- Jul 24, 2010
- 5,199
- 3,934
Hey,
A friend wanted this done so he could switch back to UberCMS from Phoenix, but he had issues because of the UberHash and the SSO.
So here we are, firstly replace your current Uber index.php to:
Now replace your current register.php to this (so it doesn't UberHash any passwords).
And finally replace your current page-client.php with this;
- Cheers, have fun ;]
A friend wanted this done so he could switch back to UberCMS from Phoenix, but he had issues because of the UberHash and the SSO.
NOTE: YOU MAY NEED SOME TABLES FROM UBERDB.
So here we are, firstly replace your current Uber index.php to:
PHP:
<?php
/*=======================================================================
| UberCMS - Advanced Website and Content Management System for uberEmu
| #######################################################################
| Copyright (c) 2010, Roy 'Meth0d' and updates by Matthew 'MDK'
| http://www.meth0d.org & http://www.sulake.biz
| #######################################################################
| This program is free software: you can redistribute it and/or modify
| it under the terms of the GNU General Public License as published by
| the Free Software Foundation, either version 3 of the License, or
| (at your option) any later version.
| #######################################################################
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| GNU General Public License for more details.
\======================================================================*/
require_once "global.php";
if (LOGGED_IN)
{
header("Location: " . WWW . "/me");
exit;
}
$tpl->Init();
$tpl->SetParam('page_title', 'Create your avatar, decorate your room, chat and make new friends.');
$tpl->SetParam('credentials_username', '');
$tpl->AddGeneric('head-init');
$tpl->AddIncludeSet('frontpage');
$tpl->WriteIncludeFiles();
$tpl->AddGeneric('head-overrides-fp');
$tpl->AddGeneric('head-bottom');
$frontpage = new Template('page-fp');
$frontpage->SetParam('login_result', '');
if (isset($_POST['credentials_username']) && isset($_POST['credentials_password']))
{
$frontpage->SetParam('credentials_username', $_POST['credentials_username']);
$credUser = $_POST['credentials_username'];
$credPass = md5($_POST['credentials_password']);
$errors = array();
if (strlen($_POST['credentials_username']) < 1)
{
$errors[] = "Please enter your username";
}
if (strlen($_POST['credentials_password']) < 1)
{
$errors[] = "Please enter your password";
}
if (count($errors) == 0)
{
if ($users->ValidateUser($credUser, $credPass))
{
if (isset($_POST['page']))
{
$reqPage = filter($_POST['page']);
$pos = strrpos($reqPage, WWW);
if ($pos === false || $pos != 0)
{
die("<b>Security warning!</b> A malicious request was detected that tried redirecting you to an external site. Please proceed with caution, this may have been an attempt to steal your login details. <a href='" . WWW . "'>Return to site</a>");
}
else
{
$_SESSION['page-redirect'] = $reqPage;
}
}
$_SESSION['UBER_USER_N'] = $users->GetUserVar($users->Name2id($credUser), 'username');
$_SESSION['UBER_USER_H'] = $credPass;
if (isset($_POST['_login_remember_me']))
{
$_SESSION['set_cookies'] = true;
}
header("Location: " . WWW . "/security_check");
exit;
}
else
{
$errors[] = "Incorrect password";
}
}
if (count($errors) > 0)
{
$loginResult = '<div class="action-error flash-message"><div class="rounded"><ul>';
foreach ($errors as $err)
{
$loginResult .= '<li>' . $err . '</li>';
}
$loginResult .= '</ul></div></div>';
$frontpage->SetParam('login_result', $loginResult);
}
}
$tpl->AddTemplate($frontpage);
$tpl->AddGeneric('footer');
$tpl->Output();
?>Now replace your current register.php to this (so it doesn't UberHash any passwords).
PHP:
<?php
/*=======================================================================
| UberCMS - Advanced Website and Content Management System for uberEmu
| #######################################################################
| Copyright (c) 2010, Roy 'Meth0d' and updates by Matthew 'MDK'
| http://www.meth0d.org & http://www.sulake.biz
| #######################################################################
| This program is free software: you can redistribute it and/or modify
| it under the terms of the GNU General Public License as published by
| the Free Software Foundation, either version 3 of the License, or
| (at your option) any later version.
| #######################################################################
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| GNU General Public License for more details.
