GodWar Posted July 11, 2012 Author Share Posted July 11, 2012 DANGER!!! IT CHANGES YOUR SERVER LOGIN SYSTEM!!! DO IT ON YOUR OWN RISK!!!**Please use only the myBB for this version. Please be carefully and make a secure copy of your project before you do anything!!!****The Clientregistration doesn't work so far…**How do add a MySQL Login into EO 3.0 is very strange but possible. I must tell you a little bit before you start to fast. First you must know that the current version only works with [myBB](http://www.mybb.com/). That is the same Software which Robin with CC use. This forumsoftware has a normal encoding of passwords. After some tests i got it and find a way to do this with VB6\. Its a strange MD5 and SALT combination. So you need to use this Forum-Software. Later i try other Boards.**Video:**http://www.youtube.com/watch?v=PB227iBPLYg**So what do you need?**1\. [myBB](http://www.mybb.com/)2\. A server where you can install it3\. With that a MySQL Database4\. The "MyVbQL.dll" & "libmysql.dll" in the same folder where the "Server.exe" is5\. A reference in your Serverproject to the "MyVbQL.dll"6\. My "modSQL.bas"6\. The "clsMD5.cls"**What you must change:****Server:**modContantsBelow:```Public Const EFFECT_TYPE_TINT As Long = 6```Add:```Public MD5 As clsMD5```* * ** Include the modSQL.bas to your project.* Include the clsMD5.cls to you project.* Add a reference to the "MyVbQL.dll". You find this under the menu (Project->References).* * *modHandleDataReplace:``` If Not AccountExist(Name) Then Call AlertMsg(index, "That account name does not exist.") Exit Sub End If If Not PasswordOK(Name, Password) Then Call AlertMsg(index, "Incorrect password.") Exit Sub End If If IsMultiAccounts(Name) Then Call AlertMsg(index, "Multiple account logins is not authorized.") Exit Sub End If```With:``` If sqlLoginUser(name, password) = 0 Then Call AlertMsg(index, "Nickname or Password incorrect!") Exit Sub Else Call sqlAddNewChar(index, name, password) 'Call AlertMsg(index, "Login successfully!") End If If Not AccountExist(name) Then 'Call AlertMsg(index, "That account name does not exist.") 'Exit Sub End If If Not PasswordOK(name, password) Then 'Call AlertMsg(index, "Incorrect password.") 'Exit Sub End If If IsMultiAccounts(name) Then 'Call AlertMsg(index, "Multiple account logins is not authorized.") 'Exit Sub End If```* * *Change:```Public Const sqlServer As String = "test.com"Public Const sqlUsername As String = "123456"Public Const sqlPassword As String = "123456789"Public Const sqlDBName As String = "123458"Public Const sqlTable As String = "mybb_users"```To your Login informations. Only look at the sqlTable. This is the field for the myBB Version.* * ** The username-field must have the name "username"* The password-field must have the name "password"* The salt-field must have the name "salt"**Please use only the myBB for this version. Please be carefully and make a secure copy of your project before you do anything!!!** Link to comment Share on other sites More sharing options...
Guest Posted July 11, 2012 Share Posted July 11, 2012 AMAZING!!However 1 questions. Lets say I already registered on my site, and I now implement this system. What do I do? Link to comment Share on other sites More sharing options...
Exception Posted July 11, 2012 Share Posted July 11, 2012 Wait, if you add this directly to the server, wouldn't the queries practically halt the entire thing?Still, very nice, I could try and make an authentication server with this. =D Link to comment Share on other sites More sharing options...
GodWar Posted July 11, 2012 Author Share Posted July 11, 2012 At me nothing stops! The sql works instant and stops nothing… But pls try and report bugs if possible... :) Link to comment Share on other sites More sharing options...
Guest Posted July 11, 2012 Share Posted July 11, 2012 What happens if i have people already registered on the site, and then I implement this system? Link to comment Share on other sites More sharing options...
GodWar Posted July 11, 2012 Author Share Posted July 11, 2012 They can login :) Link to comment Share on other sites More sharing options...
