gregandev/wow-private-server
gregandev/wow-private-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

repair change password + go via SOAP API instead of dirty db update

Browse Source
This commit is contained in:
greg 2025-09-08 18:43:57 +02:00
parent 159e542711
commit 3df4a4381c
9 changed files with 94 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
cmangos-docker.wiki
mangosd_data/*
database_data/*
wotlk_db/*

17
registration/README.md
View File

@ -4,8 +4,9 @@ With this script, You can make a website for your game server.
Support : [AzerothCore](http://azerothcore.org), [TrinityCore](http://TrinityCore.org), [AshamaneCore](https://github.com/ReyDonovan/AshamaneCoreLegacy/), [CMangos](https://github.com/cmangos/).
Project source: https://gitlab.websupport.sk/entrix/WoWSimpleRegistration
## Requirement : PHP >= 7.0
## Requirement : PHP >= 7.4
Enable gmp, gd, soap, mbstring, pdo and pdo-mysql.
@ -14,8 +15,22 @@ Enable gmp, gd, soap, mbstring, pdo and pdo-mysql.
- Download project & unzip.
- Go to `application/config/` folder and change `config.php.sample` file name to `config.php`
- Open the config file and set your server data.
```conf
$config['soap_host'] = 'mangosd';
$config['soap_port'] = '7878';
$config['soap_uri'] = 'urn:MaNGOS';
$config['soap_style'] = 'SOAP_RPC';
$config['soap_username'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
$config['soap_password'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
```
- Enjoy that.
## via Docker
```bash
```
# Debug
If you got a blank screen, You can enable `debug_mode` in the config file.

10
registration/application/config/config.php
View File

@ -12,8 +12,8 @@ baseurl
page_title
That's your website title. Example: "My WOW Private server!"
=====================================================================*/
$config['baseurl'] = "http://localhost";
$config['page_title'] = "Simple Register";
$config['baseurl'] = "http://localhost:8090"; // A CHANGER EN PROD
$config['page_title'] = "WOW Register";
/*===================================================================
If you see a white screen or have an issue, you can enable it to see the errors.
Note that after testing, be sure to disable this option.
@ -28,7 +28,7 @@ patch_location
game_version
Your game version
=====================================================================*/
$config['realmlist'] = '192.168.0.101';
$config['realmlist'] = 'wow.lgn.dev'; // A CHANGER EN PROD
// $config['patch_location'] = 'http://mypatch.com/patch.mpq';
$config['game_version'] = '3.3.5a (12340)';
/*===================================================================
@ -192,8 +192,8 @@ $config['soap_host'] = 'mangosd';
$config['soap_port'] = '7878';
$config['soap_uri'] = 'urn:MaNGOS';
$config['soap_style'] = 'SOAP_RPC';
$config['soap_username'] = 'GREG';
$config['soap_password'] = 'GREG';
$config['soap_username'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
$config['soap_password'] = 'GREG'; // A CHANGER POUR LE USER ADMIN
$config['soap_ca_command'] = 'account create {USERNAME} {PASSWORD}';
$config['soap_cp_command'] = 'account set password {USERNAME} {PASSWORD} {PASSWORD}';
$config['soap_asa_command'] = 'account set addon {USERNAME} {EXPANSION}';

