DragonKnight/DK2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor, update gate methods

Browse Source
This commit is contained in:
Sky Johnson 2024-10-03 12:36:49 -05:00
parent a61ac11f60
commit e32803b7f9
11 changed files with 109 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
database/auth.db
View File

Binary file not shown.

2
public/index.php
View File

@ -12,7 +12,7 @@ $r = [];
Home Home
*/ */
router_get($r, '/', function () { router_get($r, '/', function () {
if (user()) auth_char_ensure(); if (user()) must_have_character();
echo render('layouts/basic', ['view' => 'pages/home']); echo render('layouts/basic', ['view' => 'pages/home']);
}); });

26
src/auth.php
View File

@ -3,7 +3,7 @@
/** /**
* Checks if the given username already exists. * Checks if the given username already exists.
*/ */
function auth_usernameExists(string $username): bool function auth_username_exists(string $username): bool
{ {
return db_exists(db_auth(), 'users', 'username', $username); return db_exists(db_auth(), 'users', 'username', $username);
} }
@ -11,27 +11,11 @@ function auth_usernameExists(string $username): bool
/** /**
* Checks if the given email already exists. * Checks if the given email already exists.
*/ */
function auth_emailExists(string $email): bool function auth_email_exists(string $email): bool
{ {
return db_exists(db_auth(), 'users', 'email', $email); return db_exists(db_auth(), 'users', 'email', $email);
} }
/**
* Create a long-lived session for the user.
*/
function auth_rememberMe()
{
$token = token();
$expires = strtotime('+30 days');
$result = db_query(db_auth(), "INSERT INTO sessions (token, user_id, expires) VALUES (:t, :u, :e)", [
':t' => $token,
':u' => $_SESSION['user']['id'],
':e' => $expires
]);
if (!$result) router_error(400);
set_cookie('remember_me', $token, $expires);
}
/** /**
* Check for a user session. If $_SESSION['user'] already exists, return early. If not, check for a remember me * Check for a user session. If $_SESSION['user'] already exists, return early. If not, check for a remember me
* cookie. If a remember me cookie exists, validate the session and set $_SESSION['user']. * cookie. If a remember me cookie exists, validate the session and set $_SESSION['user'].
@ -58,7 +42,7 @@ function auth_check(): bool
* Ensure a user is logged in, or redirect to the login page. This will also check for a remember me cookie and * Ensure a user is logged in, or redirect to the login page. This will also check for a remember me cookie and
* populate the $_SESSION['user'] array. * populate the $_SESSION['user'] array.
*/ */
function auth_ensure(): void function auth_only(): void
{ {
if (!auth_check()) redirect('/auth/login'); if (!auth_check()) redirect('/auth/login');
} }
@ -66,7 +50,7 @@ function auth_ensure(): void
/** /**
* If there is a user logged in, redirect to the home page. Used for when we have a guest-only page. * If there is a user logged in, redirect to the home page. Used for when we have a guest-only page.
*/ */
function auth_guest(): void function guest_only(): void
{ {
if (auth_check()) redirect('/'); if (auth_check()) redirect('/');
} }
@ -75,7 +59,7 @@ function auth_guest(): void
* Ensure the user has a character selected. If they have no character, redirect to the character creation page. Otherwise, * Ensure the user has a character selected. If they have no character, redirect to the character creation page. Otherwise,
* select the first character attached to the user. * select the first character attached to the user.
*/ */
function auth_char_ensure(): void function must_have_character(): void
{ {
// If there is a character selected, and the data exists, return early. // If there is a character selected, and the data exists, return early.
if ($_SESSION['user']['char_id'] !== 0 && !empty($_SESSION['char'])) return; if ($_SESSION['user']['char_id'] !== 0 && !empty($_SESSION['char'])) return;

10
src/components.php
View File

@ -9,11 +9,11 @@ function c_logout_button(): string
} }
/** /**
* Render the character bar; pass either the character data as an array or the character ID as an int. * Render the character bar. Relies on there being a character in the session. Without one, this will return an empty
* string.
*/ */
function c_char_bar(array|int $char): string function c_char_bar(): string
{ {
if (is_int($char)) $char = char_find($char); if (!char()) return '';
if ($char === false) throw new Exception('Character not found for char bar.'); return render('components/char_bar', ['char' => char()]);
return render('components/char_bar', ['char' => $char]);
} }

