Jump to content
MakeWebGames

OGWAR3 ~New Mafia Game~

The Ultimate Warrior

By The Ultimate Warrior
in Game Projects

 Share

Recommended Posts

The Ultimate Warrior Newbie

The Ultimate Warrior

Posted
Posted

theogwar.com has been looking for players and since we just launched a new server we are hoping you would like to join us as a New member of the newest OGWAR game 3. There are a lot of new changes coming and since the new game is under new Management we would love you see you join our game.

Come check us out

http://www.theogwar.com/game3/index.php?page=register&ref=10

logo_theogwar7.png

See you there ..

Link to comment
Share on other sites
DAMINK Newbie

DAMINK

Posted
Posted

Yep horrible register and login.

Actually to be honest i dont like the game layout one bit either.

Meters not refreshing sucks.

The email activation does nothing apart from send your password to you raw which tells me you are not hashing your passwords or salting them right?

Sorry i dont like it one bit.

Link to comment
Share on other sites
SRB Enthusiast

SRB

Posted
Posted

which tells me you are not hashing your passwords or salting them right?

No, it tells you that when you sign up, a variable holds the password you set, until it's emailed.

During which time, it's probably ran through MD5 and encrypted.

That said, sending passwords out is a dumb move.

Link to comment
Share on other sites
DAMINK Newbie

DAMINK

Posted
Posted (edited)

During which time, it's probably ran through MD5 and encrypted.

 

You think?

I certainly do not.

Just noticed this....

 

Due to a recent incident, we are recommending that everyone change their passwords. Please don't make it abc123 Thank you.

Sooooooooooo are they encrypted Resident Troll?

Edited by DAMINK
Link to comment
Share on other sites
Sim Community Regular

Sim

Posted
Posted
No, it tells you that when you sign up, a variable holds the password you set, until it's emailed.

During which time, it's probably ran through MD5 and encrypted.

That said, sending passwords out is a dumb move.

I disagree about sending passwords out, but they should not be held. They should emailed instantly.

Link to comment
Share on other sites
G7470 Newbie

G7470

Posted
Posted
I disagree about sending passwords out, but they should not be held. They should emailed instantly.

For a simple game this may be harmless, but in a corporate environment, this is just asking for trouble. Sending passwords as raw text creates numerous security holes in the application,which can cause anywhere from a white hat to the game being completely compromised.

Anyways, back on topic, I agree with many others' posts here. Make the login and register much more appealing to users, and you may see a much higher influx in the number of registered users in the game.

~G7470

Link to comment
Share on other sites
SRB Enthusiast

SRB

Posted
Posted
You think?

I certainly do not.

Just noticed this....

 

Sooooooooooo are they encrypted Resident Troll?

Oh look, we have a smart cookie here who thinks he is 1337.

ASSUME... Making as ASS out and U and ME.

Until you have proof that he doesn't, I'll pretend you didn't speak.

Change passwords - couldn't possibly be encrypted passwords, but database wasn compromised by a rogue developer and rainbow tables used on passwords?

Yeah, course not.

That is all.

Link to comment
Share on other sites
DAMINK Newbie

DAMINK

Posted
Posted
Oh look, we have a smart cookie here who thinks he is 1337.

ASSUME... Making as ASS out and U and ME.

Until you have proof that he doesn't, I'll pretend you didn't speak.

Change passwords - couldn't possibly be encrypted passwords, but database wasn compromised by a rogue developer and rainbow tables used on passwords?

Yeah, course not.

That is all.

lol someone is upset.

Damn you claim to be the resident troll yet your getting a little upset broskie?

Have a nice day there Guest.

Link to comment
Share on other sites
KyleMassacre Collaborator

KyleMassacre

Posted
Posted

Just because a password is sent in plain text doesn't mean it's not encrypted in the database, for example:

$pass = $_POST['password'];
$db->query("insert into users (fields,more_fields,password) values('Something','Else','".hash('sha256',$pass)."')");
mail($_POST['email'],"Your plain text password","Here it is \n\r".$pass);
Link to comment
Share on other sites
DAMINK Newbie

DAMINK

Posted
Posted

Yes ofcourse i understand that.

I guess i looked at it like this....

Sending your raw password through email is dangerous.

So if that was not addressed and very little was done on the theme i wondered if infact this was the case.

Would not be the first game to open without addressing security at all!

I can think of one that got taken down by members from here only a day or 2 ago!

I certainly did not expect to get my password sent to me apon registering.

Link to comment
Share on other sites
lucky3809 Newbie

lucky3809

Posted
Posted

I made a comment awhile back long time ago about passwords being mailed back like this game does, and many users of this forum differed with me on the subject. I have read over and over on many security websites, and hack websites, that when you sign up to a website, and you hit the forget password, and if the exact pass is sent back to you in text, and not a new password or link to change it, then the website has many vulnerabilities security wise. So for many years any website I sign up to I will hit the forget password to see how they send back a password and pretty much if it's the same one I created, I don't bother anymore with that website. Many of you may have a different theory about it, which is fine, but I rather be cautions around websites that are vulnerable to an attack hack wise...

