Jump to content

WordPress and Registration Solution

Dallas

By Dallas
in Community Projects

 Share

Recommended Posts

Dallas Member

Dallas

Posted
Posted

The main complaint that no one shares... I'll share. WORDPRESS INSTALL. Now you can run a CMS that isn't homemade and you get the benefits of automatic updates, security, etc.

Okay. Gravity Forms with GravityWP addon works and semi-secures your registration. (I wish the devs would bring the SHA1 to a better standard. This is the main reason for exposed Mangos servers)

Expensive, but viable.

Plugin: https://gravitywp.com/add-on/entry-to-database/

Use FREE codesnippets WordPress plugin (NO NEED FOR PRO VERSION) to have easy PHP entry OR put in your WordPress functions.php: 

// Target a specific form (e.g., Form ID 5) Edit gform_pre_submission_* with your form number
add_action( 'gform_pre_submission_1', 'encrypt_password_on_submit' );

/**
 * Encrypts the password field with SHA1 before submission.
 *
 * @param array $form The form object.
 */
function encrypt_password_on_submit( $form ) {
    // Replace '1' with your username field ID and '2' with your password field ID.
    // Replace '3' with the ID of the hidden field where you want to store the SHA1 hash.
    $username_field_id = 11;
    $password_field_id = 13;
    $sha1_output_field_id = 8;

    // Check if the required fields exist and have values.
    if ( isset( $_POST['input_' . $username_field_id] ) && isset( $_POST['input_' . $password_field_id] ) ) {
        $username = $_POST['input_' . $username_field_id];
        $password = $_POST['input_' . $password_field_id];

        // Perform the SHA1 encryption as specified.
        $sha1_value = sha1( strtoupper( $username ) . ':' . strtoupper( $password ) );

        // Update the value of the hidden field with the new SHA1 hash.
        $_POST['input_' . $sha1_output_field_id] = $sha1_value;
    }
}

The comments tell you what to edit.

Build a form and follow the GravityWP instructions to map. (Ideally local machine to local machine)

Create a local machine log in in MariaDB or MySQL to let the internal processes authorize.

Harden all your installs with SSL etc.. fail2ban..UFW..etc.. follow best practices.

Create a form in Gravity and add a hidden field (admin only) to store the SHA1 after conversion.

Turn on Gravity Forms ReCaptcha or Honeypot.

Password field point mappimng to hidden field with SHA1

Style your form

Done.

 

Any questions I will try to answer. This is not the end all solution, but it is more secure than exposed MySQL php config files.

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use