Guest Posted July 11, 2012 Share Posted July 11, 2012 Really Wow! Link to comment Share on other sites More sharing options...
GodWar Posted July 11, 2012 Author Share Posted July 11, 2012 Yes because if the account on the GameServer doesnt exists he create one after the login. Link to comment Share on other sites More sharing options...
tslusny Posted July 14, 2012 Share Posted July 14, 2012 Sub sqlAddNewChar doeasnt exist Link to comment Share on other sites More sharing options...
tslusny Posted July 14, 2012 Share Posted July 14, 2012 This displays when i try to login from client[![](http://www.freemmorpgmaker.com/files/imagehost/pics/3fcb70080d992e535a277828b0af4047.png)](http://www.freemmorpgmaker.com/files/imagehost/#3fcb70080d992e535a277828b0af4047.png)And this highlights when i press debug[![](http://www.freemmorpgmaker.com/files/imagehost/pics/27c0e5bc529b0032f1306b841020e034.png)](http://www.freemmorpgmaker.com/files/imagehost/#27c0e5bc529b0032f1306b841020e034.png) Link to comment Share on other sites More sharing options...
GodWar Posted July 14, 2012 Author Share Posted July 14, 2012 Did you do "5\. A reference in your Serverproject to the "MyVbQL.dll"" Link to comment Share on other sites More sharing options...
tslusny Posted July 14, 2012 Share Posted July 14, 2012 @GodWar:> Did you do "5\. A reference in your Serverproject to the "MyVbQL.dll""Yes Link to comment Share on other sites More sharing options...
GodWar Posted July 14, 2012 Author Share Posted July 14, 2012 sqlGetSalt only got calles when user login! So when you got the error before there is something missing. But you only need the 2 DLLs IN your \server\ folder and the refernece to the MyVbQL.dll which activate the "MySQL Visual Basic API v2.0.0" Link to comment Share on other sites More sharing options...
Jumbofile Posted July 14, 2012 Share Posted July 14, 2012 How do you add a reference? Link to comment Share on other sites More sharing options...
tslusny Posted July 14, 2012 Share Posted July 14, 2012 @GodWar:> sqlGetSalt only got calles when user login! So when you got the error before there is something missing. But you only need the 2 DLLs IN your \server\ folder and the refernece to the MyVbQL.dll which activate the "MySQL Visual Basic API v2.0.0"I added reference correctly and i have both dlls in server folder.And i dont know if i added this step correctly:Replace:``` If Not AccountExist(Name) Then Call AlertMsg(index, "That account name does not exist.") Exit Sub End If If Not PasswordOK(Name, Password) Then Call AlertMsg(index, "Incorrect password.") Exit Sub End If If IsMultiAccounts(Name) Then Call AlertMsg(index, "Multiple account logins is not authorized.") Exit Sub End If```With:``` If sqlLoginUser(name, password) = 0 Then Call AlertMsg(index, "Nickname or Password incorrect!") Exit Sub Else Call sqlAddNewChar(index, name, password) 'Call AlertMsg(index, "Login successfully!") End If If Not AccountExist(name) Then 'Call AlertMsg(index, "That account name does not exist.") 'Exit Sub End If If Not PasswordOK(name, password) Then 'Call AlertMsg(index, "Incorrect password.") 'Exit Sub End If If IsMultiAccounts(name) Then 'Call AlertMsg(index, "Multiple account logins is not authorized.") 'Exit Sub End If```I added it to HandleLogin. And i commented this:```Call sqlAddNewChar(Index, Name, password)```Becouse you dont added that sub to tutorial and uncommented this:```Call AlertMsg(Index, "Login successfully!")```Warning - while you were typing a new reply has been posted. You may wish to review your post. Link to comment Share on other sites More sharing options...
