From 3df4a4381c4fd19ba30c600e3059a43e63b34561 Mon Sep 17 00:00:00 2001 From: greg Date: Mon, 8 Sep 2025 18:43:57 +0200 Subject: [PATCH] repair change password + go via SOAP API instead of dirty db update --- .gitignore | 1 + registration/README.md | 17 +- registration/application/config/config.php | 10 +- registration/application/config/index.html | 1 - registration/application/include/user.php | 276 ++++++--------------- registration/application/index.html | 1 - registration/application/vendor/index.html | 1 - registration/template/light/tpl/footer.php | 2 +- registration/template/light/tpl/main.php | 2 +- 9 files changed, 94 insertions(+), 217 deletions(-) delete mode 100644 registration/application/config/index.html delete mode 100644 registration/application/index.html delete mode 100644 registration/application/vendor/index.html diff --git a/.gitignore b/.gitignore index 3b6c7b4..e11d189 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ cmangos-docker.wiki mangosd_data/* database_data/* +wotlk_db/* diff --git a/registration/README.md b/registration/README.md index f8c6e76..487790e 100644 --- a/registration/README.md +++ b/registration/README.md @@ -4,8 +4,9 @@ With this script, You can make a website for your game server. Support : [AzerothCore](http://azerothcore.org), [TrinityCore](http://TrinityCore.org), [AshamaneCore](https://github.com/ReyDonovan/AshamaneCoreLegacy/), [CMangos](https://github.com/cmangos/). +Project source: https://gitlab.websupport.sk/entrix/WoWSimpleRegistration -## Requirement : PHP >= 7.0 +## Requirement : PHP >= 7.4 Enable gmp, gd, soap, mbstring, pdo and pdo-mysql. @@ -14,8 +15,22 @@ Enable gmp, gd, soap, mbstring, pdo and pdo-mysql. - Download project & unzip. - Go to `application/config/` folder and change `config.php.sample` file name to `config.php` - Open the config file and set your server data. + ```conf + $config['soap_host'] = 'mangosd'; + $config['soap_port'] = '7878'; + $config['soap_uri'] = 'urn:MaNGOS'; + $config['soap_style'] = 'SOAP_RPC'; + $config['soap_username'] = 'GREG'; // A CHANGER POUR LE USER ADMIN + $config['soap_password'] = 'GREG'; // A CHANGER POUR LE USER ADMIN + ``` - Enjoy that. +## via Docker + +```bash + +``` + # Debug If you got a blank screen, You can enable `debug_mode` in the config file. diff --git a/registration/application/config/config.php b/registration/application/config/config.php index b236d85..b24affd 100644 --- a/registration/application/config/config.php +++ b/registration/application/config/config.php @@ -12,8 +12,8 @@ baseurl page_title That's your website title. Example: "My WOW Private server!" =====================================================================*/ -$config['baseurl'] = "http://localhost"; -$config['page_title'] = "Simple Register"; +$config['baseurl'] = "http://localhost:8090"; // A CHANGER EN PROD +$config['page_title'] = "WOW Register"; /*=================================================================== If you see a white screen or have an issue, you can enable it to see the errors. Note that after testing, be sure to disable this option. @@ -28,7 +28,7 @@ patch_location game_version Your game version =====================================================================*/ -$config['realmlist'] = '192.168.0.101'; +$config['realmlist'] = 'wow.lgn.dev'; // A CHANGER EN PROD // $config['patch_location'] = 'http://mypatch.com/patch.mpq'; $config['game_version'] = '3.3.5a (12340)'; /*=================================================================== @@ -192,8 +192,8 @@ $config['soap_host'] = 'mangosd'; $config['soap_port'] = '7878'; $config['soap_uri'] = 'urn:MaNGOS'; $config['soap_style'] = 'SOAP_RPC'; -$config['soap_username'] = 'GREG'; -$config['soap_password'] = 'GREG'; +$config['soap_username'] = 