Jump to content
MakeWebGames

McCodes V2.0.6 Your request has expired for security reasons! Please try again.


Twisted

Recommended Posts

Hey all,

 

Just brought the script and ive been having an issue with the authenticate.php, ive looked into the forums to try and find a fix with no luck, im new to coding and would like to get this working properly due to i prefer google chrome then microsoft edge.

 

Any help ill appreciate it

Link to comment
Share on other sites

34 minutes ago, Twisted said:

Hey all,

 

Just brought the script and ive been having an issue with the authenticate.php, ive looked into the forums to try and find a fix with no luck, im new to coding and would like to get this working properly due to i prefer google chrome then microsoft edge.

 

Any help ill appreciate it

For what you spent on MCCodes, you would have been better off downloading gangster legends for free and just buying a few mods. For your answer, unfortunately I don't have any answer for you.

  • Confused 1
Link to comment
Share on other sites

52 minutes ago, Sim said:

For what you spent on MCCodes, you would have been better off downloading gangster legends for free and just buying a few mods. For your answer, unfortunately I don't have any answer for you.

Gangster Legend Premium

Link to comment
Share on other sites

@Twisted it you contact @Dave i think he is the one supporting 2.0.6. 

Thanks Sim and MNG for advertising GL, but sometimes its not a right fit for certain types of games and that's cool, GL is there to provide an alternative not as a replacement 🙂

Edited by Dayo
  • Like 3
Link to comment
Share on other sites

sorry for the late reply i just got back on here is the issue as far as i can see with a picture showing what happens

 

require_once('globals_nonauth.php');
// Check CSRF input
if (!isset($_POST['verf'])
        || !verify_csrf_code('login', stripslashes($_POST['verf'])))
{
    die(
            "<h3>{$set['game_name']} Error</h3>
Your request has expired for security reasons! Please try again.<br />
<a href='login.php'>> Back</a>");
}
// Check username and password input
$username =
        (array_key_exists('username', $_POST) && is_string($_POST['username']))
                ? $_POST['username'] : '';
$password =
        (array_key_exists('password', $_POST) && is_string($_POST['password']))
                ? $_POST['password'] : '';
if (empty($username) || empty($password))
{
    die(

 

unknown.png

  • Haha 1
Link to comment
Share on other sites

Found it

function request_csrf_code($formid)
{
    // Generate the token
    $token = md5(mt_rand());
    // Insert/Update it
    $issue_time = time();
    $_SESSION["csrf_{$formid}"] =
            array('token' => $token, 'issued' => $issue_time);
    return $token;
}

/**
 * Request that an anti-CSRF verification code be issued for a particular form in the game, and return the HTML to be placed in the form.
 * @param string $formid A unique string used to identify this form to match up its submission with the right token.
 * @return string The HTML for the code issued to be added to the form.
 */
function request_csrf_html($formid)
{
    return "<input type='hidden' name='verf' value='"
            . request_csrf_code($formid) . "' />";
}

/**
 * Check the CSRF code we received against the one that was registered for the form - return false if the request shouldn't be processed...
 * @param string $formid A unique string used to identify this form to match up its submission with the right token.
 * @param string $code The code the user's form input returned.
 * @return boolean Whether the user provided a valid code or not
 */
function verify_csrf_code($formid, $code)
{
    // Lookup the token entry
    // Is there a token in existence?
    if (!isset($_SESSION["csrf_{$formid}"])
            || !is_array($_SESSION["csrf_{$formid}"]))
    {
        // Obviously verification fails
        return false;
    }
    else
    {
        // From here on out we always want to remove the token when we're done - so don't return immediately
        $verified = false;
        $token = $_SESSION["csrf_{$formid}"];
        // Expiry time on a form?
        $expiry = 900; // hacky lol
        if ($token['issued'] + $expiry > time())
        {
            // It's ok, check the contents
            $verified = ($token['token'] === $code);
        } // don't need an else case - verified = false
        // Remove the token before finishing
        unset($_SESSION["csrf_{$formid}"]);
        return $verified;
    }
}

hopefully thats what you need

Link to comment
Share on other sites

On 4/20/2020 at 12:41 AM, Twisted said:

Hey all,

 

Just brought the script and ive been having an issue with the authenticate.php, ive looked into the forums to try and find a fix with no luck, im new to coding and would like to get this working properly due to i prefer google chrome then microsoft edge.

 

Any help ill appreciate it

Send me the authenticate file and i will have a look for you i am using v2.05b and it runs fine. 

