• Advertisement

Archived

This topic is now archived and is closed to further replies.

How do i do an account/password check system?

This topic is 6208 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

How would i set up a server so that it..... 1)The client sends his username and the server seaches through a database to confirm it 2)When the client sends the password it confirms that the password belongs to that username! I need this as simple as possible so i can easily add and remove usernames and passwords at my discretion!

Share this post


Link to post
Share on other sites
Advertisement
Well, This all depends on what sort of database you will be using.

SQL, Access, Pandora, Oracle, CSV, Text, Excel, etc etc etc.

Personally I use SQL and I just use the ADO object to access the DB and then I just perform a Query "SELECT Password From UserDB Where Username=''''"

If it reutnrs anything then the Username is valid, now I check to see if the password matches the one returned from the Database, if that is true then they are logged in otherwise I send a error message back and disconnect them.

Share this post


Link to post
Share on other sites
1) what''s the difference between these methods
2) besides access,excel, and text how much $ do they cost?
3) Which one''s the easiest to program with?

Share this post


Link to post
Share on other sites
I can make a Java or Perl script that would do this on the client side for a fair price. Email me at adtomi@popmail.com.

Share this post


Link to post
Share on other sites
Yes I am quite aware of this as I said that the client would SEND the password to the server!

Share this post


Link to post
Share on other sites
I simply send the username password from the client to the server. The server then assembles a file name out of them and if the file exists it opens it and if it doesn''t it''ll send back a message to have the program exit.

Cost = free.

There''s a few things you''ll need to do to keep people from stealing login information but it''s nothing difficult. Don''t use even the username within the game world and keep your server secure.

SQL server is a really good idea but it''s $2000 to beable to use it for anything other than development. I may eventually use it but I''m going to wait and see how the current system holds up.

Ben
http://therabbithole.redback.inficad.com

Share this post


Link to post
Share on other sites
Yes this is waht i want to do but my book on c++ only tells how to open files using the sequential method and that''s no good plus it prolly hard to do this with it cause i don''t know how to make it that it looks for a filename with the user''s name. If you could send me that part of your code or a sample or something i''d apprecieate it.

By your second thing I think you are saying don''t use the username within the game correct? Well i think i''m going to set it up like other MMORPGs that you can set up multiple chars on one account since i don''t want people having more then one account! Then the only ones who can see the actual username is the Admins.

Share this post


Link to post
Share on other sites
Kalldrex, I was talking to Nitro123 .

If you want to try to open a file that you don't know exists, just try to open it, if the call fails, then say that the password/user name was incorrect:
    
bool CheckNamePWord(char *name, char *pword, unsigned int psize) {
char filepath[260];
sprintf(filepath,"AC_%s\\login.inf",name);
FILE *fp = fopen(filepath,"rb");
if(fp!=NULL) {
/* Now we know that file exists, so let's encrypt the password that was provided with whatever encryption you use */
for(unsigned int a=0; a<psize; a++) {
if(fgetc(fp)!=pword[a]) {
fclose(fp);
return false;
}
}
// Well the account exists, and the pword is correct, so return that it worked out

fclose(fp);
return true;
}
return false;
}

There are probably tons of ways to even make that secure, but I hope it conveys what my idea is at least .

[EDIT: fix my code a little ]



http://www.gdarchive.net/druidgames/


Edited by - Null and Void on February 16, 2001 8:22:38 PM

Share this post


Link to post
Share on other sites
I don''t have anything to add to this... I do however have a comment.

The code submitted by Null and Void is at the very root how game programmers need to think. Given a problem; you need to come up with a solution. The solution should be simple and concise which is exactly what has been provided in the example code.

I love to see this kind of thinking...

Game On,


Dave "Dak Lozar" Loeser

Share this post


Link to post
Share on other sites
fstream.h should be all you need for file i/o

encryption isn''t neccessary unless your worried about someone getting access to your hd directly. Once the client sends the information you can clear it from their memory.

For Vendetta On-line you get a first, last and middle name as well as five aliases. One character per account but you can vary your look based on what you wear. They choose the username but we choose the password and e-mail it to them. That way there is no way that anyone knows anyone''s username. We can change the password on request pretty quickly.

sorry can''t post source. But the source that was posted gives you a good idea.

http://www.vendettaonline.net is finally updated so check it out. It''s THE official site. Screenshots are old but other than that the features are current and everything else.

Ben
http://therabbithole.redback.inficad.com




Share this post


Link to post
Share on other sites
I didn''t include any encryption so that my code stayed pretty clear. I don''t have any good ideas on how you would encrypt the files anyway (given that the user is the one we''re mistrusting, instead of trusting in this case). You could do something really odd with a user ID+Name+PWord encryption, as long as it isn''t reversable, that would be decently effective.

Of course, if someone gains access to your server''s HD, something is very wrong, heh.



http://www.gdarchive.net/druidgames/

Share this post


Link to post
Share on other sites
Don''t send the password! First hash-code the password and send the hash-number. That way no one can fiqure from the hash-number, what your password is.

