Added href logging as a config option. Log can be viewed via "investigate hrefs". If on, it logs every link clicked. It may be useful for 'debugging' and spotting malicious clients.

Anti-spam delay raised to 7 ticks. A little over half a second. Admins can no longer be banned except by deadminning them or banning through the host's pager. git-svn-id: http://tgstation13.googlecode.com/svn/trunk@3722 316c924e-a436-60f5-8080-3fe189b3f50e
2025-12-11 10:43:20 +00:00 · 2012-06-02 12:57:39 +00:00
parent 5ff9a92a26
commit 0200ddb9a0
8 changed files with 55 additions and 21 deletions
--- a/code/datums/configuration.dm
+++ b/code/datums/configuration.dm
@@ -14,6 +14,7 @@
 	var/log_adminchat = 0				// log admin chat messages
 	var/log_adminwarn = 0				// log warnings admins get about bomb construction and such
 	var/log_pda = 0						// log pda messages
+	var/log_hrefs = 0					// logs all links clicked in-game. Could be used for debugging and tracking down exploits
 	var/sql_enabled = 1					// for sql switching
 	var/allow_vote_restart = 0 			// allow votes to restart
 	var/allow_vote_mode = 0				// allow votes to change mode
@@ -167,6 +168,9 @@
 				if ("log_pda")
 					config.log_pda = 1

+				if ("log_hrefs")
+					config.log_hrefs = 1
+
 				if ("allow_vote_restart")
 					config.allow_vote_restart = 1

--- a/code/defines/global.dm
+++ b/code/defines/global.dm
@@ -48,6 +48,7 @@ var/blobevent = 0

 var/diary = null
 var/diaryofmeanpeople = null
+var/href_logfile = null
 var/station_name = null
 var/game_version = "/tg/ Station 13"

@@ -62,7 +63,7 @@ var/aliens_allowed = 1
 var/ooc_allowed = 1
 var/dooc_allowed = 1
 var/traitor_scaling = 1
-var/goonsay_allowed = 0
+//var/goonsay_allowed = 0
 var/dna_ident = 1
 var/abandon_allowed = 1
 var/enter_allowed = 1
--- a/code/game/algorithm.dm
+++ b/code/game/algorithm.dm
@@ -11,13 +11,14 @@ Starting up. [time2text(world.timeofday, "hh:mm.ss")]
 "}

 	diaryofmeanpeople = file("data/logs/[time2text(world.realtime, "YYYY/MM-Month/DD-Day")] Attack.log")
-
 	diaryofmeanpeople << {"

 Starting up. [time2text(world.timeofday, "hh:mm.ss")]
 ---------------------
 "}

+	href_logfile = file("data/logs/[time2text(world.realtime, "YYYY/MM-Month/DD-Day")] hrefs.html")
+
 	jobban_loadbanfile()
 	jobban_updatelegacybans()
 	LoadBans()
--- a/code/modules/admin/IsBanned.dm
+++ b/code/modules/admin/IsBanned.dm
@@ -1,6 +1,9 @@
 //Blocks an attempt to connect before even creating our client datum thing.
 world/IsBanned(key,address,computer_id)
-    //Guest Checking
+    if(ckey(key) in admins)
+		return ..()
+
+	//Guest Checking
 	if( !guests_allowed && IsGuestKey(key) )
 		log_access("Failed Login: [key] - Guests not allowed")
 		message_admins("\blue Failed Login: [key] - Guests not allowed")
@@ -10,7 +13,7 @@ world/IsBanned(key,address,computer_id)
 	. = CheckBan( ckey(key), computer_id, address )
 	if(.)
 		log_access("Failed Login: [key] [computer_id] [address] - Banned [.["reason"]]")
-		message_admins("\blue Failed Login: [key] [computer_id] [address] - Banned [.["reason"]]")
+		message_admins("\blue Failed Login: [key] id:[computer_id] ip:[address] - Banned [.["reason"]]")
 		return .

 	return ..()	//default pager ban stuff
--- a/code/modules/admin/admin_investigate.dm
+++ b/code/modules/admin/admin_investigate.dm
@@ -9,13 +9,7 @@

 //SYSTEM
 /proc/investigate_subject2file(var/subject)
-	switch(subject)
-		if("singulo")
-			return file("[INVESTIGATE_DIR]singulo.html")
-		if("silicon")
-			return file("[INVESTIGATE_DIR]silicon.html")
-		else
-			return
+	return file("[INVESTIGATE_DIR][subject].html")

 /proc/investigate_reset()
 	if(fdel(INVESTIGATE_DIR))	return 1
@@ -27,17 +21,26 @@
 	if(!F)	return
 	F << "<small>[time2text(world.timeofday,"hh:mm")] \ref[src] ([x],[y],[z])</small> || [src] [message]<br>"

