Page 16 of 29
Re: Support for Account Manager
Posted: Tue Mar 09, 2010 9:04 pm
by daedalus
Hi everyone,
I want to warn administrator than ACM can be under SQL injection issue. You should get the last update and enable log (don't forget to secure your log directory).
Remember : You mustn't give to the ACM a full access to your db just give access to account and account_data to prevent any change on the characters table for example. You shouldn't use account services for now.
Re: Support for Account Manager
Posted: Tue Mar 09, 2010 9:15 pm
by denser
yep, solved smtp. i change my MX settings and change provider ) google is awesome
add strtolower while check login...allworks
Re: Support for Account Manager
Posted: Tue Mar 09, 2010 9:59 pm
by daedalus
@denser, good to know. Thanks for your language file
. Did you have any issue on your server ?
Re: Support for Account Manager
Posted: Wed Mar 10, 2010 1:22 am
by labman
Hello Daedalus
could you add a fuction to this Account Manager, that players can change they's birthday?
if 『characters』『 createTime』= 0 (1970/1/1 AM08:00:00)
can correct to anytime. Like 164808923000 (1975/3/23 PM08:15:23)
Thanks Your Account Manager
Re: Support for Account Manager
Posted: Wed Mar 10, 2010 1:42 am
by MELERIX
with the latest version (152) of ACM, now I have this issue...
Code: Select all
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\apache\htdocs\acm\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\apache\htdocs\acm\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\apache\htdocs\acm\classes\account.class.php on line 392 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\apache\htdocs\acm\classes\account.class.php on line 392
so, I've reverted to version (151) and is working fine.
Re: Support for Account Manager
Posted: Wed Mar 10, 2010 4:24 am
by disorder35
how do we set up acm to access only account and account_data.
Re: Support for Account Manager
Posted: Wed Mar 10, 2010 4:15 pm
by denser
disorder35 wrote:how do we set up acm to access only account and account_data.
read first post
@daedalus, yes i have. trouble with register when use capital letters in login.
solved by add into the func strtolower() - no any bugs
Re: Support for Account Manager
Posted: Wed Mar 10, 2010 11:16 pm
by diegobh
Help me, please.
I tried to login and appears that:
Code: Select all
Warning : SPAMMING AUTHENTICATION We were unable to verify your login. Either your login information was entered incorrectly, or the account system is currently unavailable.
Ive checked much mora than 5 times, the login and pass. I can enter the game, but i can´t login in the ACM system =(( What i have to do?
When i tried to retrieve a password, i receive that:
Code: Select all
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Program Files (x86)\VertrigoServ\www\l2\account_manager\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Program Files (x86)\VertrigoServ\www\l2pk\account_manager\classes\account.class.php on line 391 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Program Files (x86)\VertrigoServ\www\l2\account_manager\classes\account.class.php on line 392 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Program Files (x86)\VertrigoServ\www\l2\account_manager\classes\account.class.php on line 392
Thx, and sorry my bad english
Re: Support for Account Manager
Posted: Wed Mar 10, 2010 11:40 pm
by daedalus
@all who have mysql_real_escape_string error, Yeah I've see fu.... dev environnement which have permanent sql connection. The last update should be okay
@labman, Sorry, I don't have time to add your feature for know.
Another tips for improve your security is to set two different db one for login and the second for the game.
Re: Support for Account Manager
Posted: Thu Mar 11, 2010 1:26 am
by ThePhoenixBird
I want to congratulate daedalus for his impressive work with the Account Manager and his hard work giving support for it to all the community.
Congratulations.
Re: Support for Account Manager
Posted: Thu Mar 11, 2010 1:56 am
by diegobh
daedalus wrote:@all who have mysql_real_escape_string error, Yeah I've see fu.... dev environnement which have permanent sql connection. The last update should be okay
@labman, Sorry, I don't have time to add your feature for know.
Another tips for improve your security is to set two different db one for login and the second for the game.
Ok, im waiting for the new release ^^ very thx!!!!
ThePhoenixBird wrote:I want to congratulate daedalus for his impressive work with the Account Manager and his hard work giving support for it to all the community.
Congratulations.
Me too. Congratulations, good job!!!
Re: Support for Account Manager
Posted: Thu Mar 11, 2010 1:14 pm
by daedalus
@ThePhoenixBird,
Thx, but It's nothing compare to the java support side
@diegobh,
Release is already avaible.
Re: Support for Account Manager
Posted: Sat Mar 13, 2010 6:12 pm
by KaOs2055
daedalus wrote:Hi everyone,
I want to warn administrator than ACM can be under SQL injection issue. You should get the last update and enable log (don't forget to secure your log directory).
Remember : You mustn't give to the ACM a full access to your db just give access to account and account_data to prevent any change on the characters table for example. You shouldn't use account services for now.
SQL injection? Oo in last rev too?
anyways thx daedalus for your tool & support.
Re: Support for Account Manager
Posted: Sat Mar 13, 2010 11:22 pm
by daedalus
Normaly, It should be okay but ACM isn't safe at 100%. I made now two check one when script got user entries and another before to send sql request.
If you set db access only on accounts and account_data tables it should be fine.
Re: Support for Account Manager
Posted: Sun Mar 14, 2010 11:08 am
by RuJin
Hey guys , i'm heaving white page after Login or creating new acc .
WAMP 2.0 , Win7 .
install.php - OK
Tried different configs but no luck .
Log :
Code: Select all
11:02:49 127.0.0.1 bartz_loginserver->SELECT COUNT(`login`) FROM `accounts` WHERE `login` = 'Alex' AND `password` = 'sdV4ERHYT3s/5FoIUuWXWM16h+U=' AND `accessLevel` >= 0 LIMIT 1;11:02:49 127.0.0.1 bartz_loginserver->UPDATE `accounts` SET `lastactive` = '1268564569', `lastIP` = '127.0.0.1' WHERE `login` = 'Alex' LIMIT 1;11:02:49 127.0.0.1 bartz_loginserver->SELECT `email` FROM `accounts` WHERE `login` = 'Alex' LIMIT 1;11:02:49 127.0.0.1 bartz_loginserver->SELECT COUNT(`login`) FROM `accounts` WHERE `login` = 'Alex' AND `password` = 'sdV4ERHYT3s/5FoIUuWXWM16h+U=' AND `accessLevel` >= 0 LIMIT 1;