Jump to content

antiroot

Members
  • Posts

    302
  • Joined

  • Last visited

    Never
  • Donations

    0.00 GBP 

Everything posted by antiroot

  1. thanks, yeah apparently it is just because i'm using a non standard client. Well at least i know it's just me and not the server now
  2. Can we have all the IRC rules posted on the forums, according to the post by Artimis, I should see the rules and a MOTD but i do not. Some IRCs support a rules command, mangos irc appears to not have such a command (i know it's not a standard command, but i tried). the motd command also doesn't do anything, not sure if that one is the server or my client though
  3. I agree most of the wiki content should be with the master, but for example wotlk realmd database has gmlevel in the account table, where as mangos-three (now master) has an account_access table instead. so posting the DB structure of mangos-wotlk would not make sense on the master wiki. at any rate good luck to all who will be contributing to the wiki, i'll do my best to help out with that as well Edit: of course what would make the most sense is to have all the cores using near identical structures, but i understand somethings that aren't used by old cores would be pointless to back port such as new power types in the characters tables and other things of that nature
  4. lol well i meant if you find that it is usable and produces something usable, it's still early where i'm at so the caffeine has not yet kicked in so my thought-to-keyboard ability is a bit slow right now. I am curious though will all of the repos have their own wikis, or just the master repo/github user, but that's a question that's a bit off topic for this thread
  5. Interesting find LilleCarl, I'm curious how well an automated tool would be able to do it. I'll probably contribute some installation guides if i can find the time, i'll probably just do it by hand myself. If you do find a good automated tool and you add to the wiki post the links of the mediawiki and github wiki pages so we can see how well it converts
  6. I'm not saying we should be in a hurry, in fact i believe we should take our time with it. I was only curious if this is a new global scheme and that all expansions will eventually be their own repos, meaning work on expansion specific cores will not take place in the repo of other expansions (with exception of back/forward ports of course) I also agree with the suggestion of standardizing the case and naming of the repo names, although when you pull a scriptdev repo its patch file expects the directory to be ScriptDev2 not scriptdev2 so maybe that should be taken into consideration as well
  7. should we expect a mangos-four (MoP) as well, or will that remain in the master repo until that expansion is actually released?
  8. as long as you don't send any content before sending the Location header it seems like it should work.. however i'd probably just do a single error page that handle all the error situations, missing email/username/password. another option is to use an include or require instead of redirecting their browser with a location header
  9. "'2'," . would suffice, however the single quotes aren't required either so just simply "2," . would work as well, my personal preference is to quote any value that is not a function/routine call (for example NOW() ) whatever method you prefer to generate the query, your end goal is to have something similar to the following for what your query should be when passed to mysql or echoed to the screen INSERT INTO account(username,sha_pass_hash,email,expansion,joindate) VALUES ('ANTIROOT','B4831A22B8ABFE73939B9E5C6BEF9F4D2F299C59','[email protected]','2',NOW());
  10. looks like there is an extra comma character either remove the one after intval(2) "'" . intval(2) . "'," . or the one before NOW() ",NOW()" . one thing i do when debugging is echo the query so i can see what is being passed to mysql after all the php variables are filled and everything is parsed Edit: in fact that extra comma looks like it was my fault because i have that in my example (which i'll be editing so it will be correct) one more edit: You don't actually need intval(2), since your 2 is static and an int to begin with
  11. in my examples i used intval($_POST['exp']), you can name it anything you want, so that the user could choose which expansion they wanted, I seem to remember having a case where one of my users had their client updated to the supported version yet they did not have all of the wotlk expansion content. one thing you could do is setup your code so that it will use a POST variable for the expansion if specified or default to something $expansion = (isset($_POST['expansion']) && $_POST['expansion'] >= 0 && $_POST['expansion'] <= 2 ? $_POST['expansion'] : 2); then in your query you would just use the $expansion variable (or just use that whole line in your query and not use the extra variable declaration) but if you just want to force expansion 2 no matter what then using what you had before would be fine Edit: the above does 3 checks, one to see if the variable POST['expansion'] exists, one to see if it's greater than or equal to 0, and the third check makes sure the value is less than or equal to 2. by using the && operators if any of the 3 checks fail the default value of 2 is used, if all three checks pass than the user specified POST['expansion'] is used. If you are un familiar with that syntax, it is called a ternary operator basically it's the equivalent to an if statement that returns 2 values depending on the conditions Another Edit: slightly off topic from your questions, but in case you have not done so yet make sure you check if the username is available before attempting to create the new account. You don't want to end up with accounts using the same name
