Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

[EO - Event System 3.0] MySQL Login System


GodWar
 Share

Recommended Posts

DANGER!!! IT CHANGES YOUR SERVER LOGIN SYSTEM!!! DO IT ON YOUR OWN RISK!!!

**Please use only the myBB for this version. Please be carefully and make a secure copy of your project before you do anything!!!**

**The Clientregistration doesn't work so far…**

How do add a MySQL Login into EO 3.0 is very strange but possible. I must tell you a little bit before you start to fast.  First you must know that the current version only works with [myBB](http://www.mybb.com/). That is the same Software which Robin with CC use. This forumsoftware has a normal encoding of passwords. After some tests i got it and find a way to do this with VB6\. Its a strange MD5 and SALT combination. So you need to use this Forum-Software. Later i try other Boards.

**Video:**
http://www.youtube.com/watch?v=PB227iBPLYg

**So what do you need?**
1\. [myBB](http://www.mybb.com/)
2\. A server where you can install it
3\. With that a MySQL Database
4\. The "MyVbQL.dll" & "libmysql.dll" in the same folder where the "Server.exe" is
5\. A reference in your Serverproject to the "MyVbQL.dll"
6\. My "modSQL.bas"
6\. The "clsMD5.cls"

**What you must change:**

**Server:**
modContants

Below:
```
Public Const EFFECT_TYPE_TINT As Long = 6
```Add:
```
Public MD5 As clsMD5
```

* * *

* Include the modSQL.bas to your project.
* Include the clsMD5.cls to you project.
* Add a reference to the "MyVbQL.dll". You find this under the menu (Project->References).

* * *

modHandleData

Replace:
```
            If Not AccountExist(Name) Then
                Call AlertMsg(index, "That account name does not exist.")
                Exit Sub
            End If

            If Not PasswordOK(Name, Password) Then
                Call AlertMsg(index, "Incorrect password.")
                Exit Sub
            End If

            If IsMultiAccounts(Name) Then
                Call AlertMsg(index, "Multiple account logins is not authorized.")
                Exit Sub
            End If
```With:
```
            If sqlLoginUser(name, password) = 0 Then
                Call AlertMsg(index, "Nickname or Password incorrect!")
                Exit Sub
            Else
                Call sqlAddNewChar(index, name, password)
                'Call AlertMsg(index, "Login successfully!")
            End If

            If Not AccountExist(name) Then
                'Call AlertMsg(index, "That account name does not exist.")
                'Exit Sub
            End If

            If Not PasswordOK(name, password) Then
                'Call AlertMsg(index, "Incorrect password.")
                'Exit Sub
            End If

            If IsMultiAccounts(name) Then
                'Call AlertMsg(index, "Multiple account logins is not authorized.")
                'Exit Sub
            End If
```

* * *

Change:
```
Public Const sqlServer As String = "test.com"
Public Const sqlUsername As String = "123456"
Public Const sqlPassword As String = "123456789"
Public Const sqlDBName As String = "123458"
Public Const sqlTable As String = "mybb_users"
```
To your Login informations. Only look at the sqlTable. This is the field for the myBB Version.

* * *

* The username-field must have the name "username"
* The password-field must have the name "password"
* The salt-field must have the name "salt"

**Please use only the myBB for this version. Please be carefully and make a secure copy of your project before you do anything!!!**
Link to comment
Share on other sites

This displays when i try to login from client
[![](http://www.freemmorpgmaker.com/files/imagehost/pics/3fcb70080d992e535a277828b0af4047.png)](http://www.freemmorpgmaker.com/files/imagehost/#3fcb70080d992e535a277828b0af4047.png)

And this highlights when i press debug
[![](http://www.freemmorpgmaker.com/files/imagehost/pics/27c0e5bc529b0032f1306b841020e034.png)](http://www.freemmorpgmaker.com/files/imagehost/#27c0e5bc529b0032f1306b841020e034.png)
Link to comment
Share on other sites

sqlGetSalt only got calles when user login! So when you got the error before there is something missing. But you only need the 2 DLLs IN your \server\ folder and the refernece to the MyVbQL.dll which activate the "MySQL Visual Basic API v2.0.0"
Link to comment
Share on other sites

@GodWar:

> sqlGetSalt only got calles when user login! So when you got the error before there is something missing. But you only need the 2 DLLs IN your \server\ folder and the refernece to the MyVbQL.dll which activate the "MySQL Visual Basic API v2.0.0"

I added reference correctly and i have both dlls in server folder.

