logResponse.Lastname = userProfile.SurName;
  230. logResponse.Firstname = userProfile.FirstName;
  231. logResponse.AgentID = agentID.ToString();
  232. logResponse.SessionID = userProfile.CurrentAgent.SessionID.ToString();
  233. logResponse.SecureSessionID = userProfile.CurrentAgent.SecureSessionID.ToString();
  234. logResponse.CircuitCode = (Int32) circode;
  235. //logResponse.RegionX = 0; //overwritten
  236. //logResponse.RegionY = 0; //overwritten
  237. logResponse.Home = "!!null temporary value {home}!!"; // Overwritten
  238. //logResponse.LookAt = "\n[r" + TheUser.homeLookAt.X.ToString() + ",r" + TheUser.homeLookAt.Y.ToString() + ",r" + TheUser.homeLookAt.Z.ToString() + "]\n";
  239. //logResponse.SimAddress = "127.0.0.1"; //overwritten
  240. //logResponse.SimPort = 0; //overwritten
  241. logResponse.Message = GetMessage();
  242. logResponse.BuddList = ConvertFriendListItem(m_userManager.GetUserFriendList(agentID));
  243. logResponse.StartLocation = startLocationRequest;
  244. try
  245. {
  246. CustomiseResponse(logResponse, userProfile, startLocationRequest);
  247. }
  248. catch (Exception e)
  249. {
  250. m_log.Info("[LOGIN END]: " + e.ToString());
  251. return logResponse.CreateDeadRegionResponse();
  252. //return logResponse.ToXmlRpcResponse();
  253. }
  254. CommitAgent(ref userProfile);
  255. // If we reach this point, then the login has successfully logged onto the grid
  256. if (StatsManager.UserStats != null)
  257. StatsManager.UserStats.AddSuccessfulLogin();
  258. m_log.DebugFormat(
  259. "[LOGIN END]: Authentication of user {0} {1} successful. Sending response to client.",
  260. firstname, lastname);
  261. return logResponse.ToXmlRpcResponse();
  262. }
  263. catch (Exception e)
  264. {
  265. m_log.Info("[LOGIN END]: Login failed, " + e.ToString());
  266. }
  267. }
  268. m_log.Info("[LOGIN END]: Login failed. Sending back blank XMLRPC response");
  269. return response;
  270. }
  271. finally
  272. {
  273. m_loginMutex.ReleaseMutex();
  274. }
  275. }
  276. public LLSD LLSDLoginMethod(LLSD request)
  277. {
  278. // Temporary fix
  279. m_loginMutex.WaitOne();
  280. try
  281. {
  282. bool GoodLogin = false;
  283. string startLocationRequest = "last";
  284. UserProfileData userProfile = null;
  285. LoginResponse logResponse = new LoginResponse();
  286. if (request.Type == LLSDType.Map)
  287. {
  288. LLSDMap map = (LLSDMap)request;
  289. if (map.ContainsKey("first") && map.ContainsKey("last") && map.ContainsKey("passwd"))
  290. {
  291. string firstname = map["first"].AsString();
  292. string lastname = map["last"].AsString();
  293. string passwd = map["passwd"].AsString();
  294. if (map.ContainsKey("start"))
  295. {
  296. m_log.Info("[LOGIN]: StartLocation Requested: " + map["start"].AsString());
  297. startLocationRequest = map["start"].AsString();
  298. }
  299. userProfile = GetTheUser(firstname, lastname);
  300. if (userProfile == null)
  301. {
  302. m_log.Info("[LOGIN]: Could not find a profile for " + firstname + " " + lastname);
  303. return logResponse.CreateLoginFailedResponseLLSD();
  304. }
  305. GoodLogin = AuthenticateUser(userProfile, passwd);
  306. }
  307. }
  308. if (!GoodLogin)
  309. {
  310. return logResponse.CreateLoginFailedResponseLLSD();
  311. }
  312. else
  313. {
  314. // If we already have a session...
  315. if (userProfile.CurrentAgent != null && userProfile.CurrentAgent.AgentOnline)
  316. {
  317. userProfile.CurrentAgent = null;
  318. m_userManager.CommitAgent(ref userProfile);
  319. // Reject the login
  320. return logResponse.CreateAlreadyLoggedInResponseLLSD();
  321. }
  322. // Otherwise...
