[RELEASE] Premium Coded Website

[janvier123]

 Spoiler

If you are looking for an actual download then i have to disapoint you, there is no files here yet!
I cannot edit the title, so ill have to think ahead to create this topic

Hi,

Since i get a buttload of PMs asking to make a website for them, ive decide to make a kind of CMS. Players can have a GOOD looking website that is fully PHP / SQLServ coded.
You can all send ideas on what functions you need!

Function	Progress
Homepage	Completed
Register Page	Completed
Login Page	Completed
Validate Page	Completed
Userpanel => Account Overview	Completed
Userpanel => Settings	Completed
Userpanel => Mailbox	Completed
Userpanel => Change Password	Completed
Userpanel => Change email	Completed
Userpanel => Refer a friend	Completed
Userpanel => Donate	Completed
Userpanel => Donate => PayPal	Completed
Userpanel => Donate => Payment Wall	Completed
Userpanel => Vote	Completed
Userpanel => My Characters	Completed
Userpanel => Validate (hidden)	Completed
Userpanel => Unstuck	Completed
Timer => Deadfront	Completed
Timer => Siege	Completed
Timer => Server Time	Completed
Server Status	Completed
Ranking => By Level	Completed
Ranking => By Exp	Completed
Ranking => By Dil	Completed
Ranking => By PVP Win	Completed
Ranking => By PVP Lose	Completed
Ranking => By PK	Completed
Ranking => By IP	Completed
Ranking => Guild	Completed
Downloads	Completed
TOS Page	Completed
Language system	TODO
News system	Completed
IPB forum integration	Completed
Mail System	Completed
IPN (Instant Payement Notification)	Completed

Features
Secure Register page
Secure Login Page
1 Config file!
Email System
IPN System
User Voting (MAX 5 Sites)
Ranking Pages
User Validation
Build In Userpanel
Own database
Payment Wall Integration
IPB News (If you have an IPB forum)
Theme system
File Compare system (To check unwanted files, or someone has changed them)

Requirements
MsSQL Server (2000 or higher)
PHP 5.x
PHP with sqlsrv extension
PHP Editor (Notepad++, Dreamweaver, ...)

[devans000]

any chance of integrating deadfront timers, siege timers and server time?

also on these rankings would it be possible to add guild rankings (similar to individual, total level, total dill, total pks etc.) and the same for alliances (if a server has these)?

[janvier123]

ill add it

[Godricc]

Great job Jan. I think this will be very beneficial for yourself, and for others.

+1 - Ill be sure to add in some of my own ideas that could be added into the whole setup.

P.S. THANK THIS MAN FOR ALL OF HIS WORK! He deserves EVERY bit of it.

[fastswipe]

What about a forget password option? It would be awesome!

[Farius~]

also would be good to add a system skins...

where you can change the style of the page, or that people release designs for others to use them.

[.Genome.]

Not that it matters but I'm just here to suggest that people not use the change email feature. Of course it is nice but there is account security to deal with, everyone should know by now the amount of people that "get hacked", being able to change both the account password and account email basically means they lose the entire account for good.

If you keep this feature though you could add a secret password to the account that you need to use to change the email, or you could use the email that was originally with the account to do so (assuming that there is no possible way for someone who doesn't own the account to find what the original email was, without being told it by the person who gets "hacked").

Third option that I see would be to make another column in the DB to store the original email in it, then if they "get hacked" you could use that as a sort of account security backup.

This is all if you really care, because if you don't care then thats fine too

Quote:

Originally Posted by fastswipe

What about a forget password option? It would be awesome!

+1, but should it set the password to a randomly generated temp password like most sites do (the al34jasdg type thing) and then email it to the accounts email or should it just email the password to the email. Not that the second one matters since this is a pserver scene, but the first provides more security for the end-user because, although rare, I've seen cases where the account and the person's email have been hacked. And since people aren't that intelligent, the first one offers protection for those who use the same password on everything in life.

