• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

C++ How to get data from Token field? - TFS 1.2

Zoe Skandinavia

Zoe Skandinavia

Member
Joined
Jul 18, 2014
Messages
193
Solutions
2
Reaction score
15
Hi! I was wondering, how to get the data from Token field?
23ve0x5.png


I tried some things but nothing works. Any idea?
Thanks.
 
Sort by date Sort by votes
Upvote 0 Downvote
Solution
Znote said:
protocolgame.cpp
Line: 283
forgottenserver/protocolgame.cpp at f3f6d54e9bc8c205159b82fba43a8a42b05301bd · otland/forgottenserver · GitHub

Apply this pull request to make 2FA work on windows:
Fix 2FA by Mkalo · Pull Request #2209 · otland/forgottenserver · GitHub

For web (client 11 webService):
ZnoteAAC/login.php at master · Znote/ZnoteAAC · GitHub
Click to expand...
Yes, i saw it before but it didnt work :/

I tried something like this:
C++: 
std::string& token = sessionArgs[2];
    //SEARCH TOKEN IN DB
    std::ostringstream query;
    query << "SELECT `token` FROM `accounts` WHERE `name` = '" + accountName + "'";
    DBResult_ptr getToken = Database::getInstance().storeQuery(query.str());
    if (getToken) {
        if (getToken->getString("token") != token) {
            disconnectClient("Incorrect Token Authenticator.");
            return;
        }
    }
 
Upvote 0 Downvote
The token is not in the database. You generate a token based on a third party application like Authy in the ios / android app store, and you verify it against a secret in the db (using the rfc6238 standard).
forgottenserver/iologindata.cpp at f3f6d54e9bc8c205159b82fba43a8a42b05301bd · otland/forgottenserver · GitHub
C++: 
Database& db = Database::getInstance();

std::ostringstream query;
query << "SELECT `id`, `password`, `secret` FROM `accounts` WHERE `name` = " << db.escapeString(accountName);
DBResult_ptr result = db.storeQuery(query.str());
if (!result) {
    return 0;
}

std::string secret = decodeSecret(result->getString("secret"));
if (!secret.empty()) {
    if (token.empty()) {
        return 0;
    }

    bool tokenValid = token == generateToken(secret, tokenTime) || token == generateToken(secret, tokenTime - 1) || token == generateToken(secret, tokenTime + 1);
    if (!tokenValid) {
        return 0;
    }
}
 
Last edited:
Upvote 0 Downvote
Znote said:
The token is not in the database. You generate a token based on a third party application like Authy in the ios / android app store, and you verify it against a secret in the db (using the rfc6238 standard).
forgottenserver/iologindata.cpp at f3f6d54e9bc8c205159b82fba43a8a42b05301bd · otland/forgottenserver · GitHub
C++: 
Database& db = Database::getInstance();

std::ostringstream query;
query << "SELECT `id`, `password`, `secret` FROM `accounts` WHERE `name` = " << db.escapeString(accountName);
DBResult_ptr result = db.storeQuery(query.str());
if (!result) {
    return 0;
}

std::string secret = decodeSecret(result->getString("secret"));
if (!secret.empty()) {
    if (token.empty()) {
        return 0;
    }

    bool tokenValid = token == generateToken(secret, tokenTime) || token == generateToken(secret, tokenTime - 1) || token == generateToken(secret, tokenTime + 1);
    if (!tokenValid) {
        return 0;
    }
}
Click to expand...

Yes, i know it, but i created the token field in db because i want to do something else with it, but i want the client read the token typed in client and if it coincides, then be able to login, but i dont know why the server doesn't recognizes the token field.

Anyway, i just did what you said, but now, how can i use authy app?
EDIT: Secret field is now working and creating a new token, but when i use Authy and scan the QR code, it shows me that the Token is damaged. How can i fix that?
By the way, i was seeing the solution to crash server in windows and i changed std::stol with std::strtoul in protocolgame.cpp and tools.cpp (in generateToken) but in tools it shows me error about char conversion or something like that. Any idea?

EDIT 2: I've been testing and putting generateToken as std::stol and in protocolgame.cpp as std::strtoul and not always is crashing server, but i could see that when i type the right token, it let me choose character, but when i choose one, it shows me: "Account name or password is not correct.", and when i put a wrong Token, the server crashes. What could be the problem?
 
Last edited:
Upvote 0 Downvote
If you try out Znote AAC, register a new account and enable the two-factor authentication system after you login to see how it works. It generates a rfc6238 compliant secret (it cannot be a completely random string), generates a QR code which you need to scan with authy.
The token generated by etc Authy is a temporarily code based on the secret (through QR code) and current timestamp. It only lasts 30-300 seconds. I see no reason to store this in the db at all.

The server could be crashing because the secret string is not compliant to the standard.
PHP: 
function generateRandomString($length = 16) {
    $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; // These are the only allowed chars, it is case sensitive.
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}
 
Last edited:
Upvote 0 Downvote
Znote said:
If you try out Znote AAC, register a new account and enable the two-factor authentication system after you login to see how it works. It generates a rfc6238 compliant secret (it cannot be a completely random string), generates a QR code which you need to scan with authy.
The token generated by etc Authy is a temporarily code based on the secret (through QR code) and current timestamp. It only lasts 30-300 seconds. I see no reason to store this in the db at all.

The server could be crashing because the secret string is not compliant to the standard.
PHP: 
function generateRandomString($length = 16) {
    $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; // These are the only allowed chars, it is case sensitive.
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}
Click to expand...

Yes i have Authy working right now, but the server still crashing when i type a wrong Token :/
I followed the instructions that somebody wrote to fix the crash for windows, but it's not working.
What do you mean with this?:
The server could be crashing because the secret string is not compliant to the standard.
Click to expand...
 
Upvote 0 Downvote

Similar threads

S
  • Question
Malformed Token
Replies
0
Views
115
SnakeFist
S
johnsamir
  • Question
Solved poison field bugged
Replies
2
Views
135
johnsamir
johnsamir
johnsamir
  • Question
TFS 1.X+ would like to upgrade my server from 860 to 960 and have few questions
Replies
5
Views
215
johnsamir
johnsamir
A
  • Question
Can't login due to proxy block in OTCv8
Replies
0
Views
182
alucarddz
A
OTcreator
  • Question
Windows How to create an .exe without being able to edit data files, etc.
Replies
1
Views
168
Mateus Robeerto
Mateus Robeerto
leik meris
  • Solved
TFS 1.X+ field damage 50% less damage
Replies
8
Views
327
johnsamir
johnsamir
T
  • Solved
Lua how to get player by id
Replies
19
Views
535
Fjorda
F
Unknown Soldier
  • Solved
Lua Get Magic Level from an item
Replies
6
Views
592
Unknown Soldier
Unknown Soldier
Belfahar
  • Question
RevScripts Craft table
Replies
0
Views
255
Belfahar
Belfahar
T
  • Question
TFS 1.X+ How to set the strength of blessings? tfs 1.2 8.0
Replies
1
Views
180
skazi42
skazi42
Back
Top