  323. // Create a new agent session
  324. CreateAgent(userProfile, request);
  325. try
  326. {
  327. LLUUID agentID = userProfile.ID;
  328. // Inventory Library Section
  329. string inventoryServerUrl = "";
  330. //if (!String.IsNullOrEmpty(userProfile.UserInventoryURI))
  331. //{
  332. // inventoryServerUrl = userProfile.UserInventoryURI;
  333. //}
  334. InventoryData inventData = GetInventorySkeleton(agentID, inventoryServerUrl);
  335. ArrayList AgentInventoryArray = inventData.InventoryArray;
  336. Hashtable InventoryRootHash = new Hashtable();
  337. InventoryRootHash["folder_id"] = inventData.RootFolderID.ToString();
  338. ArrayList InventoryRoot = new ArrayList();
  339. InventoryRoot.Add(InventoryRootHash);
  340. userProfile.RootInventoryFolderID = inventData.RootFolderID;
  341. // Circuit Code
  342. uint circode = (uint)(Util.RandomClass.Next());
  343. logResponse.Lastname = userProfile.SurName;
  344. logResponse.Firstname = userProfile.FirstName;
  345. logResponse.AgentID = agentID.ToString();
  346. logResponse.SessionID = userProfile.CurrentAgent.SessionID.ToString();
  347. logResponse.SecureSessionID = userProfile.CurrentAgent.SecureSessionID.ToString();
  348. logResponse.InventoryRoot = InventoryRoot;
  349. logResponse.InventorySkeleton = AgentInventoryArray;
  350. logResponse.InventoryLibrary = GetInventoryLibrary();
  351. Hashtable InventoryLibRootHash = new Hashtable();
  352. InventoryLibRootHash["folder_id"] = "00000112-000f-0000-0000-000100bba000";
  353. ArrayList InventoryLibRoot = new ArrayList();
  354. InventoryLibRoot.Add(InventoryLibRootHash);
  355. logResponse.InventoryLibRoot = InventoryLibRoot;
  356. logResponse.InventoryLibraryOwner = GetLibraryOwner();
  357. logResponse.CircuitCode = (Int32)circode;
  358. //logResponse.RegionX = 0; //overwritten
  359. //logResponse.RegionY = 0; //overwritten
  360. logResponse.Home = "!!null temporary value {home}!!"; // Overwritten
  361. //logResponse.LookAt = "\n[r" + TheUser.homeLookAt.X.ToString() + ",r" + TheUser.homeLookAt.Y.ToString() + ",r" + TheUser.homeLookAt.Z.ToString() + "]\n";
  362. //logResponse.SimAddress = "127.0.0.1"; //overwritten
  363. //logResponse.SimPort = 0; //overwritten
  364. logResponse.Message = GetMessage();
  365. logResponse.BuddList = ConvertFriendListItem(m_userManager.GetUserFriendList(agentID));
  366. try
  367. {
  368. CustomiseResponse(logResponse, userProfile, startLocationRequest);
  369. }
  370. catch (Exception ex)
  371. {
  372. m_log.Info("[LOGIN]: " + ex.ToString());
  373. return logResponse.CreateDeadRegionResponseLLSD();
  374. }
  375. CommitAgent(ref userProfile);
  376. // If we reach this point, then the login has successfully logged onto the grid
  377. if (StatsManager.UserStats != null)
  378. StatsManager.UserStats.AddSuccessfulLogin();
  379. return logResponse.ToLLSDResponse();
  380. }
  381. catch (Exception ex)
  382. {
  383. m_log.Info("[LOGIN]: " + ex.ToString());
  384. return logResponse.CreateFailedResponseLLSD();
  385. }
  386. }
  387. }
  388. finally
  389. {
  390. m_loginMutex.ReleaseMutex();
  391. }
  392. }
  393. public Hashtable ProcessHTMLLogin(Hashtable keysvals)
  394. {
  395. // Matches all unspecified characters
  396. // Currently specified,; lowercase letters, upper case letters, numbers, underline
  397. // period, space, parens, and dash.
  398. Regex wfcut = new Regex("[^a-zA-Z0-9_\\.\\$ \\(\\)\\-]");
  399. Hashtable returnactions = new Hashtable();
  400. int statuscode = 200;
  401. string firstname = String.Empty;
  402. string lastname = String.Empty;
  403. string location = String.Empty;
  404. string region =String.Empty;
  405. string grid = String.Empty;
  406. string channel = String.Empty;
  407. string version = String.Empty;
  408. string lang = String.Empty;
  409. string password = String.Empty;
  410. string errormessages = String.Empty;
  411. // the client requires the HTML form field be named 'username'
  412. // however, the data it sends when it loads the first time is 'firstname'
  413. // another one of those little nuances.
