The following warnings occurred:
Warning [2] Use of undefined constant SAPI_NAME - assumed 'SAPI_NAME' (this will throw an Error in a future version of PHP) - Line: 3388 - File: inc/functions.php PHP 7.4.33-nmm7 (Linux)
File Line Function
/inc/functions.php 3388 errorHandler->error
/showthread.php 116 build_archive_link
Warning [2] Use of undefined constant IN_ARCHIVE - assumed 'IN_ARCHIVE' (this will throw an Error in a future version of PHP) - Line: 3331 - File: inc/functions.php PHP 7.4.33-nmm7 (Linux)
File Line Function
/inc/functions.php 3331 errorHandler->error
/inc/functions.php 3324 build_forum_breadcrumb
/showthread.php 195 build_forum_breadcrumb
Warning [2] Use of undefined constant IN_ARCHIVE - assumed 'IN_ARCHIVE' (this will throw an Error in a future version of PHP) - Line: 3331 - File: inc/functions.php PHP 7.4.33-nmm7 (Linux)
File Line Function
/inc/functions.php 3331 errorHandler->error
/showthread.php 195 build_forum_breadcrumb






Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Account info to MySQL
Author Message
Rattlehead
Master
**

Posts: 290
Likes Given: 3
Likes Received: 8 in 6 posts
Joined: Jun 2012
Reputation: 8



Post: #1
Account info to MySQL
this is a simple, easy to use script that will insert account info as players make them on an OPEN ACCOUNT setting in your ini, so there is no need to register on a website, they make their account at the game screen same.

pay attention to the MD5 part of the account setup, i am using the MySQL's hashing function, and there are alot more, and better, hashing functions available to you to use in MySQL, so keep that in mind.

also pay attention to my use of STRMATCH to look for bad words in the queries, i do this so would be scripting hackers dont try to inject ur database through the game somehow, its always best to sanitize user input, even in game.

first u need to set up a table in MySQL, the one i used:

Code:
name: acc_info

fields:
id     int(11)    
username varchar(40) Unique Index    
pword     varchar(40)        
firstip     varchar(16)        
lastip     varchar(16)        
plevel     int(11)        
email     varchar(254)         // per RanXerox - varchar(254)
dpoints     int(11)            
vpoints     int(11)

be sure you have the correct username and password in your ini file for your MySQL database, otherwise this will all be useless

the below function can be found in sphere_serv_triggers.scp:
Code:
[FUNCTION f_onaccount_login]

// add this to the function
if ((STRMATCH(*insert*, <ARGS>)) || (STRMATCH(*select*, <ARGS>)) || (STRMATCH(*update*, <ARGS>)) || (STRMATCH(*execute*, <ARGS>)) || (STRMATCH(*delete*, <ARGS>)) || (STRMATCH(*drop*, <ARGS>)))
   // first we make sure they arent trying to inject us
   return 1 // if so, they dont need to log in
   serv.log Use of special MySQL word detected  // log the attempt
else // otherwise, lets input their account
   db.connect
   db.query SELECT username FROM acc_info WHERE username LIKE '<ARGS>'
      if <db.row.numrows> == 0
         db.execute INSERT INTO acc_info VALUES('','<ARGS>',md5('<serv.account.<ARGS>.PASSWORD>'),'<serv.account.<ARGS>.lastip>','<serv.account.<ARGS>.lastip>','<serv.account.<ARGS>.plevel>',NULL,'0','0')
      else
   db.execute UPDATE acc_info SET lastip = '<serv.account.<ARGS>.lastip>' WHERE username LIKE '<ARGS>'
   endif
   db.close
endif

below is an event to be placed on all players thru your ini file (it can go on any events, however it must be a global events on all players.)
Code:
[EVENTS e_allplayers]
on=@login

//----------------------------
// check for registered email
//----------------------------

db.connect
db.query SELECT email FROM acc_info WHERE username LIKE '<account.name>'
if (<isempty <db.row.0.email>>)
dialog d_addemail
endif
db.close

below is the dialog that is called for the email request (the display can be changed, the function for the button must stay the same):
Code:
[DIALOG d_addemail]
50,50
NOCLOSE
NOMOVE
NODISPOSE
page 0
resizepic 63 55 9200 397 158
resizepic 68 62 3500 388 119
dtext 112 76 0 Enter An Email Address To Attach To This Account
dtext 139 93 0 So That You Can Use Website Functions
button 342 183 5204 5205 1 0 1
dtext 94 124 2484 this email will not be used for any purposes other than
dtext 126 140 2484 to send account information and validation
resizepic 91 179 2620 232 33
dtextentry 98 186 221 19 99 0 Enter Your Email Address


