Jump to content
CiJey49

Registration Page

Recommended Posts

I have already installed MaNGOS server and play with my friend (set realmlist mesa.su - welcome community!) No? Ahh yeah you don't have the accounts. It's a problem. I was finding the sites with registration page but what I found didn't work. I decided to write own registration page. Registration works but when I try to login in client it doesn't connect: "The information you have entered is not valid".

!!! I THINK !!! this problem is the following: when I register an account from command line (MaNGOS) the recording looks like: 

username: TEST10
sha_pass_hash: 6319FD24CC984CD757EB93071EF2FF29017A4FF6
gmlevel: 0
sessionkey: 4DFF03B9E571EF76D6A21227A9672C923C87C0B0A132F2664F45372B293A0FA46A49ED41AC9FB5F9
v: 0B655652B5CBEE044CB63817DD60EDE208198130C50702E58CF84547E8F9C9AB
s: A948FF9F8C80AB2E364D21DFC1182CE31631CDE7178B298D71E94096784DE559
email: NULL
last_ip: 192.168.1.177

BUT when some user register his account from web his recording looks like:

username: test11
sha_pass_hash: 770543c1f51f7870cc35d30dc40d4fbab3aafec3
gmlevel: 0
sessionkey: NULL
v: 6ACFDF814BBF30704B7D3B63DDCD93DC9C9CBB56D465EA16393178149C29E442
s: F2F582E6F1833D1EC6DFFD1711A63C69BA2B9F268BF46F59A63D748B6DAD6671

As you can see account 'TEST10' has 'username' and 'sha_pass_hash' in uppercase letters. 'test11' (reg from web) has the same columns in lower case. I also tried to create account from MySQL: INSERT INTO account (username,sha_pass_hash) VALUES('a1','a1'); - doesn't work because the column sha_pass_hash is not hashed. I also tried to find what happen in db where I write 'account create name password' from console I thought it can be useful but I found nothing.

<?php
    if (isset($_POST['username'])) { $username = $_POST['username']; if ($username == '') { unset($username);} } //заносим введенный пользователем логин в переменную $login, если он пустой, то уничтожаем переменную
    if (isset($_POST['sha_pass_hash'])) { $sha_pass_hash=($_POST['sha_pass_hash']); 
    if ($sha_pass_hash =='') { unset($sha_pass_hash);} }
    //заносим введенный пользователем пароль в переменную $password, если он пустой, то уничтожаем переменную
 if (empty($username) or empty($sha_pass_hash)) //если пользователь не ввел логин или пароль, то выдаем ошибку и останавливаем скрипт
    {
    exit ("Вы ввели не всю информацию, вернитесь назад и заполните все поля!");
    }
    //если логин и пароль введены, то обрабатываем их, чтобы теги и скрипты не работали, мало ли что люди могут ввести
    $username = stripslashes($username);
    $username = htmlspecialchars($username);
    $sha_pass_hash = stripslashes($sha_pass_hash);
    $sha_pass_hash = htmlspecialchars($sha_pass_hash);
 //удаляем лишние пробелы
    $username = trim($username);
    $sha_pass_hash = trim($sha_pass_hash);
 // подключаемся к базе
    include ("bd.php");// файл bd.php должен быть в той же папке, что и все остальные, если это не так, то просто измените путь 
 // проверка на существование пользователя с таким же логином
    $result = mysql_query("SELECT id FROM account WHERE username='$username'",$db);
    $myrow = mysql_fetch_array($result);
    if (!empty($myrow['id'])) {
    exit ("Извините, введённый вами логин уже зарегистрирован. Введите другой логин.");
    }
 // если такого нет, то сохраняем данные
    $result2 = mysql_query ("INSERT INTO account (username,sha_pass_hash) VALUES('$username',sha1('$sha_pass_hash'))");
    // Проверяем, есть ли ошибки
    if ($result2=='TRUE')
    {
    echo "Вы успешно зарегистрированы! Теперь вы можете зайти на сайт. <a href='index.php'>Главная страница</a>";
    }
 else {
    echo "Ошибка! Вы не зарегистрированы.";
    }
    ?>

I also want to say that is my first practice with PHP. Maybe I don't see the obvious? Sorry for my English one more please -_-

Edited by CiJey49

Share this post


Link to post
Share on other sites

dont you need to match both name and password as uppercase?, some thing like this?

$password_string = sha1(strtoupper($username) . ':' . strtoupper($sha_pass_hash))
  • Like 2

Share this post


Link to post
Share on other sites

Yeah it's working! Now new accounts from web are in uppercase letters in my db (screen). But even this solution doesn't allow login in game. The same mistake "The information you have entered is not valid".

I really want to see SQL query when I type in console 'account create acc_name acc_pass'. Maybe this SQL query send data to several table instead 'account'? If somebody has simplest variant registration page - please send me. I just want to see how it works. Thank you community! 

