Go Back   EQEmulator Home > EQEmulator Forums > Development > Development::Tools

Development::Tools 3rd Party Tools for EQEMu (DB management tools, front ends, etc...)

Reply
 
Thread Tools Display Modes
  #1  
Old 07-28-2011, 06:38 PM
KingMort
Banned
 
Join Date: Sep 2006
Posts: 841
Default My Login Server Account Tool

Alright so basically searched online for something similar and just used that then tweaked it to my needs and it seems to work pretty good but I figured I would share it with everyone and hopefully get some development done since i'm only semi savvy with code.

Basically what this script does is the user types in an Account Name, Current Loginserver Account ID, and a New Password.

The script checks to make sure the account name isn't in use or the loginserveraccountID and then encrypts the password with sha encryption and places the entry in the appropriate table in this case tblloginserveraccounts.

Now where I get stuck is where I need to probably Cross Reference the LoginServerID's from the Login Server database with the accounts table on my server to make sure that both match before it approves it and writes the entry into the Login Servers table that way people can't just put in some random number and have it end up with some one elses account (Which i believe won't work anyway right now because i tried it and wouldn't get me even to char select)

Also what I would like to do is advance this thing some what so it's more of an Admin Panel so to speak so that people could view their login server accounts based on their email and also add and delete them. But more importantly the ability to create NEW Login server accounts which won't conflict with any of the eqemu login server account ID's so would have to start them probably at a Higher number than any of the current Eqemu LS account ID's.. (I'm up for ideas there)

Anyway this is the script for what I have now, add this to your website if you like feel free to use it and upgrade it but when you upgrade it please let me know if you could guys because I wouldn't mind having it upgraded with the stuff I talked about above.

Code:
Raid Addicts Login Server Signup Form<br> 
Please <a href="http://wiki.raidaddicts.org/index.php?title=Converting_Your_Loginserver_Account">CLICK HERE</a> for Instructions

<?php 
 // Database connection info
 $host = "YourHost";
 $user = "YourUsername";
 $pw = "YourPassword";
 $db = "LoginServer Database Name";
  

// Connect to database
 mysql_connect($host, $user, $pw) or die(mysql_error()); 
 mysql_select_db($db) or die(mysql_error()); 


 //This code runs if the form has been submitted
 if ((isset($_POST['submit']) && isset($_POST['submit']) && $_POST['submit'] == 'Register') ):

	// Form has been submitted, proceed to check fields and register
	
	$errormsg = '';

 if ( !$_POST['AccountName'] | !$_POST['pass'] | !$_POST['pass2'] ) {
 		$errormsg = 'You did not complete all of the required fields';
 		die($errormsg);
 	}

 // checks if the AccountName is in use

 	if (!get_magic_quotes_gpc()) {
 		$_POST['AccountName'] = addslashes($_POST['AccountName']);
 	}

 $usercheck = $_POST['AccountName'];

 $check = mysql_query("SELECT AccountName FROM tblloginserveraccounts WHERE AccountName LIKE '$usercheck'") 

or die(mysql_error());

 $check2 = mysql_num_rows($check);



 // if the name exists it gives an error

 if ($check2 != 0) {

 		die('Sorry, the AccountName '.$_POST['AccountName'].' is already in use.');

 				}


 // checks if the LS ID is in use

 	if (!get_magic_quotes_gpc()) {

 		$_POST['LoginServerID'] = addslashes($_POST['LoginServerID']);

 	}

 $loginid = $_POST['LoginServerID'];

 $check = mysql_query("SELECT LoginServerID FROM tblloginserveraccounts WHERE LoginServerID LIKE '$loginid'") 

or die(mysql_error());

 $check2 = mysql_num_rows($check);



 // if the name exists it gives an error

 if ($check2 != 0) {

 		die('Sorry, the LoginServerID '.$_POST['LoginServerID'].' is already in use.');

 				}



 // this makes sure both passwords entered match

 	if ($_POST['pass'] != $_POST['pass2']) {

 		die('Your passwords did not match. ');

 	}



 	// here we encrypt the password and add slashes if needed

 	$_POST['pass'] = sha1($_POST['pass']);


if($_POST['LoginServerID'] == ''){
$_POST['LoginServerID'] = $_POST['pass'];
}

 // now we insert it into the database
/* Should match something like this

insert into tblLoginServerAccounts (LoginServerID, AccountName, AccountPassword, AccountEmail, LastLoginDate, LastIPAddress) values('loginserverid', 'loginservername', sha('password'), 'email@email.com', now(), '127.0.0.1')

