Help with SSO

Results 1 to 3 of 3
  1. #1
    Enthusiast clienta is offline
    MemberRank
    Mar 2012 Join Date
    49Posts

    Help with SSO

    Hi my client goes to 76% then i get 404 error..

    I did this fix from @Ryan's thread:

    Code:
    PlusEnviroment.cs
    
    Find:
    dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");
    Replace:
    dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
    dbClient.RunQuery("UPDATE `users` SET online = '0'");
    
    Finally run this database query:
    
    -- ----------------------------
    -- Table structure for `user_auth_ticket`
    -- ----------------------------
    DROP TABLE IF EXISTS `user_auth_ticket`;
    CREATE TABLE `user_auth_ticket` (
    `user_id` int(11) NOT NULL,
    `auth_ticket` varchar(60) NOT NULL,
    PRIMARY KEY (`user_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    The code above will fix logging in someone elses account without password.
    Client code:
    Code:
    <?php include('includes/checktheban.php');
    $ticket = time().sha1(rand(10000,99999));
    
    $sql = mysql_query("SELECT `user_id` FROM `user_auth_ticket` WHERE `user_id` = '".$user['id']."'");
    if(mysql_num_rows($sql) > 0){
    mysql_query("UPDATE `user_auth_ticket` SET `auth_ticket` = '".$ticket."' WHERE `user_id` = '".$user['id']."'");
    }else{
    mysql_query("INSERT INTO `user_auth_ticket` (`user_id`, `auth_ticket`) VALUES ('".$user['id']."', '".$ticket."');");
    }
     ?>
    
    <!DOCTYPE html>
    <html lang="en">
        <head>
    	<link href="/reload/favicon.ico" rel="icon" type="image/x-icon" />
            <meta http-equiv="content-type" content="text/html; charset=utf-8">
            <title>{hotelname} - Client</title>
            <link rel="stylesheet" type="text/css" href="http://*.org/swf/css/reset.css">
            
    		<br>
            <script type="text/javascript" src="{url}/app/tpl/skins/site/js/swfobject.js"></script>
            <script type="text/javascript">
    		<!-- Configuration -->
                var BaseUrl = "http://*.org/swf/gordon/PRODUCTION-201601012205-226667486/";
                var flashvars =
                {    
    			"client.allow.cross.domain" : "0", 
    		"client.notify.cross.domain" : "1", 
    		"connection.info.host" : "**.***144",
            "connection.info.port" : "7212",
    	    "site.url" : "{url}", 
    		"url.prefix" : "{url}", 
    		"client.reload.url" : "{url}/client", 
    		"client.fatal.error.url" : "{url}/client", 
    		"client.connection.failed.url" : "{url}/client", 
    		"logout.url" : "{url}/client", 
    		"logout.disconnect.url" : "{url}/error", 
    		"external.variables.txt" : "http://*.org/swf/gamedata/external_variables.txt", 
    		"external.texts.txt" : "http://*/swf/gamedata/external_flash_texts.txt", 
    		"external.figurepartlist.txt" : "http://*.org/swf/gamedata/figuredata.xml", 
    		"productdata.load.url" : "http://*.org/swf/gamedata/productdata.txt", 
    		"furnidata.load.url" : "http://*.org/swf/gamedata/furnidata.xml", 
    		"sso.ticket" : "{sso}", 
    		"client.starting" : "{hotelname} laddar...", 
    		"flash.client.url" : "\//*.org/swf/gordon/PRODUCTION-201601012205-226667486/", 
    		"user.hash" : "57255796e259f7e7865a5c90e24acc986d295c4f", 
    
                };
                var params =
                {
                    "base" : BaseUrl + "/",
                    "allowScriptAccess" : "always",
                    "menu" : "false"                
                };
                swfobject.embedSWF(BaseUrl + "/Habbo.swf", "client", "100%", "100%", "10.0.0", "*.org/swf/gordon/PRODUCTION-201601012205-226667486/expressInstall.swf", flashvars, params, null);
            </script>
    		
        </head>
    
    <div id="container">
            <div id="client" style="height:100%;"></div>
          
    
    
            
    
