My Login PHP Script... [Sticky Please!]

[Aerewen]

Sorry about the loss of the hosting on the ZIP file. When the Allendium project started to fall apart last December I canceled the hosting, but we are now back up and underway so I will toss the zip file back up for my PHP script to allow public access to a server using minilogin.

To view the original thread with support answers and whatnot:
http://www.eqemulator.net/forums/showthread.php?t=22081

To download the ZIP File:
Download from my server: http://www.allendium.com/peq_updater.zip
Download from mirror server: http://eq.mmoemulators.com/files/peq_updater.zip

Please do not contact anyone from the Allendium development team regarding this utility. As it says in the file and original thread, I provide no support for it. We are far too busy with the development of Allendium to toy around with EQEmu anymore.

Hope this utility helps some of you achieve your dream of a "public" free EQ server that runs independently.

[Fridgecritter]

This is a great utility. I think I have an idea for a fix of sorts for having to login to this page every time before playing if you do not have a static IP. I used to fiddle with Rose Online servers, as well as WoW servers. For both of these games, people would build custom launchers that would key you into the private server's custom launcher "mini-site" that was formatted to fit within the launcher.

If someone were to code a launcher for EQ that simply had one button on it, along with a small web browser window, you would open that launcher, then hit the "play" button, and it would update your IP, and open the Everquest game. This way you could simply put the php file in your website's directory wherever you specify the launcher to point. No need for the "eqgame.exe patchme" shortcut anymore, simply run the launcher, and get news and info about the private server you are playing on at the same time, and launch the game with the program.

EDIT: I guess

[Fridgecritter]

Disreguard the "I guess" part... I hit the submit button on my laptop touch pad on accident. What I was going to say was...

I guess if EQemu's built-in webserver worked with php (It may, I just don't know how to go about doing it) you could just as easily drop this into the "templates" folder there, and you would be set.

[fault]

I am actually not able to get this to work.

PHP Code:

<?php
if(!isset($_POST['Submit'])){
?>
  <form id="form1" name="form1" method="post" action="reg.php">
    <table width="500" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="174" align="right" valign="top"><div align="right">Username:&nbsp;&nbsp;</div></td>
        <td width="326" align="left" valign="top"><input name="username" type="text" class="formelements" id="username" size="40" maxlength="9" />
        <br />
        <span class="style1">*must be 9 characters or less</span> </td>
      </tr>
      <tr>
        <td align="right" valign="top"><div align="right">Password:&nbsp;&nbsp;</div></td>
        <td align="left" valign="top"><input name="password" type="password" class="formelements" id="password" size="40" maxlength="9" />
          <br />
          <span class="style1">*must be 9 characters or less</span></td>
      </tr>
      <tr>
        <td colspan="2" align="center" valign="top"><input name="Submit" type="submit" class="formelements" value="Login/Create" />&nbsp;&nbsp;&nbsp;<input name="Reset" type="reset" class="formelements" value="Clear" /></td>
      </tr>
    </table>
  </form>
<?php
} else {
    //set font color
    $link = mysql_connect($DB_ADDY,$DB_USER,$DB_PASS);
    mysql_select_db($DB_DB,$link);
    $sql = "SELECT * FROM `account` WHERE `name` = '". $_POST['username']. "'";
    $res = mysql_query($sql,$link);
    if(mysql_num_rows($res) != 0){
        //username was found
        $info = mysql_fetch_assoc($res);
        if($info['password'] == $_POST['password']){
            //password matches
            if($_SERVER['REMOTE_ADDR'] != $info['minilogin_ip']){
                //ip address has changed
                $sql = "UPDATE `account` SET `minilogin_ip` = '". $_SERVER['REMOTE_ADDR']. "' WHERE `name` = '". $_POST['username']. "' AND `password` = '". $_POST['password']. "'";
                $sql2 = "UPDATE `account` SET `minilogin_ip` = '0.0.0.0' WHERE `minilogin_ip` = '". $_SERVER['REMOTE_ADDR']. "'";
                if(($res = mysql_query($sql2,$link)) && mysql_query($sql,$link)){
                    echo '<font color="#00FF00">';
                    echo 'Your IP address was successfully updated. You may now start EverQuest Titanium Edition and log in to the server.';
                    echo '</font>';
                } else {
                    echo '<font color="#FF0000">';
                    echo 'There was an error updating your IP address. Please try again later or contact an admin for assistance.';
                    echo '</font>';
                }
            } else {
                //ip didnt change
                echo '<font color="#00FF00">';
                echo 'Your IP address has not changed. You may now start EverQuest Titanium Edition and log in to the server.';
                echo '</font>';
            }
        } else {
            //password was wrong
            echo '<font color="#FF0000">';
            echo 'The username: '. $_POST['username']. '<br />Already exists in our database, and the password<br />you entered for it was incorrect.<br />';
            echo 'If this is your account, please <a href="index.php">go back</a>, re-enter your password, and try again.<br />';
            echo 'If you were attempting to create a new account, please try a different user name.';
            echo '</font>';
        }
    } else {
        //username was not found create it now
        $newno = "SELECT `id` FROM `account` ORDER BY `id` DESC LIMIT 1";
        $res = mysql_query($newno,$link);
        $newno = mysql_fetch_assoc($res);
        $newno = ($newno['id'] + 1);
        $sql = "INSERT INTO `account` VALUES (". $newno. ",'". $_POST['username']. "','',0,'". $_POST['password']. "',". $admin_level. ",". $newno. ",0,0,'". $_SERVER['REMOTE_ADDR']. "',0,0)";
        $sql2 = "UPDATE `account` SET `minilogin_ip` = '0.0.0.0' WHERE `minilogin_ip` = '". $_SERVER['REMOTE_ADDR']. "'";
        if(($res = mysql_query($sql2,$link)) && mysql_query($sql,$link)){
            echo '<font color="#00FF00">';
            echo 'New account created successfully. You may now start EverQuest Titanium Edition and log in to the server using:<br />';
            echo 'Username: '. $_POST['username']. '<br />Password: '. $_POST['password']. '<br />*username and password are case sensitive!';
            echo '</font>';
        } else {
            echo '<font color="#FF0000">';
            echo 'There was an error while trying to create your account. Please try again later.';
            echo '</font>';
        }
    }
}
?>

