Idea for register page

SnickQ · 01/11/2019, 16:07

Hey.
Too many players use the same password and logins for every server. So maybe someone hwo have skills with php create a new register page where player cannot write own password but insted get password from script + change password with the same way.
I ask for it becuse i can create it with ASP.NET but many people are not able to instal ASP apps and becouse as you know some admins use these data for bad reasons.
So it have to be PHP and i have no skills with PHP.
Sorry for my bad english.

[MXD]Takeshi · 01/11/2019, 17:02

you need generate a password ???

exist different method, but an easy way is:

Code:

$psw = md5(substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10));

get a random string, then use SMTP to send by email.

SnickQ · 01/11/2019, 17:19

Quote:
Originally Posted by [MXD]Takeshi
you need generate a password ???

exist different method, but an easy way is:
Code:
$psw = md5(substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10));
get a random string, then use SMTP to send by email.

I mentioned that generating a password is a better way to protect the server from unfair admins.

[MXD]Takeshi · 01/11/2019, 22:50

Quote:

Originally Posted by SnickQ

I mentioned that generating a password is a better way to protect the server from unfair admins.

this yes, it would be nice, as I explained using the encrypted password instead of the Pw...

But the problem is... after many years, "many" script release for register and other, stoled and released website, in all this the password is a input... so, tell me why someone will be choose to use an "encrypt" password when i can have psw "free" ? im a developer and can made everything in website, but when someone not like it? and want normal register ?

there are different pros and cons in my opinion

SnickQ · 01/12/2019, 01:37

Quote:

Originally Posted by [MXD]Takeshi

this yes, it would be nice, as I explained using the encrypted password instead of the Pw...

But the problem is... after many years, "many" script release for register and other, stoled and released website, in all this the password is a input... so, tell me why someone will be choose to use an "encrypt" password when i can have psw "free" ? im a developer and can made everything in website, but when someone not like it? and want normal register ?

there are different pros and cons in my opinion

Yes everything is depend what kind admin is.
But in this case i was mean to protect server aganst admins from other servers who can use users password to harm ours server. I was see that few times.

perlisson · 01/12/2019, 04:25

do you find it difficult to create a registration page generating cryptography? if you think this is difficult, you can forget it, because it is simpler than you think, for example I give it a well-used way today, after the insert command coming from a '' prepare ''
use this:

$sql = $pdo->prepare("INSERT INTO Users_Master (Pw) VALUES (:md5) ");

$sql->bindValue(":md5",md5($password));
$sql->execute();

get a simple pdo registry that a former epvp user posted, or do yours, after creating password encryption, you have to get your PS_lOGIN to recognize and convert the md5 hash and make it a normal character, and make you join the game,

has a post here, which explains better about '' pslogin recognize the hash '', but it's not difficult at all, you just have to search and run back.

I particularly do not think it safe to use a hash md5, but a password_hash would be better

-- my English is bad

SnickQ · 01/12/2019, 14:56

@

You did not read my post at all. xD
ok to explain in another way.

Playes using same logins and password in every servers.
So for example:
We have 2 (or more) server
1: Shaiya Earth - and here i have Login: Shaiya Password: Shaiya123 okey?
Then i go to another server let me call it:
2: Shaiya Moon - and here i have Login: Shaiya Password: Shaiya123.
So now for some reason admin from 1 (Server Earth) going to serer 2 Moon) and he use My login and pw (Shaiya, Shaiya123 is same in both server) and now admin from Shaiya Earth have access for account in Shaiya Moon.

So i just give you idea to not allow users to make own password but insted create it for them to make sure that admins from others server not use this data aganst you.

[MXD]Takeshi · 01/12/2019, 15:42

Quote:

Originally Posted by SnickQ

Yes everything is depend what kind admin is.
But in this case i was mean to protect server aganst admins from other servers who can use users password to harm ours server. I was see that few times.

the problem is always what an admin ask...

Quote:

Originally Posted by perlisson

do you find it difficult to create a registration page generating cryptography? if you think this is difficult, you can forget it, because it is simpler than you think, for example I give it a well-used way today, after the insert command coming from a '' prepare ''
use this:

$sql = $pdo->prepare("INSERT INTO Users_Master (Pw) VALUES (:md5) ");

$sql->bindValue(":md5",md5($password));
$sql->execute();

get a simple pdo registry that a former epvp user posted, or do yours, after creating password encryption, you have to get your PS_lOGIN to recognize and convert the md5 hash and make it a normal character, and make you join the game,

has a post here, which explains better about '' pslogin recognize the hash '', but it's not difficult at all, you just have to search and run back.

I particularly do not think it safe to use a hash md5, but a password_hash would be better

-- my English is bad

okay, for you i wanna show something that can help you a bit more in "programming"

Code:

$sql = $pdo->prepare("INSERT INTO Users_Master (Pw) VALUES (:md5) ");

$sql->bindValue(":md5",md5($password));
$sql->execute();

write like it, is right but wrong....

$sql = $pdo->prepare("INSERT INTO Users_Master (Pw) VALUES (?)");
$sql->bindValue(1, md5($psw), PDO::PARAM_STR); 
-- you define the type, and instead of bindValue you can use bindParam
$sql->bindParam(1, md5($psw), PDO::PARAM_STR, 10); -- where 10 is the length of value

$sql->execute();

after this.... you not asnwer on problem, because him ask to generate a psw, so "player" not need insert it.

and if i not wrong the "read" of psw is written in procedure, and into it you can insert the crypt and decrypt, but we not find anyway the right solution for it.

Quote:

Originally Posted by SnickQ

@ You did not read my post at all. xD
ok to explain in another way.

Playes using same logins and password in every servers.
So for example:
We have 2 (or more) server
1: Shaiya Earth - and here i have Login: Shaiya Password: Shaiya123 okey?
Then i go to another server let me call it:
2: Shaiya Moon - and here i have Login: Shaiya Password: Shaiya123.
So now for some reason admin from 1 (Server Earth) going to serer 2 Moon) and he use My login and pw (Shaiya, Shaiya123 is same in both server) and now admin from Shaiya Earth have access for account in Shaiya Moon.

So i just give you idea to not allow users to make own password but insted create it for them to make sure that admins from others server not use this data aganst you.

i don't think is possible to find a solution about it, the databases work only with Pw and ignore EnPassword, register script use the input for psw... this was a solution to use before, many years ago.

SnickQ · 01/12/2019, 16:14

To generate pw is easy with NEWID()

Code:

 Set Pw = (SELECT CONVERT(VARCHAR(6), RIGHT(NEWID(),6)))

and after insert send email with that Pws as you advised.
However i can't do that with ASP.NET becouse to edit admin email PW they need Visual Studio and not everyone know how use it. I have no skill with PHP to make register for everyone.