Project Poine

[crazyboy-212]

spixx when you share it with us and which topic ?
thanks for everything

 

[alq0rsan]

i write
user : Friend
password : Mellon
fail anyone got lucky?

 

[spixx]

It should work
Capital first letters:
Username: Friend
Password: Mellon

 

[alq0rsan]

wow i try it in first time it was error xD now it work hahaha

 

[crazyboy-212]

it's looks like you have db error too, like me

 

[alq0rsan]

when i registry it say
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.pazlo/spixx/testing.b-landia.net/engine/database/db_MYSQL.php on line 36

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.pazlo/spixx/testing.b-landia.net/engine/database/db_MYSQL.php on line 36


can u give us test user

---------- Post added at 07:57 PM ---------- Previous post was at 07:56 PM ----------

i dont have any db error << used new way in install

 

[spixx]

Yes that error is because I cannot find any old DB and my host does not allow the scripts to run long enough to get the Wdata into the database this is a old error that comes because of the fact that there is no world data to input the user into if I'm not mistaken it will work soon

 

[crazyboy-212]

last shared script by akokari new_travian_script's files looks ok, but it isn't connect db like yours, i couldnt understand, why gmbh make us so working give us files we dont want to try anymore

 

[StoNelHa]

TESTING!?!
Oh MY GaWD do we have a working source?!? Well yes we have this is the latest working build of Poine.

Like with the SVN some amount of work is needed since you have to guess the password. To help you on the way I have two hints; Watch the first movie in LOTR (the fellowship) the second hint is that the username is Friend...

"Speak friend and enter"

Forbidden

You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. :blink:

 

[ruio]

Whey stop akakori your project whey

 

[spixx]

http://code.google.com/p/poin3 for everyone that knows how SVN works...

 

[spixx]

Last post here for a while, since you now have all info I will go underground and hide from all the current and future noobs asking why a include does not work... There was a reason for Akakoris drop from this project do not force more of us away it will take the time it takes. If you really feel the need to play travian try www.travian.com I heard it WORKS!

// regards Spixx (cya in 2 months)

 

[StoNelHa]

May fooling us something from the beginning ...

 

[Vozho]

Last post here for a while, since you now have all info I will go underground and hide from all the current and future noobs asking why a include does not work... There was a reason for Akakoris drop from this project do not force more of us away it will take the time it takes. If you really feel the need to play travian try www.travian.com I heard it WORKS!

// regards Spixx (cya in 2 months)

This is what akakori should have written,some time ago...

 

[Tapi]

spixx is great programmer,and knows php well.. his project is developing quite good.. so he is not a superman or almighty bruce .. he need time..and beside that project poine is not his primary thing in life.. he has life to live...so bether be happy that he is doing it...

 

[spixx]

So I said that I'm not going to play your game anymore and not release anything more. Well I'm drunk so this another late-night-drunk release of poine. or rather a long post about it. Since many seems to think that prio one is to release a clone ASAP this is WRONG!. This project is for the creation of a NEW system if you want the old travian only like check the other releases and since I know you all are stupid and will not read this I will add a patch and yet again say THIS IS NOT TRAVIAN CLONE SO DO NOT ASK FOR SOURCE, INSTALL TIPS, AND SUCH.

This is the current (not commited) svn code!

now to the juicy part!

account.php (engine/)

if(SECURITY == 0) {   		
				$uid = $database->register($_POST['name'],md5($_POST['pw']),$_POST['email'],$act);
			}
			
			// Slightly better security SHA1
			else if(SECURITY == 1) {
	    		$uid = $database->register($_POST['name'],sha1($_POST['pw']),$_POST['email1'],$act);	
    		}
    		
    		// Super secure with salt of md5 and sha1
			else if(SECURITY == 2) {
				$hash = sha1($pw1);
				function createSalt() {
        			$string = md5(uniqid(rand(), true));
        			return substr($string, 0, 3);
	   			}
    			
    			$salt = createSalt();
   				$hash = sha1($salt . $hash);
	    		$uid = $database->register($_POST['name'],$hash,$_POST['email1'],$act);
    		}
    			
			if($uid) {
				setcookie("COOKUSR",$_POST['name'],time()+COOKIE_EXPIRE,COOKIE_PATH);
				setcookie("COOKEMAIL",$_POST['email'],time()+COOKIE_EXPIRE,COOKIE_PATH);
				if(AUTH_EMAIL) {
					$mailer->sendActivate($_POST['email'],$_POST['name'],$act);
					header("Location: activate.php?id=$uid");
				}
			}

So how do I patch? change the last part of "private function Signup" with this code it will work for the file not the program!

 

[scr1pt]

The installer ... pending debug and improve the style. Based on the original installer akkakori.

greetings

 

[scr1pt]

spixx, understand that assigned the SECURITY variable in the config.php

Edit:
also be interesting to comment that you plan to implement game engine. Smarty vote for three, since the stable will appear soon, and is quite fast.

sorry for my English: P, Spanish ...

 

[uroskn]

just btw...

                function createSalt() {
                    $string = md5(uniqid(rand(), true));
                    return substr($string, 0, 3);
                   }

You can't do that. At login rand() will no longer return same value as it did when you created hash for user, as such it will produce different hash for same plaintext.

:: /srv/http/default/public/travian-dev# while [ true ]; do php -r '$pw1="foobar";
                 $hash = sha1($pw1);
                function createSalt() {
                    $string = md5(uniqid(rand(), true));
                    return substr($string, 0, 3);
                   }
                
                $salt = createSalt();
                   $hash = sha1($salt . $hash); 
                echo $hash."\n";'; done;
c88cb0283222b3e291816b8690402752a6e3bf10
01d114fda9d54f058d6a471a41b2d62f0d8ca5ce
398954c60f1d77db438818b230f8238ec3630f30
93d0660e2199730f9bde5fcb3433f04820142b65
98c1bf983b117731583561034d9e1e39a8eb8956
ef18c65b8f07142c001d7dff22dd4790a101d819
cc9892cc7661266a22620d71c3ab496483d2b34a
68ee6091ee129d1fd4049c15caf0428f40fb415c
d545f451b8fcd4879ba58172299904c60be704ff
8c2024dfbbcbd5a1ecf5060b7829aeee366290d0
c33f91b2b04ec43aa9eea9758ab68ac66b1ec616
92c7878874e09defdb4ce2fea6bf862234073032
^C
:: /srv/http/default/public/travian-dev#

See? Different hashes for same password.

You could also store salt in database, but that would ruin the whole point of salting (point is that is a secret and never changes). Once you change it, you destroy value of all previous calculated hashes.

Thought i would just drop my 5 cents here..

EDIT: Have not checked the whole code, tough...

 

[spixx]

Well this will not be included yet since this is but a fun sidetrack for me with more security. but life takes its toll I have many different things to do and this is just something I can do in my spare time but I think that the security this far feels a bit wonky and thus my suggestion

And I know that the hash will not be the same just need to figure out where to save the md5 that you create to make the salted password:

( PASSWORD + md5 ) SHA1
| | |
User DB DB2

This will work but it will not be implemented in the source just yet.