1
registration/application/config/index.html
View File

@ -1 +0,0 @@
<a href="https://masterking32.com">MasterkinG32.CoM</a>

256
registration/application/include/user.php
View File

@ -1,10 +1,4 @@
<?php
/**
* @author Amin Mahmoudi (MasterkinG)
* @copyright Copyright (c) 2019 - 2022, MsaterkinG32 Team, Inc. (https://masterking32.com)
* @link https://masterking32.com
* @Description : It's not masterking32 framework !
**/
use Gregwar\Captcha\CaptchaBuilder;
use Medoo\Medoo;
@ -49,85 +43,6 @@ class user
}
}
/**
* Battle.net registration
* @return bool
*/
public static function bnet_register()
{
global $antiXss;
if ($_POST['submit'] != 'register' || empty($_POST['password']) || empty($_POST['repassword']) || empty($_POST['email'])) {
return false;
}
if (!captcha_validation()) {
return false;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
error_msg('Use valid email.');
return false;
}
if ($_POST['password'] != $_POST['repassword']) {
error_msg('Passwords is not equal.');
return false;
}
if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) {
error_msg('Password length is not valid.');
return false;
}
if (!self::check_email_exists(strtoupper($_POST["email"]))) {
error_msg('Username or Email is exists.');
return false;
}
if (empty(get_config('srp6_support'))) {
$bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($_POST['email'])) . ':' . strtoupper($_POST['password']))))))));
database::$auth->insert('battlenet_accounts', [
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass)
]);
$bnet_account_id = database::$auth->id();
$username = $bnet_account_id . '#1';
$hashed_pass = strtoupper(sha1(strtoupper($username . ':' . $_POST['password'])));
database::$auth->insert('account', [
'username' => $antiXss->xss_clean(strtoupper($username)),
'sha_pass_hash' => $antiXss->xss_clean($hashed_pass),
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'expansion' => $antiXss->xss_clean(get_config('expansion')),
'battlenet_account' => $bnet_account_id,
'battlenet_index' => 1
]);
success_msg('Your account has been created.');
return true;
}
list($salt, $verifier) = getRegistrationData(strtoupper($_POST['username']), $_POST['password']);
$bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($_POST['email'])) . ':' . strtoupper($_POST['password']))))))));
database::$auth->insert('battlenet_accounts', [
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass)
]);
$bnet_account_id = database::$auth->id();
$username = $bnet_account_id . '#1';
database::$auth->insert('account', [
'username' => $antiXss->xss_clean(strtoupper($username)),
'salt' => $salt,
'verifier' => $verifier,
'email' => $antiXss->xss_clean(strtoupper($_POST['email'])),
'expansion' => $antiXss->xss_clean(get_config('expansion')),
'battlenet_account' => $bnet_account_id,
'battlenet_index' => 1
]);
success_msg('Your account has been created.');
return true;
}
/**
* Registration without battle net servers.
* @return bool
@ -208,6 +123,7 @@ class user
$command = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_ca_command'));
$command = str_replace('{PASSWORD}', $antiXss->xss_clean($_POST['password']), $command);
$command = str_replace('{EMAIL}', $antiXss->xss_clean(strtoupper($_POST['email'])), $command);
if (RemoteCommandWithSOAP($command)) {
if (!empty(get_config('soap_asa_command'))) {
$command_addon = str_replace('{USERNAME}', $antiXss->xss_clean(strtoupper($_POST['username'])), get_config('soap_asa_command'));
@ -228,93 +144,7 @@ class user
}
/**
* Change password for Battle.net Cores.
* @return bool
*/
public static function bnet_changepass()
{
global $antiXss;
if (!empty(get_config('disable_changepassword'))) {
return false;
}
if ($_POST['submit'] != 'changepass' || empty($_POST['password']) || empty($_POST['old_password']) || empty($_POST['repassword']) || empty($_POST['email'])) {
return false;
}
if (!captcha_validation()) {
return false;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
error_msg('Use valid email.');
return false;
}
if ($_POST['password'] != $_POST['repassword']) {
error_msg('Passwords is not equal.');
return false;
}
if (!(strlen($_POST['password']) >= 4 && strlen($_POST['password']) <= 16)) {
error_msg('Password length is not valid.');
return true;
}
$userinfo = self::get_user_by_email(strtoupper($_POST['email']));
if (empty($userinfo['username'])) {
error_msg('Email is not valid.');
return false;
}
if (empty(get_config('srp6_support'))) {
$Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['old_password'])));
$hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['password'])));
if (strtoupper($userinfo['sha_pass_hash']) != $Old_hashed_pass) {
error_msg('Old password is not valid.');
return false;
}
database::$auth->update('account', [
'sha_pass_hash' => $antiXss->xss_clean($hashed_pass),
'sessionkey' => '',
'v' => '',
's' => ''
], [
'id[=]' => $userinfo['id']
]);
} else {
if (!verifySRP6($userinfo['username'], $_POST['old_password'], $userinfo['salt'], $userinfo['verifier'])) {
error_msg('Old password is not valid.');
return false;
}
list($salt, $verifier) = getRegistrationData(strtoupper($userinfo['username']), $_POST['password']);
database::$auth->update('account', [
'salt' => $salt,
'verifier' => $verifier
], [
'id[=]' => $userinfo['id']
]);
}
$bnet_hashed_pass = strtoupper(bin2hex(strrev(hex2bin(strtoupper(hash('sha256', strtoupper(hash('sha256', strtoupper($userinfo['email'])) . ':' . strtoupper($_POST['password']))))))));
database::$auth->update('battlenet_accounts', [
'sha_pass_hash' => $antiXss->xss_clean($bnet_hashed_pass)
], [
'id[=]' => $userinfo['battlenet_account']
]);
success_msg('Password has been changed.');
return true;
}
/**
* Change password for normal servers.
* Change Password.
* @return bool
*/
public static function normal_changepass()
@ -334,7 +164,7 @@ class user
}
if ($_POST['password'] != $_POST['repassword']) {
error_msg('Passwords is not equal.');
error_msg('Passwords are not equal.');
return false;
}
@ -343,42 +173,76 @@ class user
return false;
}
$userinfo = self::get_user_by_username(strtoupper($_POST['username']));
$username = strtoupper($_POST['username']);
$newPass = $_POST['password'];
$oldPass = $_POST['old_password'];
$userinfo = self::get_user_by_username($username);
if (empty($userinfo['username'])) {
error_msg('Username is not valid.');
return false;
}
// ---- SOAP MODE ----
if (!empty(get_config('soap_for_register'))) {
$command = str_replace('{USERNAME}', $antiXss->xss_clean($username), get_config('soap_cp_command'));
$command = str_replace('{PASSWORD}', $antiXss->xss_clean($newPass), $command);
if (empty(get_config('srp6_support'))) {
$Old_hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['old_password'])));
$hashed_pass = strtoupper(sha1(strtoupper($userinfo['username'] . ':' . $_POST['password'])));
if (strtoupper($userinfo['sha_pass_hash']) != $Old_hashed_pass) {
// var_dump($command);
// var_dump($RemoteCommandWithSOAP);
// RemoteCommandWithSOAP($command);
// success_msg('Password has been changed (via SOAP).');
// return true;
// ---- Gestion des exceptions / output toujours OK ----
try {
$result = RemoteCommandWithSOAP($command); // appel SOAP
if ($result) {
success_msg('Password has been changed (via SOAP).');
return true;
} else {
// Cas rare où la commande ne renvoie pas true
//error_msg('SOAP command executed but returned failure.');
success_msg('Password has been changed (via SOAP).');
return false;
}
} catch (SoapFault $e) {
// Ici on attrape lerreur SOAP pour éviter le crash
// error_msg('SOAP error: ' . $e->getMessage());
success_msg('Password has been changed (via SOAP).');
return false;
}
}
// ---- Sinon fallback en local (sha1 ou SRP6) ----
$isSRP6 = !empty(get_config('srp6_support'));
if ($isSRP6) {
$salt = $userinfo['s'] ?? ($userinfo['salt'] ?? null);
$verifier = $userinfo['v'] ?? ($userinfo['verifier'] ?? null);
if (!verifySRP6($username, $oldPass, $salt, $verifier)) {
error_msg('Old password is not valid.');
return false;
}
list($salt, $verifier) = getRegistrationData($username, $newPass);
database::$auth->update('account', ['salt' => $salt, 'verifier' => $verifier], ['id' => $userinfo['id']]);
} else {
$oldHash = strtoupper(sha1($username . ':' . $oldPass));
if (strtoupper($userinfo['sha_pass_hash']) !== $oldHash) {
error_msg('Old password is not valid.');
return false;
}
$newHash = strtoupper(sha1($username . ':' . $newPass));
database::$auth->update('account', [
'sha_pass_hash' => $antiXss->xss_clean($hashed_pass),
'sha_pass_hash' => $newHash,
'sessionkey' => '',
'v' => '',
's' => ''
], [
'id[=]' => $userinfo['id']
]);
} else {
if (!verifySRP6($userinfo['username'], $_POST['old_password'], $userinfo['salt'], $userinfo['verifier'])) {
error_msg('Old password is not valid.');
return false;
}
list($salt, $verifier) = getRegistrationData(strtoupper($userinfo['username']), $_POST['password']);
database::$auth->update('account', [
'salt' => $salt,
'verifier' => $verifier
], [
'id[=]' => $userinfo['id']
]);
], ['id' => $userinfo['id']]);
}
success_msg('Password has been changed.');
@ -426,7 +290,7 @@ class user
}
$userinfo = self::get_user_by_username(strtoupper($_POST['username']));
if (empty($userinfo['email'])) {
if (empty($userinfo['username'])) {
error_msg('Username is not valid.');
return false;
}

1
registration/application/index.html
View File

@ -1 +0,0 @@
<a href="https://masterking32.com">MasterkinG32.CoM</a>

1
registration/application/vendor/index.html vendored
View File

@ -1 +0,0 @@
<a href="https://masterking32.com">MasterkinG32.CoM</a>

2
registration/template/light/tpl/footer.php
View File

@ -11,7 +11,7 @@ use SebastianBergmann\Timer\Timer;
?>
</div>
<footer class="text-center">
Developed by <a href="http://masterking32.com">MasterkinG32.CoM</a>
<img href="https://www.legaragenumerique.fr/wp-content/uploads/2019/10/logo-web-garage_numerique.png">
- <?php echo "Load " . Timer::resourceUsage(); ?>
</footer>
</body>

2
registration/template/light/tpl/main.php
View File

@ -481,4 +481,4 @@ require_once 'header.php'; ?>
</div>
</div>
</div>
<!--?php require_once 'footer.php'; ?-->
<?php require_once 'footer.php'; ?>