47
src/controllers/auth.php
View File

@ -5,7 +5,7 @@
*/ */
function auth_controller_register_get(): void function auth_controller_register_get(): void
{ {
gate(false, false); guest_only();
echo render('layouts/basic', ['view' => 'pages/auth/register']); echo render('layouts/basic', ['view' => 'pages/auth/register']);
} }
@ -14,7 +14,7 @@ function auth_controller_register_get(): void
*/ */
function auth_controller_register_post(): void function auth_controller_register_post(): void
{ {
gate(false, false); guest_only();
csrf_ensure(); csrf_ensure();
$errors = []; $errors = [];
@ -63,14 +63,14 @@ function auth_controller_register_post(): void
/* /*
A username must be unique. A username must be unique.
*/ */
if (auth_usernameExists($u)) { if (auth_username_exists($u)) {
$errors['u'][] = 'Username is already taken.'; $errors['u'][] = 'Username is already taken.';
} }
/* /*
An email must be unique. An email must be unique.
*/ */
if (auth_emailExists($e)) { if (auth_email_exists($e)) {
$errors['e'][] = 'Email is already taken.'; $errors['e'][] = 'Email is already taken.';
} }
@ -92,7 +92,7 @@ function auth_controller_register_post(): void
*/ */
function auth_controller_login_get(): void function auth_controller_login_get(): void
{ {
gate(false, false); guest_only();
echo render('layouts/basic', ['view' => 'pages/auth/login']); echo render('layouts/basic', ['view' => 'pages/auth/login']);
} }
@ -101,7 +101,7 @@ function auth_controller_login_get(): void
*/ */
function auth_controller_login_post(): void function auth_controller_login_post(): void
{ {
gate(false, false); guest_only();
csrf_ensure(); csrf_ensure();
$errors = []; $errors = [];
@ -140,8 +140,20 @@ function auth_controller_login_post(): void
} }
$_SESSION['user'] = $user; $_SESSION['user'] = $user;
$_SESSION['char'] = char_find($user['char_id']); change_user_character($user['char_id']);
if ($_POST['remember'] ?? false) auth_rememberMe();
if ($_POST['remember'] ?? false) {
$token = token();
$expires = strtotime('+30 days');
$result = db_query(db_auth(), "INSERT INTO sessions (token, user_id, expires) VALUES (:t, :u, :e)", [
':t' => $token,
':u' => $_SESSION['user']['id'],
':e' => $expires
]);
if (!$result) router_error(400);
set_cookie('remember_me', $token, $expires);
}
redirect('/'); redirect('/');
} }
@ -163,19 +175,22 @@ function auth_controller_logout_post(): void
*/ */
function auth_controller_change_character_post(): void function auth_controller_change_character_post(): void
{ {
gate(true); auth_only();
must_have_character();
csrf_ensure(); csrf_ensure();
$char_id = (int) ($_POST['char_id'] ?? 0); $char_id = (int) ($_POST['char_id'] ?? 0);
if (char_exists($char_id) === false) router_error(400);
$_SESSION['user']['char_id'] = $char_id; // If the character ID is the current character, do nothing.
if (db_query(db_auth(), 'UPDATE users SET char_id = :c WHERE id = :u', [ if ($char_id === $_SESSION['user']['char_id']) redirect('/');
':c' => $char_id,
':u' => $_SESSION['user']['id']
]) === false) router_error(400);
$_SESSION['char'] = char_find($char_id); // Make sure the character ID is valid.
if (char_exists($char_id) === false) throw new Exception('Invalid character ID. (acccp)');
// Make sure the user owns the character.
if (char_belongs_to_user($char_id, $_SESSION['user']['id']) === false) router_error(999);
change_user_character($char_id);
redirect('/'); redirect('/');
} }

25
src/controllers/char.php
View File

@ -5,7 +5,7 @@
*/ */
function char_controller_create_first_get(): void function char_controller_create_first_get(): void
{ {
gate(false); auth_only();
// If the user already has a character, redirect them to the main page. // If the user already has a character, redirect them to the main page.
if (char_count(user('id')) > 0) redirect('/'); if (char_count(user('id')) > 0) redirect('/');
@ -14,11 +14,11 @@ function char_controller_create_first_get(): void
} }
/** /**
* Create a player for the currently logged in user. * Create a character for the currently logged in user.
*/ */
function char_controller_create_post(): void function char_controller_create_post(): void
{ {
gate(false); auth_only();
csrf_ensure(); csrf_ensure();
$errors = []; $errors = [];
@ -38,9 +38,9 @@ function char_controller_create_post(): void
} }
/* /*
A player's name must be unique. A character's name must be unique.
*/ */
if (char_nameExists($name)) $errors['name'][] = 'Name is already taken.'; if (char_name_exists($name)) $errors['name'][] = 'Name is already taken.';
// If there are errors at this point, send them to the page with errors flashed. // If there are errors at this point, send them to the page with errors flashed.
if (!empty($errors)) { if (!empty($errors)) {
@ -48,14 +48,17 @@ function char_controller_create_post(): void
redirect('/'); redirect('/');
} }
// Create the player // Create the character
$player = char_create(user('id'), $name); $char = char_create(user('id'), $name);
if ($player === false) router_error(400); if ($char === false) router_error(400);
// Create the auxiliary tables // Create the auxiliary tables
char_location_create($player); char_location_create($char);
char_wallet_create($player); char_wallet_create($char);
char_gear_create($player); char_gear_create($char);
// Set the character as the user's selected character
change_user_character($char);
redirect('/'); redirect('/');
} }

