Solved [Znote Acc] need help!

[undead mage]

I have this problem with my znote site its working but I can login on the server with the accounts that are made on the site :/ I do see the characters on the highscore list and in my database

Site: oujda.sytes.net
Client: 10.10

Server: TFS 0.3.7_SVN
Site: znoteAACv1.4public

@Znote @HalfAway @cbrm @EvilSkillz @Limos

 

[HalfAway]

You can or can't login?

 

[Peroxide]

hosting on localhost or global ip? If global ip then perhaps 7171/7172 isn't properly configured

 

[A Dirty Rag]

If the accounts are in the database then it's not the website. I don't know what version of TFS you're using but I know that in some you have to set the hash used on the passwords in config. I think Znote used sha1 so make sure it's set if that's the case.

 

[undead mage]

@HalfAway
I ment I can't login on the server

@Peroxide
can't login with localhost either

@A Dirty Rag
Server: TFS 0.3.7_SVN
I am using plain passwords is it possible to change the site to use plain also? Maybe thats it then

 

[A Dirty Rag]

If the server and site are using the same hash then it's not the problem. You can set it plain removing the hash function used on the password in the php files, I don't have it downloaded so I can't tell you what script it's in.

 

[Ninja]

engine/function/users.php (function user_create_account), sha1($register_data['password']);. Why even use non-hashed passwords?

 

[undead mage]

@Ninja I've changed it into this but now I cant register at all and my server wont be online for a while yet so I dont need sha1 atm

    if (config('TFSVersion') == 'TFS_03' && config('salt') === true) {
        $register_data['salt'] = generate_recovery_key(18);
        $register_data['password'] = plain($register_data['salt'].$register_data['password']);
    } else $register_data['password'] = plain($register_data['password']);

 

[Ninja]

remove plain() (it's already in plain)

 

[undead mage]

should I change them both back to sha1?

 

[Ninja]

Leave it like this

    if (config('TFSVersion') == 'TFS_03' && config('salt') === true) {
        $register_data['salt'] = generate_recovery_key(18);
        $register_data['password'] = $register_data['salt'].$register_data['password'];
    } else $register_data['password'] = sha1($register_data['password']);

 

[undead mage]

@ Ninja thx I can now login on the server but now I cant login on the site
the site and the server are both online if u want to see

ip: oujda.sytes.net
client: 10.10

 

[Ninja]

Enable salt in config.php, and remove sha1() in function user_login_03

if (!empty($salt)) $password = sha1($salt.$password);

You should be able to login now.

 

[undead mage]

I've enabled salt in config.php but where can I find function user_login_o3?

 

[Ninja]

engine/function/users.php

 

[undead mage]

Still cant login :/
It was already like this in engine/function/users.php

if (!empty($salt)) $password = sha1($salt.$password);
else $password = sha1($password);

 

[Ninja]

Remove sha1 as I mentioned before, if (!empty($salt)) $password = sha1($salt.$password);

 

[undead mage]

aah srry I was looking at your code but do I have to remove sha1 or replace it?

if (!empty($salt)) $password = plain($salt.$password);
else $password = plain($password);

or

if (!empty($salt)) $password = ($salt.$password);
else $password = ($password);

 

[Ninja]

Just delete it

if (!empty($salt)) $password = $salt.$password;
else $password = sha1($password);

 

[undead mage]

Still isnt working :s

enabled salt

    $config['validate_IP'] = true; // Only allow legal IP addresses to register and create character.
    $config['salt'] = true; // Some noob 0.3.6 servers don't support salt.

and deleted sha1

    if (config('salt') === true) {
        $user_id = user_login_id_03($username, $password);

        $username = sanitize($username);
       
        $salt = mysql_result(mysql_query("SELECT `salt` FROM `accounts` WHERE `id`='$user_id';"), 0, 'salt');
        if (!empty($salt)) $password = ($salt.$password);
        else $password = ($password);
        return (mysql_result(mysql_query("SELECT COUNT('id') FROM accounts WHERE name='$username' AND password='$password';"), 0) == 1) ? $user_id : false;
    } else return user_login($username, $password);
}