Odin Login [5.5.12 PHP version]
I Use This In The TEST Server Only!
This one took me a while because of the way the system is now done, there is an easy explanation i have worked on this part all night, and now is the time to do a step by step guide on how to set it up; 5.3.1 didn't have the sqlsrv plugins you require, this has to be done correctly. In this guide i'm using Windows Server 2008 R2 Web edition. (although i don't use the web facilities much anymore!).
Step 1: Download Wamp - This version is 5.5.12 (32bit) - MUST be 32 bit for this to work
Step 2: Make sure you have the SQL plugins you can easily obtain them from Microsoft (they're unoffical mind but they do work) Here
Step 3: This is where it gets more tricky because there isn't just 1 php.ini file that needs modifying (i kept slipping up here because of the way the system is done you have to make sure both of them has the extension put in!)
Step 4: Start Wamp Server (yes its ok to start now!)
--> Side note: If you have issues please don't hesitate to ask, i will try and explain to the fullest of my abilities.
------------------------------------------
Wamp Completed Php Begin
------------------------------------------
We have now lost the old method of executing a query i.e.
Code:
mssql_query("SELECT * FROM tAccounts where sUsername = '$user'")
However....the new system if done correctly looks like
Code:
$sql="SELECT nEMID, sUserPass, nAuthID from tAccounts WHERE sUsername = '$user'";
$params = array();
$options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$result=sqlsrv_query($conn2, $sql, $params, $options);
$num=sqlsrv_num_rows($result);
I still don't like the way the system is done but remember to close the connection to MSSQL which is the new system again.
Code:
sqlsrv_close($conn);
I didn't add the last part to my server which i'll do now, this doesn't have screenshots if done correctly, you should already have the working system.
I will however release the code for the Login.php (this is important for 5.5+)
Code:
<?php
$user = sql_clean($_GET['Username']);
$passhash = sql_clean($_GET['Password']);
$server = 'localhost\SQLEXPRESS';
//connect to account ===========================================================
$connectionInfo2 = array( 'Database'=>'Account', 'UID'=>'sa', 'PWD'=>'MSSQL Password');
$conn2 = sqlsrv_connect($server, $connectionInfo2);
if (!$conn2) {
print_r ('Something went wrong while connecting to MSSQL ac <br />');
die( print_r( sqlsrv_errors(), true));
}
$sql="SELECT nEMID, sUserPass, nAuthID from tAccounts WHERE sUsername = '$user'";
$params = array();
$options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$result=sqlsrv_query($conn2, $sql, $params, $options);
$num=sqlsrv_num_rows($result);
if( $num == false ) {
die('Wrong Username.');
}
$stmt = sqlsrv_query( $conn2, $sql);
while($row = sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC))
{
$nEMID = $row['nEMID']."";
$sPass = $row['sUserPass']."";
$nAuthID = $row['nAuthID']."";
$Passhash2 = MD5($sPass);
if( $nAuthID == 4 )
{
die('Account Banned.');
}
elseif ($nAuthID == 1)
{
die('Under Maintenance.');
}
elseif ($nAuthID == 2)
{
die('Email Not Verified.');
}
elseif ($nAuthID == 3){
$Token = RandomToken(35);
$sql2="SELECT nEMID, sUserPass, nAuthID from tAccounts WHERE sUsername = '$user' AND sUserPass= '$passhash'";
$result2=sqlsrv_query($conn2, $sql2, $params, $options);
// Due to the MD5 Format Must be Converted To MD5 First!