2
src/env.php
View File

@ -5,7 +5,7 @@
*/ */
function env_load(string $filePath): void function env_load(string $filePath): void
{ {
if (!file_exists($filePath)) throw new Exception("The .env file does not exist."); if (!file_exists($filePath)) throw new Exception("The .env file does not exist. (el)");
$lines = file($filePath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); $lines = file($filePath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($lines as $line) { foreach ($lines as $line) {

10
src/helpers.php
View File

@ -139,11 +139,11 @@ function char(string $field = ''): mixed
} }
/** /**
* Perform an authentication and optionally a character check. Failing user auth will redirect to the login page. Failing * Shorthand to update the user's selected character.
* the character check will redirect to the character creation page.
*/ */
function gate(bool $char = false, bool $user = true): void function change_user_character(int $char_id): void
{ {
if ($user && !auth_check()) redirect('/auth/login'); $_SESSION['user']['char_id'] = $char_id;
if ($char) auth_char_ensure(); db_query(db_auth(), "UPDATE users SET char_id = :c WHERE id = :u", [':c' => $char_id, ':u' => user('id')]);
$_SESSION['char'] = char_find($char_id);
} }

82
src/models/char.php
View File

@ -1,14 +1,14 @@
<?php <?php
/* /*
Players are the living, breathing entities that interact with the game world. They are inextricably linked to their characters are the living, breathing entities that interact with the game world. They are inextricably linked to their
accounts, and are the primary means by which the player interacts with the game world. Separating the player from accounts, and are the primary means by which the character interacts with the game world. Separating the character from
the account allows for multiple players to be associated with a single account, and to prevent concurrency issues the account allows for multiple characters to be associated with a single account, and to prevent concurrency issues
when performing auth checks on the database. when performing auth checks on the database.
When creating a player, we want to init all of the related data tables; wallets, inventory, bank, etc. When creating a character, we want to init all of the related data tables; wallets, inventory, bank, etc.
When retrieving a player, we will get the tables as-needed, to prevent allocating more memory than we need. When retrieving a character, we will get the tables as-needed, to prevent allocating more memory than we need.
*/ */
const currently = [ const currently = [
@ -20,9 +20,9 @@ const currently = [
]; ];
/** /**
* Create a player. Only a user ID and a name are required. All other fields are optional. Pass a key-value array * Create a character. Only a user ID and a name are required. All other fields are optional. Pass a key-value array
* of overrides to set additional fields. A player's name must be unique, but this function does not check for * of overrides to set additional fields. A character's name must be unique, but this function does not check for
* that. Returns the created player's ID. * that. Returns the created character's ID.
*/ */
function char_create(int $user_id, string $name, array $overrides = []): int function char_create(int $user_id, string $name, array $overrides = []): int
{ {
@ -35,19 +35,19 @@ function char_create(int $user_id, string $name, array $overrides = []): int
$f = implode(', ', $k); $f = implode(', ', $k);
$v = implode(', ', array_map(fn($x) => ":$x", $k)); $v = implode(', ', array_map(fn($x) => ":$x", $k));
// Create the player! // Create the character!
if (db_query(db_live(), "INSERT INTO characters ($f) VALUES ($v)", $data) === false) { if (db_query(db_live(), "INSERT INTO characters ($f) VALUES ($v)", $data) === false) {
// @TODO: Log this error // @TODO: Log this error
throw new Exception('Failed to create player.'); throw new Exception('Failed to create character. (cc)');
} }
// Get the player ID // Get the character ID
return db_live()->lastInsertRowID(); return db_live()->lastInsertRowID();
} }
/** /**
* Create a player's location record. A player's location is where they are in the game world. A player can only be * Create a character's location record. A character's location is where they are in the game world. A character can only be