  414. if (keysvals.Contains("firstname"))
  415. firstname = wfcut.Replace((string)keysvals["firstname"], String.Empty, 99999);
  416. if (keysvals.Contains("username"))
  417. firstname = wfcut.Replace((string)keysvals["username"], String.Empty, 99999);
  418. if (keysvals.Contains("lastname"))
  419. lastname = wfcut.Replace((string)keysvals["lastname"], String.Empty, 99999);
  420. if (keysvals.Contains("location"))
  421. location = wfcut.Replace((string)keysvals["location"], String.Empty, 99999);
  422. if (keysvals.Contains("region"))
  423. region = wfcut.Replace((string)keysvals["region"], String.Empty, 99999);
  424. if (keysvals.Contains("grid"))
  425. grid = wfcut.Replace((string)keysvals["grid"], String.Empty, 99999);
  426. if (keysvals.Contains("channel"))
  427. channel = wfcut.Replace((string)keysvals["channel"], String.Empty, 99999);
  428. if (keysvals.Contains("version"))
  429. version = wfcut.Replace((string)keysvals["version"], String.Empty, 99999);
  430. if (keysvals.Contains("lang"))
  431. lang = wfcut.Replace((string)keysvals["lang"], String.Empty, 99999);
  432. if (keysvals.Contains("password"))
  433. password = wfcut.Replace((string)keysvals["password"], String.Empty, 99999);
  434. // load our login form.
  435. string loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages);
  436. if (keysvals.ContainsKey("show_login_form"))
  437. {
  438. UserProfileData user = GetTheUser(firstname, lastname);
  439. bool goodweblogin = false;
  440. if (user != null)
  441. goodweblogin = AuthenticateUser(user, password);
  442. if (goodweblogin)
  443. {
  444. LLUUID webloginkey = LLUUID.Random();
  445. m_userManager.StoreWebLoginKey(user.ID, webloginkey);
  446. statuscode = 301;
  447. string redirectURL = "about:blank?redirect-http-hack=" +
  448. HttpUtility.UrlEncode("secondlife:///app/login?first_name=" + firstname + "&last_name=" +
  449. lastname +
  450. "&location=" + location + "&grid=Other&web_login_key=" + webloginkey.ToString());
  451. //m_log.Info("[WEB]: R:" + redirectURL);
  452. returnactions["int_response_code"] = statuscode;
  453. returnactions["str_redirect_location"] = redirectURL;
  454. returnactions["str_response_string"] = "<HTML><BODY>GoodLogin</BODY></HTML>";
  455. }
  456. else
  457. {
  458. errormessages = "The Username and password supplied did not match our records. Check your caps lock and try again";
  459. loginform = GetLoginForm(firstname, lastname, location, region, grid, channel, version, lang, password, errormessages);
  460. returnactions["int_response_code"] = statuscode;
  461. returnactions["str_response_string"] = loginform;
  462. }
  463. }
  464. else
  465. {
  466. returnactions["int_response_code"] = statuscode;
  467. returnactions["str_response_string"] = loginform;
  468. }
  469. return returnactions;
  470. }
  471. public string GetLoginForm(string firstname, string lastname, string location, string region,
  472. string grid, string channel, string version, string lang,
  473. string password, string errormessages)
  474. {
  475. // inject our values in the form at the markers
  476. string loginform=String.Empty;
  477. string file = Path.Combine(Util.configDir(), "http_loginform.html");
  478. if (!File.Exists(file))
  479. {
  480. loginform = GetDefaultLoginForm();
  481. }
  482. else
  483. {
  484. StreamReader sr = File.OpenText(file);
  485. loginform = sr.ReadToEnd();
  486. sr.Close();
  487. }
  488. loginform = loginform.Replace("[$firstname]", firstname);
  489. loginform = loginform.Replace("[$lastname]", lastname);
  490. loginform = loginform.Replace("[$location]", location);
  491. loginform = loginform.Replace("[$region]", region);
  492. loginform = loginform.Replace("[$grid]", grid);
  493. loginform = loginform.Replace("[$channel]", channel);
  494. loginform = loginform.Replace("[$version]", version);
  495. loginform = loginform.Replace("[$lang]", lang);
  496. loginform = loginform.Replace("[$password]", password);
  497. loginform = loginform.Replace("[$errors]", errormessages);
  498. return loginform;
  499. }
  500. public string GetDefaultLoginForm()
  501. {
  502. string responseString =
  503. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
  504. responseString += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
  505. responseString += "<head>";
  506. responseString += "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />";
  507. responseString += "<meta http-equiv=\"cache-control\" content=\"no-cache\">";
  508. responseString += "<meta http-equiv=\"Pragma\" content=\"no-cache\">";
