Index: server/DataAccess.cpp =================================================================== --- server/DataAccess.cpp (revision 5806dc221ad8a882fab3da707fe8ed2896dd396e) +++ server/DataAccess.cpp (revision b128109e36df4199568551e736a76e5acca16912) @@ -3,4 +3,5 @@ #include #include +#include using namespace std; @@ -27,7 +28,36 @@ ostringstream oss; - oss << "'" << username << "', '" << password << "'"; + string salt = "$1$"; + int random; + char chr; + for(int i=0; i<8; i++) + { + random = rand() % 62; + if (random < 26) + chr = (char)('a'+random); + else if (random < 52) + chr = (char)('A'+random-26); + else + chr = (char)('0'+random-52); + salt += chr; + } + salt += '$'; + + string encrypted(crypt(password.c_str(), salt.c_str())); + + oss << "'" << username << "', '" << encrypted << "'"; return insert("users", "name, password", oss.str()); +} + +int DataAccess::updatePlayer(string username, string password) +{ + ostringstream values, where; + + values << "password='" << password << "'"; + + where << "name='" << username << "'"; + + return update("users", values.str(), where.str()); } @@ -63,5 +93,9 @@ } -int DataAccess::printPlayers() +// need to make sure this list is freed +// since we need to create a DataAccess class +// when calling these functions, +// we could free this list in the destructor +list* DataAccess::getPlayers() { MYSQL_RES *result; @@ -73,22 +107,49 @@ if (result == NULL) { cout << mysql_error(connection) << endl; - return 1; + return NULL; } + list* lstPlayers = new list(); while ( ( row = mysql_fetch_row(result)) != NULL ) { cout << row[0] << ", " << row[1] << ", " << row[2] << endl; + lstPlayers->push_back(new Player(row[1], row[2])); } mysql_free_result(result); - return 0; + return lstPlayers; } -int DataAccess::insert(string table, string rows, string values) +bool DataAccess::verifyPassword(string password, string encrypted) +{ + string test(crypt(password.c_str(), encrypted.c_str())); + + return encrypted.compare(test) == 0; +} + +int DataAccess::insert(string table, string columns, string values) { int query_state; ostringstream oss; - oss << "INSERT into " << table << " (" << rows << ") VALUES (" << values << ")"; + oss << "INSERT into " << table << " (" << columns << ") VALUES (" << values << ")"; + cout << "query: " << oss.str() << endl; + + query_state = mysql_query(connection, oss.str().c_str()); + + if (query_state != 0) { + cout << mysql_error(connection) << endl; + return 1; + } + + return 0; +} + +int DataAccess::update(string table, string values, string where) +{ + int query_state; + ostringstream oss; + + oss << "UPDATE " << table << " SET " << values << " WHERE " << where; cout << "query: " << oss.str() << endl; Index: server/DataAccess.h =================================================================== --- server/DataAccess.h (revision 5806dc221ad8a882fab3da707fe8ed2896dd396e) +++ server/DataAccess.h (revision b128109e36df4199568551e736a76e5acca16912) @@ -3,4 +3,5 @@ #include +#include #include @@ -16,9 +17,12 @@ int insertPlayer(string username, string password); + int updatePlayer(string username, string password); - Player *getPlayer(string username); - int printPlayers(); + Player* getPlayer(string username); + list* getPlayers(); + bool verifyPassword(string encrypted, string password); int insert(string table, string rows, string values); + int update(string table, string values, string where); MYSQL_RES *select(string table, string filter); Index: server/makefile =================================================================== --- server/makefile (revision 5806dc221ad8a882fab3da707fe8ed2896dd396e) +++ server/makefile (revision b128109e36df4199568551e736a76e5acca16912) @@ -1,4 +1,4 @@ CC = g++ -LIB_FLAGS = -lssl -lmysqlclient +LIB_FLAGS = -lssl -lmysqlclient -lcrypt FLAGS = $(LIB_FLAGS) COMMON_PATH = ../common Index: server/server.cpp =================================================================== --- server/server.cpp (revision 5806dc221ad8a882fab3da707fe8ed2896dd396e) +++ server/server.cpp (revision b128109e36df4199568551e736a76e5acca16912) @@ -14,4 +14,6 @@ #include #include + +#include /* @@ -129,6 +131,8 @@ broadcastResponse = processMessage(clientMsg, from, mapPlayers, unusedId, serverMsg); + // probably replace this with a function that prints based on the + // message type cout << "msg: " << serverMsg.buffer << endl; - + cout << "broadcastResponse: " << broadcastResponse << endl; if (broadcastResponse) { @@ -197,9 +201,8 @@ string username(clientMsg.buffer); string password(strchr(clientMsg.buffer, '\0')+1); - cout << "Player logging in: " << username << endl; Player* p = da.getPlayer(username); - if (p == NULL || p->password != password) + if (p == NULL || !da.verifyPassword(password, p->password)) { strcpy(serverMsg.buffer, "Incorrect username or password"); @@ -272,11 +275,44 @@ broadcastResponse = true; - stringstream ss; - ss << p->name << ": " << clientMsg.buffer; - - strcpy(serverMsg.buffer, ss.str().c_str()); + ostringstream oss; + oss << p->name << ": " << clientMsg.buffer; + + strcpy(serverMsg.buffer, oss.str().c_str()); } serverMsg.type = MSG_TYPE_CHAT; + + break; + } + case MSG_TYPE_PLAYER_MOVE: + { + istringstream iss; + iss.str(clientMsg.buffer); + + cout << "PLAYER_MOVE" << endl; + + int id, x, y; + + memcpy(&id, clientMsg.buffer, 4); + memcpy(&x, clientMsg.buffer+4, 4); + memcpy(&y, clientMsg.buffer+8, 4); + + cout << "x: " << x << endl; + cout << "y: " << y << endl; + cout << "id: " << id << endl; + + if ( mapPlayers[id].addr.sin_addr.s_addr == from.sin_addr.s_addr && + mapPlayers[id].addr.sin_port == from.sin_port ) + { + memcpy(&mapPlayers[id].pos.x, clientMsg.buffer+4, 4); + memcpy(&mapPlayers[id].pos.y, clientMsg.buffer+8, 4); + + serverMsg.type = MSG_TYPE_PLAYER_MOVE; + memcpy(serverMsg.buffer, clientMsg.buffer, 12); + + broadcastResponse = true; + } + else // nned to send back a message indicating failure + cout << "Player id (" << id << ") doesn't match sender" << endl; break;