I hope u know what I mean by hash-coding..

Share this post


Link to post
Share on other sites
Surely if you only send the hash code, then all a third party could intercept this, and themselves only send the hash code, so you are back where you started.

A better idea would be to send the password with public key encryption. Have the server send the client some info encrypted with the client''s key, the client decrypt''s this, combines what was sent with their password, then encrypts this with the server''s key and send''s it back.

Share this post


Link to post
Share on other sites
How would a hacker go about intercepting messages? Does it require a trojan? Or can they do it without ever compromising their victim''s computer.

If it requires a trojan than I don''t really have to worry about it. The computer the server actually runs on is on a network computer with a secondary firewall and isn''t used for anything else.

It would then just be up to the users to keep their machine clean and change their password regularly.

Ben
http://therabbithole.redback.inficad.com
http://www.vendettaonline.net

Share this post


Link to post
Share on other sites
I was thinking and why would i need to encrypt or even send the passwrod to the client? Think about it all I would need to do is have the client send a username and password and the server just sends the cleint a message if the info was correct or not! Also I don''t know how safe it is but i think we''re going to use encrypted Back Orifice 2k in order to remotely control our server but If any of you have a better idea then please i would love to know!

What''s hash-coding?

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
NOTHING IS SAVE don''t give newbies the idea there would be anyway to make something safe the only thing you can realy do is make the holes smaller so only people that aren''t interested in cracking your game or whatever are left with the skills to do so
by the way it''s the term to what you call hacker is really cracker there are lot''s of people that really get upset pretty fas if people start ranting hackers hacked www.whatever.com
cuz it''s really crackers cracked or scriptkiddies ...

Share this post


Link to post
Share on other sites
Can anyone help me debug this code?
  
#include <iostream.h>
#include <fstream.h>
void main()
{
char username[25];
char password[25];
cout <<"Account/Password test program\nBy: Matthew Shapiro";
cout <<"\n\nPlease enter your username: ";
cin >>username;
cout <<"\nPlease enter your password: ";
cin >>password;
cout <<"\nUsername: "<<username;
cout <<"\nPassword: "<<password;
cout <<"\nChecking information";
bool CheckNamePWord(char *username, char *password, unsigned int psize)
{
char filepath[260];
sprintf(filepath,"AC_%s\\login.inf",username);
FILE *fp = fopen(filepath,"rb"); if(fp!=NULL)
{
/* Now we know that file exists, so let''s encrypt the password that was provided with whatever encryption you use */
for(unsigned int a=0; a<psize; a++)
{ if(fgetc(fp)!=password[a])
{ fclose(fp);
return false;
}
}
// Well the account exists, and the pword is correct, so return that it worked out

fclose(fp);
return true;
}
return false;
}

}

it''s giving me this one error:
E:\Programming\Test\acctpass.cpp(16) : error C2601: ''CheckNamePWord'' : local function definitions are illegal

Share this post


Link to post
Share on other sites
Also what about if i made a structure for each account and each character which would store their x,y position, items, etc... This would save processing power instead of opening files but will they stay the same if the server reboots or crashes etc?

Share this post


Link to post
Share on other sites
Question. Is there a way to read a MS access database and do the account/password system this way cause this would be so much easier!

Share this post


Link to post
Share on other sites
  
#include <stdio.h>
#include <string.h>

bool CheckNamePWord(char *username, char *password, unsigned int psize) {
char filepath[260];
sprintf(filepath,"AC_%s\\login.inf",username);
FILE *fp = fopen(filepath,"rt");
if(fp!=NULL) {
for(unsigned int a=0; a<psize; a++) {
if(fgetc(fp)!=password[a]) {
fclose(fp);
return false;
}
}
fclose(fp);
return true;
}
return false;
}

int main(void) {
char username[100];
char password[100];

printf("Please enter your user name: ");
fflush(stdin);
fgets(username,100,stdin);
username[strlen(username)-1] = ''\0'';
printf("Please enter your password: ");
fflush(stdin);
fgets(password,100,stdin);
password[strlen(password)-1] = ''\0'';

if(CheckNamePWord(username, password, strlen(password)) {
printf("Login information was correct.");
} else {
printf("Your password or user name was incorrect.");
}

return 0;
}




http://www.gdarchive.net/druidgames/

Share this post


Link to post
Share on other sites
Thanks for the advice but I like challenging myself :p. Actully opening and closing files I haven''t learned yet though i will need to learn ti to store information.

BTW what files do i create? like if my username is kalldrex the it would be AC_kalldrex.??? I can''t tell what that \\\login.inf is for.

Heh i also have a lot of time cause my friend has to learn how to use our 3d engine and so I also can''t do anything till he gets a working client working!

Once i get passed this part It will be a lot easier cause mostly all i have to do is scripts and stuff! This is right now the hardest part of my part of the game. Heh i''ll never give up

Share this post


Link to post
Share on other sites

  • Advertisement