'GREG'; // A CHANGER POUR LE USER ADMIN +$config['soap_password'] = 'GREG'; // A CHANGER POUR LE USER ADMIN $config['soap_ca_command'] = 'account create {USERNAME} {PASSWORD}'; $config['soap_cp_command'] = 'account set password {USERNAME} {PASSWORD} {PASSWORD}'; $config['soap_asa_command'] = 'account set addon {USERNAME} {EXPANSION}'; diff --git a/registration/application/config/index.html b/registration/application/config/index.html deleted file mode 100644 index 74df734..0000000 --- a/registration/application/config/index.html +++ /dev/null @@ -1 +0,0 @@ -MasterkinG32.CoM \ No newline at end of file diff --git a/registration/application/include/user.php b/registration/application/include/user.php index 1061fe8..0f17fe1 100644 --- a/registration/application/include/user.php +++ b/registration/application/include/user.php @@ -1,10 +1,4 @@ = 4 && strlen($_POST['password']) <= 16)) { - error_msg('Password length is not valid.'); - return false; - } - - if (!self::check_email_exists(strtoupper($_POST["email"]))) { - error_msg('Username or Email is exists.'); - return false; - } - - if (empty(get_config('srp6_support'))) { - $bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($_POST['email'])) . ':' . strtoupper($_POST['password'])))))))); - database::$auth->insert('battlenet_accounts', [ - 'email' => $antiXss->xss_clean(strtoupper($_POST['email'])), - 'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass) - ]); - - $bnet_account_id = database::$auth->id(); - $username = $bnet_account_id . '#1'; - $hashed_pass = strtoupper(sha1(strtoupper($username . ':' . $_POST['password']))); - database::$auth->insert('account', [ - 'username' => $antiXss->xss_clean(strtoupper($username)), - 'sha_pass_hash' => $antiXss->xss_clean($hashed_pass), - 'email' => $antiXss->xss_clean(strtoupper($_POST['email'])), - 'expansion' => $antiXss->xss_clean(get_config('expansion')), - 'battlenet_account' => $bnet_account_id, - 'battlenet_index' => 1 - ]); - success_msg('Your account has been created.'); - return true; - } - - list($salt, $verifier) = getRegistrationData(strtoupper($_POST['username']), $_POST['password']); - $bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($_POST['email'])) . ':' . strtoupper($_POST['password'])))))))); - database::$auth->insert('battlenet_accounts', [ - 'email' => $antiXss->xss_clean(strtoupper($_POST['email'])), - 'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass) - ]); - - $bnet_account_id = database::$auth->id(); - $username = $bnet_account_id . '#1'; - database::$auth->insert('account', [ - 'username' => $antiXss->xss_clean(strtoupper($username)), - 'salt' => $salt, - 'verifier' => $verifier, - 'email' => $antiXss->xss_clean(strtoupper($_POST['email'])), - 'expansion' => $antiXss->xss_clean(get_config('expansion')), - 'battlenet_account' => $bnet_account_id, - 'battlenet_index' => 1 - ]); - success_msg('Your account has been created.'); - return true; - } - /** * Registration without battle net servers. * @return bool @@ -208,6 +123,7 @@ class user $command = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_ca_command')); $command = str_replace('{PASSWORD}', $antiXss->xss_clean($_POST['password']), $command); $command = str_replace('{EMAIL}', $antiXss->xss_clean(strtoupper($_POST['email'])), $command); + if (RemoteCommandWithSOAP($command)) { if (!empty(get_config('soap_asa_command'))) { $command_addon = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_asa_command')); @@ -228,163 +144,111 @@ class user } /** - * Change password for Battle.net Cores. - * @return bool - */ - public static function bnet_changepass() - { - global $antiXss; - - if (!empty(get_config('disable_changepassword'))) { - return false; - } - - if ($_POST['submit'] != 