*/
 	$insert = "INSERT INTO tblloginserveraccounts (LoginServerID, AccountName, AccountPassword, AccountEmail, LastLoginDate, LastIPAddress) 
 	VALUES (
 	'{$_POST['LoginServerID']}', 
 	'{$_POST['AccountName']}', 
 	'{$_POST['pass']}',  
 	'{$_POST['none@none.com']}', 
 	NOW(),  
 	'127.0.0.1')";
 	
 	$add_member = mysql_query($insert);
 	
 	if(!$add_member){
 		echo "<pre>";
 		echo mysql_error();
 		echo "</pre>";
 		die();
 	}
 		

 	?>



 
 <h1>Registered</h1>
 <p>Thank you, you have registered - you may now login</a>.</p>
 <?php 

else: 
?>

	 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
	 <table border="0">
	 <tr><td>* AccountName:</td><td>
	 <input type="text" name="AccountName" maxlength="60">
	 </td></tr>
	 <tr><td>LoginServerID:</td><td>
	 <input type="text" name="LoginServerID" maxlength="10">
	 </td></tr>
	 <tr><td>* Password:</td><td>
	 <input type="password" name="pass" maxlength="10">
	 </td></tr>
	 <tr><td>* Confirm Password:</td><td>
	 <input type="password" name="pass2" maxlength="10">
	 </td></tr>
	 <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr></table>
	 <h5>* = Required</h5>
	 </form>



<?php
endif;






 ?>
Reply With Quote
  #2  
Old 07-30-2011, 01:44 PM
KingMort
Banned
 
Join Date: Sep 2006
Posts: 841
Default

Do not use this tool.. SQL Injections are possible with it.

Anyone have any advice as to how to lock this up so thats not possible?

Mort
Reply With Quote
  #3  
Old 07-31-2011, 01:56 AM
Akkadius's Avatar
Akkadius
Administrator
 
Join Date: Feb 2009
Location: MN
Posts: 2,071
Default

I give props for at least sharing some of this stuff. Some people may find it useful.
Reply With Quote
  #4  
Old 07-31-2011, 10:06 AM
image
Demi-God
 
Join Date: Jan 2002
Posts: 1,290
Default

It is called mysql_escape_string..
__________________
www.eq2emu.com
EQ2Emu Developer
Former EQEMu Developer / GuildWars / Zek Seasons Servers
Member of the "I hate devn00b" club.
Reply With Quote
  #5  
Old 07-31-2011, 01:02 PM
Caryatis
Dragon
 
Join Date: May 2009
Location: Milky Way
Posts: 539
Default

I found it useful
Reply With Quote
  #6  
Old 07-31-2011, 02:21 PM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 269
Default

Insert at the top.

Code:
function sanitize_input(&$request)
{
    $request = mysql_real_escape_string($request);
}

array_walk_recursive($_POST, 'sanitize_input');
Reply With Quote
  #7  
Old 07-31-2011, 06:08 PM
KingMort
Banned
 
Join Date: Sep 2006
Posts: 841
Default

Nice that will lock it down ?
Reply With Quote
  #8  
Old 07-31-2011, 07:59 PM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 269
Default

That will take each posted string and escape special characters for insertion into the current database. I should have specified to insert at the top after the database connection is established.

You're already using quotes so unless there's a hole in that PHP function you should be fine.
You could also add some preg_replace lines to strip out any characters that aren't allowed in any given field.
Reply With Quote
  #9  
Old 07-31-2011, 09:07 PM
KingMort
Banned
 
Join Date: Sep 2006
Posts: 841
Default

I wish i could just figure out how to integrate it into my forums, or my drupal site or something instead .. Doubt eqemu will want to release that code though for their USER CP (Login Server Creation) section though right ?
Reply With Quote
  #10  
Old 08-01-2011, 04:21 PM
image
Demi-God
 
Join Date: Jan 2002
Posts: 1,290
Default

Quote:
Originally Posted by KingMort View Post
I wish i could just figure out how to integrate it into my forums, or my drupal site or something instead .. Doubt eqemu will want to release that code though for their USER CP (Login Server Creation) section though right ?
Except eqemu integrates into vbulletin - I don't see how this would help you.
__________________
www.eq2emu.com
EQ2Emu Developer
Former EQEMu Developer / GuildWars / Zek Seasons Servers
Member of the "I hate devn00b" club.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 08:04 PM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3