THREAD: Server-sided auth code using keys (Elite or custom licensing)
  1. 01-25-2016, 03:22 AM
    Tustin's Avatar
    Tustin
    Balls of Steel
    Tustin's Avatar
    Tustin
    Balls of Steel
    5,462
    Posts
    310,646
    Reputation
    May 2008
    NextGenUpdate
    Sup?

    I wrote this code for The Tesseract re-release but that never happened, so here we are. I had also originally posted this in the Gaming Squad section, but I figured it could be useful for everyone. You can use this code to either authenticate your app for Elite or using a custom key system - it's all up to you. The example uses Elite auth by default but you can change it pretty easily by just getting rid of the validate_elite_key function call. Follow the steps below for installing this on your server.

    Prerequisites:

    • A server
    • A web server installed (nginx, apache2, it doesn't matter)
    • MySQL installed
    • PHP installed
    • Root login info for MySQL


    How to setup:

    1. Download zip and extract contents to a location on your PC
    2. Open up 'autoload.php' and add a name for the DATABASE_NAME constant at the top.
    3. In the same file, add the credentials for your MySQL login. This user should have permissions to create tables and databases (so ideally use root)
    4. Save file, and upload all the files to a directory on your server.
    5. Go to the directory in your browser and load the setup.php script first.
    6. If you used proper MySQL credentials, it will successfully create both a database and two tables in said database.
    7. DELETE setup.php from your server
    8. Create a new MySQL user with only the required permissions (SELECT, INSERT, UPDATE, etc) and replace your root user's credentials inside `autoload.php` with this new MySQL user information (thanks to JB for catching this error)
    9. To test, access auth.php with a GET request for key using your NGU Elite key (example: You must login or register to view this content.)
    10. If the setup worked properly, it should output "Some useful information" (hilarious, right?) and if you check your log and users table, you should see your Elite key there.


    It's a basic system for getting your app up and running. However this does do automatic banning for users who share multiple keys under so many different IPs in a certain period of time (like 24 hrs I think). The ban check is done each time the auth script executes, so unless your app gets little to no traffic, it should do just fine. If you really want you can setup a cron job to run the unban/ban process every so often.

    You must login or register to view this content.

    Enjoy and let me know if you have any issues or just need help with it.
  2. The Following 27 Users Say Thank You to Tustin For This Useful Post:

    , , , , , , , , , , , , , , , , , , , , , , ,

  3. 01-25-2016, 02:41 PM
    Kas's Avatar
    Kas
    Guest
    Kas's Avatar
    Kas
    Guest
    n/a
    Posts
    n/a
    Reputation
    Once upon a time...
    NextGenUpdate
    Originally Posted by Tustin View Post
    Sup?

    This is some code I wrote for what was going to be The Tesseract and Riptide for Elite, but things fell through on those so here we are. I'm going to be sharing the code for all of you that aren't really familiar with the server side of auth so you can get a head start with your apps that you want to use it on. At the moment, I'm currently only providing the code for this. It's up to you to find a server to run this on. I suggest you check out OVH for a cheap VPS with some DDoS protection (because we all know people in this scene love that shit, right?). In the future I may set up a server for you guys to use for your apps. Anyways, onto the code itself.

    It isn't anything spectacular and surely won't blow the doors off anything, but it does a bit more than just your run-of-the-mill key check. It will automatically check logs on each login to check for key sharing and it will auto ban accordingly. I've made it very easy to setup, as long as you can follow a few simple steps Drack.


    1. Download zip and extract contents to a location on your PC
    2. Open up 'autoload.php' and add a name for the DATABASE_NAME constant at the top.
    3. In the same file, add the credentials for your MySQL login. This user should have permissions to create tables and databases (so ideally use root)
    4. Save file, and upload all the files to a directory on your server.
    5. Go to the directory in your browser and load the setup.php script first.
    6. If you used proper MySQL credentials, it will successfully create both a database and two tables in said database.
    7. DELETE setup.php from your server
    8. To test, access auth.php with a GET request for key using your NGU Elite key (example: You must login or register to view this content.)
    9. If the setup worked properly, it should output "Some useful information" (hilarious, right?) and if you check your log and users table, you should see your Elite key there.


    That's the basic gist of it. Like I said, this script by default does Elite authentication. If you don't want this, you should be more than capable of removing the validate_elite_key check in auth.php and replacing it with is_key_present. This is assuming that when you have users purchasing your app, they automatically have a key generated for them and inserted into the database.

    Also a quick side note: I mentioned using your root MySQL user when you run the setup script. You should change this afterwards to a user that doesn't have that many permissions, but you can keep it as root if you like. This script is free of any SQL injection so you won't have to worry about some fancy DROP query being executed!

    You must login or register to view this content.

    Enjoy and let me know if you have any issues or just need help with it.


    Great release man, 100% needed. Thanks bro.
  4. 01-31-2016, 12:30 PM
    Sabotage's Avatar
    Sabotage
    Gaming Squad
    Sabotage's Avatar
    Sabotage
    Gaming Squad
    1,107
    Posts
    27,420
    Reputation
    Sep 2012
    NextGenUpdate
    Originally Posted by Kas View Post
    Great release man, 100% needed. Thanks bro.


