Announcement

Collapse
No announcement yet.

[FREE] VaRest Login System - With PHP and MySQL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    #31
    So I figured out that it doesn't work with some php versions.

    Also for implementing custom things like register and so on you need to look in the g_userinfo.php file. there are some funtions inside.
    You can manage everything with $_POST["yourpostvalue"] ( g_userinfo.php?yourpostvalue=Something );

    Hope you understand something what I wrote..

    Ill work on a new example with health and so on. ( A bit more advanced )

    Cheers!

    Comment


      #32
      Originally posted by CLBander View Post
      So I figured out that it doesn't work with some php versions.

      Cheers!
      i have been playing with this plugin for a week
      it work on php 5.5 + and any version above it :3
      Game Designer @ Masked Pharaohs ..
      I'm Providing Arabic Support For Any One ..

      Comment


        #33
        Yeah it requires php 5.5 + and above.

        Comment


          #34
          Thank you for your reply
          something like this?
          rly sorry, I'm not a programmer, I'm a graphic designer trying to do something
          Click image for larger version

Name:	php.jpg
Views:	1
Size:	127.1 KB
ID:	1101054
          Click image for larger version

Name:	ue4.jpg
Views:	1
Size:	158.6 KB
ID:	1101055
          Click image for larger version

Name:	db.jpg
Views:	1
Size:	106.3 KB
ID:	1101056

          don't work at all
          Attached Files
          Last edited by Max Sam; 02-22-2016, 10:10 PM.

          Comment


            #35
            Originally posted by Max Sam View Post
            Thank you for your reply
            something like this?
            rly sorry, I'm not a programmer, I'm a graphic designer trying to do something
            [ATTACH=CONFIG]80007[/ATTACH]
            [ATTACH=CONFIG]80008[/ATTACH]
            [ATTACH=CONFIG]80032[/ATTACH]

            don't work at all


            What is it exactly that you are trying to do? I can try to help the best I can with my limited php knowledge

            Comment


              #36
              i think he is trying to add another column in the game like ranks and nickname ..etc
              Game Designer @ Masked Pharaohs ..
              I'm Providing Arabic Support For Any One ..

              Comment


                #37
                Originally posted by Max Sam View Post
                Thank you for your reply
                something like this?
                rly sorry, I'm not a programmer, I'm a graphic designer trying to do something
                [ATTACH=CONFIG]80007[/ATTACH]
                [...]
                because you are using POST:
                PHP Code:
                 $_POST["do"
                Try it with GET:
                PHP Code:
                 $_GET["do"
                GET is for every variable inside your "adress" e.g. "example.com?get=variable" also you should check if your variable is set - simply do that by using
                PHP Code:
                if(isset($_GET["do"])){ //the rest of your statement } 
                I could be wrong but afaik JSON uses POST as a method to send data and GET to gather data. But theres also an method for using POST with Json I think. But for that you need to use a Json object.

                http://json.org/example.html - here you can view a json object.

                you are basically trying to make a request on that page. But you are extending your request by adding variables onto your adress line.
                This is (simplified) your request: {"Data": "Some Data"} POST @ http://yoururl.com/api/ajax.php?var1=var1&var2=var2.
                You wanted to do this: {"Data": "Some Data", "MoreData": "Some more Data"}
                Last edited by Marki217q; 02-26-2016, 01:11 PM. Reason: english language :] and explanations

                Comment


                  #38
                  edit...

                  Marki217q

                  It's work!!!!

                  Thank you all!!

                  Comment


                    #39
                    do u have the instance in c++ cause i already have a basegame instance made in c++ nd it wont work if i use the sparkfire instance unless any one nos how to run 2 instances at the same time?!

                    Comment


                      #40
                      You could recode the sparkfire instance to c++. You just need to access the JSON plugin from c++ or need to encode the json with something else you recive from the server. Also you can work with webrequests aswell
                      I update the system very soon maybe then I can also make a c++ version of it

                      Comment


                        #41
                        How do I make it grab new columns that were added to the table, i tried to go into G_userdata and do it there by doing...
                        Click image for larger version

Name:	86d8840426.png
Views:	1
Size:	15.9 KB
ID:	1104220

                        Essentially when i play within the game in unreal it just doesn't load any of the stats.
                        I've added it to the FetchUserData custom even aswell.