    
            <style>
    
            #online {
                background-color: #000;
                color: #000;
            }
    
            #online-info
            {
            background-color: #1C1C1C;
            border-radius: 5px;
    
              position: absolute; 
              top: 2px;
              left: 95px;
              width: 30px;
              height: 25px;  
              font-size: 13px;
    		  font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 8px;
              color: #00FF12;
    
            }
            #online-info2
            {
            background-color: #151515;
            border-radius: 5px;
    
              position: absolute; 
              top: 1px;; 
              left: 2px;
              width: 140px;
              height: 25px;  
              font-size: 13px;
    		  font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 2px;
    
            }
    
            #viktig-info
            {
            background-color: #1C1C1C;
            border-radius: 5px;
    
              position: absolute; 
              top: 2px;
              left: 190px;
              width: 50px;
              height: 25px;  
              font-size: 13px;
    		  font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
    
            }
            #viktig-info2
            {
            background-color: #151515;
            border-radius: 5px;
    
              position: absolute; 
              top: 2px;
              left: 134px;
              width: 130px;
              height: 25px;  
              font-size: 13px;
    		  font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 3px;
    
            }
    
            #r-info
            {
            background-color: #1C1C1C;
            border-radius: 5px;
    
              position: absolute; 
              top: 0px;
              left: 365px;
              width: 185px;
              height: 34px;  
    		  padding-top: 7px;
              font-size: 13px;
    		  font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              color: #2161E4;
    
            }
            #r-info2
            {
            background-color: #151515;
            border-radius: 5px;
    
              position: absolute; 
              top: 0px;
              left: 183px;
              width: 160px;
              height: 32px;  
              font-size: 21px;
    		  padding-top: 9px;
    		  font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 3px;
    		  
    
            }
    
            #debbofm
            {
                position: absolute;
                top: 0px; 
                left: 1px;
    			border-radius: 5px;
    			border-width: 5px;
    			border-style: solid;
    			border-color: #151515;
    
            }
    
            #radio-info
            {
                text-align: center
    
            }
    
            #radio-info *:not(script)
            {
    
               color: white; 
    
               display: inline-block; 
               text-decoration: none;
    
           }
    
           #radio-info > *
           {
            margin: 5px 2px 0px;
        }
    
        #radio-info p:first-of-type
        {
            color: pink;
        }
    
        #radio-info a, #viktig-info a, #r-info a
        {
            color: pink;
        }
    
        @Media (max-width: 1000px)
        {
           #radio-info > p:last-of-type
           {
            display: none;
        }     
    }
    
    
    </style>
    
    
    </div>    
    
        <body>
    <div id="client">
    </div>
          
    </body>
    </html>
    PM me for the URL if you need it.


  2. #2
    Valued Member BeginOfEnd is offline
    MemberRank
    Dec 2015 Join Date
    The NetherlandsLocation
    103Posts

    Re: Help with SSO

    Quote Originally Posted by clienta View Post
    Hi my client goes to 76% then i get 404 error..

    I did this fix from @Ryan's thread:

    Code:
    PlusEnviroment.cs
    
    Find:
    dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");
    Replace:
    dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
    dbClient.RunQuery("UPDATE `users` SET online = '0'");
    
    Finally run this database query:
    
    -- ----------------------------
    -- Table structure for `user_auth_ticket`
    -- ----------------------------
    DROP TABLE IF EXISTS `user_auth_ticket`;
    CREATE TABLE `user_auth_ticket` (
    `user_id` int(11) NOT NULL,
    `auth_ticket` varchar(60) NOT NULL,
    PRIMARY KEY (`user_id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    The code above will fix logging in someone elses account without password.
    Client code:
    Code:
    <?php include('includes/checktheban.php');
    $ticket = time().sha1(rand(10000,99999));
    
    $sql = mysql_query("SELECT `user_id` FROM `user_auth_ticket` WHERE `user_id` = '".$user['id']."'");
    if(mysql_num_rows($sql) > 0){
    mysql_query("UPDATE `user_auth_ticket` SET `auth_ticket` = '".$ticket."' WHERE `user_id` = '".$user['id']."'");
    }else{
    mysql_query("INSERT INTO `user_auth_ticket` (`user_id`, `auth_ticket`) VALUES ('".$user['id']."', '".$ticket."');");
    }
     ?>
    
