EQEmulator Forums - local login, remote login, minilogin

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)

- Support::General Support (https://www.eqemulator.org/forums/forumdisplay.php?f=598)

- - local login, remote login, minilogin (https://www.eqemulator.org/forums/showthread.php?t=30398)

local login, remote login, minilogin

I'm working on a new tool to replace the magelo clone, and incorporate several more parts of server management. One of these parts is allowing users to create some accounts and do some proof of ownership of a game account. From there they can have a pre-validated character move, and character transfer and a few other things.... When I started this I was working off of remove login server, and/or minilogin server.

From what I understand EQEmu's server would allow you to create a login acct, then when logging in to a play server the accounts login is passed to the play server and added to the "accounts" table. The password field remains empty. This is all correct?

For Mini login, it also uses the "accounts" table. A tool of some sort would have to be used to create new "minilogin" accounts, which would add an entry to this accounts table, and save their password in plain text. Is that all correct?

With the issues PEQ is dealing with, from what I understand it is possible for a server to be running the full login server, but locally... i.e. not rellying on EQEmu to pass to username. In this scenario, the new accounts would be created in this NEW login server accounts table. Then when a person logs into the play server, the account would also get plugged into the accounts table. The password in this login server accounts table is SHA1 hashed. My plan for local login server was to create their account in the login server table, AND in the account table.

Do I have a proper understanding of this situation... or am I way off on this?

My plan was to just have an admin option of "local login server", "remote login server", "minilogin" and then have these things happen automatically in the background. For instance, if they select remote login, then it would deactivate the "create account" portions since that would be handled by another site...

also if there is an existing php script for full login server account creation, and for mini login server account creation that would probably suffice, I could just go through the code and incorporate it that way....

Code:

DROP TABLE IF EXISTS `account`;

CREATE TABLE `account` (

  `id` int(11) NOT NULL auto_increment,

  `name` varchar(30) NOT NULL default '',

  `charname` varchar(64) NOT NULL default '',

  `sharedplat` int(11) NOT NULL default '0',

  `password` varchar(50) NOT NULL default '',

  `status` int(5) NOT NULL default '0',

  `lsaccount_id` int(11) unsigned default NULL,

  `gmspeed` tinyint(3) unsigned NOT NULL default '0',

  `revoked` tinyint(3) unsigned NOT NULL default '0',

  `karma` INT(5) UNSIGNED NOT NULL DEFAULT '0',

  `minilogin_ip` varchar(32) NOT NULL DEFAULT '0',

  `hideme` tinyint(4) NOT NULL default '0',

  `rulesflag` tinyint(1) unsigned NOT NULL default '0',

  PRIMARY KEY  (`id`),

  UNIQUE KEY `name` (`name`),

  UNIQUE KEY `lsaccount_id` (`lsaccount_id`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

This is the current table struct for account, and I found this on the mini login setup... i guess there isn't really an existing tool for acct creation.....

Code:

INSERT INTO account (name,STATUS, minilogin_ip) VALUES('edgar1898',250,'127.0.0.1');

I'm guessing the minilogin_ip is the log in "from" validation... meaning you can let your friends in, but the acct has to have your friends IP address in it... does it not use a password at all?

for full local login... i'd do something like

Code:

INSERT INTO $loginservertable (name,password) VALUES('%s',SHA1(%s));

i'm a little confused with the minilogin... i could have swore it used a plain text password in account.password

I run a LAN only server and still use mini login. The validation that takes place is strictly by IP and even though you can store a password for the account, it doesn't have any effect that I have ever seen. You can store a password in the table, and actually log in using anything in the 'password' field when logging in, and it still logs in just fine. IP validation in mini login is also a problem when attempting to run more than one client on the same machine - both accounts have the same IP and cause issues. If you change any IP addresses on your LAN router, this can cause you to log into someone else's account and vice versa (or not at all) due to the IP address stored in the account table.

As far as account creation tools for mini login, I never came across any myself (not saying none exist, just always went from the instructions in the old server setup guide), I just edit / update the account table IP's when needed and go.

You may want to exclude mini login from the scope of your project to maintain your sanity. Just my 2 coppers worth.