  12. When you create an account using the console commands in mangos it stores everything in uppercase. My use of strtoupper is mainly to be consistent, but also in case that the table were to be case sensitive the lowercase strings could cause issues since mangos pulls compares the user input straight in the DB for logging in. the case sensitive issue means with case-insensitive antiroot==ANTIROOT is true with case-sensitive antiroot==ANTIROOT is false why this matters is that when mangos does something like 'SELECT * FROM account WHERE username="ANTIROOT"' that query would fail if my username was entered as 'antiroot' (again this only matters on a case-sensitive table)
  13. $sql="INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('".mysql_real_escape_string($_POST['username'])."','".sha1(strtoupper($_POST['username'] . ":" . $_POST['sha_pass_hash']))."','".mysql_real_escape_string($_POST['email'])."','2')"; the code sha1(strtoupper($_POST['username'] . ":" . $_POST['sha_pass_hash'])) and '2' don't need to be escaped, since the 2 is not user input and static, and the hash won't include any breaking characters also note that your POST variable $_POST['sha_pass_hash'] should be just the plain clear text hash since the sha1() function call is performing the hash Edit: You can escape the hash if you wish, just make sure you do not escape the data your passing to the sha1 function as that would break your hash Here is a snippit of some code i use so you have something to compare to (i'll provide 2 examples one with sprintf and one with the format your using) With sprintf (i like using single quotes) $query = sprintf('INSERT INTO account(username,sha_pass_hash,email,expansion,joindate) VALUES(\\'%s\\',\\'%s\\',\\'%s\\',\\'%s\\',NOW());', mysql_real_escape_string(strtoupper($_POST['name'])), strtoupper(sha1(strtoupper($_POST['name'].":".$_POST['password']))), mysql_real_escape_string(strtoupper($_POST['email'])), intval($_POST['exp'])); Matching your format (a few tweaks so the extra white space isn't added to the query) $query = "INSERT INTO account(username,sha_pass_hash,email,expansion,joindate) VALUES(" . "'" . mysql_real_escape_string(strtoupper($_POST['name'])) . "'," . "'" . strtoupper(sha1(strtoupper($_POST['name'].":".$_POST['password']))) . "'," . "'" . mysql_real_escape_string(strtoupper($_POST['email'])) . "'," . "'" . intval($_POST['exp']) . "'," . "NOW()" . ");";
  14. Oh i'm sorry, you are correct you do still need quoting around the values, i mistakenly left them out. When i read your query for some reason i was reading it as if you were using the sprintf function. but yes you should do $sql="INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('".$_POST['username']."','".sha1(strtoupper($_POST['username'] . ":" . $_POST['password']))."','".$_POST['email']."','2')";
  15. ('$_POST[username]','$_POST[sha_pass_hash]','$_POST[email]','2')"; with that your are single/literal quoting your variables, and you are not quoting your array index names, it will work without but will throw a warning and cause issues if you have constants with the same name, I would do it as ($_POST['username'],$_POST['sha_pass_hash'],$_POST['email'],'2'); Note: that is just a snippit of that code, your entire query ($sql) variable needs a little adjusting what does your code look like that is causing the error?
  16. you can change your line $sql="INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('$_POST[username]','$_POST[sha_pass_hash]','$_POST[email]','2')"; to $sql="INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('$_POST[username]',sha1(strtoupper($_POST['username'] . ":" . $_POST['password'])),'$_POST[email]','2')"; of course make sure to fix your quoting and add some string escaping before actually implementing any of this Edit: and no worries about the questions, most of the people in this community began in the exact same spot with limited to no knowledge. The whole reason the community exists is to collaborate and learn together
  17. darn Zevran posted seconds before me. however make sure you convert the username and password to upper case before hashing $sha_pass_hash = sha1(strtoupper($_POST['username'] . ":" . $_POST['password'])); See ./game/AccountMgr.cpp std::string AccountMgr::CalculateShaPassHash for reference Edit: Also, php returns the hash in lowercase, you can convert it to upper case as well so it's consistent with how mangos stores the hashes in the database when it creates them (the lower case could be an issue if your account table is *not* using a case-insensitive character set, but i believe by default all tables are case-insensitive)
  18. well if one computer is connecting and the other is not, it does sound like you have everything configured right to me. Are both client computers running the same version of the client, 12340 in the case of mangos master and to clarify have you configured both client computers to connect to the correct server either by altering realmlist.wtf, your systems host file, or your own (private) dns records
