search

games647 / FlexibleLogin

A Sponge minecraft server plugin for second factor authentication
https://forums.spongepowered.org/t/8872
MIT License
87 stars 23 forks source link

PHP Website using FlexibleLogin's Database #128

Open LeChevalierDOr opened 6 years ago

LeChevalierDOr commented 6 years ago

EN

Hello it's me again =). Is it possible via your plugin to register on a website? Let me explain: instead of doing a /register on the server is it possible to do this via a website (registration on the site pseudo + password). Thank you in advance.

FR

Bonjour c'est encore moi =). Est-il possible via votre plugin de faire l'enregistrement sur un site web ? Je m'explique : au lieu de faire un /register sur le serveur est t-il possible de faire ça via un site web (inscription sur le site pseudo + mot de passse). Merci d'avance.

games647 commented 6 years ago

Yes it's possible by using BCrypt. PHP supports BCrypt since 5.5 by default. You just have to use the password_hash and password_verify functions and connect PHP to the MySQL/MariaDB storage.

LeChevalierDOr commented 6 years ago

EN

Okay, can I have a sample php code? Also, which file should I configure to connect my MySQL database?

FR

Ok, je peux avoir un exemple de code php ? A aussi quel fichier je dois configurer pour connecter ma base MySQL ?

games647 commented 6 years ago

Also, which file should I configure to connect my MySQL database?

Your PHP code

Pseudo code:

  1. Configure the MySQL using constants including the FlexibleLogin database and table name (flexiblelogin_users)
  2. Fetch the UUID
    • in offline mode based on the playername -> here)
    • in online mode using the Mojang API
  3. Convert the UUID to binary (ref)
  4. Check if the user is registered by running MySQL query. 
    
$stmt = $mysqli->prepare('SELECT 1 FROM ' . self::FLEXIBLE_TABLE . ' WHERE UUID = UNHEX(?)');
$stmt->bind_param('s', $bin_uuid);
$stmt->execute();

//check result exists $registered = $stmt->fetch();

4. Hash the password
```PHP
$hash = password_hash($pass);
  1. Fetch and verify the requesting IP address ($_SERVER['REMOTE_ADDR'])
  2. Store it into the database 
    $stmt = $mysqli->prepare('INSERT INTO ' . self::FLEXIBLE_TABLE  . ' (UUID, Username, Password, IP) ' . 'VALUES (UNHEX(?), ?, ?, ?, INET6_ATON(?))');
$stmt->bind_param('sssss', $bin_uuid, $username, $hash, $ip);
return $stmt->execute();
  3. Always checks for error to fail safely (i.e. errors on two register requests for the same account at the same time)
Taurenboy commented 4 years ago

Hi there, I'm new here and I'll very happy if you can help me. I'm trying to do the same but I don't want to use the UUID. I have a Database(already connected to the pluggin and working) but I just want that people login using Username and Password(hashed too). Could you help me with this? what files should I change? Thanks a lot for reading.