Twisted Posted April 19, 2020 Share Posted April 19, 2020 Hey all, Just brought the script and ive been having an issue with the authenticate.php, ive looked into the forums to try and find a fix with no luck, im new to coding and would like to get this working properly due to i prefer google chrome then microsoft edge. Any help ill appreciate it Quote Link to comment Share on other sites More sharing options...
Sim Posted April 20, 2020 Share Posted April 20, 2020 34 minutes ago, Twisted said: Hey all, Just brought the script and ive been having an issue with the authenticate.php, ive looked into the forums to try and find a fix with no luck, im new to coding and would like to get this working properly due to i prefer google chrome then microsoft edge. Any help ill appreciate it For what you spent on MCCodes, you would have been better off downloading gangster legends for free and just buying a few mods. For your answer, unfortunately I don't have any answer for you. 1 Quote Link to comment Share on other sites More sharing options...
Twisted Posted April 20, 2020 Author Share Posted April 20, 2020 damnnnnnn im partial to MCC just personal preference really, issue being I had ravan mafia script and I had to take it down as I recently found out its illegal 1 Quote Link to comment Share on other sites More sharing options...
Sim Posted April 20, 2020 Share Posted April 20, 2020 Message @ColdBlooded Quote Link to comment Share on other sites More sharing options...
MNG Posted April 20, 2020 Share Posted April 20, 2020 52 minutes ago, Sim said: For what you spent on MCCodes, you would have been better off downloading gangster legends for free and just buying a few mods. For your answer, unfortunately I don't have any answer for you. Gangster Legend Premium Quote Link to comment Share on other sites More sharing options...
Sim Posted April 20, 2020 Share Posted April 20, 2020 @MNG GL premium? Quote Link to comment Share on other sites More sharing options...
Dayo Posted April 20, 2020 Share Posted April 20, 2020 (edited) @Twisted it you contact @Dave i think he is the one supporting 2.0.6. Thanks Sim and MNG for advertising GL, but sometimes its not a right fit for certain types of games and that's cool, GL is there to provide an alternative not as a replacement 🙂 Edited April 20, 2020 by Dayo 3 Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted April 20, 2020 Share Posted April 20, 2020 More information required. Where exactly are you experiencing this? Can you provide the offending snippet of code? 1 Quote Link to comment Share on other sites More sharing options...
Dave Posted April 20, 2020 Share Posted April 20, 2020 Happy to help, if you can answer @Magictallguys questions about I can certainly help 🙂 Quote Link to comment Share on other sites More sharing options...
Twisted Posted April 20, 2020 Author Share Posted April 20, 2020 sorry for the late reply i just got back on here is the issue as far as i can see with a picture showing what happens require_once('globals_nonauth.php'); // Check CSRF input if (!isset($_POST['verf']) || !verify_csrf_code('login', stripslashes($_POST['verf']))) { die( "<h3>{$set['game_name']} Error</h3> Your request has expired for security reasons! Please try again.<br /> <a href='login.php'>> Back</a>"); } // Check username and password input $username = (array_key_exists('username', $_POST) && is_string($_POST['username'])) ? $_POST['username'] : ''; $password = (array_key_exists('password', $_POST) && is_string($_POST['password'])) ? $_POST['password'] : ''; if (empty($username) || empty($password)) { die( 1 Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 20, 2020 Share Posted April 20, 2020 I see you have a comment for checking the csrf token but I don’t see the code for that. Check your page for the csrf token function Quote Link to comment Share on other sites More sharing options...
Twisted Posted April 20, 2020 Author Share Posted April 20, 2020 Found it function request_csrf_code($formid) { // Generate the token $token = md5(mt_rand()); // Insert/Update it $issue_time = time(); $_SESSION["csrf_{$formid}"] = array('token' => $token, 'issued' => $issue_time); return $token; } /** * Request that an anti-CSRF verification code be issued for a particular form in the game, and return the HTML to be placed in the form. * @param string $formid A unique string used to identify this form to match up its submission with the right token. * @return string The HTML for the code issued to be added to the form. */ function request_csrf_html($formid) { return "<input type='hidden' name='verf' value='" . request_csrf_code($formid) . "' />"; } /** * Check the CSRF code we received against the one that was registered for the form - return false if the request shouldn't be processed... * @param string $formid A unique string used to identify this form to match up its submission with the right token. * @param string $code The code the user's form input returned. * @return boolean Whether the user provided a valid code or not */ function verify_csrf_code($formid, $code) { // Lookup the token entry // Is there a token in existence? if (!isset($_SESSION["csrf_{$formid}"]) || !is_array($_SESSION["csrf_{$formid}"])) { // Obviously verification fails return false; } else { // From here on out we always want to remove the token when we're done - so don't return immediately $verified = false; $token = $_SESSION["csrf_{$formid}"]; // Expiry time on a form? $expiry = 900; // hacky lol if ($token['issued'] + $expiry > time()) { // It's ok, check the contents $verified = ($token['token'] === $code); } // don't need an else case - verified = false // Remove the token before finishing unset($_SESSION["csrf_{$formid}"]); return $verified; } } hopefully thats what you need Quote Link to comment Share on other sites More sharing options...
Dave Posted April 21, 2020 Share Posted April 21, 2020 @Twisted this seems like it could be a session or hosting issue. Where are you hosting this script? Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 21, 2020 Share Posted April 21, 2020 I would also like to know if you have request_csrf_html('login') in your form somewhere as well. Quote Link to comment Share on other sites More sharing options...
