Most visitors online was 8830 , on 6 Feb 2024
[Help] How to open password for login
- Thread starter xsoftz
- Start date
- Joined
- Oct 16, 2004
- Messages
- 895
- Reaction score
- 96
The files doesn't support it afaik.
You need some tricks to enable passwords like, logging into website which requires both user/pass as authentication and launch the game there.
You need some tricks to enable passwords like, logging into website which requires both user/pass as authentication and launch the game there.
- Joined
- May 19, 2007
- Messages
- 440
- Reaction score
- 78
This game contains a "Weblauncher" ?
- Joined
- Mar 11, 2007
- Messages
- 903
- Reaction score
- 1,250
no it doesn't, you need to design and code it all yourself, and what master_unknown said hit the nail on the head, these files support 0 password authentication, so you have to figure out another way of doing it
- Joined
- May 12, 2007
- Messages
- 345
- Reaction score
- 20
This feature not
---------- Post added at 10:23 AM ---------- Previous post was at 10:21 AM ----------
chinese people should be
---------- Post added at 10:25 AM ---------- Previous post was at 10:23 AM ----------
but......chinese people should be
:grr::grr::grr:
---------- Post added at 10:23 AM ---------- Previous post was at 10:21 AM ----------
chinese people should be
---------- Post added at 10:25 AM ---------- Previous post was at 10:23 AM ----------
but......chinese people should be
:grr::grr::grr:
- Joined
- Oct 16, 2004
- Messages
- 895
- Reaction score
- 96
CMB's reply is correct. It doesn't contain weblauncher NOR ability to check if your account has password.
Refer to this simple demo I did, to login into my friend's RaiderZ server.
You must be registered to see links
In this demo, I used my clan forum as my way to authenticate the user if it has privilege to run the game.
As you can see, first it checks the user "Vital" if its registered into my forum.
Second check is that the launcher tries to check the "Usergroup" of Vital. If Vital's usergroup is equal to being VIP then Vital can use the launcher & run the game. If Vital is NOT VIP then you get an error that will state Access Denied.
This simple authentication method is NOT secure. IF one or more player knows your 'AccountID' then you are screwed.
You can however make a website that has a simple registration script that will insert the userID into RZ_Account database.
And a website where a player can LOGIN (but this website/page is hidden, you only use this from your launcher).
I havent tried logging into the game using Wordpress, joomla or drupal but I was able to login in game using 'vBulletin' & 'myBB' as my authentication example.
Edit:
As an example, read this article.
You must be registered to see links
Last edited:
- Joined
- Aug 6, 2009
- Messages
- 2,132
- Reaction score
- 429
Here is idea.
Make a launcher that makes a login request to "http://myraiderz.com/ajax/login.php" with username and password.
"login.php" script on server side will check the username and password either from forum, wordpress or whatever you have there. If those match, "login.php" will run a query to raiderz database to change login for user with ID 'X' to session id or something like that.
Now again if login is successfull, "login.php" should send session id (or whatever you changed username to) back to launcher.
From there launcher can start game with "raiderz.exe login [sessionid or whatever]"
A bit more secure but still few flaws.
Make a launcher that makes a login request to "http://myraiderz.com/ajax/login.php" with username and password.
"login.php" script on server side will check the username and password either from forum, wordpress or whatever you have there. If those match, "login.php" will run a query to raiderz database to change login for user with ID 'X' to session id or something like that.
Now again if login is successfull, "login.php" should send session id (or whatever you changed username to) back to launcher.
From there launcher can start game with "raiderz.exe login [sessionid or whatever]"
A bit more secure but still few flaws.
- Joined
- Mar 11, 2007
- Messages
- 903
- Reaction score
- 1,250
That is interesting, but characters are tied to an accountID, so what would you do? delete the account after a set period of time? but if you do that and try to reinsert it, you would have to store the old account ID, but then what if that gets taken by some mistake? what will happen then?
RaiderZ does not use any sort of session tracking inside the DB, all it does is check if the account name is the same as the one you feed it. These files are obviously not meant for public use, since they were built for E3. Once again, if you change their ID, then how will they access their character list, since it is tied to their account id? Unless you are talking about using changing their account name, making it random. Then that would require the use of a website to launch the game 100%, and you couldn't use a launcher, you would have to launch the game directly with the needed paramaters.
- Joined
- Aug 6, 2009
- Messages
- 2,132
- Reaction score
- 429
Yes. Correct.