  509. responseString += "<title>OpenSim Login</title>";
  510. responseString += "<body><br />";
  511. responseString += "<div id=\"login_box\">";
  512. responseString += "<form action=\"/go.cgi\" method=\"GET\" id=\"login-form\">";
  513. responseString += "<div id=\"message\">[$errors]</div>";
  514. responseString += "<fieldset id=\"firstname\">";
  515. responseString += "<legend>First Name:</legend>";
  516. responseString += "<input type=\"text\" id=\"firstname_input\" size=\"15\" maxlength=\"100\" name=\"username\" value=\"[$firstname]\" />";
  517. responseString += "</fieldset>";
  518. responseString += "<fieldset id=\"lastname\">";
  519. responseString += "<legend>Last Name:</legend>";
  520. responseString += "<input type=\"text\" size=\"15\" maxlength=\"100\" name=\"lastname\" value=\"[$lastname]\" />";
  521. responseString += "</fieldset>";
  522. responseString += "<fieldset id=\"password\">";
  523. responseString += "<legend>Password:</legend>";
  524. responseString += "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">";
  525. responseString += "<tr>";
  526. responseString += "<td colspan=\"2\"><input type=\"password\" size=\"15\" maxlength=\"100\" name=\"password\" value=\"[$password]\" /></td>";
  527. responseString += "</tr>";
  528. responseString += "<tr>";
  529. responseString += "<td valign=\"middle\"><input type=\"checkbox\" name=\"remember_password\" id=\"remember_password\" [$remember_password] style=\"margin-left:0px;\"/></td>";
  530. responseString += "<td><label for=\"remember_password\">Remember password</label></td>";
  531. responseString += "</tr>";
  532. responseString += "</table>";
  533. responseString += "</fieldset>";
  534. responseString += "<input type=\"hidden\" name=\"show_login_form\" value=\"FALSE\" />";
  535. responseString += "<input type=\"hidden\" name=\"method\" value=\"login\" />";
  536. responseString += "<input type=\"hidden\" id=\"grid\" name=\"grid\" value=\"[$grid]\" />";
  537. responseString += "<input type=\"hidden\" id=\"region\" name=\"region\" value=\"[$region]\" />";
  538. responseString += "<input type=\"hidden\" id=\"location\" name=\"location\" value=\"[$location]\" />";
  539. responseString += "<input type=\"hidden\" id=\"channel\" name=\"channel\" value=\"[$channel]\" />";
  540. responseString += "<input type=\"hidden\" id=\"version\" name=\"version\" value=\"[$version]\" />";
  541. responseString += "<input type=\"hidden\" id=\"lang\" name=\"lang\" value=\"[$lang]\" />";
  542. responseString += "<div id=\"submitbtn\">";
  543. responseString += "<input class=\"input_over\" type=\"submit\" value=\"Connect\" />";
  544. responseString += "</div>";
  545. responseString += "<div id=\"connecting\" style=\"visibility:hidden\"> Connecting...</div>";
  546. responseString += "<div id=\"helplinks\">";
  547. responseString += "<a href=\"#join now link\" target=\"_blank\"></a> | ";
  548. responseString += "<a href=\"#forgot password link\" target=\"_blank\"></a>";
  549. responseString += "</div>";
  550. responseString += "<div id=\"channelinfo\"> [$channel] | [$version]=[$lang]</div>";
  551. responseString += "</form>";
  552. responseString += "<script language=\"JavaScript\">";
  553. responseString += "document.getElementById('firstname_input').focus();";
  554. responseString += "</script>";
  555. responseString += "</div>";
  556. responseString += "</div>";
  557. responseString += "</body>";
  558. responseString += "</html>";
  559. return responseString;
  560. }
  561. /// <summary>
  562. /// Saves a target agent to the database
  563. /// </summary>
  564. /// <param name="profile">The users profile</param>
  565. /// <returns>Successful?</returns>
  566. public bool CommitAgent(ref UserProfileData profile)
  567. {
  568. return m_userManager.CommitAgent(ref profile);
  569. }
  570. /// <summary>
  571. /// Checks a user against it's password hash
  572. /// </summary>
  573. /// <param name="profile">The users profile</param>
  574. /// <param name="password">The supplied password</param>
  575. /// <returns>Authenticated?</returns>
  576. public virtual bool AuthenticateUser(UserProfileData profile, string password)
  577. {
  578. bool passwordSuccess = false;
  579. //m_log.InfoFormat("[LOGIN]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
  580. // Web Login method seems to also occasionally send the hashed password itself
  581. // we do this to get our hash in a form that the server password code can consume
  582. // when the web-login-form submits the password in the clear (supposed to be over SSL!)