Link to comment
Share on other sites

21 hours ago, Twisted said:

the reason why you signed in was because i went back to my old scripts it was the new one i needed to try and fix 🙂

Make sure the login is posting the verf as that is what is causing the issue can you post your login form for us would be much easier 😛

Link to comment
Share on other sites

3 hours ago, SwiftGameR said:

Make sure the login is posting the verf as that is what is causing the issue can you post your login form for us would be much easier 😛

<?php
/**
 * MCCodes Version 2.0.5b
 * Copyright (C) 2005-2012 Dabomstew
 * All rights reserved.
 *
 * Redistribution of this code in any form is prohibited, except in
 * the specific cases set out in the MCCodes Customer License.
 *
 * This code license may be used to run one (1) game.
 * A game is defined as the set of users and other game database data,
 * so you are permitted to create alternative clients for your game.
 *
 * If you did not obtain this code from MCCodes.com, you are in all likelihood
 * using it illegally. Please contact MCCodes to discuss licensing options
 * in this case.
 *
 * File: login.php
 * Signature: 4a7c1670deb7175782714a27e72bfc16
 * Date: Fri, 20 Apr 12 08:50:30 +0000
 */

require_once('globals_nonauth.php');
$login_csrf = request_csrf_code('login');
print
        <<<EOF
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>{$set['game_name']}</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/javascript" src="js/login.js"></script>
<link href="css/login.css" type="text/css" rel="stylesheet" />
</head>
<body onload="getme();">
<center>
<table width="970" border="0" cellpadding="0" cellspacing="0" class="table2">
<tr>
<td class="lgrad"></td>
<td class="center"><img src="title.jpg" alt="Mccodes Version 2" /><br />
<!-- Begin Main Content -->
EOF;
$IP = str_replace(array('/', '\\', '\0'), '', $_SERVER['REMOTE_ADDR']);
if (file_exists('ipbans/' . $IP))
{
    die(
            "<span style='font-weight: bold; color:red;'>
            Your IP has been banned, there is no way around this.
            </span></body></html>

 

Link to comment
Share on other sites

2 hours ago, Twisted said:

<?php /**  * MCCodes Version 2.0.5b  * Copyright (C) 2005-2012 Dabomstew  * All rights reserved.  *  * Redistribution of this code in any form is prohibited, except in  * the specific cases set out in the MCCodes Customer License.  *  * This code license may be used to run one (1) game.  * A game is defined as the set of users and other game database data,  * so you are permitted to create alternative clients for your game.  *  * If you did not obtain this code from MCCodes.com, you are in all likelihood  * using it illegally. Please contact MCCodes to discuss licensing options  * in this case.  *  * File: login.php  * Signature: 4a7c1670deb7175782714a27e72bfc16  * Date: Fri, 20 Apr 12 08:50:30 +0000  */ require_once('globals_nonauth.php'); $login_csrf = request_csrf_code('login'); print         <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>{$set['game_name']}</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="js/login.js"></script> <link href="css/login.css" type="text/css" rel="stylesheet" /> </head> <body onload="getme();"> <center> <table width="970" border="0" cellpadding="0" cellspacing="0" class="table2"> <tr> <td class="lgrad"></td> <td class="center"><img src="title.jpg" alt="Mccodes Version 2" /><br /> <!-- Begin Main Content --> EOF; $IP = str_replace(array('/', '\\', '\0'), '', $_SERVER['REMOTE_ADDR']); if (file_exists('ipbans/' . $IP)) {     die(             "<span style='font-weight: bold; color:red;'>             Your IP has been banned, there is no way around this.             </span></body></html>


<?php
/**
 * MCCodes Version 2.0.5b
 * Copyright (C) 2005-2012 Dabomstew
 * All rights reserved.
 *
 * Redistribution of this code in any form is prohibited, except in
 * the specific cases set out in the MCCodes Customer License.
 *
 * This code license may be used to run one (1) game.
 * A game is defined as the set of users and other game database data,
 * so you are permitted to create alternative clients for your game.
 *
 * If you did not obtain this code from MCCodes.com, you are in all likelihood
 * using it illegally. Please contact MCCodes to discuss licensing options
 * in this case.
 *
 * File: login.php
 * Signature: 4a7c1670deb7175782714a27e72bfc16
 * Date: Fri, 20 Apr 12 08:50:30 +0000
 */

require_once('globals_nonauth.php');
$login_csrf = request_csrf_code('login');
print
        <<<EOF
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>{$set['game_name']}</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/javascript" src="js/login.js"></script>
<link href="css/login.css" type="text/css" rel="stylesheet" />
</head>
<body onload="getme();">
<center>
<table width="970" border="0" cellpadding="0" cellspacing="0" class="table2">
<tr>
<td class="lgrad"></td>
<td class="center"><img src="title.jpg" alt="Mccodes Version 2" /><br />
<!-- Begin Main Content -->
EOF;
$IP = str_replace(array('/', '\\', '\0'), '', $_SERVER['REMOTE_ADDR']);
if (file_exists('ipbans/' . $IP))
{
    die(
            "<span style='font-weight: bold; color:red;'>
            Your IP has been banned, there is no way around this.
            </span></body></html>

 

This is incomplete - we are still missing the information we require to help you

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...