How do I make it grab new columns that were added to the table, i tried to go into G_userdata and do it there by doing…
Essentially when i play within the game in unreal it just doesn’t load any of the stats.
I’ve added it to the FetchUserData custom even aswell.
I tried to look where maybe there would be another place to add it but i’m not familiar with anything mysql/phpmyadmin ect so i’m not sure where to look, Any help would be appreciated! (And also make a postdata tutorial)
I’ve updated the project to 4.11.2 and packaged it as Win 64 without issues. (Using VB 2015 Community)
Is it possible to use your own API key, or what kind of API key is this? Is this related to the SF dll, why is this required? Thanks for sharing the code, also i will likely try to use a Mongo database, but this project helps to get a good idea about a working example.
Update
Yes you can ofc use your own API key, and when compiling via VB, VB creates several VB related files in the folder.
I can certainly appreciate all of your hard work…
I’d caution anyone considering using this, however: unhashed passwords are an absolutely horrible idea. Do not use this without enhancing the security! MD5 is absolutely unacceptable now as well - don’t just throw an MD5 hashed password in a DB. You need to either use PHP’s native functionality (PHP: Password Hashing - Manual) or something else to generate a salt and hash. Otherwise, you’re asking for all of your registered users’ information to be given away by someone who gains access to it.
Along those lines, the web portion of this also isn’t using correct prepared statements. That said, someone can accomplish some SQL injection and gain access to all of the information they’d ever want inside of your DB. The statements (most of them) are at least escaped, but that’s not enough any more.
SQL injection not being taken seriously here combined with the fact that the passwords are stored insecurely makes for a very, very dangerous situation. Let me demonstrate. This is a snippet from the register page:
Let me point you to some documentation on this so you know what I’m saying isn’t simply opinion:
(Google “mysql function in PHP” for thousands more examples)
Using the register page, I personally could get all the information I’d ever want out of a site using this code, and then completely wipe the database clean (or just come back periodically and get the information I wanted while leaving everything untouched so you never knew). This is not an exaggeration in the least bit - if you want an example I would be happy to show you.
Anyone who is using this should immediately revamp the security. You’ve been warned: This entire suite is 100% hackable by any 12 year old kid that has access to Google.
Not trying to be a jerk, but I think anyone who’s not savvy on all the technical details here should know exactly what they’re getting themselves into.
This is a great proof of concept. It successfully bridges the gap and does exactly what it’s advertised as doing. However, it is not a solution that should be used out of the box. You will absolutely need to do some serious modifying to make this secure enough for your players/customers/etc.
Well this api uses some outdated php & mysql things and is highly unsafe… It is just an example how it could work 
Btw : I was never saying that this is a highly safe method xD
Indeed - which is why I was sure to say this above:
I do feel it necessary to let everyone know that out of the box this is incredibly unsafe, though.
Well I think I wrote it somewhere that it is highly unsafe like on the register site or somewhere
Why not address the security, then prepare a secure solution for the market place. I really would pay for this. I will even use existing code, just to get something up and running for testing only.
Also what if we have a dedicated server, which communicates with a local database through a SSL or SSH connection, would there still be a risk through the PHP code for SQL injections? With Google Auth2.0 or Passport we have a secure login, but then there would be the need for a consent screen. Maybe for this register first at the web frontend, then use just login data at the client prompt…
Well when you setup something with dedicated server and local database I dont think you have security problems. Because the clients requests something on the dedicated server and the dedicated server changes something on the database…
Well you can use sql lite for it … there is somewhere here in the forums a tutorial for it… but its still very advanced for some users.
But i still need to login auth the user and then make queries to the server - database - back to the client … i looked for “sql lite” but the forum is not giving much results.
Great work CLBander! Does this work in UE4 version 4.10?
Nice work ^^
But need up
Does this work with 4.11
Hello,
can i use this for commercial project?
thx for replay
Yes sir! But please note that the system is unsafe…
Allright so Im working on a single plugin for the Login System.
It get’s soon released.
Any update on the single plugin?
Never mind fixed it
Well atm the plugin doesn’t work right … im making a bp function library but can’t inizialize it to make an webrequest. So when a webrequest happens it crashes. And If I want to make an webrequest complete as delegate it won’t work because of a static bp function library.
But well yeah im on it
UE4Login Plugin
Plugin Features:.
Project Settings -> URL & API Key
BP Functions -> Request Login ’ Delegate Login Complete
->Register -> Registration Complete ( Bool Success or not ).
BP Function -> sha512 encryption. encrypt passwords as sha15 or something else.
So this will come very soon
Can you update link to ue4.12.2 or send a link for me? for some reason it wont recompile/build for me… i have the varest plugin to my engine from the marketplace.
VaRest Help
Hey guys having a few issues with the VaRest Plugin on 4.11
When i created my system locally using Bitnami everything was working fine with the VaRest Response.
I then moved it over to a webhost and now im getting this error.
LogVaRest: Response (200): <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toStri
ng(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("16ef05200d6298b80e62a84430c041c9");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; document.cookie="referrer="+escape(document.referrer); location.href="http:
//gametest.wwhost.ga/gameinfo.php?user=youtube&password=youtube&stuff=login&ckattempt=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>
Anyone got a clue what the hell this all means
Cheers