  583. if (!password.StartsWith("$1$"))
  584. password = "$1$" + Util.Md5Hash(password);
  585. password = password.Remove(0, 3); //remove $1$
  586. string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
  587. // Testing...
  588. //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
  589. //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
  590. passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
  591. || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
  592. return passwordSuccess;
  593. }
  594. public virtual bool AuthenticateUser(UserProfileData profile, LLUUID webloginkey)
  595. {
  596. bool passwordSuccess = false;
  597. m_log.InfoFormat("[LOGIN]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
  598. // Match web login key unless it's the default weblogin key LLUUID.Zero
  599. passwordSuccess = ((profile.WebLoginKey==webloginkey) && profile.WebLoginKey != LLUUID.Zero);
  600. return passwordSuccess;
  601. }
  602. /// <summary>
  603. ///
  604. /// </summary>
  605. /// <param name="profile"></param>
  606. /// <param name="request"></param>
  607. public void CreateAgent(UserProfileData profile, XmlRpcRequest request)
  608. {
  609. m_userManager.CreateAgent(profile, request);
  610. }
  611. public void CreateAgent(UserProfileData profile, LLSD request)
  612. {
  613. m_userManager.CreateAgent(profile, request);
  614. }
  615. /// <summary>
  616. ///
  617. /// </summary>
  618. /// <param name="firstname"></param>
  619. /// <param name="lastname"></param>
  620. /// <returns></returns>
  621. public virtual UserProfileData GetTheUser(string firstname, string lastname)
  622. {
  623. return m_userManager.GetUserProfile(firstname, lastname);
  624. }
  625. /// <summary>
  626. ///
  627. /// </summary>
  628. /// <returns></returns>
  629. public virtual string GetMessage()
  630. {
  631. return m_welcomeMessage;
  632. }
  633. private static LoginResponse.BuddyList ConvertFriendListItem(List<FriendListItem> LFL)
  634. {
  635. LoginResponse.BuddyList buddylistreturn = new LoginResponse.BuddyList();
  636. foreach (FriendListItem fl in LFL)
  637. {
  638. LoginResponse.BuddyList.BuddyInfo buddyitem = new LoginResponse.BuddyList.BuddyInfo(fl.Friend);
  639. buddyitem.BuddyID = fl.Friend;
  640. buddyitem.BuddyRightsHave = (int)fl.FriendListOwnerPerms;
  641. buddyitem.BuddyRightsGiven = (int) fl.FriendPerms;
  642. buddylistreturn.AddNewBuddy(buddyitem);
  643. }
  644. return buddylistreturn;
  645. }
  646. /// <summary>
  647. /// Converts the inventory library skeleton into the form required by the rpc request.
  648. /// </summary>
  649. /// <returns></returns>
  650. protected virtual ArrayList GetInventoryLibrary()
  651. {
  652. Dictionary<LLUUID, InventoryFolderImpl> rootFolders
  653. = m_libraryRootFolder.RequestSelfAndDescendentFolders();
  654. ArrayList folderHashes = new ArrayList();
  655. foreach (InventoryFolderBase folder in rootFolders.Values)
  656. {
  657. Hashtable TempHash = new Hashtable();
  658. TempHash["name"] = folder.Name;
  659. TempHash["parent_id"] = folder.ParentID.ToString();
  660. TempHash["version"] = (Int32)folder.Version;
  661. TempHash["type_default"] = (Int32)folder.Type;
  662. TempHash["folder_id"] = folder.ID.ToString();
  663. folderHashes.Add(TempHash);
  664. }
  665. return folderHashes;
  666. }
  667. /// <summary>
  668. ///
  669. /// </summary>
  670. /// <returns></returns>
  671. protected virtual ArrayList GetLibraryOwner()
  672. {
  673. //for now create random inventory library owner
  674. Hashtable TempHash = new Hashtable();
  675. TempHash["agent_id"] = "11111111-1111-0000-0000-000100bba000";
  676. ArrayList inventoryLibOwner = new ArrayList();
  677. inventoryLibOwner.Add(TempHash);
  678. return inventoryLibOwner;
  679. }
  680. public class InventoryData
  681. {
  682. public ArrayList InventoryArray = null;
  683. public LLUUID RootFolderID = LLUUID.Zero;
  684. public InventoryData(ArrayList invList, LLUUID rootID)
  685. {
  686. InventoryArray = invList;
  687. RootFolderID = rootID;
  688. }
  689. }
  690. }
  691. }