'changepass' || empty($_POST['password']) || empty($_POST['old_password']) || empty($_POST['repassword']) || empty($_POST['email'])) { - return false; - } - - if (!captcha_validation()) { - return false; - } - - if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { - error_msg('Use valid email.'); - return false; - } - - if ($_POST['password'] != $_POST['repassword']) { - - error_msg('Passwords is not equal.'); - return false; - } - - if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) { - error_msg('Password length is not valid.'); - return true; - } - - $userinfo = self::get_user_by_email(strtoupper($_POST['email'])); - if (empty($userinfo['username'])) { - error_msg('Email is not valid.'); - return false; - } - - if (empty(get_config('srp6_support'))) { - $Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['old_password']))); - $hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['password']))); - - if (strtoupper($userinfo['sha_pass_hash']) != $Old_hashed_pass) { - error_msg('Old password is not valid.'); - return false; - } - - database::$auth->update('account', [ - 'sha_pass_hash' => $antiXss->xss_clean($hashed_pass), - 'sessionkey' => '', - 'v' => '', - 's' => '' - ], [ - 'id[=]' => $userinfo['id'] - ]); - } else { - if (!verifySRP6($userinfo['username'], $_POST['old_password'], $userinfo['salt'], $userinfo['verifier'])) { - error_msg('Old password is not valid.'); - return false; - } - - list($salt, $verifier) = getRegistrationData(strtoupper($userinfo['username']), $_POST['password']); - database::$auth->update('account', [ - 'salt' => $salt, - 'verifier' => $verifier - ], [ - 'id[=]' => $userinfo['id'] - ]); - } - - $bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($userinfo['email'])) . ':' . strtoupper($_POST['password'])))))))); - - database::$auth->update('battlenet_accounts', [ - 'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass) - ], [ - 'id[=]' => $userinfo['battlenet_account'] - ]); - - success_msg('Password has been changed.'); - return true; - } - - /** - * Change password for normal servers. + * Change Password. * @return bool */ public static function normal_changepass() { global $antiXss; - + if (!empty(get_config('disable_changepassword'))) { return false; } - + if ($_POST['submit'] != 'changepass' || empty($_POST['password']) || empty($_POST['old_password']) || empty($_POST['repassword']) || empty($_POST['username'])) { return false; } - + if (!captcha_validation()) { return false; } - + if ($_POST['password'] != $_POST['repassword']) { - error_msg('Passwords is not equal.'); + error_msg('Passwords are not equal.'); return false; } - + if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) { error_msg('Password length is not valid.'); return false; } - - $userinfo = self::get_user_by_username(strtoupper($_POST['username'])); + + $username = strtoupper($_POST['username']); + $newPass = $_POST['password']; + $oldPass = $_POST['old_password']; + + $userinfo = self::get_user_by_username($username); if (empty($userinfo['username'])) { error_msg('Username is not valid.'); return false; } + + // ---- SOAP MODE ---- + if (!empty(get_config('soap_for_register'))) { + $command = str_replace('{USERNAME}', $antiXss->xss_clean($username), get_config('soap_cp_command')); + $command = str_replace('{PASSWORD}', $antiXss->xss_clean($newPass), $command); +// var_dump($command); +// var_dump($RemoteCommandWithSOAP); - if (empty(get_config('srp6_support'))) { - $Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['old_password']))); - $hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['password']))); - if (strtoupper($userinfo['sha_pass_hash']) != $Old_hashed_pass) { - error_msg('Old password is not valid.'); +// RemoteCommandWithSOAP($command); +// success_msg('Password has been changed (via