\======================================================================*/
require_once "global.php";
require_once "inc/recaptchalib.php";
if (LOGGED_IN)
{
header("Location: " . WWW . "/me");
exit;
}
$tpl->SetParam('error-messages-holder', '');
$tpl->SetParam('post-name', '');
$tpl->SetParam('post-pass', '');
$tpl->SetParam('post-tos-check', '');
$tpl->SetParam('post-mail', '');
if (isset($_GET['doSubmit']))
{
if (isset($_POST['checkNameOnly']) && $_POST['checkNameOnly'] == 'true')
{
$name = $_POST['bean_avatarName'];
echo ' <div class="field field-habbo-name">
<label for="habbo-name">Username</label>
<input type="text" id="habbo-name" size="32" value="' . clean($name) . '" name="bean.avatarName" class="text-field" maxlength="32"/>
<a href="#" class="new-button" id="check-name-btn"><b>Check</b><i></i></a>
<input type="submit" name="checkNameOnly" id="check-name" value="Check"/>
<div id="name-suggestions">';
if ($users->IsNameTaken($name))
{
echo '<div class="taken"><p>Sorry, the name <strong>' . clean($name) . '</strong> is taken!</p></div>';
}
else if ($users->IsNameBlocked($name))
{
echo '<div class="taken"><p>Sorry, that name is reserved or disallowed.</p></div>';
}
else if (!$users->IsValidName($name))
{
echo '<div class="taken"><p>Sorry, that name is invalid. Your name can contain lowercase, uppercase letters, and numbers.</p></div>';
}
else
{
echo '<div class="available"><p>The name <strong>' . clean($name) . '</strong> is available.</p></div>';
}
echo ' </div>
<p class="help">Your name can contain lowercase and uppercase letters and numbers.</p>
</div>';
exit;
}
else if (isset($_POST['bean_avatarName']))
{
$registerErrors = Array();
$name = $_POST['bean_avatarName'];
$password = $_POST['bean_password'];
$password2 = $_POST['bean_retypedPassword'];
$email = $_POST['bean_email'];
$dob_day = $_POST['bean_day'];
$dob_month = $_POST['bean_month'];
$dob_year = $_POST['bean_year'];
//$lang = $_POST['bean_lang'];
$tpl->SetParam('post-name', $name);
$tpl->SetParam('post-pass', $password);
$tpl->SetParam('post-mail', $email);
if (strlen($name) < 1 || strlen($name) > 32)
{
$registerErrors[] = "Your username must be 1 - 32 characters in length.";
}
if ($users->IsNameTaken($name))
{
$registerErrors[] = "Sorry, that name is taken.";
}
else if ($users->IsNameBlocked($name))
{
$registerErrors[] = "Sorry, that name is reserved or disallowed.";
}
else if (!$users->IsValidName($name))
{
$registerErrors[] = "Sorry, that name is invalid. Your name can contain lowercase, uppercase letters, and numbers.";
}
if (strlen($password) < 6)
{
$registerErrors[] = "Your password must be at least 6 characters long.";
}
if ($password != $password2)
{
$registerErrors[] = "Your passwords do not match. Please try again.";
}
if (!$users->IsValidEmail($email))
{
$registerErrors[] = "Invalid e-mail address.";
}
if (!is_numeric($dob_day) || !is_numeric($dob_month) || !is_numeric($dob_year) || $dob_day <= 0 || $dob_day > 31 ||
$dob_month <= 0 || $dob_month > 12 || $dob_year < 1900 || $dob_year > 2010)
{
$registerErrors[] = "Please enter a valid date of birth.";
}
if (!isset($_POST['bean_tos']) || $_POST['bean_tos'] != "accept")
{
$registerErrors[] = "You need to accept the Rules and Terms and Conditions to create an account.";
}
else
{
$tpl->SetParam('post-tos-check', 'checked');
}
/*if (strtolower($lang) != "yes, i will speak english" && strtolower($lang) != "yes, i will speak english.")
{
$registerErrors[] = "You must verify you will speak English to create an account.";
}*/
$resp = recaptcha_check_answer ('6Le-aQoAAAAAAKaqhlUT0lAQbjqokPqmj0F1uvQm', $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid)
{
$registerErrors[] = "Invalid captcha code.";
}
if (count($registerErrors) <= 0)
{
// Add user
$users->add($name, md5($password), $email, 1, 'hr-165-45.hd-207-9.ch-255-64.lg-275-64.sh-305-64', 'M');
// Log user in
$_SESSION['SHOW_WELCOME'] = true;
$_SESSION['UBER_USER_N'] = $name;
$_SESSION['UBER_USER_H'] = md5($password);
// Redirect user to welcome page
header("Location: /register/welcome");
exit;
}
else
{
$errResult = '<div class="error-messages-holder">
<h3>Please fix the following problems and resubmit the form.</h3>
<ul>';
foreach ($registerErrors as $err)
{
$errResult .= '<li><p class="error-message">' . $err . '</p></li>';
}
$errResult .= '</ul></div>';
$tpl->SetParam('error-messages-holder', $errResult);
}
}
}
$tpl->Init();
$tpl->AddGeneric('head-init');
$tpl->AddIncludeSet('register');
$tpl->WriteIncludeFiles();
$tpl->AddGeneric('head-bottom');
$tpl->AddGeneric('page-register');
