ArcEmu: [tutorial]: Making A Login Page (using Serverscripts) - ArcEmu

Jump to content

Toggle shoutbox Lastest Announcements

dfighter  : (07 December 2014 - 12:06 PM) Arcemu is in hibernation mode, please read http://arcemu.org/fo...showtopic=26903
dfighter  : (01 January 2013 - 05:56 PM) Arcemu wishes you all a happy new year!
Hasbro  : (12 September 2012 - 10:01 AM) Please excuse our outage from the web! Our web host had a major malfunction!
dfighter  : (01 September 2012 - 04:05 PM) Since the spam bots just don't want to stop, I've enabled admin verification when registering.
dfighter  : (23 January 2012 - 09:56 PM) Please note that from now on you will need to confirm your email on the wiki in order to edit it!
Hasbro  : (31 December 2011 - 12:50 PM) Happy New Years all!
Navid  : (26 December 2011 - 04:09 AM) Merry Christmas !!!!!! Happy holidays all :)
WAmadeus  : (24 December 2011 - 03:54 PM) Merry Christmas to all!
dfighter  : (24 December 2011 - 11:05 AM) The Arcemu team wishes y'all a Merry Christmukkah!
Hasbro  : (05 October 2011 - 12:53 PM) Looking for web designers for upcoming web related project. If you're interested in designing user interfaces contact me
dfighter  : (02 September 2011 - 03:47 PM) So who here wants vehicles in Arcemu? :P http://arcemu.org/fo...showtopic=25440
Hasbro  : (14 August 2011 - 03:25 PM) Join us on irc, grab an irc client and connect to irc.freenode.net join channel #arcemu /server irc.freenode.net:6667 /join #arcemu
jackpoz  : (03 August 2011 - 05:33 AM) to all Lua Engine (old one) users: please check http://arcemu.org/fo...showtopic=25274
Hasbro  : (20 May 2011 - 05:27 PM) Looking for people experienced with CMake configuration and setup! Contact me asap
Hasbro  : (15 May 2011 - 05:03 PM) ArcEmu is recruiting C++ programmers, contact Hasbro if interested.
paroxysm  : (03 May 2011 - 06:26 PM) Updated luabridge gossip example to describe the whole gossip creation process rather than just how to create menu. Gossip tutorial
paroxysm  : (23 April 2011 - 11:35 AM) Lua writers can refer to the Luabridge Tutorials section in the Wiki to learn how to write gossip code correctly.
Hasbro  : (20 April 2011 - 05:22 PM) Thank you for your continuous contribution of bug reports, we are working on them.
Hasbro  : (17 April 2011 - 03:20 AM) Please consider donating to support our bills. Donations can be sent using PayPal to donations@arcemu.org - Thank you for your support.
paroxysm  : (10 April 2011 - 12:43 AM) Refer to the Luabridge Tutorials section in the Wiki to learn the new syntax of luabridge.
Resize Shouts Area

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

[tutorial]: Making A Login Page (using Serverscripts) Supports ArcEmu, MaNGOS, and (soon) Trinity!

#1 User is offline   Bob Herman 

  • Interested
  • PipPipPipPip
  • Group: Members
  • Posts: 452
  • Joined: 11-October 08
  • Gender:Male

Posted 09 August 2010 - 07:41 PM

Hello dear ArcEmu member, yesterday I released ServerScripts, a simple framework to build your own Multi-Core and Multi-Language scripts easily. So, just to get developers up and started using ServerScripts, I made this simple tutorial to show the simplicity and raw power ServerScripts possesses. So what is so cool about ServerScripts? Quite simply, with ServerScripts you'll be able to create tools easily that will function on ALL cores, including ArcEmu, MaNGOS, and Trinity. Let's get started :)

The very first thing you need to do is download ServerScripts. To do so, click here (replace ** with ac in link). Once that's done, you'll need to extract it, and put it up on your webserver.

Then, we need to configure ServerScripts. Go to /system/Config.conf, and change the configuration settings to match your needs. Save, and exit. Now we can finally start working on the login script.

