Created
April 1, 2012 12:35
-
-
Save sharkiller/2275090 to your computer and use it in GitHub Desktop.
XenForo Script for xAuth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Script for XenForo 1.X | |
Tested with: 1.0.X, 1.1.X | |
Created by: #SG# Sharkiller | |
Verion: 0.2 | |
*/ | |
############### | |
## Variables ## | |
############### | |
# Reject all connections exept this IP. | |
$remoteip = "127.0.0.1"; // Minecraft server IP | |
# Database info | |
$db_server = ''; | |
$db_user = ''; | |
$db_passwd = ''; | |
$db_name = ''; | |
# Name of the custom field of XenForo where the Minecraft nicknames are stored. | |
$field = 'MCUSER'; | |
# Minecraft nicks ignored from successful message | |
$ignore = array("admin1","admin2"); // Admin nicknames ignored from broadcast message on login. | |
############## | |
## Messages ## | |
############## | |
$msg = array( | |
"login_successful" => "§8%s §7has logged in. Forum account: §8%s", | |
"user_not_exist" => "§6§kasdasd§4 ¿The user exist? §6§kasdasd", | |
"player_not_exist" => "§4§kasdas§6 Nick not associated in forum. §4§kasdas", | |
"user_banned" => "§6§kasdasd§4 The user is banned. §6§kasdasd", | |
"wrong_data" => "§6Fail to read the user data. Contact an admin!", | |
"wrong_password" => "§4¡Wrong password! §6 Use §a/login forum-password" | |
); | |
//////////////////////////////////////////////// | |
// Don't change bellow this if you don't know // | |
//////////////////////////////////////////////// | |
#################### | |
## Security check ## | |
#################### | |
if(($_SERVER['REMOTE_ADDR'] != $remoteip && !isset($_SERVER['HTTPS'])) | |
|| !isset($_POST['pass']) || !isset($_POST['user']) || !isset($_POST['action'])) { | |
header("HTTP/1.0 403 Forbidden"); | |
die(); | |
} | |
############### | |
## FUNCTIONS ## | |
############### | |
$nickname = $_POST['user']; | |
$password = $_POST['pass']; | |
$action = $_POST['action']; | |
# Response message | |
function done($msg, $template = "ERROR\n%s"){ | |
global $mysqli; | |
printf($template, $msg); | |
$mysqli->close(); | |
exit; | |
} | |
# Ignore users from successfull message. | |
function ignore($nick){ | |
global $ignore; | |
if(in_array($nick, $ignore)) | |
return true; | |
else | |
return false; | |
} | |
################################ | |
## Only support login for now ## | |
################################ | |
# login, register, online, offline | |
if($action != "login"){ | |
header("HTTP/1.0 403 Forbidden"); | |
die(); | |
} | |
############### | |
## Code here ## | |
############### | |
# Init MySQL connection | |
$mysqli = new mysqli($db_server, $db_user, $db_passwd, $db_name); | |
# Obtain user data (UserID, DataBlob) from Minecraft Nickname. | |
$stmt = $mysqli->prepare("SELECT `data`, `user_id` FROM `xf_user_authenticate` WHERE `user_id` = (SELECT `user_id` FROM `xf_user_field_value` WHERE `field_value` = '$nickname' AND `field_id` = '$field') LIMIT 1") or done('MySQL Error 1'); | |
$stmt->execute(); | |
$stmt->bind_result($data, $user_id); | |
$success = $stmt->fetch(); | |
$stmt->close(); | |
# Check if a user have the nickname associated | |
if(!$success) | |
done($msg["player_not_exist"]); | |
# Obtain user data (Username, Ban Status) from UserID. | |
$stmt = $mysqli->prepare("SELECT `username`, `is_banned` FROM `xf_user` WHERE `user_id` = $user_id LIMIT 1") or done('MySQL Error 2'); | |
$stmt->execute(); | |
$stmt->bind_result($username, $is_banned); | |
$success = $stmt->fetch(); | |
$stmt->close(); | |
# Check if user exist | |
if(!$success) | |
done($msg["user_not_exist"]); | |
# Check if banned | |
if($is_banned == 1) | |
done($msg["user_banned"]); | |
# Check and read user data blob | |
if(preg_match("/\"([a-z0-9]{64})\".*\"([a-z0-9]{64})\"/", $data, $matches) == 0) | |
done($msg["wrong_data"]); | |
# Hashing password for XenForo | |
$hashforo = $matches[1]; | |
$salt = $matches[2]; | |
$hashpass = hash("sha256", hash("sha256", $password).$salt); | |
# Wrong password | |
if($hashforo != $hashpass) | |
done($msg["wrong_password"]); | |
# Login Successful | |
$message = ""; | |
if(!ignore($nickname)) | |
$message = printf($msg["login_successful"], $nickname, $username); | |
done($message, "YES\n%s"); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment