Minilogin to public server? (i'll settle for the minilogin source code)

Aerewen · #1 12-13-2006, 08:41 AM

Anyone know if it's possible to swap minilogin to a public system that compares userid/pass instead of just looking at the IP address?

I've searched all through these forums and all i can find is posts to the extent of

"change minilogin to public in the SQL variables table"

which doesnt do didly :P

at least not for what i'm trying to do... I don't want to use the eqemulator.net public login server... i'd like to have my own login server where i can have free reign to create usernames and passwords for the player's accounts.

problem is it doesnt seem like there is a way to do this using the loginserver.ini file or the server xml file... and i cant find source code for the minilogin.exe anywhere

if someone has source code for the newest release (6.2 i think?) i could just modify it myself

Cripp · #2 12-13-2006, 08:48 AM

source code for minilogin was never released to the public and never will be most likely.

Aerewen · #3 12-13-2006, 08:55 AM

oh super...

so uh... i mean i get the whole security risk to all the EQEMU servers out there if the code was released... but then why not release 2 builds of it? one that uses IP address and 1 that uses the userid/password fields to authenticate?

The minilogin system doesnt seem like it's all that complicated... it accesses the mysql db, runs: SELECT * FROM `account` WHERE `minilogin_ip` = 'currentip'; or somethin similar to get the account info... if no result is returned it spits out the invalid account opcode to the client and resumes the process of sitting there being happy till the next client comes along...

wouldnt be all that hard to change it to selecting the row based on userid instead of minilogin_ip and comparing the password with the one returned...

or if we really wanted to be efficient... just select with both the userid and password... then u dont even have to change the rest of the code.

if the dev team is too busy to do it... then lemme know how to get in touch with em and i'll do it

Aerewen · #4 12-13-2006, 09:37 PM

actually after watching the minilogin and world.exe windows while logging in...

it seems minilogin doesnt actually check anything at all... you can connect to it from any computer with any username and any password and it allows you in...

world.exe actually checks your ip address against the database and gets your account information from that...

which is fine really... what we need to do now is change minilogin to check the user/pass and then modify the IP address in the database accordingly... this way a player has to actually have an account to play on the server, but the server will still compare by IP address to ensure that only 1 account per IP can be used (which i think is the way most server admins would prefer it... but I may be wrong)

If any of the dev's come through here and see this... any chance of a PM or something so I can help out?

John Adams · #5 12-14-2006, 01:06 AM

This topic has been beaten to death, and the only results you might get are terse "no" responses. Due to the securities issue, I am confident Minilogin.exe is as it is, forever. Might be one of the only things holding back SOE from swinging through here with a wrecking ball, is the devs refusal to release that source.

Aerewen · #6 12-14-2006, 11:21 AM

Nonono :P I'm not asking to release the source to the public...

I'm asking to join the dev team and fix it myself to release an updated binary to the public

IMO PEQ admins should have the ability to choose whether to base accounts on IP or login info... what happens when you have a family of former EQ-ers who want to play on a PEQ server? You have to politely, yet regretfully, inform them that the server only supports authentication by IP address, not by username/password... wouldnt be that hard to add a variable to the database to switch world.exe from checking IP to username/password, then world.exe and minilogin.exe can both read the variable and act accordingly.

#7 12-14-2006, 11:33 AM

minilogin checks IP, public login checks user / pass.

Thats the way it is, thats the way it will always be.

There are reasons for this, many of them, all already covered in threads just like this one.

Aerewen · #8 12-14-2006, 01:00 PM

when you say public login... you are referring to the login hosted on eqemulator.net right?

im suggesting the editing and release of a new minilogin so that users can host their own login server and not have to rely on eqemulator's login server for their connections

as it stands say i host a server on my home network... i can DMZ, set port forwarders etc etc etc till im blue in the face, but the eqemu server will still read incoming connections as 192.168.0.1 from the router... there is no way around it (trust me i tried :P) and i know there's gotta be a ton of people out there who have taken the time to learn eqemu, php, mysql, perl, and all the other stuff only to get the server running and *sigh* when they realize they cant play with 10 of their buddies at the same time because their router prevents it.

i just feel it would be worth the couple days of coding to release a minilogin/world.exe that checked accounts off username/password

i mean yeah i know the client software encrypts them before sending to the server... but it's not like we would be allowing people to edit the minilogin source to see the encryption used

#9 12-14-2006, 01:09 PM

Allowing anyone to host a login server is a bad idea for many reasons and will not happen.

Sakrateri · #10 12-15-2006, 03:47 AM

You CAN host a public server with the minilogin, I have been doing it and will always be doing it. Actually it is quite easy and gives you more control over who gets on your server and who does not. You start with DMZing or opening ports for the computer you want to run the server and then get the IPs of all the friends you want to join you, if they do not have static IPs then get them to use NOIP, And then put those IPs in the minilogin ip colum of your database, then they can connect... No problems doing it that way for me anyway. If you DMZ the computer just make sure to have good antivirus and a firewall running. The only problem with it is if two friends are coming from one IP they have to learn to share an account , so instead of eight characters they can each make 4.....unless one person is much bigger then the other then he can make 7 and the other person 1, lol well you get the picture.

Angelox · #11 12-15-2006, 04:09 AM

Quote:

Originally Posted by Sakrateri

You CAN host a public server with the minilogin, I have been doing it and will always be doing it. Actually it is quite easy and gives you more control over who gets on your server and who does not. You start with DMZing or opening ports for the computer you want to run the server and then get the IPs of all the friends you want to join you, if they do not have static IPs then get them to use NOIP, And then put those IPs in the minilogin ip colum of your database, then they can connect... No problems doing it that way for me anyway. If you DMZ the computer just make sure to have good antivirus and a firewall running. The only problem with it is if two friends are coming from one IP they have to learn to share an account , so instead of eight characters they can each make 4.....unless one person is much bigger then the other then he can make 7 and the other person 1, lol well you get the picture.

Sounds interesting ... I would like to be able to let a few people come in and help me out with my database, and this would be the way to do it.
What's NOIP ( Like dyndns.org)? , I bet we can come up with a script that detects who is where, and will translate/change IP entry in the database.

Sakrateri · #12 12-15-2006, 06:11 AM

It sounds like dyndns is like NOIP which can be checked out at NOIP LINK . I have never had used either of them myself but its a way to get a static IP if you have a dynamic one. You can still let people in with dynamic IPs but its a pain having to keep changing them. I am not sure if you can come up with some kind of script as it is you have to reboot your server whenever you add a new IP or change an existing one before the change takes effect.

John Adams · #13 12-15-2006, 07:07 AM

I'm still not sure what the fuss is all about. Put up a public server, lock it, and add user accounts who wish to play on your server using a specific status level. If you are capable of writing a new minilogin server completely, you are capable of editing the minimum status allowed into a locked server.

I too was boggled by the fact I *had* to use eqemulator.net as a login server publicly (outside my LAN), but have since learned why and accept that. I guess I just don't need to be hidden or that private.

Angelox · #14 12-15-2006, 07:29 AM

Sakrateri;
Is your EqEmu server Linux or Windows?

Aerewen · #15 12-15-2006, 07:32 AM

Here's the solution to this problem temporarily.

Dowload the zip file with peq_updater.php and eqhost.txt file, install them on a webserver.
Modify the variables in the php file to your MySQL server information.
Read the info in the header of the php document to learn how this works.

I will not be providing support for this utility, but feel free to post bugs and whatnot here for as long as the moderators wish to allow it. You should already have PHP/MySQL installed if you are using the PEQ Editor on your system.

Download Zip File
Download RAR File

edit: added rar file for people who prefer it.