    <!DOCTYPE html>
    <html lang="en">
        <head>
        <link href="http://forum.ragezone.com/reload/favicon.ico" rel="icon" type="image/x-icon" />
            <meta http-equiv="content-type" content="text/html; charset=utf-8">
            <title>{hotelname} - Client</title>
            <link rel="stylesheet" type="text/css" href="http://*.org/swf/css/reset.css">
            
            <br>
            <script type="text/javascript" src="{url}/app/tpl/skins/site/js/swfobject.js"></script>
            <script type="text/javascript">
            <!-- Configuration -->
                var BaseUrl = "http://*.org/swf/gordon/PRODUCTION-201601012205-226667486/";
                var flashvars =
                {    
                "client.allow.cross.domain" : "0", 
            "client.notify.cross.domain" : "1", 
            "connection.info.host" : "**.***144",
            "connection.info.port" : "7212",
            "site.url" : "{url}", 
            "url.prefix" : "{url}", 
            "client.reload.url" : "{url}/client", 
            "client.fatal.error.url" : "{url}/client", 
            "client.connection.failed.url" : "{url}/client", 
            "logout.url" : "{url}/client", 
            "logout.disconnect.url" : "{url}/error", 
            "external.variables.txt" : "http://*.org/swf/gamedata/external_variables.txt", 
            "external.texts.txt" : "http://*/swf/gamedata/external_flash_texts.txt", 
            "external.figurepartlist.txt" : "http://*.org/swf/gamedata/figuredata.xml", 
            "productdata.load.url" : "http://*.org/swf/gamedata/productdata.txt", 
            "furnidata.load.url" : "http://*.org/swf/gamedata/furnidata.xml", 
            "sso.ticket" : "{sso}", 
            "client.starting" : "{hotelname} laddar...", 
            "flash.client.url" : "\//*.org/swf/gordon/PRODUCTION-201601012205-226667486/", 
            "user.hash" : "57255796e259f7e7865a5c90e24acc986d295c4f", 
    
                };
                var params =
                {
                    "base" : BaseUrl + "/",
                    "allowScriptAccess" : "always",
                    "menu" : "false"                
                };
                swfobject.embedSWF(BaseUrl + "/Habbo.swf", "client", "100%", "100%", "10.0.0", "*.org/swf/gordon/PRODUCTION-201601012205-226667486/expressInstall.swf", flashvars, params, null);
            </script>
            
        </head>
    
    <div id="container">
            <div id="client" style="height:100%;"></div>
          
    
    
            
    
    
            <style>
    
            #online {
                background-color: #000;
                color: #000;
            }
    
            #online-info
            {
            background-color: #1C1C1C;
            border-radius: 5px;
    
              position: absolute; 
              top: 2px;
              left: 95px;
              width: 30px;
              height: 25px;  
              font-size: 13px;
              font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 8px;
              color: #00FF12;
    
            }
            #online-info2
            {
            background-color: #151515;
            border-radius: 5px;
    
              position: absolute; 
              top: 1px;; 
              left: 2px;
              width: 140px;
              height: 25px;  
              font-size: 13px;
              font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 2px;
    
            }
    
            #viktig-info
            {
            background-color: #1C1C1C;
            border-radius: 5px;
    
              position: absolute; 
              top: 2px;
              left: 190px;
              width: 50px;
              height: 25px;  
              font-size: 13px;
              font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
    
            }
            #viktig-info2
            {
            background-color: #151515;
            border-radius: 5px;
    
              position: absolute; 
              top: 2px;
              left: 134px;
              width: 130px;
              height: 25px;  
              font-size: 13px;
              font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 3px;
    
            }
    
            #r-info
            {
            background-color: #1C1C1C;
            border-radius: 5px;
    
              position: absolute; 
              top: 0px;
              left: 365px;
              width: 185px;
              height: 34px;  
              padding-top: 7px;
              font-size: 13px;
              font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              color: #2161E4;
    