if( $passhash != $Passhash2){
die('Wrong Password.');
}
elseif( $passhash == $Passhash2)
$setToken = null;
$Query3="SELECT * FROM tTokens WHERE nEMID='$nEMID'";
$Query4="Delete FROM tTokens WHERE nEMID='$nEMID'";
$Query5="INSERT INTO tTokens (nEMID, sToken) VALUES('".$nEMID."', '".$Token."')";
$result3=sqlsrv_query($conn2, $Query3, $params, $options);
$tok=sqlsrv_num_rows($result);
if( $tok >= 1 ) {
$SQL1=sqlsrv_query($conn2, $Query4, $params, $options);
$setToken =sqlsrv_query($conn2, $Query5, $params, $options);
}
else
$setToken =sqlsrv_query($conn2, $Query5, $params, $options);
if ($setToken)
die('OK#'.$Token);
else
die('SetToken Error');
}
sqlsrv_close($conn2);
}
function sql_clean($str)
{
$search = array("\\", "\0", "\n", "\r", "\x1a", "'", '"', '(', ')');
$replace = array("", "", "", "", "", "", "", "", "");
return str_replace($search, $replace, $str);
}
function RandomToken( $length )
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$str = "";
$size = strlen( $chars );
for( $i = 0; $i < $length; $i++ ) {
$str .= $chars[ rand( 0, $size - 1 ) ];
}
return $str;
}
?>
The reason for this as a release also is because i feel 5.3.1 is a little basic but this new system i'm even new to, and i had help from Lugapha
oh This one uses nAuthID in the SQL 4 = banned, 2 = Email not verified, 1 = Under Maintenance, this one doesn't have the Account Under Admin Control (that would be normally 9)
Re: Odin Login [5.5.12 PHP version]
I hope every server uses this.
Re: Odin Login [5.5.12 PHP version]
Re: Odin Login [5.5.12 PHP version]
Uh oh what? it works perfectly on my test server.
Re: Odin Login [5.5.12 PHP version]
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
Evildarkang
Uh oh what? it works perfectly on my test server.
You would want to look into prepared statements, I would recommend using PDO for database interaction in PHP.
Re: Odin Login [5.5.12 PHP version]
I never said once i was using it on my main server oh no i wouldn't be that stupid its just to get people started on test servers only.
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
Evildarkang
I never said once i was using it on my main server oh no i wouldn't be that stupid its just to get people started on test servers only.
You should state that on your original post then, so people know, just in case.
Re: Odin Login [5.5.12 PHP version]
1 Attachment(s)
Re: Odin Login [5.5.12 PHP version]
Not sure if this is anywhere near right (because the original code is so bad I can't tell what it's supposed to do), but if anything, take the coding style and prepared queries from it.
PHP Code:
<?php
$__DB = [
'HOST' => 'localhost\SQLEXPRESS',
'USER' => 'sa',
'PASS' => '123456',
'DB' => 'Account'
];
##
## Don't change anything past here.....unless thug life.
##
if(isset($_GET['Username'], $_GET['Password'])) {
//Set
$username = $_GET['Username'];
$password = $_GET['Password'];
//Connect to the database
$connectionInfo = ['Database' => $__DB['DB'], 'UID' => $__DB['USER'], 'PWD' => $__DB['PASS']];
$connection = sqlsrv_connect($__DB['HOST'], $connectionInfo);
//Failed to connect to the database
if(!$connection) {
print_r(sqlsrv_errors());
exit;
}
//Get user information
$getUserInfoSQL = 'SELECT TOP 1 nEMID, sUserPass, nAuthID FROM tAccounts WHERE sUsername = ?;';
$getUserInfoParams = [$username];
$getUserInfoStmt = sqlsrv_query($connection, $getUserInfoSQL, $getUserInfoParams);
$getUserInfoData = sqlsrv_fetch_array($getUserInfoStmt, SQLSRV_FETCH_ASSOC);
sqlsrv_free_stmt($getUserInfoStmt);
//No account found
if(count($getUserInfoData) == 0) {
echo 'Invalid account.';
exit;
}
//Set
$nEMID = $getUserInfoData['nEMID'];
$nAuthID = $getUserInfoData['nAuthID'];
//Check auth id
if($nAuthID == 1) {
echo 'Server is under maintenance.';
exit;
} else if($nAuthID == 2) {
echo 'Email is not verified.';
exit;
} else if($nAuthID == 3) {
//Auth is ok, do nothing and continue
} else if($nAuthID == 4) {
echo 'Account Banned.';
exit;
} else {
//Unkown ID
echo 'Invalid Auth ID.';
exit;
}
//Check password is correct
if($password != md5($getUserInfoData['sUserPass'])) {
echo 'Invalid password.';
exit;
}
//Delete previous tokens
$deleteTokensSQL = 'DELETE FROM tTokens WHERE nEMID = ?;';
$deleteTokensParams = [$getUserInfoData['nEMID']];