* in one location at a time. Can define a starting location for the player. Default state is 'Exploring'. * in one location at a time. Can define a starting location for the character. Default state is 'Exploring'.
*/ */
function char_location_create(int $char_id, int $x = 0, int $y = 0, int $currently = 0): void function char_location_create(int $char_id, int $x = 0, int $y = 0, int $currently = 0): void
{ {
@ -57,12 +57,12 @@ function char_location_create(int $char_id, int $x = 0, int $y = 0, int $current
':y' => $y, ':y' => $y,
':c' => $currently ':c' => $currently
]) === false) { ]) === false) {
throw new Exception('Failed to create player location.'); throw new Exception('Failed to create character location. (clc)');
} }
} }
/** /**
* Creates a player's wallet. A player's wallet is where they store their currencies. Can optionally specify the * Creates a character's wallet. A character's wallet is where they store their currencies. Can optionally specify the
* starting balances of the wallet. Returns the created wallet's ID. If a currency is set to -1, the starting_silver * starting balances of the wallet. Returns the created wallet's ID. If a currency is set to -1, the starting_silver
* or starting_star_gems fields from the env will be used. * or starting_star_gems fields from the env will be used.
*/ */
@ -73,23 +73,23 @@ function char_wallet_create(int $char_id, int $silver = -1, int $starGems = -1):
':s' => $silver === -1 ? env('start_silver', 10) : $silver, ':s' => $silver === -1 ? env('start_silver', 10) : $silver,
':sg' => $starGems === -1 ? env('start_star_gems', 0) : $starGems ':sg' => $starGems === -1 ? env('start_star_gems', 0) : $starGems
]) === false) { ]) === false) {
throw new Exception('Failed to create player wallet.'); throw new Exception('Failed to create character wallet. (cwc)');
} }
} }
/** /**
* Create the player's gear table. A player's gear is where they store their equipped items. * Create the character's gear table. A character's gear is where they store their equipped items.
* @TODO: implement initial gear * @TODO: implement initial gear
*/ */
function char_gear_create(int $char_id, array $initialGear = []): void function char_gear_create(int $char_id, array $initialGear = []): void
{ {
if (db_query(db_live(), "INSERT INTO char_gear (char_id) VALUES (:p)", [':p' => $char_id]) === false) { if (db_query(db_live(), "INSERT INTO char_gear (char_id) VALUES (:p)", [':p' => $char_id]) === false) {
throw new Exception('Failed to create player gear.'); throw new Exception('Failed to create character gear. (cgc)');
} }
} }
/** /**
* Create the player's bank account. The bank stores items and currency, with an interest rate based on * Create the character's bank account. The bank stores items and currency, with an interest rate based on
* the bank account's tier. The bank account has a limited number of slots, which can be increased by upgrading * the bank account's tier. The bank account has a limited number of slots, which can be increased by upgrading
* the bank account. The bank account starts with 0 silver and 5 slots. * the bank account. The bank account starts with 0 silver and 5 slots.
*/ */
@ -101,7 +101,7 @@ function char_bank_create(int $char_id, int $slots = 5, int $silver = 0, int $ti
':si' => $silver, ':si' => $silver,
':t' => $tier ':t' => $tier
]) === false) { ]) === false) {
throw new Exception('Failed to create player bank.'); throw new Exception('Failed to create character bank. (cbc)');
} }
} }
@ -111,65 +111,63 @@ function char_bank_create(int $char_id, int $slots = 5, int $silver = 0, int $ti
function char_find(int $char_id): array function char_find(int $char_id): array
{ {
$char = db_query(db_live(), "SELECT * FROM characters WHERE id = :id", [':id' => $char_id])->fetchArray(SQLITE3_ASSOC); $char = db_query(db_live(), "SELECT * FROM characters WHERE id = :id", [':id' => $char_id])->fetchArray(SQLITE3_ASSOC);
if ($char === false) throw new Exception('Character not found.'); if ($char === false) throw new Exception('Character not found. (cf)');
return $char; return $char;
} }
/** /**
* Count the number of players associated with an account ID. * Count the number of characters associated with an account ID.
*/ */
function char_count(int $user_id): int function char_count(int $user_id): int
{ {
$count = db_query(db_live(), "SELECT COUNT(*) FROM characters WHERE user_id = :u", [':u' => $user_id])->fetchArray(SQLITE3_NUM); $count = db_query(db_live(), "SELECT COUNT(*) FROM characters WHERE user_id = :u", [':u' => $user_id])->fetchArray(SQLITE3_NUM);