[DIALOG d_addemail button]
ON=0

ON=1
if ((STRMATCH(*insert*, <ARGTXT[0]>)) || (STRMATCH(*select*, <ARGTXT[0]>)) || (STRMATCH(*update*, <ARGTXT[0]>)) || (STRMATCH(*execute*, <ARGTXT[0]>)) || (STRMATCH(*delete*, <ARGTXT[0]>)) || (STRMATCH(*drop*, <ARGTXT[0]>)))
   // first we make sure they arent trying to inject us
   return 1 // if so, they dont need to add an email
   serv.log Use of special MySQL word detected  // log the attempt
else // otherwise, lets input their email
   db.connect
   db.execute UPDATE acc_info SET email = '<ARGTXT[0]>' WHERE username LIKE '<src.account.name>'
   db.close
endif

if u guys find any bugs, or by all means make it smaller and/or easier, or better in any way, feel free to post and let me know.

[Image: matts_siggy.gif]
(This post was last modified: 09-18-2013 09:21 AM by Rattlehead.)
09-17-2013 05:10 PM
Find all posts by this user Like Post Quote this message in a reply
Mordaunt
Super Moderator
****

Posts: 1,237
Likes Given: 26
Likes Received: 55 in 43 posts
Joined: Mar 2012
Reputation: 35



Post: #2
RE: Account info to MySQL
Switched it from a php box to a code box to get ride of the side scroll...

[Image: 2nis46r.jpg]
09-17-2013 08:36 PM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
babazar
Journeyman
*

Posts: 189
Likes Given: 2
Likes Received: 10 in 9 posts
Joined: Jun 2013
Reputation: 0



Post: #3
RE: Account info to MySQL
great script well done Big Grin
09-17-2013 09:07 PM
Find all posts by this user Like Post Quote this message in a reply
Rattlehead
Master
**

Posts: 290
Likes Given: 3
Likes Received: 8 in 6 posts
Joined: Jun 2012
Reputation: 8



Post: #4
RE: Account info to MySQL
i plan to clean this up a bit, streamline some code and make it a one page script with simple installation instructions soon, just waiting to see if any of the vets here maybe have some suggestions for it b4 i get too involved

[Image: matts_siggy.gif]
09-18-2013 07:59 AM
Find all posts by this user Like Post Quote this message in a reply
XuN
Sphere Developer
*****

Posts: 852
Likes Given: 102
Likes Received: 156 in 119 posts
Joined: Jul 2013
Reputation: 30



Post: #5
RE: Account info to MySQL
Well, I don't know you, but I prefer a CMS with hundreds of security fixes on back than creating my web from 0, so I like more the idea of a bridge betweeen the CMS and sphere creating a field 'sphere_status' on accounts table for sphere (0=just created on web, 1 = already created on sphere), and in every web status update (1 min for me) check for sphere_status '0' to create this account, or if created by client login... send the Insert to web DB.

Other than that, and for other meanings, this can be very usefull Smile
09-18-2013 08:41 AM
Find all posts by this user Like Post Quote this message in a reply
Rattlehead
Master
**

Posts: 290
Likes Given: 3
Likes Received: 8 in 6 posts
Joined: Jun 2012
Reputation: 8



Post: #6
RE: Account info to MySQL
yeah, i dont perfer CMS, as they tend to fail to meet my exact needs i end up going in and altering the code anyway, and usually by the time i am done i am basically using just the image framework, so may as well just build my own, that way i know 100% that its secure and since i wrote the code much easier to implement and edit things as well. plus most CMS systems look like CMS systems, and to a percentage of players this looks lazy and novice, and it tends to draw ppl away instead of bring them in.

this is more of a framework for a login page on the website which will reflect the actual login to the game, and vice versa, it could technically be used by a CMS with little alteration.

[Image: matts_siggy.gif]
09-18-2013 08:48 AM
Find all posts by this user Like Post Quote this message in a reply
RanXerox
Master
**

Posts: 550
Likes Given: 1
Likes Received: 12 in 9 posts
Joined: Dec 2010
Reputation: 19



Post: #7
RE: Account info to MySQL
You should maybe allocate 254 characters per email address, which is currently the maximum valid email address length.
09-18-2013 09:05 AM
Find all posts by this user Like Post Quote this message in a reply
amonvangrell
Banned

Posts: 337
Likes Given: 17
Likes Received: 32 in 20 posts
Joined: Aug 2012

britannia shard

Post: #8
RE: Account info to MySQL
resuming: I don't understand .00000001% of what you guys have said.... lol
09-19-2013 07:14 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)