Quote:

Originally Posted by Farius~

also would be good to add a system skins...

where you can change the style of the page, or that people release designs for others to use them.

I like the idea of this too, the thing is how to do it. I haven't done a lot of web design but from what I've seen it might not be possible to have custom designs without it being accessible to everyone at the same time (like forum skins). But this is something I have never looked into so it might be possible?

Still +1.




__________________________________________________ _________

Also would suggest adding an IP log page to the account panel, whether it be on the user panel or some extra gm side panel, unless that's part of account overview (which would be weird).

Here's one that I use: (Enjoy the release )

 Spoiler

<?php
include("_.php"); // Global settings php file, whatever you name it.

echo "<center>";
$login = checkIfLoggedIn($con); // Check if they are logged in to the panel (I use a function out of the php that I included above)

if($login == true)
{
echo "<br><font color=red>RESULTS ARE THE 30 MOST RECENT LOGINS.<u></u></font><br><br>";
echo "<table width='300' height='1'><tr valign='top'>";
echo "<td width='5%'><u><font color='#306EFF'>IP</font></u></td><td width='15%'><u><font color='#306EFF'>Date</font></u></td></tr><tr valign='top'>";
$logged_inq = mssql_query("SELECT TOP 30 conn_ip,login_time FROM account.dbo.USER_CONNLOG_KEY WHERE user_no LIKE '".$userno."' ORDER by conn_no DESC",$con); // $userno should be derived from elsewhere in the panel (like how I got mine from the php file imported at the top), or you should add a way to get that based on the account name currently logged in.
while($loginflag = mssql_fetch_array($logged_inq))
{
$ip = $loginflag['conn_ip'];
list(,$ip) = unpack('N',$ip);
$ip = long2ip($ip);
echo "<td width='5%'><font color = white>".$ip."</font></td>";
echo "<td width='15%'><font color = white>".$loginflag['login_time']."</font></td></tr><tr>";
}
}
else if($login == false)
{
echo "<meta http-equiv='REFRESH' content='0;url=_.php?type=loginlogs'>"; // Whatever your main php
}

echo "<a href='_.php' style='color: #00FF00'>Return to main page</a>"; // Whatever your main php page is called.
echo "</center>";
echo "</font>";

?>

[Decima]

well, altho i wont be using this, its a good idea i guess, but get ready for ppl to bug the shit out of you when they a) dont read the documentation or b) cant grasp the simplicity, or w/e else they are going to come up with, you know how it is here lol

of course the email change should send an email to the current email, to verify ownership, so yeah, im with genome on that

same with password change, verify ownership by sending an email with a link and one time 32 character token, as for the forgot password, you should know that some email addresses wont receive the email, something to do with how the sendmail application sending it thru an offsite smtp server, yahoo is really bad about it and a few others as well, which is going to make it a nightmare for admins so if you could possibly find a different way for forgot password, it would make it easier on the admins, which will in turn make it easier on you (ppl can argue this, but i have hands-on exp with this issue, it IS NOT a good idea to send a random generated password to their email)

i would recommend against username change as things will start to get difficult to track if you allow them to change everything.

something else i would recommend, altho you would need to find a really good way to pull it off, is log the last 5-10 IP addresses that have logged in (if you could get in-game IP in that log too, would be helpful) i recommend this because its going to be nice for the admins to see what all accounts have been logged in from an IP, and since ppl will proxy to keep the IP from popping up having a list will make that really hard for them

as for skins, if you can keep it simple you may not run in to too many issues. what i mean by that, is dont allow everything to be changed, only like background, bullet type images, etc, leave certain things static and not changeable, and of course in the documentation give them image dimensions to go by.

as i stated, this is both a good idea, and a bad idea, like everything else here there will be a few ppl that will appreciate it and understand it, but the majority of ppl will talk shit, wont read the instruction, bog the forums down with stupid questions, demand this, demand that, then when its not pre-school enuff for them they will talk shit, so my suggestion to you janveir would be to charge them for support, this way it will be worth your time to train them on how to use and change the things they arent capable of changing.

