Support for Account Manager

daedalus · Post by **daedalus** » Tue Mar 09, 2010 9:04 pm

Hi everyone,

I want to warn administrator than ACM can be under SQL injection issue. You should get the last update and enable log (don't forget to secure your log directory).

Remember : You mustn't give to the ACM a full access to your db just give access to account and account_data to prevent any change on the characters table for example. You shouldn't use account services for now.

denser · Post by **denser** » Tue Mar 09, 2010 9:15 pm

yep, solved smtp. i change my MX settings and change provider ) google is awesome

add strtolower while check login...allworks

daedalus · Post by **daedalus** » Tue Mar 09, 2010 9:59 pm

@denser, good to know. Thanks for your language file

. Did you have any issue on your server ?

labman · Post by **labman** » Wed Mar 10, 2010 1:22 am

Hello Daedalus

could you add a fuction to this Account Manager, that players can change they's birthday?

if 『characters』『 createTime』= 0 (1970/1/1 AM08:00:00)
can correct to anytime. Like 164808923000 (1975/3/23 PM08:15:23)

Thanks Your Account Manager

Post by **MELERIX** » Wed Mar 10, 2010 1:42 am

with the latest version (152) of ACM, now I have this issue...

Code: Select all

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\apache\htdocs\acm\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\apache\htdocs\acm\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\apache\htdocs\acm\classes\account.class.php on line 392 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\apache\htdocs\acm\classes\account.class.php on line 392

so, I've reverted to version (151) and is working fine.

disorder35 · Post by **disorder35** » Wed Mar 10, 2010 4:24 am

how do we set up acm to access only account and account_data.

denser · Post by **denser** » Wed Mar 10, 2010 4:15 pm

disorder35 wrote:how do we set up acm to access only account and account_data.

read first post

@daedalus, yes i have. trouble with register when use capital letters in login.
solved by add into the func strtolower() - no any bugs

diegobh · Post by **diegobh** » Wed Mar 10, 2010 11:16 pm

Help me, please.

I tried to login and appears that:

Code: Select all

Warning : SPAMMING AUTHENTICATION We were unable to verify your login. Either your login information was entered incorrectly, or the account system is currently unavailable.

Ive checked much mora than 5 times, the login and pass. I can enter the game, but i can´t login in the ACM system =(( What i have to do?

When i tried to retrieve a password, i receive that:

Code: Select all

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Program Files (x86)\VertrigoServ\www\l2\account_manager\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Program Files (x86)\VertrigoServ\www\l2pk\account_manager\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Program Files (x86)\VertrigoServ\www\l2\account_manager\classes\account.class.php on line 392 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Program Files (x86)\VertrigoServ\www\l2\account_manager\classes\account.class.php on line 392

Thx, and sorry my bad english

daedalus · Post by **daedalus** » Wed Mar 10, 2010 11:40 pm

@all who have mysql_real_escape_string error, Yeah I've see fu.... dev environnement which have permanent sql connection. The last update should be okay

@labman, Sorry, I don't have time to add your feature for know.

Another tips for improve your security is to set two different db one for login and the second for the game.

Post by **ThePhoenixBird** » Thu Mar 11, 2010 1:26 am

I want to congratulate daedalus for his impressive work with the Account Manager and his hard work giving support for it to all the community.

Congratulations.

diegobh · Post by **diegobh** » Thu Mar 11, 2010 1:56 am

daedalus wrote:@all who have mysql_real_escape_string error, Yeah I've see fu.... dev environnement which have permanent sql connection. The last update should be okay

@labman, Sorry, I don't have time to add your feature for know.

Another tips for improve your security is to set two different db one for login and the second for the game.

Ok, im waiting for the new release ^^ very thx!!!!

ThePhoenixBird wrote:I want to congratulate daedalus for his impressive work with the Account Manager and his hard work giving support for it to all the community.

Congratulations.

Me too. Congratulations, good job!!!

daedalus · Post by **daedalus** » Thu Mar 11, 2010 1:14 pm

@ThePhoenixBird,

Thx, but It's nothing compare to the java support side

@diegobh,

Release is already avaible.

KaOs2055 · Post by **KaOs2055** » Sat Mar 13, 2010 6:12 pm

daedalus wrote:Hi everyone,

I want to warn administrator than ACM can be under SQL injection issue. You should get the last update and enable log (don't forget to secure your log directory).

Remember : You mustn't give to the ACM a full access to your db just give access to account and account_data to prevent any change on the characters table for example. You shouldn't use account services for now.

SQL injection? Oo in last rev too?

anyways thx daedalus for your tool & support.

daedalus · Post by **daedalus** » Sat Mar 13, 2010 11:22 pm

Normaly, It should be okay but ACM isn't safe at 100%. I made now two check one when script got user entries and another before to send sql request.

If you set db access only on accounts and account_data tables it should be fine.

RuJin · Post by **RuJin** » Sun Mar 14, 2010 11:08 am

Hey guys , i'm heaving white page after Login or creating new acc .

WAMP 2.0 , Win7 .

install.php - OK

Tried different configs but no luck .

Log :

Code: Select all

 11:02:49 127.0.0.1 bartz_loginserver->SELECT COUNT(`login`) FROM `accounts` WHERE `login` = 'Alex' AND `password` = 'sdV4ERHYT3s/5FoIUuWXWM16h+U=' AND `accessLevel` >= 0 LIMIT 1;11:02:49 127.0.0.1 bartz_loginserver->UPDATE `accounts` SET `lastactive` = '1268564569', `lastIP` = '127.0.0.1' WHERE `login` = 'Alex' LIMIT 1;11:02:49 127.0.0.1 bartz_loginserver->SELECT `email` FROM `accounts` WHERE `login` = 'Alex' LIMIT 1;11:02:49 127.0.0.1 bartz_loginserver->SELECT COUNT(`login`) FROM `accounts` WHERE `login` = 'Alex' AND `password` = 'sdV4ERHYT3s/5FoIUuWXWM16h+U=' AND `accessLevel` >= 0 LIMIT 1;

L2J Server

Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager

Re: Support for Account Manager