$tpl->AddGeneric('footer');
$tpl->SetParam('recaptcha_html', recaptcha_get_html("6Le-aQoAAAAAABnHRzXH_W-9-vx4B8oSP3_L5tb0"));
$tpl->SetParam('page_title', 'Register your account!');
$tpl->Output();
?>And finally replace your current page-client.php with this;
PHP:
<?php
$rand1 = rand(100000, 999999);
$rand2 = rand(10000, 99999);
$rand3 = rand(10000, 99999);
$rand4 = rand(10000, 99999);
$rand5 = rand(10000, 99999);
$rand6 = rand(1, 9);
$ticket = "ST-".$rand1."-".$rand2.$rand3."-".$rand4.$rand5."-otaku-".$rand6;
$username = $_SESSION['UBER_USER_N'];
$query = mysql_query("UPDATE users SET auth_ticket = '$ticket' WHERE username = '$username'");
$query = mysql_query("UPDATE users SET ip_last = '".$_SERVER['REMOTE_ADDR']."' WHERE username = '$username'");
?>
<body id="client" class="flashclient">
<script type="text/javascript">
var habboDefaultClientPopupUrl = "%www%/client";
</script>
<noscript>
<meta http-equiv="refresh" content="0;url=%www%/client/nojs" />
</noscript>
<script type="text/javascript">
FlashExternalInterface.loginLogEnabled = true;
FlashExternalInterface.logLoginStep("web.view.start");
if (top == self) {
FlashHabboClient.cacheCheck();
}
var flashvars = {
"client.allow.cross.domain" : "1",
"client.notify.cross.domain" : "0",
"connection.info.host" : "127.0.0.1",
"connection.info.port" : "30000",
"site.url" : "%www%",
"url.prefix" : "%www%",
"client.reload.url" : "%www%/account/reauthenticate?page=/flash_client",
"client.fatal.error.url" : "%www%/flash_client_error",
"client.connection.failed.url" : "%www%/client_connection_failed",
"external.hash" : "",
"external.variables.txt" : "http://64.186.134.48/gamedata/external_variables/1.txt",
"external.texts.txt" : "http://64.186.134.48/gamedata/external_flash_texts/1.txt",
"use.sso.ticket" : "1",
<?php
if ($forwardType > 0)
{
echo ' "forward.type" : "' . $forwardType . '",' . LB;
echo ' "forward.id" : "' . $forwardId . '",' . LB;
}
?>
"sso.ticket" : "<?php echo $ticket; ?>",
"processlog.enabled" : "0",
"account_id" : "0",
"client.starting" : "Welcome to Habbo, powered by UberCMS!",
"flash.client.url" : "http://64.186.134.48/gordon/RELEASE63-31911-31885-201103031054_04afc0571359f527bb305734c3b22878/",
"user.hash" : "",
"facebook.user" : "0",
"has.identity" : "0",
"flash.client.origin" : "popup"
};
var params = {
"base" : "http://64.186.134.48/gordon/RELEASE63-31911-31885-201103031054_04afc0571359f527bb305734c3b22878/",
"allowScriptAccess" : "always",
"menu" : "false"
};
if (!(HabbletLoader.needsFlashKbWorkaround())) {
params["wmode"] = "opaque";
}
var clientUrl = "http://64.186.134.48/gordon/RELEASE63-31911-31885-201103031054_04afc0571359f527bb305734c3b22878/Habbo.swf";
try {
if (swfobject.getFlashPlayerVersion().major <= 9) {
clientUrl = "http://64.186.134.48/gordon/RELEASE63-31911-31885-201103031054_04afc0571359f527bb305734c3b22878/Habbo.swf";
}
} catch(e) {}
swfobject.embedSWF(clientUrl, "flash-container", "100%", "100%", "9.0.115", "http://images.habbo.com/habboweb/%web_build%/web-gallery/flash/expressInstall.swf", flashvars, params);
</script>
<div id="overlay"></div>
<div id="client-ui" >
<div id="flash-wrapper">
<div id="flash-container">
<div id="content" style="width: 400px; margin: 20px auto 0 auto; display: none">
<div class="cbb clearfix">
<h2 class="title">Please install Adobe Flash Player.</h2>
<div class="box-content">
<p>You can install and download Adobe Flash Player here: <a href="http://get.adobe.com/flashplayer/">Install flash player</a>. More instructions for installation can be found here: <a href="http://www.adobe.com/products/flashplayer/productinfo/instructions/">More information</a></p>
<p><a href="http://www.adobe.com/go/getflashplayer"><img src="http://images.habbo.com/habboweb/45_0061af58e257a7c6b931c91f771b4483/2/web-gallery/v2/images/client/get_flash_player.gif" alt="Get Adobe Flash player" /></a></p>
</div>
</div>
</div>
<script type="text/javascript">
$('content').show();
</script>
<noscript>
<div style="width: 400px; margin: 20px auto 0 auto; text-align: center">
<p>If you are not automatically redirected, please <a href="/client/nojs">click here</a></p>
</div>
</noscript>
</div>
</div>
<div id="content" class="client-content"></div>
</div>
<div style="display: none">
<div id="habboCountUpdateTarget">
%hotel_status%
</div>
<script language="JavaScript" type="text/javascript">
setTimeout(function() {
HabboCounter.init(600);
}, 20000);
</script>
</div>
<script type="text/javascript">
RightClick.init("flash-wrapper", "flash-container");
</script>
</body>
</html>- Cheers, have fun ;]