[janvier123]

I have to disagree with the email "suggestion", at beyond dekaron, i have made this homebrew system where when you register your account, you will be send an email.

When that email is bounced, its a bogus account, Ex: spam account, double account, etc
In this email you need to verify your account, once that is done, you will get another email with a special key, called "Secret Number", a 12 digit code

This email is send ONCE, and is not recoverable. If they lose it... too bad.
Without this Secret Number you cannot change your email / password.

I must say that none on the accounts where hacked, but i have to admit that some claim that there account was hacked, how? They shared there info ... including the SN. If they are that stupid, then i dont care!

On the skinning / style system .... dunno yet, there is still allot of php in the views

Quote:

Originally Posted by fastswipe

What about a forget password option? It would be awesome!

Busy on that


PS: it can take a while since iam the proud owner of a Elder Scrolls Online Beta Key

[.Genome.]

Quote:

Originally Posted by Decima

something else i would recommend, altho you would need to find a really good way to pull it off, is log the last 5-10 IP addresses that have logged in (if you could get in-game IP in that log too, would be helpful) i recommend this because its going to be nice for the admins to see what all accounts have been logged in from an IP, and since ppl will proxy to keep the IP from popping up having a list will make that really hard for them

You could easily edit an existing SP or make a new SP and compare the IP logging in to a list of IPs linked to that account (the script I gave above is for in-game logins, forgot to mention that :O). But for the IP list idea you have to create a new table that you would store (preferably) the userno or user_name of the account logging in and the IP logging in. based on your 5-10 IP list you make a table with 6-11 columns.

If you made an extra SP just link it into the login SP, not too sure but you could probably also stop the account from logging in and have the server send an email with a verification code to allow a different IP to connect to the account (Kinda like GW2 and Steam). This could make better use of tracking connected IPs than just placing the last 5-10 unique IPs in a table.

I don't think that keeping track of IPs logging into the web panel would be useful as I do things on my phone and friends computers and such from time to time so many IPs would show up, but on my game accounts it should only be 1 IP (for me at least).

_____________

You can do a lot of things that you never thought were possible with a little bit of work

[janvier123]

Quote:

Originally Posted by .Genome.

You could easily edit an existing SP or make a new SP and compare the IP logging in to a list of IPs linked to that account (the script I gave above is for in-game logins, forgot to mention that :O). But for the IP list idea you have to create a new table that you would store (preferably) the userno or user_name of the account logging in and the IP logging in. based on your 5-10 IP list you make a table with 6-11 columns.

If you made an extra SP just link it into the login SP, not too sure but you could probably also stop the account from logging in and have the server send an email with a verification code to allow a different IP to connect to the account (Kinda like GW2 and Steam). This could make better use of tracking connected IPs than just placing the last 5-10 unique IPs in a table.

I don't think that keeping track of IPs logging into the web panel would be useful as I do things on my phone and friends computers and such from time to time so many IPs would show up, but on my game accounts it should only be 1 IP (for me at least).

_____________

You can do a lot of things that you never thought were possible with a little bit of work

Old idea

Just a heads up,
All rankings are CACHED, you can set the cache time in the config file, Yes, config file, there is no admin panel, just 1 config file, (200+ lines now)

[joshyb123]

Have to commend you for putting in the effort to do this for the dekaron community Jan, even tho its mostly dead besides people doing things for themselves.

Good to see at least someone still wants to contribute work and release it to everyone.

[4the]

Add to ip ban system in GM panel. please.

[janvier123]

There are no plans for a GM panel atm
however, an IP ban is possible

[joshyb123]

IP ban is too easily avoided, a script that checks for all accounts currently (at that exact moment) logged with that IP and then bans them accounts so they cant log in would work better, in my opinion.