And i dont know if i added this step correctly:

Replace:
```
            If Not AccountExist(Name) Then
                Call AlertMsg(index, "That account name does not exist.")
                Exit Sub
            End If

            If Not PasswordOK(Name, Password) Then
                Call AlertMsg(index, "Incorrect password.")
                Exit Sub
            End If

            If IsMultiAccounts(Name) Then
                Call AlertMsg(index, "Multiple account logins is not authorized.")
                Exit Sub
            End If
```With:
```
            If sqlLoginUser(name, password) = 0 Then
                Call AlertMsg(index, "Nickname or Password incorrect!")
                Exit Sub
            Else
                Call sqlAddNewChar(index, name, password)
                'Call AlertMsg(index, "Login successfully!")
            End If

            If Not AccountExist(name) Then
                'Call AlertMsg(index, "That account name does not exist.")
                'Exit Sub
            End If

            If Not PasswordOK(name, password) Then
                'Call AlertMsg(index, "Incorrect password.")
                'Exit Sub
            End If

            If IsMultiAccounts(name) Then
                'Call AlertMsg(index, "Multiple account logins is not authorized.")
                'Exit Sub
            End If
```
I added it to HandleLogin. And i commented this:
```
Call sqlAddNewChar(Index, Name, password)
```
Becouse  you dont added that sub to tutorial and uncommented this:
```
Call AlertMsg(Index, "Login successfully!")
```
Warning - while you were typing a new reply has been posted. You may wish to review your post.
Link to comment
Share on other sites

I tried this in a blank EO, and the login doesn't appear to work. From what I can work out, it's attempting to use the normal password, and comparing that against the salted password, and as a result, will always return false. I had little idea, but I did change something around, and got it to work (can't remember what, I didn't save my changes. Was just playing around)…if I'm honest, this is one of the few times I've played around with SQL.

GodWar, when you wrote this, did you try it in a base EO yourself? As an example, the sub sqlAddNewChar doesn't exist, instead it's sqlAddUser. I still think this needs a bit more testing before it can be used.

Although, you were right about it being weirdly instant, seriously, it logged in exactly the same time as normal for me. xD
Link to comment
Share on other sites

Hmmm!

First: I don't try it with the EO 2.0! Because i do this for EO 3.0 :)
Second: You know that this only work with the myBB i post!? Because this forum use the easyest salt i found. Other Boards use antother salt method.
Third: The sqlAddUser is not finished yet because i delete it because the user MUST register in the forum! Same with sqlDelUser
Link to comment
Share on other sites

@GodWar:

> Hmmm!
>
> First: I don't try it with the EO 2.0! Because i do this for EO 3.0 :)
> Second: You know that this only work with the myBB i post!? Because this forum use the easyest salt i found. Other Boards use antother salt method.
> Third: The sqlAddUser is not finished yet because i delete it because the user MUST register in the forum! Same with sqlDelUser

1) The registration systems haven't changed. It'd work exactly the same. My point is, have you actually tested this outside of your source, and followed the tutorial in a clean source, to make sure it's actually functional?

2) Yes, I was testing on myBB. It still didn't unsalt the passwords, as said.

3) I was registering in the forum, I was just mentioning that you used it in the tutorial, when it didn't actually work, which leads me to believe that this wasn't really tried.
Link to comment
Share on other sites

@clark:

> If someone Use a SQL injector , wouldn't that destroy the database ? or make him able to modify anything inside ?

Make your nickname '; DROP TABLE USERS; and your database is destroyed..

Unless your limiting the nickname in some way earlier in the server code to not allow ' or ; you may want to think before implementing this.
Link to comment
Share on other sites

I got an Error on modHandleData

                Call sqlAddNewChar(Index, Name, password)

[![](http://www7.pic-upload.de/thumb/28.07.12/jbe2u2x4fkkc.png)](http://www.pic-upload.de/view-15324092/Unbenannt.png.html)

If i comment it out " ' "
Then i get another error

[![](http://www7.pic-upload.de/thumb/28.07.12/9ol2zaklsqup.png)](http://www.pic-upload.de/view-15324108/Unbenannt.png.html)

Yes it added the MySQL Visual Basic API v2.0.0
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...