No matter what I do it always redirects to the red *error has occured while trying to create account*


Database info is correct on it..

[corvanus]

first take out the ' s at 'account' they are unneeded and generally through syntax errors there same with 'name' only after the equals do you need them second add a semo colon after '" . $_POST[username] . '"' after the last singel quote and remove the single quotes at 'username' well you get the idea you have a ton of quotes where you dont need them so my guess is that is part of your errors right there then again you could always just use the premade pequpdater script and solve all your problems lol

[fault]

Quote:

Originally Posted by corvanus

first take out the ' s at 'account' they are unneeded and generally through syntax errors there same with 'name' only after the equals do you need them second add a semo colon after '" . $_POST[username] . '"' after the last singel quote and remove the single quotes at 'username' well you get the idea you have a ton of quotes where you dont need them so my guess is that is part of your errors right there then again you could always just use the premade pequpdater script and solve all your problems lol

uh this is the *premade updater*

[corvanus]

odd i use the peq updater and havent had any issues with it at all worked like a charm after a couple quick edits

[corvanus]

what version of mysql and php are you using and have you double checked the db settings?

[corvanus]

come to think of it why dont you drop in a line to show the query and results that way you can see precisly what the error is mysql is returning

[Theeper]

There is a couple small errors in this script I noticed.

1. There is a variable declaration near line 22 that is missing an equals sign.

Code:

$server_name "Name of Your Server"; //set the name of your server here

.. should be ..

Code:

$server_name = "Name of Your Server"; //set the name of your server here

Also, the form is pointing to index.php, although the script is called peq_updater.php. Change
this line ..

Code:

<form id="form1" name="form1" method="post" action="index.php">

.. to ..

Code:

<form id="form1" name="form1" method="post" action="<?=$_SERVER[PHP_SELF]; ?>">

Other than that, it seems to work.

[quadroplex]

This is a pretty killer tool right here, but i have one question...

Would it not be better if the script saved the passwords as MD5 encrypted passwords, I ask because that is how the worldserver accesses the passwords for other things (telnet command line client and Web interface) and so forth...

I could throw together an example of this if you need it, I just thought it would be a better way to store the passwords then plaintext as then you would need to go in and MD5 the GM passwords by hand, where as if everyones password is MD5 encrypted once you flag the acct it can then use those other tools with no further effort on the Server Admin's part

[quadroplex]

add this in the variables area

$password = md5($_POST[password]);

change the other
$_POST[password]

to
$password

and you have md5 password encryption