Fixed many bugs, got MySQL database working

README.md

@@ -2,11 +2,21 @@ HereAuth
 ===
 > Your auth plugin is here, for you. The PocketMine auth plugin with the most customization ever.
 
-Phar download:
+### Phar download
 * [Latest development build](compile/HereAuth_Dev.phar)
 * [Latest beta build](compile/HereAuth_Beta.phar)
 * [Latest release](compile/HereAuth_RC.phar)
 
+#### Latest Dev build number
+`135`
+
+#### Latest Beta build number
+`136`
+
+#### Latest RC build number
+`nil`
+
+### License
 ```
 Copyright (C) 2016 PEMapModder
 This program is free software: you can redistribute it and/or modify
@@ -15,10 +25,11 @@ the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 ```
 
-Project created (first byte written): Jan 14 2016
+### Project history:
+First byte written: Jan 14 2016
+First beta released: Jan 21 2016
 
-Features
-===
+### Features
 - [x] Authentication by typing password into chat
     - [x] sorry, no alternative, but there is an option to disallow passwords starting with slashes
 - [x] Blocks player from talking password into chat directly
@@ -28,8 +39,8 @@ Features
 - [x] Advanced session control system over PocketMine's default one
     - [x] PocketMine by default kicks the old player if a player joins with the same name as an online player.
     - [x] HereAuth checks if the players have the same client secret (and IP address too, optional in config). If they do, that means it is from the same genuine player, so kick the old player. If they aren't, this most likely means that the new player is trying to get the old player kicked.
-- [ ] Multiple database types supported
-    - [ ] MySQL
+- [x] Multiple database types supported
+    - [x] MySQL
     - [x] filesystem (zlib-encoded JSON + SQLite3)
     - [x] External database through other plugins
 - [x] Count-limit or rate-limit accounts per IP (account-throttle)
@@ -41,6 +52,12 @@ Features
     - [ ] Don't let impostors see what is in your inventory!
     - [ ] Don't let impostors see where you are!
     - [ ] Don't let impostors see what messages other plugins want to send to you!
+- [ ] Account management commands
+    - [ ] `/chpw`: change password
+    - [ ] `/unreg`: unregister account
+    - [ ] `/opt`: change account options (things in `config.yml`:`DefaultSettings`)
+    - [x] `/lock`: temporarily logout (deauthenticate) without entirely leaving the server
+    - [ ] `/rename`: rename account
 - [x] Server-customized events to block when not authenticated
     - [x] Only blocks events that you want to block!
 - [x] Enforced password control
@@ -50,6 +67,11 @@ Features
 - [x] Extensive audit logging
 - [ ] An extensive API (W.I.P.)
 
-Entry script
-===
+## Entry script
 Open this phar directly with PHP binaries to automatically extract the config files.
+
+## Code Statistics
+* 50 PHP source files
+* 3687 lines of PHP code
+  * minus 750 lines of license header
+  * Total: 2937

compile.php

@@ -81,14 +81,16 @@ function parsePerms(SimpleXMLElement $element, array $parents){
 $NAME = $info->name;
 
 $CLASS = "Dev";
+$BUILD_NUMBER = $info->nextBuild++;
+
 $opts = getopt("", ["rc", "beta"]);
 if(isset($opts["beta"])){
 	$CLASS = "Beta";
 }elseif(isset($opts["rc"])){
 	$CLASS = "RC";
 }
 
-$VERSION = $info->version->major . "." . $info->version->minor . "-" . $CLASS . "#" . ($buildNumber = $info->nextBuild++);
+$VERSION = $info->version->major . "." . $info->version->minor . "-" . $CLASS . "#" . $BUILD_NUMBER;
 file_put_contents("compile/info.json", json_encode($info, JSON_BIGINT_AS_STRING | JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
 
 $permissions = [];
@@ -127,7 +129,7 @@ function parsePerms(SimpleXMLElement $element, array $parents){
 addDir($phar, "entry", "entry");
 addDir($phar, "resources", "resources");
 $phar->stopBuffering();
-echo "Created $NAME $CLASS #$buildNumber", PHP_EOL;
+echo "Created $NAME $CLASS #$BUILD_NUMBER", PHP_EOL;
 
 exec("git add " . escapeshellarg($file));
 if(is_file("priv/postCompile.php")){

compile/info.json

@@ -9,5 +9,5 @@
         "major": 1,
         "minor": 0
     },
-    "nextBuild": 84
+    "nextBuild": 137
 }

entry/entry.php

@@ -14,8 +14,6 @@
  * @author PEMapModder
  */
 
-echo "(Ignore the line above; it is just a harmless annoying Shebang line)", "\n";
-
 //if(version_compare(PHP_VERSION, "7.0.0", "<")){
 //	echo "Fatal: This entry script requires PHP >=7.0.0!\n";
 //	exit;

resources/config.yml

@@ -93,7 +93,7 @@ RemindLogin:
