Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
Crystallize - 09.05.2016
Hello everyone , I decided to make a filterscript that will boost your users security.
Basically this filterscript randomizes a 6 char+digit code and inserts into mysql for later use.
I implemented this on my gamemode with the login system , so if the user had the generated code it would ask to insert it too or kick to prevent account hackings.
Picture explaining:

Download:
v1
v2
Command:
/securemyaccount
Instructions:
Create a structure named "codes" , then create 2 tables with "user" and "code", will edit this later explaining further.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
Private200 - 09.05.2016
Showing this every time a player logs in would be pretty boring. I suggest you to use gpci and IP detection.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
Crystallize - 09.05.2016
Quote:
Originally Posted by Private200
Showing this every time a player logs in would be pretty boring. I suggest you to use gpci and IP detection.
|
GPCI is not accurate and IP detection could be done in next version, this script generates the password only once then if you want to change the provided code you can use the command.
For e.g I used this for my admins , after they've logged in with their password it would show them the dialog to enter the code or kick.I'm kinda new to mysql so this is not like the best code you'll ever see but it still does what's supposed to.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
DarkLored - 09.05.2016
It's a good system but I do agree with the IP detection being added it would be annoying to consistently have to type it in over and over again, good job though.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
Private200 - 09.05.2016
Quote:
Originally Posted by Wizzard2H
GPCI is not accurate and IP detection could be done in next version, this script generates the password only once then if you want to change the provided code you can use the command.
For e.g I used this for my admins , after they've logged in with their password it would show them the dialog to enter the code or kick.I'm kinda new to mysql so this is not like the best code you'll ever see but it still does what's supposed to.
|
Yes, GPCI is not accurate. However, you might wanna go for IP + GPCI + IP Range detection (the first two parts of the IP XX.XXX). That's the best accurate way I can think of to lower the struggle a bit.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
Infinity - 10.05.2016
Correct me if I'm wrong, but you don't seem to escape your queries. If this is the case, your statement ("no more hacked accounts") will not hold up.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
thesuperuser - 11.05.2016
looks useful, good work.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
Crystallize - 11.05.2016
Quote:
Originally Posted by Infinity
Correct me if I'm wrong, but you don't seem to escape your queries. If this is the case, your statement ("no more hacked accounts") will not hold up.
|
What do you mean with escaping the queries?
Код:
mysql_query(bquery);
mysql_free_result();
Correct me if im wrong too I'm kinda new to mysql.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
biker122 - 11.05.2016
pawn Код:
mysql_real_escape_string(const source [], destination [], connectionHandle = 1)
It's a good start in MySQL. If you use MySQL R33 (+), AND such latest systems - you could escape the string in the query itself with "%e". Good job anyway.
Re: Secure My Account [MYSQL] [BETA] [NO MORE ACCOUNT HACKINGS] -
iSpy - 11.05.2016
Helpful, nice release!