-
2026 staff recruitment is open! Check it out and consider applying!
https login
- Thread starter Michcol94
- Start date
M4rcin
soerpg.com
- Joined
- Oct 27, 2009
- Messages
- 531
- Solutions
- 12
- Reaction score
- 387
myaac/login.php at main · slawkens/myaac
Automatic Account Creator (AAC) for Open Tibia Servers written in PHP - slawkens/myaac
github.com
YOUR.IP/login.php, given thats where you made it accessible.Feel free to ask if you need help with exposing the script or NGINX (preferred by anyone sane)/Apache setup.
By default, all HTTP communication goes through port 80, HTTPS thorugh 443
Last edited:
OP
OP
Michcol94
Active Member
- Joined
- Sep 2, 2021
- Messages
- 159
- Solutions
- 2
- Reaction score
- 30
It works for me with these data + email and password, I used a nickname before and I use uniserverz
Malformed session key. Please help https conection.
Post automatically merged:
Malformed session key. Please help https conection.
Code:
======= LOG =======
-- REQUEST --
POST
/login.php
{"email":"[email protected]","password":"zaq1@WSX","stayloggedin":true,"type":"login"}
User-Agent Mozilla/5.0
Content-Type application/json
Accept-Encoding
Connection close
Content-Length 89
Accept */*
Host localhost
-- RESPONSE --
HTTP/1.1
200
OK
{"session":{"sessionkey":"[email protected]\nzaq1@WSX\n\n58797640","lastlogintime":0,"ispremium":false,"premiumuntil":0,"status":"active","returnernotification":false,"showrewardnews":true,"isreturner":true,"fpstracking":false,"optiontracking":false,"tournamentticketpurchasestate":0,"emailcoderequest":false},"playdata":{"worlds":[{"id":0,"name":"Forgotten","externaladdress":"192.168.1.7","externalport":7172,"externaladdressprotected":"192.168.1.7","externalportprotected":7172,"externaladdressunprotected":"192.168.1.7","externalportunprotected":7172,"previewstate":0,"location":"BRA","anticheatprotection":false,"pvptype":0,"istournamentworld":false,"restrictedstore":false,"currenttournamentphase":2}],"characters":[{"worldid":0,"name":"Mikaschi","ismale":true,"tutorial":false,"level":8,"vocation":"Sorcerer","outfitid":1876,"headcolor":0,"torsocolor":0,"legscolor":0,"detailcolor":0,"addonsflags":0,"ishidden":false,"istournamentparticipant":false,"ismaincharacter":true,"dailyrewardstate":0,"remainingdailytournamentplaytime":0},{"worldid":0,"name":"Test Test","ismale":true,"tutorial":false,"level":8,"vocation":"Sorcerer","outfitid":1876,"headcolor":0,"torsocolor":0,"legscolor":0,"detailcolor":0,"addonsflags":0,"ishidden":false,"istournamentparticipant":false,"ismaincharacter":false,"dailyrewardstate":0,"remainingdailytournamentplaytime":0},{"worldid":0,"name":"Michal Test","ismale":true,"tutorial":false,"level":8,"vocation":"Unknown","outfitid":2258,"headcolor":0,"torsocolor":0,"legscolor":0,"detailcolor":0,"addonsflags":0,"ishidden":false,"istournamentparticipant":false,"ismaincharacter":false,"dailyrewardstate":0,"remainingdailytournamentplaytime":0}]}}
Content-Type text/html; charset=UTF-8
Vary Accept-Encoding,User-Agent
Date Sun, 23 Nov 2025 20:20:24 GMT
X-Powered-By PHP/8.3.0
Server Apache
Set-Cookie PHPSESSID=ocatlsovgmi08c04n8mhlkutq2; path=/
Pragma no-cache
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate
Content-Length 1680
Connection close
=========
HTTPS status: Success (no error)
Last edited:
fusion32
Intermediate OT User
- Joined
- Jun 7, 2010
- Messages
- 39
- Solutions
- 2
- Reaction score
- 113
This looks like a mismatch between the login script and the server. The login script is using an old
NOTE(1): You should edit that last post that contains your email and password in the session key string, unless it's a random testing password, or something.
NOTE(2): I'm not entirely sure how well supported this is, but after getting it to work, you should try to set it up with HTTPS. This is because HTTP is not encrypted so anyone collecting packets between your clients and your server will be able to inspect the data, including email and passwords which is kind of security hole.
"EMAIL\nPASSWORD" format without proper session keys, but the server (considering TFS trunk) expects a 16 byte session key encoded as base64. You'd need to check the format your server expects session keys to be in and make sure the login script does something similar, which may include generating and inserting into the database.NOTE(1): You should edit that last post that contains your email and password in the session key string, unless it's a random testing password, or something.
NOTE(2): I'm not entirely sure how well supported this is, but after getting it to work, you should try to set it up with HTTPS. This is because HTTP is not encrypted so anyone collecting packets between your clients and your server will be able to inspect the data, including email and passwords which is kind of security hole.