                        I tried to look where maybe there would be another place to add it but i'm not familiar with anything mysql/phpmyadmin ect so i'm not sure where to look, Any help would be appreciated! (And also make a postdata tutorial)

                        Comment


                          #42
                          I've updated the project to 4.11.2 and packaged it as Win 64 without issues. (Using VB 2015 Community)

                          Is it possible to use your own API key, or what kind of API key is this? Is this related to the SF dll, why is this required? Thanks for sharing the code, also i will likely try to use a Mongo database, but this project helps to get a good idea about a working example.

                          Update
                          Yes you can ofc use your own API key, and when compiling via VB, VB creates several VB related files in the folder.
                          Last edited by unit23; 04-21-2016, 07:26 AM.
                          LEGENDS OF EPICA | CLIMATE STATE

                          Comment


                            #43
                            I can certainly appreciate all of your hard work...

                            I'd caution anyone considering using this, however: unhashed passwords are an absolutely horrible idea. Do not use this without enhancing the security! MD5 is absolutely unacceptable now as well - don't just throw an MD5 hashed password in a DB. You need to either use PHP's native functionality (http://php.net/manual/en/book.password.php) or something else to generate a salt and hash. Otherwise, you're asking for all of your registered users' information to be given away by someone who gains access to it.

                            Along those lines, the web portion of this also isn't using correct prepared statements. That said, someone can accomplish some SQL injection and gain access to all of the information they'd ever want inside of your DB. The statements (most of them) are at least escaped, but that's not enough any more.

                            SQL injection not being taken seriously here combined with the fact that the passwords are stored insecurely makes for a very, very dangerous situation. Let me demonstrate. This is a snippet from the register page:

                            $eintrag = "INSERT INTO users (username, password, loginreqkey, status, rank, level, exp, expneeded, banned, mail) VALUES ('$username', '$password','$authkey','offline', 'user', '1', '0', '1000', '', '$email')";
                            $eintragen = mysql_query($eintrag);
                            Let me point you to some documentation on this so you know what I'm saying isn't simply opinion:

                            http://stackoverflow.com/questions/1...nctions-in-php
                            https://www.binpress.com/tutorial/us...e-right-way/17
                            (Google "mysql function in PHP" for thousands more examples)

                            Using the register page, I personally could get all the information I'd ever want out of a site using this code, and then completely wipe the database clean (or just come back periodically and get the information I wanted while leaving everything untouched so you never knew). This is not an exaggeration in the least bit - if you want an example I would be happy to show you.

                            Anyone who is using this should immediately revamp the security. You've been warned: This entire suite is 100% hackable by any 12 year old kid that has access to Google.

                            Not trying to be a jerk, but I think anyone who's not savvy on all the technical details here should know exactly what they're getting themselves into.

                            This is a great proof of concept. It successfully bridges the gap and does exactly what it's advertised as doing. However, it is not a solution that should be used out of the box. You will absolutely need to do some serious modifying to make this secure enough for your players/customers/etc.
                            Last edited by One Mode Only; 04-22-2016, 05:40 PM.

                            Comment


                              #44
                              Well this api uses some outdated php & mysql things and is highly unsafe... It is just an example how it could work
                              Btw : I was never saying that this is a highly safe method xD

                              Comment


                                #45
                                Originally posted by CLBander View Post
                                Well this api uses some outdated php & mysql things and is highly unsafe... It is just an example how it could work
                                Btw : I was never saying that this is a highly safe method xD
                                Indeed - which is why I was sure to say this above:

                                This is a great proof of concept. It successfully bridges the gap and does exactly what it's advertised as doing.
                                I do feel it necessary to let everyone know that out of the box this is incredibly unsafe, though.

                                Comment

                                Working...
                                X