Exception Posted July 14, 2012 Share Posted July 14, 2012 I tried this in a blank EO, and the login doesn't appear to work. From what I can work out, it's attempting to use the normal password, and comparing that against the salted password, and as a result, will always return false. I had little idea, but I did change something around, and got it to work (can't remember what, I didn't save my changes. Was just playing around)…if I'm honest, this is one of the few times I've played around with SQL.GodWar, when you wrote this, did you try it in a base EO yourself? As an example, the sub sqlAddNewChar doesn't exist, instead it's sqlAddUser. I still think this needs a bit more testing before it can be used.Although, you were right about it being weirdly instant, seriously, it logged in exactly the same time as normal for me. xD Link to comment Share on other sites More sharing options...
GodWar Posted July 14, 2012 Author Share Posted July 14, 2012 Hmmm!First: I don't try it with the EO 2.0! Because i do this for EO 3.0 :)Second: You know that this only work with the myBB i post!? Because this forum use the easyest salt i found. Other Boards use antother salt method.Third: The sqlAddUser is not finished yet because i delete it because the user MUST register in the forum! Same with sqlDelUser Link to comment Share on other sites More sharing options...
Exception Posted July 14, 2012 Share Posted July 14, 2012 @GodWar:> Hmmm!> > First: I don't try it with the EO 2.0! Because i do this for EO 3.0 :)> Second: You know that this only work with the myBB i post!? Because this forum use the easyest salt i found. Other Boards use antother salt method.> Third: The sqlAddUser is not finished yet because i delete it because the user MUST register in the forum! Same with sqlDelUser1) The registration systems haven't changed. It'd work exactly the same. My point is, have you actually tested this outside of your source, and followed the tutorial in a clean source, to make sure it's actually functional?2) Yes, I was testing on myBB. It still didn't unsalt the passwords, as said.3) I was registering in the forum, I was just mentioning that you used it in the tutorial, when it didn't actually work, which leads me to believe that this wasn't really tried. Link to comment Share on other sites More sharing options...
JustinSD Posted July 14, 2012 Share Posted July 14, 2012 I have a actual working SQL auth server for mybb and I can tell you that anyone who uses this and does not edit the tables correctly with mybb expect lots of people logging on your admin accounts and changing the passwords. Link to comment Share on other sites More sharing options...
JohnPony Posted July 15, 2012 Share Posted July 15, 2012 Edit:Downloaded it and started messing around, im currently fixing the MD5 to get the correct encryption to match up with a smf password encryption. Link to comment Share on other sites More sharing options...
clark Posted July 15, 2012 Share Posted July 15, 2012 If someone Use a SQL injector , wouldn't that destroy the database ? or make him able to modify anything inside ? Link to comment Share on other sites More sharing options...
GodWar Posted July 15, 2012 Author Share Posted July 15, 2012 I think no becasue the only the Server do anything. ther is NO SQL Code in the Client. You can try it in the login but i bed you can't inject the DB! Link to comment Share on other sites More sharing options...
clark Posted July 15, 2012 Share Posted July 15, 2012 ^^ i don't know how to inject anything , that's why it's better to know if using this can open a way to hack the server Link to comment Share on other sites More sharing options...
unknown Posted July 22, 2012 Share Posted July 22, 2012 @clark:> If someone Use a SQL injector , wouldn't that destroy the database ? or make him able to modify anything inside ?Make your nickname '; DROP TABLE USERS; and your database is destroyed..Unless your limiting the nickname in some way earlier in the server code to not allow ' or ; you may want to think before implementing this. Link to comment Share on other sites More sharing options...
Wortel Angels Posted July 28, 2012 Share Posted July 28, 2012 I got an Error on modHandleData Call sqlAddNewChar(Index, Name, password)[![](http://www7.pic-upload.de/thumb/28.07.12/jbe2u2x4fkkc.png)](http://www.pic-upload.de/view-15324092/Unbenannt.png.html)If i comment it out " ' "Then i get another error[![](http://www7.pic-upload.de/thumb/28.07.12/9ol2zaklsqup.png)](http://www.pic-upload.de/view-15324108/Unbenannt.png.html)Yes it added the MySQL Visual Basic API v2.0.0 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now