if ($count === false) throw new Exception('Failed to count players.'); if ($count === false) throw new Exception('Failed to count characters. (cc)');
return (int) $count[0]; return (int) $count[0];
} }
/** /**
* Get a an array of id => [name, level] for all players associated with an account ID. * Get a an array of id => [name, level] for all characters associated with an account ID.
*/ */
function char_list(int $user_id): array function char_list(int $user_id): array
{ {
$stmt = db_query(db_live(), "SELECT id, name, level FROM characters WHERE user_id = :u", [':u' => $user_id]); $stmt = db_query(db_live(), "SELECT id, name, level FROM characters WHERE user_id = :u", [':u' => $user_id]);
if ($stmt === false) throw new Exception('Failed to list players.'); if ($stmt === false) throw new Exception('Failed to list characters. (cl)');
$players = []; $characters = [];
while ($row = $stmt->fetchArray(SQLITE3_ASSOC)) { while ($row = $stmt->fetchArray(SQLITE3_ASSOC)) {
$players[$row['id']] = ['name' => $row['name'], 'level' => $row['level']]; $characters[$row['id']] = ['name' => $row['name'], 'level' => $row['level']];
} }
return $players; return $characters;
} }
/** /**
* Get a player's location info by their player ID. Returns the location's data as an associative array. * Get a character's location info by their character ID. Returns the location's data as an associative array.
*/ */
function char_get_location(int $char_id): array function char_get_location(int $char_id): array
{ {
// Get the location // Get the location
$location = db_query(db_live(), "SELECT * FROM char_locations WHERE char_id = :p", [':p' => $char_id])->fetchArray(SQLITE3_ASSOC); $location = db_query(db_live(), "SELECT * FROM char_locations WHERE char_id = :p", [':p' => $char_id])->fetchArray(SQLITE3_ASSOC);
if ($location === false) throw new Exception('Location not found.'); if ($location === false) throw new Exception('Location not found. (cgl)');
return $location; return $location;
} }
/** /**
* Get a player's wallet by their player ID. Returns the wallet's data as an associative array. * Get a character's wallet by their character ID. Returns the wallet's data as an associative array.
*/ */
function char_get_wallet(int $char_id): array function char_get_wallet(int $char_id): array
{ {
$wallet = db_query(db_live(), "SELECT * FROM char_wallets WHERE char_id = :p", [':p' => $char_id])->fetchArray(SQLITE3_ASSOC); $wallet = db_query(db_live(), "SELECT * FROM char_wallets WHERE char_id = :p", [':p' => $char_id])->fetchArray(SQLITE3_ASSOC);
if ($wallet === false) throw new Exception('Wallet not found.'); if ($wallet === false) throw new Exception('Wallet not found. (cgw)');
return $wallet; return $wallet;
} }
/** /**
* See if a player name exists. * See if a character name exists.
*/ */
function char_nameExists(string $name): bool function char_name_exists(string $name): bool
{ {
$exists = db_query(db_live(), "SELECT COUNT(*) FROM characters WHERE name = :n", [':n' => $name])->fetchArray(SQLITE3_NUM); return db_exists(db_live(), 'characters', 'name', $name);
if ($exists === false) throw new Exception('Failed to check for player name.');
return (int) $exists[0] > 0;
} }
/** /**
@ -179,3 +177,13 @@ function char_exists(int $char_id): bool
{ {
return db_exists(db_live(), 'characters', 'id', $char_id); return db_exists(db_live(), 'characters', 'id', $char_id);
} }
/**
* See if the given character belongs to the given user.
*/
function char_belongs_to_user(int $char_id, int $user_id): bool
{
$char = db_query(db_live(), "SELECT user_id FROM characters WHERE id = :p", [':p' => $char_id])->fetchArray(SQLITE3_ASSOC);
if ($char === false) throw new Exception('Character not found. (cbtu)');
return $char['user_id'] === $user_id;
}

1
src/router.php
View File

@ -124,6 +124,7 @@ function router_error(int $code): void
404 => 'Not Found', 404 => 'Not Found',
405 => 'Method Not Allowed', 405 => 'Method Not Allowed',
418 => 'I\'m a teapot', 418 => 'I\'m a teapot',
999 => 'Cheating attempt detected',
default => 'Unknown Error', default => 'Unknown Error',
}; };
exit; exit;

4
templates/layouts/basic.php
View File

@ -23,9 +23,7 @@
</div> </div>
</header> </header>
<?php if (char()) { <?= c_char_bar(user('char_id')) ?>
echo c_char_bar(user('char_id'));
} ?>
<main> <main>
<?= render($view, $data) ?> <?= render($view, $data) ?>