            }
            #r-info2
            {
            background-color: #151515;
            border-radius: 5px;
    
              position: absolute; 
              top: 0px;
              left: 183px;
              width: 160px;
              height: 32px;  
              font-size: 21px;
              padding-top: 9px;
              font-family: Helvetica, Arial;
              line-height: 25px;
              color: white; 
              border-width: 1px;
              border-style: solid;
              border-color: #151515;
              padding-left: 3px;
              
    
            }
    
            #debbofm
            {
                position: absolute;
                top: 0px; 
                left: 1px;
                border-radius: 5px;
                border-width: 5px;
                border-style: solid;
                border-color: #151515;
    
            }
    
            #radio-info
            {
                text-align: center
    
            }
    
            #radio-info *:not(script)
            {
    
               color: white; 
    
               display: inline-block; 
               text-decoration: none;
    
           }
    
           #radio-info > *
           {
            margin: 5px 2px 0px;
        }
    
        #radio-info p:first-of-type
        {
            color: pink;
        }
    
        #radio-info a, #viktig-info a, #r-info a
        {
            color: pink;
        }
    
        @Media (max-width: 1000px)
        {
           #radio-info > p:last-of-type
           {
            display: none;
        }     
    }
    
    
    </style>
    
    
    </div>    
    
        <body>
    <div id="client">
    </div>
          
     
    <script type="text/javascript">
    this.blankwin = function(){
            var dlists = new Array();  
     dlists[0] = 'forum.ragezone.com'; 
    
        var hostname = window.location.hostname;
        hostname = hostname.replace("www.","").toLowerCase();
        var a = document.getElementsByTagName("a");    
        this.check = function(obj){
            var href = obj.href.toLowerCase();
                    var dbopcount = 0;
                    if (href.indexOf("http://")!=-1)
                    {
                       for (jdi = 0; jdi <= dlists.length; jdi++)
                       {
                          if (href.indexOf(dlists[jdi]) == -1)
                          {
                             //alert("NO MATCH " + dlists[jdi] + " " + href);
                             dbopcount = dbopcount;  //Do nothing
                          }
                          else
                          {
                             //alert("match " + dlists[jdi] + " " + href);
                             dbopcount++;
                          }
                       } 
                       if (dbopcount > 0)
                         return true; //If this link URL was an internal URL
                       else  //there were no matches to any internal domain, so leave it external
                         return false;
                    }
                    else
                    {
                      return false;
                    }
            //return (href.indexOf("http://")!=-1 && href.indexOf(hostname)==-1) ? false : true;                
        };
        this.set = function(obj){
            obj.target = "_self";
        };    
        for (var i=0;i<a.length;i++){
            if(check(a[i])) set(a[i]);
        };        
    };
    
    // script initiates on page load. 
    
    this.addEvent = function(obj,type,fn){
        if(obj.attachEvent){
            obj['e'+type+fn] = fn;
            obj[type+fn] = function(){obj['e'+type+fn](window.event );}
            obj.attachEvent('on'+type, obj[type+fn]);
        } else {
            obj.addEventListener(type,fn,false);
        };
    };
    addEvent(window,"load",blankwin);
    </script>
     
    <script type="text/javascript">
    this.blankwin = function(){
            var dlists = new Array();  
     dlists[0] = 'forum.ragezone.com'; 
    
        var hostname = window.location.hostname;
        hostname = hostname.replace("www.","").toLowerCase();
        var a = document.getElementsByTagName("a");    
        this.check = function(obj){
            var href = obj.href.toLowerCase();
                    var dbopcount = 0;
                    if (href.indexOf("http://")!=-1)
                    {
                       for (jdi = 0; jdi <= dlists.length; jdi++)
                       {
                          if (href.indexOf(dlists[jdi]) == -1)
                          {
                             //alert("NO MATCH " + dlists[jdi] + " " + href);
                             dbopcount = dbopcount;  //Do nothing
                          }
                          else
                          {
                             //alert("match " + dlists[jdi] + " " + href);
                             dbopcount++;
                          }
                       } 
                       if (dbopcount > 0)
                         return true; //If this link URL was an internal URL
                       else  //there were no matches to any internal domain, so leave it external
                         return false;
                    }
                    else
                    {
                      return false;
                    }
            //return (href.indexOf("http://")!=-1 && href.indexOf(hostname)==-1) ? false : true;                
        };
        this.set = function(obj){
            obj.target = "_self";
        };    
        for (var i=0;i<a.length;i++){
            if(check(a[i])) set(a[i]);
        };        
    };
    
