Registration Page

[CiJey49]

I have already installed MaNGOS server and play with my friend (set realmlist mesa.su - welcome community!) No? Ahh yeah you don't have the accounts. It's a problem. I was finding the sites with registration page but what I found didn't work. I decided to write own registration page. Registration works but when I try to login in client it doesn't connect: "The information you have entered is not valid".

!!! I THINK !!! this problem is the following: when I register an account from command line (MaNGOS) the recording looks like: 

username: TEST10
sha_pass_hash: 6319FD24CC984CD757EB93071EF2FF29017A4FF6
gmlevel: 0
sessionkey: 4DFF03B9E571EF76D6A21227A9672C923C87C0B0A132F2664F45372B293A0FA46A49ED41AC9FB5F9
v: 0B655652B5CBEE044CB63817DD60EDE208198130C50702E58CF84547E8F9C9AB
s: A948FF9F8C80AB2E364D21DFC1182CE31631CDE7178B298D71E94096784DE559
email: NULL
last_ip: 192.168.1.177

BUT when some user register his account from web his recording looks like:

username: test11
sha_pass_hash: 770543c1f51f7870cc35d30dc40d4fbab3aafec3
gmlevel: 0
sessionkey: NULL
v: 6ACFDF814BBF30704B7D3B63DDCD93DC9C9CBB56D465EA16393178149C29E442
s: F2F582E6F1833D1EC6DFFD1711A63C69BA2B9F268BF46F59A63D748B6DAD6671

As you can see account 'TEST10' has 'username' and 'sha_pass_hash' in uppercase letters. 'test11' (reg from web) has the same columns in lower case. I also tried to create account from MySQL: INSERT INTO account (username,sha_pass_hash) VALUES('a1','a1'); - doesn't work because the column sha_pass_hash is not hashed. I also tried to find what happen in db where I write 'account create name password' from console I thought it can be useful but I found nothing.

<?php
    if (isset($_POST['username'])) { $username = $_POST['username']; if ($username == '') { unset($username);} } //заносим введенный пользователем логин в переменную $login, если он пустой, то уничтожаем переменную
    if (isset($_POST['sha_pass_hash'])) { $sha_pass_hash=($_POST['sha_pass_hash']); 
    if ($sha_pass_hash =='') { unset($sha_pass_hash);} }
    //заносим введенный пользователем пароль в переменную $password, если он пустой, то уничтожаем переменную
 if (empty($username) or empty($sha_pass_hash)) //если пользователь не ввел логин или пароль, то выдаем ошибку и останавливаем скрипт
    {
    exit ("Вы ввели не всю информацию, вернитесь назад и заполните все поля!");
    }
    //если логин и пароль введены, то обрабатываем их, чтобы теги и скрипты не работали, мало ли что люди могут ввести
    $username = stripslashes($username);
    $username = htmlspecialchars($username);
    $sha_pass_hash = stripslashes($sha_pass_hash);
    $sha_pass_hash = htmlspecialchars($sha_pass_hash);
 //удаляем лишние пробелы
    $username = trim($username);
    $sha_pass_hash = trim($sha_pass_hash);
 // подключаемся к базе
    include ("bd.php");// файл bd.php должен быть в той же папке, что и все остальные, если это не так, то просто измените путь 
 // проверка на существование пользователя с таким же логином
    $result = mysql_query("SELECT id FROM account WHERE username='$username'",$db);
    $myrow = mysql_fetch_array($result);
    if (!empty($myrow['id'])) {
    exit ("Извините, введённый вами логин уже зарегистрирован. Введите другой логин.");
    }
 // если такого нет, то сохраняем данные
    $result2 = mysql_query ("INSERT INTO account (username,sha_pass_hash) VALUES('$username',sha1('$sha_pass_hash'))");
    // Проверяем, есть ли ошибки
    if ($result2=='TRUE')
    {
    echo "Вы успешно зарегистрированы! Теперь вы можете зайти на сайт. <a href='index.php'>Главная страница</a>";
    }
 else {
    echo "Ошибка! Вы не зарегистрированы.";
    }
    ?>

I also want to say that is my first practice with PHP. Maybe I don't see the obvious? Sorry for my English one more please

[WpgnGaming]

dont you need to match both name and password as uppercase?, some thing like this?

$password_string = sha1(strtoupper($username) . ':' . strtoupper($sha_pass_hash))

[CiJey49]

Yeah it's working! Now new accounts from web are in uppercase letters in my db (screen). But even this solution doesn't allow login in game. The same mistake "The information you have entered is not valid".

I really want to see SQL query when I type in console 'account create acc_name acc_pass'. Maybe this SQL query send data to several table instead 'account'? If somebody has simplest variant registration page - please send me. I just want to see how it works. Thank you community! 

[WpgnGaming]

I linked one on forum not so long ago

 

[CiJey49]

Yes I saw this topic and downloaded your page but it doesn't work. Are you sure that it works? 

[WpgnGaming]

its same register script I use on http://www.daggerspine.co.uk of course my site script is edited and has a few more changes that the download script dont have but here link

http://www.psd-designs.com/files/registration.zip

[Olion]

When you manually change (rather than create anew) user credentials, namely username and sha_pass_hash, then reset also v and s fields to an empty srting (NULL is disallowed there in the TC, though Mangos allows it). You might wish also to fill some other fields in the account table entry, for example, email, joindate, and expansion.

