Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
CMS Releases
RevCMS/PlusEMU Extra Security
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Meap" data-source="post: 374286" data-attributes="member: 1553"><p>All Credits for this go to [USER=13434]@Damien[/USER]</p><p>I have gotten permission from him to post this</p><p></p><p>For a better more secure Authenticate you can leave the contents in "SSOTicketEvent.cs" as they are (the check for the empty string wont be needed, but you can keep it if you choose to).</p><p></p><p>In UserDataFactory.cs look for the function:</p><p>[CODE]public static UserData GetUserData(string SessionTicket, out byte errorCode)[/CODE]</p><p>Change the first query:</p><p>[CODE]</p><p>dbClient.SetQuery("SELECT `id`,`username`,`rank`,`motto`,`look`,`gender`,`last_online`,`credits`,`activity_points`,`home_room`,`block_newfriends`,`hide_online`,`hide_inroom`,`vip`,`account_created`,`vip_points`,`machine_id`,`volume`,`chat_preference`,`focus_preference`, `pets_muted`,`bots_muted`,`advertising_report_blocked`,`last_change`,`gotw_points`,`ignore_invites`,`time_muted`,`allow_gifts`,`friend_bar_state`,`disable_forced_effects`,`allow_mimic`,`rank_vip` FROM `users` WHERE `auth_ticket` = @sso LIMIT 1");[/CODE]</p><p>To This</p><p>[CODE]dbClient.SetQuery(</p><p> "SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +</p><p> "FROM users " +</p><p> "JOIN user_auth_ticket " +</p><p> "ON users.id = user_auth_ticket.user_id " +</p><p> "WHERE user_auth_ticket.auth_ticket = @sso " +</p><p> "LIMIT 1"</p><p>);[/CODE]</p><p>Then further down look for:</p><p>[CODE]dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");[/CODE]</p><p>and change it to:</p><p>[CODE]dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");</p><p>dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");[/CODE]</p><p></p><p>Inside PlusEnviroment.cs look for this function:</p><p>[CODE]public static void PerformShutDown()[/CODE]</p><p>Change</p><p>[CODE]dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");[/CODE]</p><p>To this:</p><p>[CODE]dbClient.RunQuery("TRUNCATE `user_auth_ticket`");</p><p>dbClient.RunQuery("UPDATE `users` SET online = '0'");[/CODE]</p><p>Finally run this database query</p><p>[CODE]-- ----------------------------</p><p>-- Table structure for `user_auth_ticket`</p><p>-- ----------------------------</p><p>DROP TABLE IF EXISTS `user_auth_ticket`;</p><p>CREATE TABLE `user_auth_ticket` (</p><p> `user_id` int(11) NOT NULL,</p><p> `auth_ticket` varchar(60) NOT NULL,</p><p> PRIMARY KEY (`user_id`)</p><p>) ENGINE=InnoDB DEFAULT CHARSET=utf8;[/CODE]</p><p></p><p>Now for the RevCMS Part</p><p>go to class.users.php and search for the Create SSO auth_ticket section and replace it all with this</p><p>[PHP]final public function createSSO($k)</p><p>{ </p><p> global $engine;</p><p> $sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);</p><p> </p><p> if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {</p><p> $engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");</p><p> } else {</p><p> $engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')");</p><p> }</p><p> return $sessionKey;</p><p> unset($sessionKey);</p><p>}[/PHP]</p><p>Then go to your class.core.php and look for the case "client";</p><p>and replace it with this</p><p>[PHP]$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);</p><p>$template->setParams('sso', $users->createSSO($_SESSION['user']['id']));[/PHP]</p><p></p><p>This way you'll only be creating a session ticket when the user connects to the hotel and removing it straight after (not setting the ticket to null or empty), thus making it impossible to "randomly" sign in onto other users accounts, unless you manually set the ticket ofc</p><p></p><p>All you need to do is change how your SSO tickets get created to insert them into that table and you're good to go.</p><p></p><p>Hopefully this helped.</p></blockquote><p></p>
[QUOTE="Meap, post: 374286, member: 1553"] All Credits for this go to [USER=13434]@Damien[/USER] I have gotten permission from him to post this For a better more secure Authenticate you can leave the contents in "SSOTicketEvent.cs" as they are (the check for the empty string wont be needed, but you can keep it if you choose to). In UserDataFactory.cs look for the function: [CODE]public static UserData GetUserData(string SessionTicket, out byte errorCode)[/CODE] Change the first query: [CODE] dbClient.SetQuery("SELECT `id`,`username`,`rank`,`motto`,`look`,`gender`,`last_online`,`credits`,`activity_points`,`home_room`,`block_newfriends`,`hide_online`,`hide_inroom`,`vip`,`account_created`,`vip_points`,`machine_id`,`volume`,`chat_preference`,`focus_preference`, `pets_muted`,`bots_muted`,`advertising_report_blocked`,`last_change`,`gotw_points`,`ignore_invites`,`time_muted`,`allow_gifts`,`friend_bar_state`,`disable_forced_effects`,`allow_mimic`,`rank_vip` FROM `users` WHERE `auth_ticket` = @sso LIMIT 1");[/CODE] To This [CODE]dbClient.SetQuery( "SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " + "FROM users " + "JOIN user_auth_ticket " + "ON users.id = user_auth_ticket.user_id " + "WHERE user_auth_ticket.auth_ticket = @sso " + "LIMIT 1" );[/CODE] Then further down look for: [CODE]dbClient.RunQuery("UPDATE `users` SET `online` = '1', `auth_ticket` = '' WHERE `id` = '" + UserId + "' LIMIT 1");[/CODE] and change it to: [CODE]dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1"); dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");[/CODE] Inside PlusEnviroment.cs look for this function: [CODE]public static void PerformShutDown()[/CODE] Change [CODE]dbClient.RunQuery("UPDATE `users` SET online = '0', `auth_ticket` = NULL");[/CODE] To this: [CODE]dbClient.RunQuery("TRUNCATE `user_auth_ticket`"); dbClient.RunQuery("UPDATE `users` SET online = '0'");[/CODE] Finally run this database query [CODE]-- ---------------------------- -- Table structure for `user_auth_ticket` -- ---------------------------- DROP TABLE IF EXISTS `user_auth_ticket`; CREATE TABLE `user_auth_ticket` ( `user_id` int(11) NOT NULL, `auth_ticket` varchar(60) NOT NULL, PRIMARY KEY (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;[/CODE] Now for the RevCMS Part go to class.users.php and search for the Create SSO auth_ticket section and replace it all with this [PHP]final public function createSSO($k) { global $engine; $sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33); if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) { $engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'"); } else { $engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')"); } return $sessionKey; unset($sessionKey); }[/PHP] Then go to your class.core.php and look for the case "client"; and replace it with this [PHP]$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']); $template->setParams('sso', $users->createSSO($_SESSION['user']['id']));[/PHP] This way you'll only be creating a session ticket when the user connects to the hotel and removing it straight after (not setting the ticket to null or empty), thus making it impossible to "randomly" sign in onto other users accounts, unless you manually set the ticket ofc All you need to do is change how your SSO tickets get created to insert them into that table and you're good to go. Hopefully this helped. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
CMS Releases
RevCMS/PlusEMU Extra Security
Top