Aurum - My homemade Vanilla 1.12.1 account management website

Results 1 to 2 of 2
  1. #1
    Member KimChoJapFan is offline
    MemberRank
    Aug 2015 Join Date
    32Posts

    Aurum - My homemade Vanilla 1.12.1 account management website

    Target Version of World of Warcraft: Vanilla 1.12.1 released on September 9, 2006.

    Target Private Server Package: AlterWoW's Blizzlike Repack

    Website Functionality: Basic

    Website Purpose: To act as a temporary solution for small server hosts that are in need of a working site that is basic and easy to maintain.



    Screenshots:

    Main Folder Layout


    Aurum Homepage with no MySQL Connection


    Aurum Login Page


    Aurum Registration Page


    Aurum Homepage with MySQL Connection


    Aurum User Page


    Aurum Character Stat Page




    VirusTotal Scan Results: Scan of Aurum Webpage

    Aurum Webpage Download: aurum_webpage.zip (Mediafire Link)



    This webpage is not protected by any copyrights nor will I impede upon anyone for the use of this website for commercial or non-commercial purposes. You have full permission to distribute, modify, parody, and operate the contents of this webpage to your will.

    Thank You!

    - KimChoJapFan
    Last edited by KimChoJapFan; 11-11-15 at 10:11 AM. Reason: I performed another VirusTotal scan of the zipped archive.


  2. #2
    Member KimChoJapFan is offline
    MemberRank
    Aug 2015 Join Date
    32Posts

    Re: Aurum - My homemade Vanilla 1.12.1 account management website

    Of course I'm bumping a dead thread when I make this response; however, I feel that this needs to be addressed:

    Here's a list of problems with this site I made a year ago:

    1. It uses MySQL which is depreciated for security flaws
    2. It doesn't prepare statements so anyone with knowledge of sending an SQL injection can gather database information
    3. It has a bunch of unnecessary PHP code because I didn't know nearly as much about PHP then as I do now.



    Even though I can't change the hashing method used by the old databases, I can certainly prevent a lot of those issues listed above by switching MySQL to PDO, preparing statements to prevent SQL injections, and optimizing the code.

    I'll be uploading a new version of this after I've made some extended tests on a remote system.



Advertisement