Also, when you register a new user, you should define his/her permissions as well in the account_access table. IIRC no more information is needed to allow the user login.

[CiJey49]

12 hours ago, Olion said:

When you manually change (rather than create anew) user credentials, namely username and sha_pass_hash, then reset also v and s fields to an empty srting (NULL is disallowed there in the TC, though Mangos allows it). You might wish also to fill some other fields in the account table entry, for example, email, joindate, and expansion.

Sorry I don't understand these sentences. When I send data from WEB to DB I need clear 'v' and 's' fields?

[CiJey49]

21 hours ago, Olion said:

Also, when you register a new user, you should define his/her permissions as well in the account_access table. IIRC no more information is needed to allow the user login.

+----------------------+
| Tables_in_zero_realm |
+----------------------+
| account              |
| account_banned       |
| db_version           |
| ip_banned            |
| realmcharacters      |
| realmlist            |
| uptime               |
| warden_log           |
+----------------------+
 

My db has not 'account_access'. Is it okay?

[brotalnia]

Here is a working registration page for mangos zero.

htdocs.rar

[Olion]

21 minutes ago, CiJey49 said:

My db has not 'account_access'. Is it okay?

Sorry, too used to the TrinityCore structures. Yes, it's ok. The access level is controlled by `account`.`gmlevel` here, that has a reasonable default value (0 = user).

Just try to reset the fileds mentioned above with an update like this (for MyUsername example player):

UPDATE `account` SET `v`=NULL,`s`=NULL WHERE `username`='MyUsername';

 

[CiJey49]

4 hours ago, brotalnia said:

Here is a working registration page for mangos zero.

htdocs.rar

nah my httpd log has just broken from errors 

 

[CiJey49]

 

On 9/9/2018 at 12:23 PM, WpgnGaming said:

dont you need to match both name and password as uppercase?, some thing like this?

$password_string = sha1(strtoupper($username) . ':' . strtoupper($sha_pass_hash))

As I understood variable password must have sha1 password AND account? I see and it seems crazy for me. 

How it works from my PHP: 

1. { $sha_pass_hash = ($_POST['sha_pass_hash']); ------ we get password from user

2. $sha_pass_hash = sha1($sha_pass_hash); ------ we encrypt it 

3. $sha_pass_hash = strtoupper($sha_pass_hash); ------ we make from encrypted password UPPER ENCRYPTED PASSWORD

then we send this s*** to 'zero_realm.account' in 'password'. I tried to clear 's' and 'v' - it doesn't work anyway. Also I noticed the following field: 

failed_logins: 2

it sees that I try to connect but whyyyyy I can't 

UPD: I tried this:

$password_string = sha1(strtoupper($username) . ':' . strtoupper($sha_pass_hash))

doesn't work too. I cry.

[WpgnGaming]

can you send me your files?

[CiJey49]

Yeah. Please. I also noticed that accounts: ADMINISTRATOR / PLAYER / GAMEMASTER have encrypted password in lower case. That's why I think to make it in upper case isn't necessary. Thank you community for help!

bd.php

save_user.php

reg.php

testreg.php

index.php

[WpgnGaming]

Try this code in your save_user.php that should do trick for you , make sure to edit the database settings too .

First edit your reg.php and change password field to the following then after that copy and pate the connection code and over write yours save and test

Quote

<input name="password" type="password" size="15" maxlength="15">

<?php
    $host = "127.0.0.1";
    $username = "psddesi1_testdb";
    $password = "7YdJ+csMV4jR";
    $database = "psddesi1_test";

    try
    {
      $con = new PDO('mysql:host=' . $host . ';dbname=' . $database . ';charset=UTF8', $username, $password);
    }
      catch(PDOException $e)
      {
      die($e->getMessage());
    }

    global $con;

    if (!empty($_POST['username']) && !empty($_POST['password']))

        $username   = $_POST['username'];
        $password   = $_POST['password'];

        function ValidateUsername($username)
            {
                if(strlen($username) <= 32)
                {
                    if(ctype_alnum($username))
                    {
                        return true;
                    }
                    else
                    {
                        return false;
                    }
                }
            return false;
        }

        if (ValidateUsername($username))
        {
            $data = $con->prepare('SELECT COUNT(*) FROM account WHERE username = :username');
            $data->execute(array(':username' => $username)
        );

        if ($data->fetchColumn() == 0)
        {
       
          $data = $con->prepare('INSERT INTO account (username, sha_pass_hash)  VALUES(:username, :password)');
          $data->execute(array(
            ':username'  => $username,
            ':password'  => sha1(strtoupper($username) . ':' . strtoupper($password))
          ));
          echo '<p>YOU HAVE MADE A ACCCOUNT.</p>';

          } else {
           echo '<p>Account Name is already taken.</p>'; 
        }
      } else {
     echo '<p>All fields are required.</p>';
   }
?>

 

[CiJey49]

OMG IT IS WORKING! Thank you man!