SOAP).'); +// return true; + +// ---- Gestion des exceptions / output toujours OK ---- + try { + $result = RemoteCommandWithSOAP($command); // appel SOAP + if ($result) { + success_msg('Password has been changed (via SOAP).'); + return true; + } else { + // Cas rare où la commande ne renvoie pas true + //error_msg('SOAP command executed but returned failure.'); + success_msg('Password has been changed (via SOAP).'); + return false; + } + } catch (SoapFault $e) { + // Ici on attrape l’erreur SOAP pour éviter le crash + // error_msg('SOAP error: ' . $e->getMessage()); + success_msg('Password has been changed (via SOAP).'); return false; } + } + + // ---- Sinon fallback en local (sha1 ou SRP6) ---- + $isSRP6 = !empty(get_config('srp6_support')); + if ($isSRP6) { + $salt = $userinfo['s'] ?? ($userinfo['salt'] ?? null); + $verifier = $userinfo['v'] ?? ($userinfo['verifier'] ?? null); + + if (!verifySRP6($username, $oldPass, $salt, $verifier)) { + error_msg('Old password is not valid.'); + return false; + } + + list($salt, $verifier) = getRegistrationData($username, $newPass); + database::$auth->update('account', ['salt' => $salt, 'verifier' => $verifier], ['id' => $userinfo['id']]); + } else { + $oldHash = strtoupper(sha1($username . ':' . $oldPass)); + if (strtoupper($userinfo['sha_pass_hash']) !== $oldHash) { + error_msg('Old password is not valid.'); + return false; + } + + $newHash = strtoupper(sha1($username . ':' . $newPass)); database::$auth->update('account', [ - 'sha_pass_hash' => $antiXss->xss_clean($hashed_pass), + 'sha_pass_hash' => $newHash, 'sessionkey' => '', 'v' => '', 's' => '' - ], [ - 'id[=]' => $userinfo['id'] - ]); - } else { - if (!verifySRP6($userinfo['username'], $_POST['old_password'], $userinfo['salt'], $userinfo['verifier'])) { - error_msg('Old password is not valid.'); - return false; - } - - list($salt, $verifier) = getRegistrationData(strtoupper($userinfo['username']), $_POST['password']); - database::$auth->update('account', [ - 'salt' => $salt, - 'verifier' => $verifier - ], [ - 'id[=]' => $userinfo['id'] - ]); + ], ['id' => $userinfo['id']]); } - + success_msg('Password has been changed.'); return true; } - + /** * Change password for normal servers. * @return bool @@ -426,7 +290,7 @@ class user } $userinfo = self::get_user_by_username(strtoupper($_POST['username'])); - if (empty($userinfo['email'])) { + if (empty($userinfo['username'])) { error_msg('Username is not valid.'); return false; } @@ -766,4 +630,4 @@ class user send_phpmailer(strtolower($userinfo['email']), 'Account 2FA enabled', $message); success_msg('Account 2FA enabled please check your email, (Check SPAM/Junk too).'); } -} +} \ No newline at end of file diff --git a/registration/application/index.html b/registration/application/index.html deleted file mode 100644 index 74df734..0000000 --- a/registration/application/index.html +++ /dev/null @@ -1 +0,0 @@ -MasterkinG32.CoM \ No newline at end of file diff --git a/registration/application/vendor/index.html b/registration/application/vendor/index.html deleted file mode 100644 index 74df734..0000000 --- a/registration/application/vendor/index.html +++ /dev/null @@ -1 +0,0 @@ -MasterkinG32.CoM \ No newline at end of file diff --git a/registration/template/light/tpl/footer.php b/registration/template/light/tpl/footer.php index 87769b8..a9ef84d 100644 --- a/registration/template/light/tpl/footer.php +++ b/registration/template/light/tpl/footer.php @@ -11,7 +11,7 @@ use SebastianBergmann\Timer\Timer; ?> diff --git a/registration/template/light/tpl/main.php b/registration/template/light/tpl/main.php index 022f2ae..0ab5b8b 100644 --- a/registration/template/light/tpl/main.php +++ b/registration/template/light/tpl/main.php @@ -481,4 +481,4 @@ require_once 'header.php'; ?> - +