Dave Posted April 21, 2020 Share Posted April 21, 2020 I've managed to register and login to your game with the domain shown in your screenshot successfully: https://mobkkitlamafia.com/ Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted April 21, 2020 Share Posted April 21, 2020 4 minutes ago, Dave said: I've managed to register and login to your game with the domain shown in your screenshot successfully: https://mobkkitlamafia.com/ Off topic but, Safari??? Quote Link to comment Share on other sites More sharing options...
Dave Posted April 21, 2020 Share Posted April 21, 2020 Just now, KyleMassacre said: Off topic but, Safari??? Yes it's the best browser for Mac 🙂 Chrome takes up too much resource and is still pretty buggy for an established browser. 1 Quote Link to comment Share on other sites More sharing options...
SwiftGameR Posted April 21, 2020 Share Posted April 21, 2020 On 4/20/2020 at 12:41 AM, Twisted said: Hey all, Just brought the script and ive been having an issue with the authenticate.php, ive looked into the forums to try and find a fix with no luck, im new to coding and would like to get this working properly due to i prefer google chrome then microsoft edge. Any help ill appreciate it Send me the authenticate file and i will have a look for you i am using v2.05b and it runs fine. Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted April 21, 2020 Share Posted April 21, 2020 In your login.php, is the CSRF token sent with the authenticate.php form? Quote Link to comment Share on other sites More sharing options...
Twisted Posted April 25, 2020 Author Share Posted April 25, 2020 the reason why you signed in was because i went back to my old scripts it was the new one i needed to try and fix :) Quote Link to comment Share on other sites More sharing options...
SwiftGameR Posted April 25, 2020 Share Posted April 25, 2020 21 hours ago, Twisted said: the reason why you signed in was because i went back to my old scripts it was the new one i needed to try and fix 🙂 Make sure the login is posting the verf as that is what is causing the issue can you post your login form for us would be much easier 😛 Quote Link to comment Share on other sites More sharing options...
Twisted Posted April 26, 2020 Author Share Posted April 26, 2020 3 hours ago, SwiftGameR said: Make sure the login is posting the verf as that is what is causing the issue can you post your login form for us would be much easier 😛 <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: login.php * Signature: 4a7c1670deb7175782714a27e72bfc16 * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('globals_nonauth.php'); $login_csrf = request_csrf_code('login'); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>{$set['game_name']}</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="js/login.js"></script> <link href="css/login.css" type="text/css" rel="stylesheet" /> </head> <body onload="getme();"> <center> <table width="970" border="0" cellpadding="0" cellspacing="0" class="table2"> <tr> <td class="lgrad"></td> <td class="center"><img src="title.jpg" alt="Mccodes Version 2" /><br /> <!-- Begin Main Content --> EOF; $IP = str_replace(array('/', '\\', '\0'), '', $_SERVER['REMOTE_ADDR']); if (file_exists('ipbans/' . $IP)) { die( "<span style='font-weight: bold; color:red;'> Your IP has been banned, there is no way around this. </span></body></html> Quote Link to comment Share on other sites More sharing options...
SwiftGameR Posted April 26, 2020 Share Posted April 26, 2020 (edited) @Twisted please place the code inside the code tags Edited April 26, 2020 by SwiftGameR Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted April 26, 2020 Share Posted April 26, 2020 2 hours ago, Twisted said: <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: login.php * Signature: 4a7c1670deb7175782714a27e72bfc16 * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('globals_nonauth.php'); $login_csrf = request_csrf_code('login'); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>{$set['game_name']}</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="js/login.js"></script> <link href="css/login.css" type="text/css" rel="stylesheet" /> </head> <body onload="getme();"> <center> <table width="970" border="0" cellpadding="0" cellspacing="0" class="table2"> <tr> <td class="lgrad"></td> <td class="center"><img src="title.jpg" alt="Mccodes Version 2" /><br /> <!-- Begin Main Content --> EOF; $IP = str_replace(array('/', '\\', '\0'), '', $_SERVER['REMOTE_ADDR']); if (file_exists('ipbans/' . $IP)) { die( "<span style='font-weight: bold; color:red;'> Your IP has been banned, there is no way around this. </span></body></html> <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: login.php * Signature: 4a7c1670deb7175782714a27e72bfc16 * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('globals_nonauth.php'); $login_csrf = request_csrf_code('login'); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>{$set['game_name']}</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="js/login.js"></script> <link href="css/login.css" type="text/css" rel="stylesheet" /> </head> <body onload="getme();"> <center> <table width="970" border="0" cellpadding="0" cellspacing="0" class="table2"> <tr> <td class="lgrad"></td> <td class="center"><img src="title.jpg" alt="Mccodes Version 2" /><br /> <!-- Begin Main Content --> EOF; $IP = str_replace(array('/', '\\', '\0'), '', $_SERVER['REMOTE_ADDR']); if (file_exists('ipbans/' . $IP)) { die( "<span style='font-weight: bold; color:red;'> Your IP has been banned, there is no way around this. </span></body></html> This is incomplete - we are still missing the information we require to help you Quote Link to comment Share on other sites More sharing options...
Twisted Posted April 27, 2020 Author Share Posted April 27, 2020 im confused what is missing Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.