Link to comment
Share on other sites
DAMINK Newbie

DAMINK

Posted
Posted

I agree with you 100% Lucky for sure.

Some sort of mitm attack could grab it and given its not a temp type password it could be dangerous.

Not so much on a game obviously but that said i was under the understanding its just bad practice.

I guess if it was a one time type password then it might not be so bad. Where you are forced to make a new one after you login.

Link to comment
Share on other sites
KyleMassacre Collaborator

KyleMassacre

Posted
Posted (edited)

Well here is the way I see it, if someone finds out your password from your email account then they deserve your password because chances are they could have gotten your password from else where.

Correct me me if im wrong here [MENTION=50378]Guest[/MENTION] (he is pretty good) but if you can inject arbitrary code through the headers or where ever ( like making yourself a staff member) it's easy enough to write a file in the public folder to just send you people's passwords as they open up an account using things such as fwrite() and such?

Edited by KyleMassacre
Link to comment
Share on other sites
OGWar/Owner Newbie

OGWar/Owner

Posted
Posted

Hey just so everyone knows yes the passwords are protected and encrypted there sent out incase you happen to misspell your password. If your email account is compromised that make a new email account before starting the game and you wont have any worries . I also saw some of you said you dident like the log-in page so iv changed that to hopefully make it more appeasing if you play the game and feel you would like to see something else changed just go ahead and let me know there im Owner1

Link to comment
Share on other sites
SRB Enthusiast

SRB

Posted
Posted
Well here is the way I see it, if someone finds out your password from your email account then they deserve your password because chances are they could have gotten your password from else where.

Correct me me if im wrong here @Guest (he is pretty good) but if you can inject arbitrary code through the headers or where ever ( like making yourself a staff member) it's easy enough to write a file in the public folder to just send you people's passwords as they open up an account using things such as fwrite() and such?

Who told you I used to make myself a staff member and drop databases for a laugh? :o

As someone stated, a "Man in the middle" would be the most likely, but for the scope of affect, it wouldn't be worth it on a game of this size.

Pretty sure if you get to staff, you can run enough stuff through the eval() in the crime system to be able to create a file, or at least something to hijack something of use.

Link to comment
Share on other sites
SHPXLBH Newbie

SHPXLBH

Posted
Posted (edited)
Who told you I used to make myself a staff member and drop databases for a laugh? :o

As someone stated, a "Man in the middle" would be the most likely, but for the scope of affect, it wouldn't be worth it on a game of this size.

Pretty sure if you get to staff, you can run enough stuff through the eval() in the crime system to be able to create a file, or at least something to hijack something of use.

hehehehehehheehehe

@OP - Nice game, although the graphics need a little more... sharpness. Will investigate security when I get a free moment :D

 

I can think of one that got taken down by members from here only a day or 2 ago!
I didn't. The game owner decided to delete everything after I gave him an ultimatum. Edited by SHPXLBH
Link to comment
Share on other sites
DAMINK Newbie

DAMINK

Posted
Posted

Someone just wanted to argue a case, I guess.

No i just gave my opinion and then noticed someone with "resident troll" replying to me post.

Fact is neither of us could have known if this site did infact have there passwords hashed short of testing further or asking right?

I mean based on simply registering its hard to know. The fact the pass was sent in raw text i felt alarming and worth saying something.

I did actually ask the game owner this exact question as i felt he needed to know, in the event it wasnt.

Anyway enough of the troll.

At OP its a lot better now in regards to the login i have to say. What you had a few days ago was nasty. Now it does not look so bad.

From a players point of view, i dont overly like the navigation but that could just be because i am not familiar with it.

Still i find myself hitting the gym button so i guess its not that bad.

Is there a reason you have the game left justified? Or it feels like everything is pushed to the left?

I personally think a new theme is needed to really make the game feel comfortable. Just my opinion though.

Link to comment
Share on other sites
OGWar/Owner Newbie

OGWar/Owner

Posted
Posted

[MENTION=69639]DAMINK[/MENTION] Thank you for your input on the login page im in the process of trying to redo the whole login system to make it easier to understand for new players. i dont know why things seem left justified it could just be because the nav links are on the left [MENTION=70600]SHPXLBH[/MENTION] Witch graphics are you referring too id like to try to sharpen them up.

Im open to any suggestions anyone has the game is after all for the players so if you decided to give it a shot and dont like something you can message me here or in game im owner1

Link to comment
Share on other sites
KyleMassacre Collaborator

KyleMassacre

Posted
Posted

[MENTION=64603]Sim[/MENTION], that's what I mean. A plain text password being sent out should be the least of people's worries in reality. If someone really wanted people's passwords there are ways to get it that are much easier than hijacking your email account. Just imagine someone writing to your register file to email them every user that signs up with all their info or writing it to a remote location in a text file.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...