  19. That's an interesting idea, however I think moving the configs to the DB won't resolve any conflicts such as if the config options/names change (I suppose an sql script could rename options as needed) but if an option is split into 2 separate options it won't be any benefit if it's in the DB, not saying the conf file isn't susceptible to this either though. Currently the way I maintain my configs is with a simple script that uses sed to replace specific options to the value I want regardless of what they are/were. The benefit to using a script like this is say if a new option is added i don't have to manually add that option to my existing conf, i just copy the base conf from the repo and run my script, occasionally i do have to add new sed rules to my script to account for new options The nice thing about the conf files is that, if i'm not mistaken, there are a few options that can't be reloaded while the server is running and with a DB based config you'd have to start the server change the configs and then completely restart it again
  20. Good to know, did you discover that on your own or did you find a note about it somewhere in the forums or the wiki? If that is 100% what caused the issue, maybe something about that could be added to wiki
  21. To go into detail about the issue with banning IPs, and I think i mentioned this in another forum, are users within a large NAT network with a single WAN IP (school campus networks for example) or users that connect via their ISPs proxy (this is very common for AOL users) Another idea that i've seen used a few times. during registration (on the site i saw this is was during login) display 4 images in random order with numbers 1,2,3, and 4 next to them, 3 of the images would be objects like a Gear, a Bird, a Bicycle and the 4th object would be a Mango, then the user has to answer which number is the Mango.. this doesn't eliminate spam completely since there's still a 25% chance they can guess it, but at least they can't use OCR or whatever text based means they're using to break captchas
  22. Oh soo sorry stinkyfax, I reported your post by mistake, i deeply apologize to you and the moderator that will have to deal with my mistake... This has been discussed several times, especially as of recently. The Luda has explained some issues with improving security (not that I believe he is against it any way, just a daunting task) Most of the spam I see comes from individual accounts that are created and used only once (maybe they get banned quickly?) I would recommend making new accounts as a Pending user group that must post a minimum number of posts in a special thread, that way the spam that does happen can be centralized in one area and prevent them from getting to other threads. Legitimate users would just have to post something coherent that's obviously not spam and then they would be allowed to post to the rest of the forums. The reason for suggesting this way is that it wouldn't require any new plugins/modules to the forums software. Then a new moderator could be assigned to this "spam catcher" thread and ban spammers and occasionally purge the thread Edit: Just have to say I was not trying to be an ironic ass by reporting you, I just simply wasn't paying close enough attention when I thought I clicked reply, again sorry about that we really do need more people like you that care about the community and don't want it being overrun by people claiming to sell "cheap watches" or "enhancement products", I had just finished reporting some spam and i think i was still in "Report mode"
  23. I know you said you solved it, but you did actually start the realm server right? I know really silly question but i just had a friend ask why his changes to his apache setup weren't taking place and when i asked if he had restarted the service it was one of those obvious *facepalm* moments as he put it
  24. I'm pretty sure the hashing hasn't changed, src/game/AccountMgr.cpp starting at line 232 std::string AccountMgr::CalculateShaPassHash(std::string& name, std::string& password) { Sha1Hash sha; sha.Initialize(); sha.UpdateData(name); sha.UpdateData(":"); sha.UpdateData(password); sha.Finalize(); std::string encoded; hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded); return encoded; } (sorry code tag wasn't breaking on new lines properly) I have implemented a PHP registration on my server $query = sprintf('INSERT INTO account (username,sha_pass_hash,joindate) VALUES(\\'%s\\',\\'%s\\',NOW());',strtoupper($account['name']),strtoupper(sha1(strtoupper($account['name'].":".$account['password'])))); (I removed some fields form my example because they are not important ie email,expansion,IP,etc) Note: I use strtoupper twice because php returns the hash in lower case and i wanted it consistent with the records/hashes that mangos generates which are in uppercase Line 51 from src/game/AccountMgr.cpp shows LoginDatabase.PExecute("INSERT INTO account(username,sha_pass_hash,joindate) VALUES('%s','%s',NOW())", username.c_str(), CalculateShaPas sHash(username, password).c_str()) So both queries function the same and something like that should work fine on 11775, just make sure to sanitize your user input variables so you're not susceptible to sql injection (probably not likely for a private server, but still best practice) Also what language are you using to create your registration? it could be something silly like the uppercase function your using actually only uppercases the first character and not the whole string Edit: another thought is that the sha function your using returns the raw 20 character binary hash and not a 40 character hex hash (php by default does hex, C++ returns binary but is converted to hex by hexEncodeByteArray)
  25. thanks fr1nge, I only noticed the fall damage bug once, may have been a fluke and I might have actually fallen near a campfire (fire trap).. i'll test the fall damage a bit more tonight to see if it happens every time But this bug does occur 100% of the time when you walk near a fire/environment trap
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use