Create a new file in the root directory of your ServerScripts folder, and name it login.php. Inside of it, put the basic page where you load the backend:

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   Project              : ServerScripts
 *   Begin                : August 2, 2010
 *   Copyright            : © 2010 Robert Herman ( maverfax@gmail.com )
 *
 ***************************************************************************/

/***************************************************************************
 *							     INITIALIZE
 ***************************************************************************/

include 'system/global.php';

/***************************************************************************
 *							    PAGE SCRIPT
 ***************************************************************************/

?>


Underneath all that, we need to create our HTML form. All the $lang['xxx'] are preset language variables that you can use to make your tool in all the languages supported by ServerScripts. Also, the $color and $message variables will be how we will show messages to our users. I also use a table to easily format the login form neatly.

<h1><?php echo $lang['login_title']; ?></h1>
<b style="color:<?php echo $color; ?>"><?php echo $message; ?></b>
<form method="post" action="login.php">
	<table>
		<tr>
			<td><?php echo $lang['username']; ?>:</td>
			<td><input type="text" name="username"></td>
		</tr>
		<tr>
			<td><?php echo $lang['password']; ?>:</td>
			<td><input type="password" name="password"></td>
		</tr>
	</table>
	<br />
	<input type="submit" name="login" value="<?php echo $lang['login_title']; ?>">
</form>


Now that this is done, we need to actually process the form once it's submitted. We'll check if the post has been sent:

if(isset($_POST['login']))
{
}


Let's add in a bit of security, so that peope can't SQL inject their way in. Also, we'll hook onto this to make each of our $_POST['xxx'] variables be turned into $xxx variables. I also added in the $message and $color variables so that we can report messages to our user.

$message = '';
$color = 'red';

if(isset($_POST['login']))
{
	//Clean the post content
	foreach($_POST as $k => $v)
	{
		$$k = !get_magic_quotes_gpc() ? addslashes($v) : $v;
	}
}


Now we need to check the username the user has submitted. To do this, we will use the registered_accounts function, which checks how many accounts have been registered using the field we ask. If the username cannot be found, we'll set message to $lang['no_user_found']. It'll be done like this:

$message = '';
$color = 'red';

if(isset($_POST['login']))
{
	//Clean the post content
	foreach($_POST as $k => $v)
	{
		$$k = !get_magic_quotes_gpc() ? addslashes($v) : $v;
	}

	//Check the account exists
	if(registered_accounts('username', $username) > 0)
	{

	}
	
	else $message = $lang['no_user_found'];
}


And now for the last bit: we need to check the password. For this we'll use the check_password function which, as it's name suggests, checks an account's password.

$message = '';
$color = 'red';

if(isset($_POST['login']))
{
	//Clean the post content
	foreach($_POST as $k => $v)
	{
		$$k = !get_magic_quotes_gpc() ? addslashes($v) : $v;
	}

	//Check the account exists
	if(registered_accounts('username', $username) > 0)
	{
		//Check if it's the right password
		if(check_password($username, $password) == TRUE)
		{
			//We're done!
			die('You\'ve been logged in!');
		}
		
		else $message = $lang['login_wrong_pass'];
	}
	
	else $message = $lang['no_user_found'];
}


The finished script looks like this:

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   Project              : ServerScripts
 *   Begin                : August 2, 2010
 *   Copyright            : © 2010 Robert Herman ( maverfax@gmail.com )
 *
 ***************************************************************************/

/***************************************************************************
 *							     INITIALIZE
 ***************************************************************************/

include 'system/global.php';

/***************************************************************************
 *							    PAGE SCRIPT
 ***************************************************************************/

$message = '';
$color = 'red';

if(isset($_POST['login']))
{
	//Clean the post content
	foreach($_POST as $k => $v)
	{
		$$k = !get_magic_quotes_gpc() ? addslashes($v) : $v;
	}

	//Check the account exists
	if(registered_accounts('username', $username) > 0)
	{
		//Check if it's the right password
		if(check_password($username, $password) == TRUE)
		{
			die('You\'ve been logged in!');
		}
		
		else $message = $lang['login_wrong_pass'];
	}
	
	else $message = $lang['no_user_found'];
}
?>

<h1><?php echo $lang['login_title']; ?></h1>
<b style="color:<?php echo $color; ?>"><?php echo $message; ?></b>
<form method="post" action="login.php">
	<table>
		<tr>
			<td><?php echo $lang['username']; ?>:</td>
			<td><input type="text" name="username"></td>
		</tr>
		<tr>
			<td><?php echo $lang['password']; ?>:</td>
			<td><input type="password" name="password"></td>
		</tr>
	</table>
	<br />
	<input type="submit" name="login" value="<?php echo $lang['login_title']; ?>">
</form>