    Great release kas, always trying to help the community.
  5. The Following User Thanked Sabotage For This Useful Post:


  6. 01-31-2016, 04:47 PM
    Specter's Avatar
    Specter
    Pro Memer
    Specter's Avatar
    Specter
    Pro Memer
    921
    Posts
    44,457
    Reputation
    Aug 2012
    NextGenUpdate
    Originally Posted by sabotage View Post
    great release kas, always trying to help the community.


    he's alive
  7. 02-20-2016, 04:58 AM
    Tustin's Avatar
    Tustin
    Balls of Steel
    Tustin's Avatar
    Tustin
    Balls of Steel
    5,462
    Posts
    310,646
    Reputation
    May 2008
    NextGenUpdate
    Moved this out of the GS section and into the public forums. Hopefully you guys can make use of this!
  8. The Following 3 Users Say Thank You to Tustin For This Useful Post:

    , ,

  9. 02-23-2016, 05:20 PM
    JB's Avatar
    JB
    [i]Remember, no Russian.[/i]
    JB's Avatar
    JB
    [i]Remember, no Russian.[/i]
    560
    Posts
    14,669
    Reputation
    Dec 2009
    NextGenUpdate
    Originally Posted by Tustin View Post
    Sup?

    I wrote this code for The Tesseract re-release but that never happened, so here we are. I had also originally posted this in the Gaming Squad section, but I figured it could be useful for everyone. You can use this code to either authenticate your app for Elite or using a custom key system - it's all up to you. The example uses Elite auth by default but you can change it pretty easily by just getting rid of the validate_elite_key function call. Follow the steps below for installing this on your server.

    Prerequisites:

    • A server
    • A web server installed (nginx, apache2, it doesn't matter)
    • MySQL installed
    • PHP installed
    • Root login info for MySQL


    How to setup:

    1. Download zip and extract contents to a location on your PC
    2. Open up 'autoload.php' and add a name for the DATABASE_NAME constant at the top.
    3. In the same file, add the credentials for your MySQL login. This user should have permissions to create tables and databases (so ideally use root)
    4. Save file, and upload all the files to a directory on your server.
    5. Go to the directory in your browser and load the setup.php script first.
    6. If you used proper MySQL credentials, it will successfully create both a database and two tables in said database.
    7. DELETE setup.php from your server
    8. To test, access auth.php with a GET request for key using your NGU Elite key (example: You must login or register to view this content.)
    9. If the setup worked properly, it should output "Some useful information" (hilarious, right?) and if you check your log and users table, you should see your Elite key there.


    It's a basic system for getting your app up and running. However this does do automatic banning for users who share multiple keys under so many different IPs in a certain period of time (like 24 hrs I think). The ban check is done each time the auth script executes, so unless your app gets little to no traffic, it should do just fine. If you really want you can setup a cron job to run the unban/ban process every so often.

    You must login or register to view this content.

    Enjoy and let me know if you have any issues or just need help with it.


    I can't believe you're actually suggesting people use the root MySQL credentials. It's a terrible idea, always create a unique user with the required permissions.

    Otherwise, it's all good.
  10. 02-23-2016, 05:58 PM
    n/a
    Posts
    n/a
    Reputation
    Once upon a time...
    NextGenUpdate
    will some help me install it please
  11. 02-23-2016, 06:02 PM
    n/a
    Posts
    n/a
    Reputation
    Once upon a time...
    NextGenUpdate
    hey does any one know what lexicongta.com is using or You must login or register to view this content. is using for the key
  12. 02-23-2016, 06:04 PM
    Tustin's Avatar
    Tustin
    Balls of Steel
    Tustin's Avatar
    Tustin
    Balls of Steel
    5,462
    Posts
    310,646
    Reputation
    May 2008
    NextGenUpdate
    Originally Posted by JB View Post
    I can't believe you're actually suggesting people use the root MySQL credentials. It's a terrible idea, always create a unique user with the required permissions.

    Otherwise, it's all good.

    I only suggested it because I wasn't sure if the people who would want to set something up like this would know how to do that. Considering the setup should be deleted afterwards, it really wouldn't matter. I completely forgot to mention to change the details to a user other than root after the setup. I'll change that right now. The whole purpose of me saying to use root was so it could create the tables and database without permission errors, not for root to be used for everything :p.
  13. 02-23-2016, 06:13 PM
    JB's Avatar
    JB
    [i]Remember, no Russian.[/i]
    JB's Avatar
    JB
    [i]Remember, no Russian.[/i]
    560
    Posts
    14,669
    Reputation
    Dec 2009
    NextGenUpdate
    Originally Posted by Tustin View Post
    I only suggested it because I wasn't sure if the people who would want to set something up like this would know how to do that. Considering the setup should be deleted afterwards, it really wouldn't matter. I completely forgot to mention to change the details to a user other than root after the setup. I'll change that right now. The whole purpose of me saying to use root was so it could create the tables and database without permission errors, not for root to be used for everything :p.


    That's all good then. Leaked root MySQL credentials are ingredients for a nightmare!