Снимок экрана от 2018-09-09 21-00-28.png

Share this post


Link to post
Share on other sites

When you manually change (rather than create anew) user credentials, namely username and sha_pass_hash, then reset also v and s fields to an empty srting (NULL is disallowed there in the TC, though Mangos allows it). You might wish also to fill some other fields in the account table entry, for example, email, joindate, and expansion.

Also, when you register a new user, you should define his/her permissions as well in the account_access table. IIRC no more information is needed to allow the user login.

Share this post


Link to post
Share on other sites
12 hours ago, Olion said:

When you manually change (rather than create anew) user credentials, namely username and sha_pass_hash, then reset also v and s fields to an empty srting (NULL is disallowed there in the TC, though Mangos allows it). You might wish also to fill some other fields in the account table entry, for example, email, joindate, and expansion.

Sorry I don't understand these sentences. When I send data from WEB to DB I need clear 'v' and 's' fields?

Share this post


Link to post
Share on other sites
21 hours ago, Olion said:

Also, when you register a new user, you should define his/her permissions as well in the account_access table. IIRC no more information is needed to allow the user login.

+----------------------+
| Tables_in_zero_realm |
+----------------------+
| account              |
| account_banned       |
| db_version           |
| ip_banned            |
| realmcharacters      |
| realmlist            |
| uptime               |
| warden_log           |
+----------------------+
 

My db has not 'account_access'. Is it okay?

Share this post


Link to post
Share on other sites
21 minutes ago, CiJey49 said:

My db has not 'account_access'. Is it okay?

Sorry, too used to the TrinityCore structures. Yes, it's ok. The access level is controlled by `account`.`gmlevel` here, that has a reasonable default value (0 = user).

Just try to reset the fileds mentioned above with an update like this (for MyUsername example player):

UPDATE `account` SET `v`=NULL,`s`=NULL WHERE `username`='MyUsername';

 

Share this post


Link to post
Share on other sites

 

On 9/9/2018 at 12:23 PM, WpgnGaming said:

dont you need to match both name and password as uppercase?, some thing like this?

$password_string = sha1(strtoupper($username) . ':' . strtoupper($sha_pass_hash))

As I understood variable password must have sha1 password AND account? I see and it seems crazy for me. 

How it works from my PHP: 

1. { $sha_pass_hash = ($_POST['sha_pass_hash']); ------ we get password from user

2. $sha_pass_hash = sha1($sha_pass_hash); ------ we encrypt it 

3. $sha_pass_hash = strtoupper($sha_pass_hash); ------ we make from encrypted password UPPER ENCRYPTED PASSWORD

then we send this s*** to 'zero_realm.account' in 'password'. I tried to clear 's' and 'v' - it doesn't work anyway. Also I noticed the following field: 

failed_logins: 2

it sees that I try to connect but whyyyyy I can't 

UPD: I tried this:

$password_string = sha1(strtoupper($username) . ':' . strtoupper($sha_pass_hash))

doesn't work too. I cry.

Edited by CiJey49

Share this post


Link to post
Share on other sites

Try this code in your save_user.php that should do trick for you :), make sure to edit the database settings too .

First edit your reg.php and change password field to the following then after that copy and pate the connection code and over write yours save and test :)

Quote

<input name="password" type="password" size="15" maxlength="15">

<?php
    $host = "127.0.0.1";
    $username = "psddesi1_testdb";
    $password = "7YdJ+csMV4jR";
    $database = "psddesi1_test";

    try
    {
      $con = new PDO('mysql:host=' . $host . ';dbname=' . $database . ';charset=UTF8', $username, $password);
    }
      catch(PDOException $e)
      {
      die($e->getMessage());
    }

    global $con;

    if (!empty($_POST['username']) && !empty($_POST['password']))

        $username   = $_POST['username'];
        $password   = $_POST['password'];

        function ValidateUsername($username)
            {
                if(strlen($username) <= 32)
                {
                    if(ctype_alnum($username))
                    {
                        return true;
                    }
                    else
                    {
                        return false;
                    }
                }
            return false;
        }

        if (ValidateUsername($username))
        {
            $data = $con->prepare('SELECT COUNT(*) FROM account WHERE username = :username');
            $data->execute(array(':username' => $username)
        );

        if ($data->fetchColumn() == 0)
        {
       
          $data = $con->prepare('INSERT INTO account (username, sha_pass_hash)  VALUES(:username, :password)');
          $data->execute(array(
            ':username'  => $username,
            ':password'  => sha1(strtoupper($username) . ':' . strtoupper($password))
          ));
          echo '<p>YOU HAVE MADE A ACCCOUNT.</p>';

          } else {
           echo '<p>Account Name is already taken.</p>'; 
        }
      } else {
     echo '<p>All fields are required.</p>';
   }
?>

 

Edited by WpgnGaming

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use