implement some webcontextmanager

globals/Dependencies/Web/WebContextManager.php

@@ -1,8 +1,7 @@
 <?php
 
 namespace Alphaland\Web {
-
+    
-    use Alphaland\Users\User;
     use PDO;
 
     class WebContextManager
@@ -24,28 +23,91 @@ namespace Alphaland\Web {
             return false;
         }
 
+        public static function IsCurrentIpAddressWhitelisted()
+        {
+            $currentIp = WebContextManager::GetCurrentIPAddress();
+            $ipWhitelist = explode(";", $GLOBALS['ws']->webservice_whitelist);
+
+            return in_array($currentIp, $ipWhitelist);
+        }
+
         public static function CanBypassMaintenance()
         {
             // Wouldn't really be a bypass per say, but you know, reusing existing code is better than
             // copying already existing code.
             if (!WebContextManager::IsUnderMaintenance()) return true;
 
-            if (
+            if (!$GLOBALS['user']->isAdmin()
-                !WebContextManager::$CurrentUser->IsAdministrator()
                 && !WebContextManager::IsCurrentIpAddressWhitelisted()
             ) return false;
 
             return true;
         }
 
-        public static function IsCurrentIpAddressWhitelisted()
+        public static function GetRequestHeaders() 
         {
-            $currentIp = WebContextManager::GetCurrentIPAddress();
+            $headers = [];
-            $ipWhitelist = []; // query from db
+            foreach ($_SERVER as $name => $value) {
-
+                if (substr($name, 0, 5) == 'HTTP_') {
-            return in_array($currentIp, $ipWhitelist);
+                    $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
+                }
+            }
+            return $headers;
         }
 
-        public static $CurrentUser = new User();
+        public static function VerifyAccessKeyHeader()
+        {   
+            $headers = WebContextManager::GetRequestHeaders();
+            $accesskey = $headers['Accesskey'];
+        
+            if (!empty($accesskey))
+            {
+                if(WebContextManager::IsCurrentIpAddressWhitelisted())
+                {
+                    if($accesskey == $GLOBALS['ws']->webservice_key)
+                    {
+                        return true;
+                    }
+                }
+            }
+            return false;
+        }
+
+        public static function IsCloudflareHttps() 
+        {
+            return isset($_SERVER['HTTPS']) ||
+                ($visitor = json_decode($_SERVER['HTTP_CF_VISITOR'])) &&
+                    $visitor->scheme == 'https';
+        }
+        
+        public static function ForceHttpsCloudflare() 
+        {
+            if(!is_https_cloudflare()) {
+                header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
+                exit();
+            }
+        }
+
+        public static function HttpGetPing($url, $timeout) //to see if a URL times out
+        {
+            $curl_do = curl_init(); 
+            curl_setopt($curl_do, CURLOPT_URL,          	      $url);   
+            curl_setopt($curl_do, CURLOPT_RETURNTRANSFER,         true);
+            curl_setopt($curl_do, CURLOPT_CONNECTTIMEOUT_MS,$timeout); 
+            curl_setopt($curl_do, CURLOPT_TIMEOUT_MS,       $timeout); 
+            curl_setopt($curl_do, CURLOPT_SSL_VERIFYPEER,        false);  
+            curl_setopt($curl_do, CURLOPT_SSL_VERIFYHOST,        false); 
+            curl_setopt($curl_do, CURLOPT_POST,                  false ); 
+            curl_setopt($curl_do, CURLOPT_HEADER, 1);
+            
+            $result = curl_exec($curl_do);
+            
+            curl_close($curl_do);
+            
+            if ($result) {
+                return true;
+            }
+            return false;
+        }
     }
 }

globals/config.php

@@ -94,12 +94,13 @@ try
 	//autoloader include
 	require 'C:\Users\Administrator\vendor\autoload.php';
 	
