[DiscordArchive] Anyway you guys know about building php scripts right?
[DiscordArchive] Anyway you guys know about building php scripts right?
Original source
Anyway you guys know about building php scripts right?
rektbyfaith
05-12-2022, 09:25 AM #1Archived author: NotepadGuy • Posted: 2022-05-12T09:25:34.192000+00:00
Original source
Anyway you guys know about building php scripts right?
Original source
I have a sample login script but cant figure out if safe hahahahha
rektbyfaith
05-12-2022, 09:25 AM #2Archived author: NotepadGuy • Posted: 2022-05-12T09:25:52.992000+00:00
Original source
I have a sample login script but cant figure out if safe hahahahha
Original source
anyway thanks so much, i gotta go and unpack some maps
rektbyfaith
05-12-2022, 09:26 AM #3Archived author: Anatoli • Posted: 2022-05-12T09:26:14.162000+00:00
Original source
anyway thanks so much, i gotta go and unpack some maps
Original source
No sry, but Can edit in some ( others are hardcoded )
rektbyfaith
05-12-2022, 09:26 AM #4Archived author: Fake´z • Posted: 2022-05-12T09:26:47.638000+00:00
Original source
No sry, but Can edit in some ( others are hardcoded )
Original source
```php
public static function login($username, $password){
if (empty($username) || empty($password)) {
return false;
}
if (self::check_username_exists($username)) {
error_msg('Username doesn`t Exists!');
return false;
}
if(isset($_POST['login'])){
$verifier = getLoginData($username, $password);
$datas = database::$auth->select('account', array("id", "username"), ["AND" => ["verifier[=]" => $verifier]]);
if(!empty($datas[0]["id"])){
$_SESSION['id'] = $datas[0]["id"];
$_SESSION['username'] = $datas[0]["username"];
header('Location: account/manage.php');
return true;
}
if(empty($datas[0]["id"])) {
error_msg('Incorrect Username or Password.');
return false;
}
}
return true;
}
private static function check_username_exists($username) {
if (!empty($username)) {
$datas = database::$auth->select('account', ['id'], ['username' => Medoo::raw('UPPER(:username)', [':username' => $username])]);
if (empty($datas[0])) {
return true;
}
}
return false;
}
```
rektbyfaith
05-12-2022, 09:32 AM #5Archived author: NotepadGuy • Posted: 2022-05-12T09:32:18.362000+00:00
Original source
```php
public static function login($username, $password){
if (empty($username) || empty($password)) {
return false;
}
if (self::check_username_exists($username)) {
error_msg('Username doesn`t Exists!');
return false;
}
if(isset($_POST['login'])){
$verifier = getLoginData($username, $password);
$datas = database::$auth->select('account', array("id", "username"), ["AND" => ["verifier[=]" => $verifier]]);
if(!empty($datas[0]["id"])){
$_SESSION['id'] = $datas[0]["id"];
$_SESSION['username'] = $datas[0]["username"];
header('Location: account/manage.php');
return true;
}
if(empty($datas[0]["id"])) {
error_msg('Incorrect Username or Password.');
return false;
}
}
return true;
}
private static function check_username_exists($username) {
if (!empty($username)) {
$datas = database::$auth->select('account', ['id'], ['username' => Medoo::raw('UPPER(:username)', [':username' => $username])]);
if (empty($datas[0])) {
return true;
}
}
return false;
}
```
Original source
```php
function getLoginData($username, $password) {
$datas = database::$auth->select('account', ['salt'], ['username' => Medoo::raw('UPPER(:username)', [':username' => $username])]);
if(!empty($datas[0]['salt'])){
$salt = $datas[0]['salt'];
}
$verifier = calculateSRP6Verifier($username, $password, $salt);
return array($salt, $verifier);
}
function calculateSRP6Verifier($username, $password, $salt) {
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
$h1 = sha1(strtoupper($username . ':' . $password), TRUE);
$h2 = sha1($salt . $h1, TRUE);
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
$verifier = gmp_powm($g, $h2, $N);
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;
}
````
rektbyfaith
05-12-2022, 09:32 AM #6Archived author: NotepadGuy • Posted: 2022-05-12T09:32:52.246000+00:00
Original source
```php
function getLoginData($username, $password) {
$datas = database::$auth->select('account', ['salt'], ['username' => Medoo::raw('UPPER(:username)', [':username' => $username])]);
if(!empty($datas[0]['salt'])){
$salt = $datas[0]['salt'];
}
$verifier = calculateSRP6Verifier($username, $password, $salt);
return array($salt, $verifier);
}
function calculateSRP6Verifier($username, $password, $salt) {
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
$h1 = sha1(strtoupper($username . ':' . $password), TRUE);
$h2 = sha1($salt . $h1, TRUE);
$h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
$verifier = gmp_powm($g, $h2, $N);
$verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
$verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
return $verifier;
}
````
Original source
do you think this is safe <@472753943391502337> ? i mean it does query the salt which is i think not good.
rektbyfaith
05-12-2022, 09:34 AM #7Archived author: NotepadGuy • Posted: 2022-05-12T09:34:23.693000+00:00
Original source
do you think this is safe <@472753943391502337> ? i mean it does query the salt which is i think not good.
Original source
a lot of TC ingame behavior is controlled by configs, where users can change values to non-blizzlike ones quite easily
rektbyfaith
05-12-2022, 09:35 AM #8Archived author: jackpoz • Posted: 2022-05-12T09:35:10.826000+00:00
Original source
a lot of TC ingame behavior is controlled by configs, where users can change values to non-blizzlike ones quite easily
Original source
we have https://github.com/TrinityCore/TrinityCo...anges/wiki where we gathered the most common customizations users apply to their stock TC and with have <#870722120458600528> channel for the custom changes community to discuss about changes they would like to apply
rektbyfaith
05-12-2022, 09:36 AM #9Archived author: jackpoz • Posted: 2022-05-12T09:36:34.147000+00:00
Original source
we have https://github.com/TrinityCore/TrinityCo...anges/wiki where we gathered the most common customizations users apply to their stock TC and with have <#870722120458600528> channel for the custom changes community to discuss about changes they would like to apply
Original source
to me, a broken mechanic is non-blizzlike already, so by fixing it in a non-perfect way is still an improvement, even if non-blizzlike (as the starting point is non-blizzlike anyway)
rektbyfaith
05-12-2022, 09:37 AM #10Archived author: jackpoz • Posted: 2022-05-12T09:37:35.572000+00:00
Original source
to me, a broken mechanic is non-blizzlike already, so by fixing it in a non-perfect way is still an improvement, even if non-blizzlike (as the starting point is non-blizzlike anyway)
1 Guest(s)
1 Guest(s)