$deleteTokensStmt = sqlsrv_query($connection, $deleteTokensSQL, $deleteTokensParams);
sqlsrv_free_stmt($deleteTokensStmt);
//Create token and insert
$insertToken = randomToken(35);
$insertTokenSQL = 'INSERT INTO tTokens (nEMID, sToken) VALUES(?, ?);';
$insertTokenParams = [$getUserInfoData['nEMID'], $insertToken];
$insertTokenStmt = sqlsrv_query($connection, $insertTokenSQL, $insertTokenParams);
sqlsrv_free_stmt($insertTokenStmt);
sqlsrv_close($connection);
echo 'OK#' . $insertToken;
exit;
} else {
echo 'Username and Password not set.';
exit;
}
function randomToken($length)
{
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$str = '';
$size = strlen($chars);
for($i = 0; $i < $length; $i++) {
$str .= $chars[rand(0, $size - 1)];
}
return $str;
}
?>
Re: Odin Login [5.5.12 PHP version]
I've been so lost on this for a while. To connect to the database on a dedicated server via my website (which is hosted on a linux server), is installing Wamp on the dedicated server the only way to accomplish this?
P.S Not sure if this would be considered thread hijacking, if so, someone let me know and I'll open a separate thread
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
Mars
I've been so lost on this for a while. To connect to the database on a dedicated server via my website (which is hosted on a linux server), is installing Wamp on the dedicated server the only way to accomplish this?
P.S Not sure if this would be considered thread hijacking, if so, someone let me know and I'll open a separate thread
Couldn't you just host the scripts from your dedicated server too? Would make everything easier. I would recommend using IIS over WAMP/XAMPP.
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
xkl
Couldn't you just host the scripts from your dedicated server too? Would make everything easier. I would recommend using IIS over WAMP/XAMPP.
Host the scripts over the dedi using subdomains that point to the dedi's IP? Or is there another way
Not sure what you mean by host the script from the dedicated too
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
Mars
Host the scripts over the dedi using subdomains that point to the dedi's IP? Or is there another way
Not sure what you mean by host the script from the dedicated too
I would purchase an additional IP address for your dedicated server, then host your website scripts from that address. Yes, I would use subdomains pointing to that IP.
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
xkl
I would purchase an additional IP address for your dedicated server, then host your website scripts from that address. Yes, I would use subdomains pointing to that IP.
I understand now. Thanks
Re: Odin Login [5.5.12 PHP version]
Everybody knows your IP. Just start the Fiesta-Client, open some kind of Network Sniifer/Monitor/... and you can see what IP it connects to.
If you want to host your website on another machine, try this. Then you can connect to it using {YOURIP}\{YOURSQLINSTANCE}, e.g.: 127.0.0.1\MSSQL.
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
F1ow
Everybody knows your IP. Just start the Fiesta-Client, open some kind of Network Sniifer/Monitor/... and you can see what IP it connects to.
If you want to host your website on another machine, try
this. Then you can connect to it using {YOURIP}\{YOURSQLINSTANCE}, e.g.: 127.0.0.1\MSSQL.
The point wasn't to hide his IP. It would be more organized than hosting everything from a single IP.
If I was hosting, I would be using three different IPs on a single dedi for certain purposes.
1. RDP
2. DDoS protected IP. The one used for the client.
3. Website scripts
Another machine would be good for a middle-man I guess. But I don't think it's needed.
Re: Odin Login [5.5.12 PHP version]
I wouldn't recommend hosting your web on the same host as your server files. You'd be exposing yourself to security risks, obviously. :)
Re: Odin Login [5.5.12 PHP version]
Quote:
Originally Posted by
Manova
I wouldn't recommend hosting your web on the same host as your server files. You'd be exposing yourself to security risks, obviously. :)
Not the script posted in this thread :P
Anywas, I'm off-topic and feel like we hijacked this thread. So I'm done.
