no message

WebInterface/game-site/account.php

@@ -1,4 +1,5 @@
 <?php
+session_start();
 include("web/common.php");
 include("web/crosserver.php");
 include("config.php");
@@ -32,13 +33,14 @@ auth_failed:
 }
 
 
-if(isset($_GET["SLID"], $_GET["C"]))
+if(!is_logged_in() && isset($_GET["SLID"], $_GET["C"]))
 {
-	$id = $_GET['SLID'];
+	$id = (int)$_GET['SLID'];
 	$code = $_GET['C'];
 	
-	$hmac = GenHmacMessage((string)$playerId, "CrossSiteLogin");
+	$hmac = GenHmacMessage((string)$id, "CrossSiteLogin");
-	$hmacSent = base64_decode(bin2hex($hmac));
+	$hmacSent = bin2hex(base64_url_decode($code));
+	
 	if(hash_equals($hmacSent,$hmac))
 	{
 		$_SESSION['LOGGED_IN'] = "YES";
@@ -52,6 +54,7 @@ if(isset($_GET["SLID"], $_GET["C"]))
 	}
 	else
 	{
+		$_SESSION['LOGGED_IN'] = "NO";
 		$login_error = "Error in Automatic Login Authentication!";
 	}
 }

WebInterface/game-site/index.php

@@ -1,10 +1,25 @@
-<?php include("web/header.php"); ?>
+<?php 
+include("config.php");
+
+// Handle logout
+if(isset($_GET["LOGOUT"]))
+{
+	if($_GET["LOGOUT"] == 1)
+	{
+		session_destroy();
+	}
+}
+
+include("web/header.php"); 
+
+
+?>
 
 <CENTER>
 <FONT FACE=Verdana,arial SIZE=-1>
 <BR>
-If you have an account on this server (PINTO.HORSEISLE.COM) please login in at upper right.<BR>
+If you have an account on this server (<?php echo(strtoupper($_SERVER['HTTP_HOST']))?>) please login in at upper right.<BR>
- Otherwise click for <A href=http://hi1.horseisle.com/>Main Horse Isle 1 Site</A>.
+ Otherwise click for <A href=http:<?php echo($master_site); ?>>Main Horse Isle 1 Site</A>.
 <BR><BR>
 
 

WebInterface/game-site/web/common.php

@@ -13,6 +13,14 @@ function hash_salt(string $input, string $salt)
 	return hash('sha512',$xor_hash,false);
 }
 
+function base64_url_encode($input) {
+ return strtr(base64_encode($input), '+/=', '._-');
+}
+
+function base64_url_decode($input) {
+ return base64_decode(strtr($input, '._-', '+/='));
+}
+
 function is_logged_in()
 {
 	if(session_status() !== PHP_SESSION_ACTIVE)
@@ -45,7 +53,7 @@ function get_username(string $id)
 	$stmt->bind_param("i", $id);
 	$stmt->execute();
 	$result = $stmt->get_result();
-	$usetname = intval($result->fetch_row()[0]);
+	$usetname = $result->fetch_row()[0];
 	return $usetname;
 }
 

WebInterface/game-site/web/crosserver.php

@@ -8,7 +8,8 @@ function GenHmacMessage(string $data, string $channel)
 		echo("<h1>Set \$hmac_secret in config.php!</h1>");
 		exit();
 	}
-	return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
+	$hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdYhi'));
+	return $hmac;
 }
 
 function  getNoPlayersOnlineInServer($database)

WebInterface/game-site/web/header.php

@@ -110,7 +110,7 @@ color: #440000;
 	if(is_logged_in())
 	{
 		$username = $_SESSION['USERNAME'];		
-		echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><A HREF=/account.php>'.$_SERVER['HTTP_HOST'].'</A><BR>Logged in as: '.$username.'<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF='.$master_site.'/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF='.$master_site.'/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF='.$master_site.'/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF='.$master_site.'/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF='.$master_site.'/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
+		echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>'.strtoupper($_SERVER['HTTP_HOST']).'</A><BR>Logged in as: '.$username.'<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF='.$master_site.'/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF='.$master_site.'/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF='.$master_site.'/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF='.$master_site.'/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF='.$master_site.'/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
 	}
 	else
 	{

WebInterface/master-site/account.php

@@ -57,7 +57,7 @@ if(isset($_GET['CONNECT']))
 		if(!endsWith($redirectUrl, '/'))
 			$redirectUrl .= '/';
 		
-		$redirectUrl .= 'account.php?SLID='.(string)$playerId.'&C='.base64_encode(hex2bin($hmac));
+		$redirectUrl .= 'account.php?SLID='.(string)$playerId.'&C='.base64_url_encode(hex2bin($hmac));
 		
 		header("Location: ".$redirectUrl);
 		exit();

WebInterface/master-site/common.php

@@ -13,6 +13,14 @@ function hash_salt(string $input, string $salt)
 	return hash('sha512',$xor_hash,false);
 }
 
+function base64_url_encode($input) {
+ return strtr(base64_encode($input), '+/=', '._-');
+}
+
+function base64_url_decode($input) {
+ return base64_decode(strtr($input, '._-', '+/='));
+}
+
 function is_logged_in()
 {
 	if(session_status() !== PHP_SESSION_ACTIVE)
@@ -45,7 +53,7 @@ function get_username(string $id)
 	$stmt->bind_param("i", $id);
 	$stmt->execute();
 	$result = $stmt->get_result();
-	$usetname = intval($result->fetch_row()[0]);
+	$usetname = $result->fetch_row()[0];
 	return $usetname;
 }
 

WebInterface/master-site/crosserver.php

@@ -2,11 +2,14 @@
 
 function GenHmacMessage(string $data, string $channel)
 {
+	include('config.php');
 	if($hmac_secret === "!!NOTSET!!"){
-		die("Please set HMAC_SECRET !");
+		echo("<script>alert('Please set HMAC_SECRET !')</script>");
+		echo("<h1>Set \$hmac_secret in config.php!</h1>");
 		exit();
 	}
-	return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
+	$hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdYhi'));
+	return $hmac;
 }
 
 function  getNoPlayersOnlineInServer($database)