There you go. A login form that can run on ArcEmu, MaNGOS, and (soon) TrinityCore that can be used by English and French users (more languages will be added soon). Easy huh? :rolleyes:
0

#2 User is offline   Garvey 

  • is a cool guy
  • Group: Super Moderator
  • Posts: 331
  • Joined: 23-November 09
  • Gender:Male
  • Location:England
  • Server OS:Windows

Posted 10 August 2010 - 07:16 AM

Quote

Hello dear ac-web member


Wait... what?

Apart from that, looks interesting :P
But I, being poor, have only my dreams;
I have spread my dreams under your feet;
Tread softly because you tread on my dreams.
0

#3 User is offline   iEzri 

  • < Ace of spades >
  • Group: Contributor
  • Posts: 1,692
  • Joined: 22-December 08
  • Gender:Female
  • Interests:I'm likely to cause mischief
  • Server OS:Linux

Posted 10 August 2010 - 11:23 AM

View PostBob Herman, on 09 August 2010 - 07:41 PM, said:

Hello dear ac-web member


yay, very personal there ^^

View PostBob Herman, on 09 August 2010 - 07:41 PM, said:

Let's add in a bit of security, so that peope can't SQL inject their way in. Also, we'll hook onto this to make each of our $_POST['xxx'] variables be turned into $xxx variables.

$$k = !get_magic_quotes_gpc() ? addslashes($v) : $v;



:P

If magic_quotes_sybase was set on it would override magic_quotes_gpc.
Even if TRUE neither doublequotes, backslashes or NUL's would be escaped imo... also keep in mind that this wotn werk at runtime (get_magic_quotes_runtime()).

Also i dont think that addslashes makes your input safe as it only escapes what php is defining but not neccessary what your database driver sais...

I know its easy but escaping strings for a db is most likely an error ^^

how about mysql_real_escape_string or pg_escape_string ? You should look up those depending on the db you use. MySQL needs \n, \r and \x1a escaped afaik. addslashes doesn't do this, does it?

Addslashes is worth a general "wah do dem?!" and not good at all, it could make your code vulnerable to securitae shizumm, and it's like using extract($_POST); or turning register_globals on...

but besides that, nice script. i shall test it out some time :)
Posted Image I do not join. I lead.
0

#4 User is offline   Bob Herman 

  • Interested
  • PipPipPipPip
  • Group: Members
  • Posts: 452
  • Joined: 11-October 08
  • Gender:Male

Posted 10 August 2010 - 12:33 PM

Err, that slight slip about ac-web has been fixed. :)

Yeah, I don't exactly remember why I used mysql_real_escape_string instead of addslashes. I'll change that eventually :P
0

#5 User is offline   iEzri 

  • < Ace of spades >
  • Group: Contributor
  • Posts: 1,692
  • Joined: 22-December 08
  • Gender:Female
  • Interests:I'm likely to cause mischief
  • Server OS:Linux

Posted 10 August 2010 - 01:17 PM

you mean

View PostBob Herman said:

I don't exactly remember why I used addslashes instead of mysql_real_escape_string.


?
Posted Image I do not join. I lead.
0

#6 User is offline   Bob Herman 

  • Interested
  • PipPipPipPip
  • Group: Members
  • Posts: 452
  • Joined: 11-October 08
  • Gender:Male

Posted 10 August 2010 - 03:43 PM

View PostEzri, on 10 August 2010 - 01:17 PM, said:

you mean?


Err... yeah. I'm really out of it today haha :P
0

#7 User is offline   iEzri 

  • < Ace of spades >
  • Group: Contributor
  • Posts: 1,692
  • Joined: 22-December 08
  • Gender:Female
  • Interests:I'm likely to cause mischief
  • Server OS:Linux

Posted 10 August 2010 - 03:56 PM

View PostBob Herman, on 10 August 2010 - 03:43 PM, said:

Err... yeah. I'm really out of it today haha :P


:)
Posted Image I do not join. I lead.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users