Printable View
Nice, but still easy to bypass. I recommend to create a check which check if the connection IP and user IP are the same if not destroy/disconnect the connection.Quote:
Originally Posted by Spot Ify
I also recommend to create a table for the user tickets just like Butterfly emu.
Its not easy to bypass because it is possible to login to users without a authticket because of this qeury after the login:Quote:
Originally Posted by TehMud
but yeah it is a idea to add a check of the ip is the same but it is not neededCode:dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");
I also don't think you can do much with this bug because it is so random wich user you get.
My clients loading to 59% then im getting disconnected any help ?
This isn't help thread....here it is: http://forum.ragezone.com/f333/offic...hread-1090581/Quote:
Originally Posted by SageRP
Wouldn't it be possible to delete the SET auth_ticket = '' too, so that it will never become empty and so the security issue is solved?Quote:
Originally Posted by Spot Ify
Thanks for the release only I have some problems with the database can you help me with this?
Screenshot by Lightshot
Thanks in advance!
No not really because it is a "bot" protection because it is empty they need to do a new request to get the auth ticket and if you have cloudflare with a browser check is that much harder to do.Quote:
Originally Posted by Seat Ibiza
But I don't think also that it is really a big exploit because it is pretty random wich account you get.
For a better more secure Authenticate you can leave the contents in "SSOTicketEvent.cs" as they are (the check for the empty string wont be needed, but you can keep it if you choose to).
In UserDataFactory.cs look for the function:
Change the first query:Code:public static UserData GetUserData(string SessionTicket, out byte errorCode)
To this:Code:dbClient.SetQuery("SELECT `id`,`username`,`rank`,`motto`,`look`,`gender`,`last_online`,`credits`,`activity_points`,`home_room`,`block_newfriends`,`hide_online`,`hide_inroom`,`vip`,`account_created`,`vip_points`,`machine_id`,`volume`,`chat_preference`,`focus_preference`, `pets_muted`,`bots_muted`,`advertising_report_blocked`,`last_change`,`gotw_points`,`ignore_invites`,`time_muted`,`allow_gifts`,`friend_bar_state`,`disable_forced_effects`,`allow_mimic`,`rank_vip` FROM `users` WHERE `auth_ticket` = @sso LIMIT 1");
Then further down look for:Code:dbClient.SetQuery(
"SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +
"FROM users " +
"JOIN user_auth_ticket " +
"ON users.id = user_auth_ticket.user_id " +
"WHERE user_auth_ticket.auth_ticket = @sso " +
"LIMIT 1"
);
and change it to:Code:dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");
Code:dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");
dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");
Inside PlusEnviroment.cs look for this function:
Change:Code:public static void PerformShutDown()
To:Code:dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");
Finally run this database query:Code:dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
dbClient.RunQuery("UPDATE `users` SET online = '0'");
This way you'll only be creating a session ticket when the user connects to the hotel and removing it straight after (not setting the ticket to null or empty), thus making it impossible to "randomly" sign in onto other users accounts, unless you manually set the ticket ofc :love:Code:-- ----------------------------
-- Table structure for `user_auth_ticket`
-- ----------------------------
DROP TABLE IF EXISTS `user_auth_ticket`;
CREATE TABLE `user_auth_ticket` (
`user_id` int(11) NOT NULL,
`auth_ticket` varchar(60) NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
All you need to do is change how your SSO tickets get created to insert them into that table and you're good to go.
Hopefully this helped.
If anyone of you plan on using the above thing Damien has so kindly given to us all
go to class.users.php and search for the Create SSO auth_ticket section and replace it all with this
Then go to your class.core.php and look for the case "client";PHP Code:final public function createSSO($k)
{
global $engine;
$sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);
if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {
$engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");
} else {
$engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')");
}
return $sessionKey;
unset($sessionKey);
}
and replace it with this
PHP Code:$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
$template->setParams('sso', $users->createSSO($_SESSION['user']['id']));
Awesome and outstanding developer, glad to be hes partner and learn from him!Quote:
Originally Posted by Damien Jolly
Sulake.cc is down, the download links don't work !
Will be back up soon, he's sorting stuff out.Quote:
Originally Posted by Alexandre Fadox
Wired cycle suck ram ?
http://image.noelshack.com/fichiers/...a-01-57-26.png
Everything suck RAM trololol.Quote:
Originally Posted by sagem57
http://img15.hostingpics.net/pics/594146wiredlag.png
why lag wired ?