-
-
 //ADMINVERBS
-/client/proc/investigate_show( subject in list("singulo","silicon") )
+/client/proc/investigate_show( subject in list("hrefs","singulo") )
 	set name = "Investigate"
 	set category = "Admin"
 	if(!holder)	return
-	var/F = investigate_subject2file(subject)
-	if(!F)
-		src << "<font color='red'>Error: admin_investigate: [INVESTIGATE_DIR][subject] is an invalid path or cannot be accessed.</font>"
-		return
-	src << browse(F,"window=investigate;size=800x300")
-
+	switch(subject)
+		if("singulo")			//general one-round-only stuff
+			var/F = investigate_subject2file(subject)
+			if(!F)
+				src << "<font color='red'>Error: admin_investigate: [INVESTIGATE_DIR][subject] is an invalid path or cannot be accessed.</font>"
+				return
+			src << browse(F,"window=investigate[subject];size=800x300")

+		if("hrefs")				//persistant logs and stuff
+			if(config && config.log_hrefs)
+				if(href_logfile)
+					src << browse(href_logfile,"window=investigate[subject];size=800x300")
+				else
+					src << "<font color='red'>Error: admin_investigate: No href logfile found.</font>"
+					return
+			else
+				src << "<font color='red'>Error: admin_investigate: Href Logging is not on.</font>"
+				return
--- a/code/modules/admin/admin_verbs.dm
+++ b/code/modules/admin/admin_verbs.dm
@@ -278,6 +278,7 @@
 			verbs += /client/proc/giveruntimelog						//used by coders to retrieve runtime logs
 			verbs += /client/proc/cinematic								//show a cinematic sequence
 			verbs += /client/proc/startSinglo							//Used to prevent the station from losing power while testing stuff out.
+			verbs += /client/proc/toggle_log_hrefs
 		else	return
 	return

@@ -406,6 +407,7 @@
 	verbs -= /client/proc/cinematic										//show a cinematic sequence
 	verbs -= /client/proc/admin_memo
 	verbs -= /client/proc/investigate_show								//investigate in-game mishaps using various logs.
+	verbs -= /client/proc/toggle_log_hrefs
 	verbs -= /proc/possess
 	verbs -= /proc/release
 	//verbs -= /client/proc/give_spell 									--Merged with view variables
@@ -805,3 +807,15 @@
 	verbs += /client/proc/cmd_admin_say//asay
 	feedback_add_details("admin_verb","TAVVH") //If you are copy-pasting this, ensure the 2nd parameter is unique to the new proc!
 	return
+
+/client/proc/toggle_log_hrefs()
+	set name = "Toggle href logging"
+	set category = "Server"
+	if(!holder)	return
+	if(config)
+		if(config.log_hrefs)
+			config.log_hrefs = 0
+			src << "<b>Stopped logging hrefs</b>"
+		else
+			config.log_hrefs = 1
+			src << "<b>Started logging hrefs</b>"
--- a/code/modules/client/client
+++ b/code/modules/client/client
@@ -1,7 +1,7 @@
 	////////////
 	//SECURITY//
 	////////////
-#define TOPIC_SPAM_DELAY	5		//5 tick delay is a little under half a second
+#define TOPIC_SPAM_DELAY	7		//7 tick delay is about half a second
 #define UPLOAD_LIMIT		1048576	//Restricts client uploads to the server to 1MB //Could probably do with being lower.
 	/*
 	When somebody clicks a link in game, this Topic is called first.
@@ -16,6 +16,7 @@
 		- If so, does it have checks to see if the person who called it (usr.client) is an admin?
 		- Are the processes being called by Topic() particularly laggy?
 		- If so, is there any protection against somebody spam-clicking a link?
+	If you have any  questions about this stuff feel free to ask. ~Carn
 	*/
 /client/Topic(href, href_list, hsrc)
 	//Reduces spamming of links by dropping calls that happen during the delay period
@@ -40,6 +41,10 @@
 		cmd_admin_pm(C,null)
 		return

+	//Logs all hrefs
+	if(config && config.log_hrefs && href_logfile)
+		href_logfile << "<small>[time2text(world.timeofday,"hh:mm")] [src] (usr:[usr])</small> || [href]<br>"
+
 	if(view_var_Topic(href,href_list,hsrc))	//Until viewvars can be rewritten as datum/admins/Topic()
 		return

--- a/config/config.txt
+++ b/config/config.txt
@@ -36,6 +36,9 @@ LOG_ATTACK
 ## log pda messages
 LOG_PDA

+## log all Topic() calls (for use by coders in tracking down Topic issues)
+# LOG_HREFS
+
 ## log admin warning messages
 ##LOG_ADMINWARN  ## Also duplicates a bunch of other messages.