    // script initiates on page load. 
    
    this.addEvent = function(obj,type,fn){
        if(obj.attachEvent){
            obj['e'+type+fn] = fn;
            obj[type+fn] = function(){obj['e'+type+fn](window.event );}
            obj.attachEvent('on'+type, obj[type+fn]);
        } else {
            obj.addEventListener(type,fn,false);
        };
    };
    addEvent(window,"load",blankwin);
    </script>
     
    <script type="text/javascript">
    this.blankwin = function(){
            var dlists = new Array();  
     dlists[0] = 'forum.ragezone.com'; 
    
    	var hostname = window.location.hostname;
    	hostname = hostname.replace("www.","").toLowerCase();
    	var a = document.getElementsByTagName("a");	
    	this.check = function(obj){
    		var href = obj.href.toLowerCase();
                    var dbopcount = 0;
                    if (href.indexOf("http://")!=-1)
                    {
                       for (jdi = 0; jdi <= dlists.length; jdi++)
                       {
                          if (href.indexOf(dlists[jdi]) == -1)
                          {
                             //alert("NO MATCH " + dlists[jdi] + " " + href);
                             dbopcount = dbopcount;  //Do nothing
                          }
                          else
                          {
                             //alert("match " + dlists[jdi] + " " + href);
                             dbopcount++;
                          }
                       } 
                       if (dbopcount > 0)
                         return true; //If this link URL was an internal URL
                       else  //there were no matches to any internal domain, so leave it external
                         return false;
                    }
                    else
                    {
                      return false;
                    }
    		//return (href.indexOf("http://")!=-1 && href.indexOf(hostname)==-1) ? false : true;				
    	};
    	this.set = function(obj){
    		obj.target = "_self";
    	};	
    	for (var i=0;i<a.length;i++){
    		if(check(a[i])) set(a[i]);
    	};		
    };
    
    // script initiates on page load. 
    
    this.addEvent = function(obj,type,fn){
    	if(obj.attachEvent){
    		obj['e'+type+fn] = fn;
    		obj[type+fn] = function(){obj['e'+type+fn](window.event );}
    		obj.attachEvent('on'+type, obj[type+fn]);
    	} else {
    		obj.addEventListener(type,fn,false);
    	};
    };
    addEvent(window,"load",blankwin);
    </script>
    </body>
    </html>
    PM me for the URL if you need it.
    I also found this like 30 min ago, anyway this should fix it:

    Quote Originally Posted by </Meap> View Post
    If anyone of you plan on using the above thing Damien has so kindly given to us all
    go to class.users.php and search for the Create SSO auth_ticket section and replace it all with this
    PHP Code:
    final public function createSSO($k)  
     {    
      global 
    $engine
      
    $sessionKey 'RevCMS-' rand(99999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
       
      if(
    $engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" $k "' LIMIT 1") > 0) {
       
    $engine->query("UPDATE user_auth_ticket SET auth_ticket = '" $sessionKey "' WHERE user_id = '" $k "'");
      } else {
       
    $engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" $k "', '" $sessionKey ."')");
      }
      
      return 
    $sessionKey;
      unset(
    $sessionKey);
     } 
    Then go to your class.core.php and look for the case "client";
    and replace it with this
    PHP Code:
    $users->updateUser($_SESSION['user']['id'], 'ip_last'$_SERVER['REMOTE_ADDR']);
    $template->setParams('sso'$users->createSSO($_SESSION['user']['id'])); 

  3. #3
    Proficient Member klaudio007 is offline
    MemberRank
    Dec 2007 Join Date
    ChileLocation
    190Posts

    Re: Help with SSO

    add "use.sso.ticket" : "1", after furnidata url on client.



Advertisement