Client takes login "raiderz.exe login [login here]"
And server checks that login from database RZ_ACCOUNTDB table RZ_ACCOUNT field USER_ID.
So whatever we put in client is validated on server with field USER_ID.
No one said that USER_ID has to be login, so for the sake of it we can make storage sessionid or something.
Characters will be fine because they are bonded with ACCN_ID.
It's hard to explain when you have the concept in the head, so I'll show an example maybe this saturday or friday.
- Joined
- Mar 11, 2007
- Messages
- 903
- Reaction score
- 1,250
- Joined
- Oct 16, 2004
- Messages
- 895
- Reaction score
- 96
@cmb
That's why I said: This simple authentication method is NOT secure. IF one or more player knows your 'AccountID' then you are screwed.
xD
That's why I said: This simple authentication method is NOT secure. IF one or more player knows your 'AccountID' then you are screwed.
xD
- Joined
- Mar 11, 2007
- Messages
- 903
- Reaction score
- 1,250
yea
i guess i didn't quite read what you said too well, or forgot some stuff when i was writing my reply. The only method that I think would work well, is by using random strings for account name, so nobody can guess it- Joined
- Oct 16, 2004
- Messages
- 895
- Reaction score
- 96
problem with random string is that, the user will be able to remember it?
- Joined
- Mar 11, 2007
- Messages
- 903
- Reaction score
- 1,250
yea, so what solution could there be?
- Joined
- Oct 16, 2004
- Messages
- 895
- Reaction score
- 96
In the RZ_Account db, theres a column for password.
Would it be possible to store & retrieve our user/pass from that DB?
If yes, we can somehow write a "Register" script.
Then we can "write a hidden for player" Login script.
Only the registration is visible and login is hidden so, our launcher is the only one able to 'login' into our login script.
The concept is simple.
User register to register.php
register.php saves user & password into rz_account db.
User uses Raiderz Launcher.exe
Raiderz Launcher.exe logins into login.php
login.php checks user & password if match.
Raiderz Launcher.exe checks if login.php accepts the user/password that was inputed.
IF YES:
Raiderz Launcher : Start Button appears.
Would it be possible to store & retrieve our user/pass from that DB?
If yes, we can somehow write a "Register" script.
Then we can "write a hidden for player" Login script.
Only the registration is visible and login is hidden so, our launcher is the only one able to 'login' into our login script.
The concept is simple.
User register to register.php
register.php saves user & password into rz_account db.
User uses Raiderz Launcher.exe
Raiderz Launcher.exe logins into login.php
login.php checks user & password if match.
Raiderz Launcher.exe checks if login.php accepts the user/password that was inputed.
IF YES:
Raiderz Launcher : Start Button appears.
- Joined
- Feb 4, 2010
- Messages
- 2,204
- Reaction score
- 1,012
Pretty similar to how I did it, I had someone doing it but they went herpin or something so I finished it.
I have a website that you log into with your account/password and then for like 45 seconds it sets a flag in the database (auth) to 1. So then that account is able to be accessed by the Launcher for 45 seconds. It's not the most secure since if you knew exactly when someone was logging on you could highjack it I guess, but it's the easiest I could think of for now.
Anyway, if the auth is 0 it just doesnt go through with the logging in procedure.
- Joined
- Aug 15, 2006
- Messages
- 322
- Reaction score
- 69
Has anyone mannaged to download the korean beta client ?
>raiderz_full_2010081113.exe<
I would like to get a copy of the launcher, or maybe better upload the installer to a filehost.
>raiderz_full_2010081113.exe<
I would like to get a copy of the launcher, or maybe better upload the installer to a filehost.
- Joined
- Aug 6, 2009
- Messages
- 2,132
- Reaction score
- 429
Maybe someone with better knowledge in reverse engineering can check if client can take any additional parameters
- Joined
- Mar 11, 2007
- Messages
- 903
- Reaction score
- 1,250
It doesn't, and the loginserver doesn't use the pwd field at all, all it does is check if the username you feed it, matches one in the account table. All of these ideas are fine, but one can still bypass them all, All I need is the account name, and boom I have access to your account.
Here is the parameters the client accepts
cmd userid ip worldname
that is it
Now we are left with a predicament, how to solve this problem.
Here is the parameters the client accepts
cmd userid ip worldname
that is it
Now we are left with a predicament, how to solve this problem.
- Joined
- Oct 16, 2004
- Messages
- 895
- Reaction score
- 96
skip_world_check or was it SKIP_SELECT_WORLD also skips the server selection
RaGEZONE Sponsor