     Register: Please register by typing password into chat
     Login: Please login by typing password into chat
   # Type of message.
-  # Options: chat, popup, tip
+  # Options: chat, popup, tip, none
   Type: popup
   # Frequency interval, in seconds, of how often to send the message
   # Value is rounded down to 0.05 second
@@ -248,7 +248,7 @@ Appearance:
   #   but without potion effect bubbles
   Invisible: false
   # Add text before player nametag
-  PrependNametag: "§7["
+  PrependNametag: "§c["
   # Add text after player nametag
   AppendNametag: "]"
 

src/HereAuth/Database/MySQL/MySQLDatabase.php

@@ -31,28 +31,32 @@ class MySQLDatabase implements Database{
 	public function __construct(HereAuth $main){
 		$this->main = $main;
 		$this->crd = MySQLCredentials::fromConfig($main->getConfig());
-		$this->mainTable = $main->getConfig()->getNested("Database.MySQL.TablePrefix", "hereauth_") . "accounts";
+		$this->mainTable = $main->getConfig()->getNested("Database.MySQL.TablePrefix", "hereauth_") . "accs";
 		$main->getLogger()->info("Initializing database...");
-		$db = $this->createMysqliInstance($this->crd);
+		$db = self::createMysqliInstance($this->crd);
 		$db->query("CREATE TABLE IF NOT EXISTS `$this->mainTable` (
 			name VARCHAR(63) PRIMARY KEY,
 			hash BINARY(64),
-			register INT,
-			login INT,
+			register INT UNSIGNED,
+			login INT UNSIGNED,
 			ip VARCHAR(50),
 			secret BINARY(16),
 			uuid BINARY(16),
-			skin VARBINARY(32767),
-			opts VARCHAR(32767),
-			multihash VARCHAR(32767)
+			skin BINARY(64),
+			opts VARCHAR(1024),
+			multihash VARCHAR(1024)
 		)");
+		if(isset($db->error) and $db->error){
+			throw new \RuntimeException($db->error);
+		}
+		$db->close();
 	}
 
 	public function loadFor($name, $identifier){
 		$this->main->getServer()->getScheduler()->scheduleAsyncTask(new MySQLLoadPlayerTask($this, $name, $identifier));
 	}
 
-	public function saveData($name, AccountInfo $info){
+	public function saveData(AccountInfo $info){
 		$this->main->getServer()->getScheduler()->scheduleAsyncTask(new MySQLSavePlayerTask($this, $info));
 	}
 
@@ -62,33 +66,39 @@ public function renameAccount($oldName, $newName, callable $hook){
 	}
 
 	public function unregisterAccount($name, callable $hook){
-		// TODO: Implement unregisterAccount() method.
+		$hookId = $this->main->getFridge()->store($hook);
+		$this->main->getServer()->getScheduler()->scheduleAsyncTask(new MySQLUnregisterPlayerTask($this, $name, $hookId));
+	}
+
+	public function passesLimit($ip, $limit, $time, $identifier){
 	}
 
 	public function close(){
-		// TODO: Implement close() method.
 	}
 
 	/**
 	 * @param MySQLCredentials $crd
+	 * @param HereAuth         $main
 	 *
 	 * @return \mysqli
-	 *
-	 * @throws \InvalidKeyException
 	 */
-	public static function createMysqliInstance(MySQLCredentials $crd){
+	public static function createMysqliInstance(MySQLCredentials $crd, HereAuth $main = null){
 		/** @noinspection PhpUsageOfSilenceOperatorInspection */
 		$db = @new \mysqli($crd->host, $crd->username, $crd->password, $crd->schema, $crd->port, $crd->socket);
 		if($db->connect_error === "Unknown database '$crd->schema'"){
+			/** @noinspection PhpUsageOfSilenceOperatorInspection */
 			$db = @new \mysqli($crd->host, $crd->username, $crd->password, "", $crd->port, $crd->socket);
 			$createSchema = true;
 		}
 		if($db->connect_error){
 			throw new \InvalidKeyException($db->connect_error);
 		}
 		if(isset($createSchema)){
+			if($main !== null){
+				$main->getLogger()->notice("Creating nonexistent `$crd->schema`...");
+			}
 			$db->query("CREATE SCHEMA `$crd->schema`");
-			if($db->error){
+			if(isset($db->error)){
 				throw new \InvalidKeyException("Schema does not exist and cannot be created");
 			}
 		}
@@ -108,4 +118,11 @@ public function getCredentials(){
 	public function getMainTable(){
 		return $this->mainTable;
 	}
+
+	/**
+	 * @return HereAuth
+	 */
+	public function getMain(){
+		return $this->main;
+	}
 }

src/HereAuth/Database/MySQL/MySQLEscapeInvokable.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ *
+ *  ____            _        _   __  __ _                  __  __ ____
+ * |  _ \ ___   ___| | _____| |_|  \/  (_)_ __   ___      |  \/  |  _ \
+ * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
+ * |  __/ (_) | (__|   <  __/ |_| |  | | | | | |  __/_____| |  | |  __/
+ * |_|   \___/ \___|_|\_\___|\__|_|  |_|_|_| |_|\___|     |_|  |_|_|
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * @author PocketMine Team
+ * @link http://www.pocketmine.net/
+ *
+ *
+*/
+
+namespace HereAuth\Database\MySQL;
+
+use HereAuth\Utils\Invokable;
+
+class MySQLEscapeInvokable extends Invokable{
+	/** @type \mysqli */
+	private $db;
+
+	public function __construct(\mysqli $db){
+		$this->db = $db;
+	}
+
+	public function invoke($string){
+		return "'" . $this->db->escape_string($string) . "'";
+	}
+}

src/HereAuth/Database/MySQL/MySQLLoadPlayerTask.php

@@ -41,6 +41,7 @@ public function onRun(){
 		$result->close();
 		if(!is_array($row)){
 			$this->setResult(false, false);
+			return;
 		}
 		$row["hash"] = rtrim($row["hash"]);
 		$row["skin"] = zlib_decode($row["skin"]);

src/HereAuth/Database/MySQL/MySQLPassLimitCheckTask.php

@@ -0,0 +1,66 @@
+<?php
+
+/*
+ *
+ *  ____            _        _   __  __ _                  __  __ ____
+ * |  _ \ ___   ___| | _____| |_|  \/  (_)_ __   ___      |  \/  |  _ \
+ * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
+ * |  __/ (_) | (__|   <  __/ |_| |  | | | | | |  __/_____| |  | |  __/
+ * |_|   \___/ \___|_|\_\___|\__|_|  |_|_|_| |_|\___|     |_|  |_|_|
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * @author PocketMine Team
+ * @link http://www.pocketmine.net/
+ *
+ *
+*/
+
+namespace HereAuth\Database\MySQL;
+
+use HereAuth\HereAuth;
+use pocketmine\Server;
+
+class MySQLPassLimitCheckTask extends AsyncQueryTask{
+	/** @type string */
+	private $tableName;
+	/** @type string */
+	private $ip;
+	/** @type int */
+	private $limit, $since;
+	/** @type int */
+	private $identifier;
+	/** @type bool */
+	private $passed;
+
+	public function __construct(MySQLDatabase $database, $ip, $limit, $time, $identifier){
+		parent::__construct($database->getCredentials());
+		$this->tableName = $database->getMainTable();
+		$this->ip = $ip;
+		$this->limit = $limit;
+		$this->since = time() - $time;
+		$this->identifier = $identifier;
+	}
+
+	public function onRun(){
+		$db = $this->getMysqli();
+		$result = $db->query("SELECT COUNT(*) AS cnt FROM `$this->tableName` WHERE ip='{$db->escape_string($this->ip)}' AND register >= $this->since");
+		$row = $result->fetch_assoc();
+		$result->close();
+		$cnt = (int) $row["cnt"];
+		$this->passed = $cnt < $this->limit;
+	}
+
+	public function onCompletion(Server $server){
+		if(!$this->passed){
+			$main = HereAuth::getInstance($server);
+			if($main !== null){
+				$player = $main->getPlayerById($this->identifier);
+				$player->kick("You created too many accounts!", false);
+			}
+		}
+	}
+}

src/HereAuth/Database/MySQL/MySQLSavePlayerTask.php

@@ -31,9 +31,10 @@ public function __construct(MySQLDatabase $db, AccountInfo $info){
 
 	public function onRun(){
 		$db = $this->getMysqli();
-		$query = $this->info->getDatabaseQuery($this->tableName, function ($string) use ($db){
-			return "'" . $db->escape_string($string) . "'";
-		});
-		$db->query($query);
+		$query = $this->info->getDatabaseQuery($this->tableName, new MySQLEscapeInvokable($db));
+		$result = $db->query($query);
+		if($result === false){
+			echo "Error: $db->error\n";
+		}
 	}
 }