-	//alphaland specfic dependencies
+	//alphaland specfic dependencies (listing manually for now due to active rewrite of stuff)
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Users/Activation.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Users/TwoFactor.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Moderation/UserModerationManager.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Common/HashingUtiltity.php";
 	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Web/IpRange.php";
+	include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Web/WebContextManager.php";
 
 	//authenticator 
 	$authenticator = new PHPGangsta_GoogleAuthenticator();

html/Game/AdminScript.php

@@ -2,7 +2,12 @@
 
 //stuff for staff will be handled here
 
-RCCHeaderEnvironment(); //secure for RCC access only
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 /*
 local GUI = Instance.new("BillboardGui")

html/Game/ClientPresence.php

@@ -2,7 +2,12 @@
 
 //the design choice here was to tie in clientpresence with recently played and visits and make it fully server-sided besides the client pings
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $action = (string)$_GET['action'];
 $userid = (int)$_GET['UserID'];

html/Game/KillServer.php

@@ -1,5 +1,10 @@
 <?php
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $jobID = (string)$_GET['jobid'];
 

html/Game/RegisterServer.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $jobid = (string)$_GET['jobId'];
 

html/Game/ServerPing.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $placeid = (int)$_GET['PlaceID'];
 $jobid = (string)$_GET['JobID'];

html/asset/index.php

@@ -1,5 +1,7 @@
 <?php
 
+use Alphaland\Web\WebContextManager;
+
 header("Cache-Control: no-cache");
 header("Pragma: no-cache");
 header("Expires: -1");
@@ -42,7 +44,7 @@ if ($id)
 	{
 		if (isAssetApproved($id) and !isAssetModerated($id)) //if the asset is approved and not moderated
 		{
-			if (RCCHeaderEnvironment(true)) //immediately allow full access (passing true disables die() and returns true or false)
+			if (WebContextManager::VerifyAccessKeyHeader()) //immediately allow full access (passing true disables die() and returns true or false)
 			{
 				ReturnAsset($iteminfo->Hash, $iteminfo->AssetTypeId);
 			}

html_api/RoleSets/PrivilegedSetUserRoleSetRank.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment(); //we dont want people to change ranks, restrict this to rcc
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 /*
 Alphaland 2021 

html_api/moderation/AbuseReport/InGameChatHandler.php

@@ -5,7 +5,12 @@
     Abuse reports
 */
 
-RCCHeaderEnvironment(); //secure access RCC only
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $xml = file_get_contents('php://input');
 

html_assetgame/Game/Badge/AwardBadge.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $userid = $_GET['UserID'];
 $badgeid = $_GET['BadgeID'];

html_assetgame/Game/Badge/HasBadge.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $userid = $_GET['UserID'];
 $badgeid = $_GET['BadgeID'];

html_assetgame/Game/Badge/IsBadgeDisabled.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $badgeid = $_GET['BadgeID'];
 $placeid = $_GET['PlaceID'];

html_assetgame/Game/BreakFriend.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $firstuser = $_GET['firstUserId'];
 $seconduser = $_GET['secondUserId'];

html_assetgame/Game/CreateFriend.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 $firstuser = $_GET['firstUserId'];
 $seconduser = $_GET['secondUserId'];

html_gamepersistence/Persistence/set.php

@@ -1,7 +1,12 @@
 <?php
 header("Content-Type: application/json");
 
-RCCHeaderEnvironment(); //since this is only meant to be used from rcc, we check for the whitelisted IP and the accesskey header. If valid, we continue
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 if(isset($_SERVER["HTTP_CF_CONNECTING_IP"]))
 {

html_versioncompatibility/GetAllowedMD5Hashes.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 header('Content-Type: application/json');
 

html_versioncompatibility/GetAllowedSecurityKeys.php

@@ -1,6 +1,11 @@
 <?php
 
-RCCHeaderEnvironment();
+use Alphaland\Web\WebContextManager;
+
+if (!WebContextManager::VerifyAccessKeyHeader())
+{
+    die(http_response_code(400));
+}
 
 header('Content-Type: application/json');