-
-
Save radie1230/8474462 to your computer and use it in GitHub Desktop.
Fork of Sharkiller's script to authenticate user logins between a Bukkit Minecraft server and a Xenforo forum's user database. In this fork, it no longer decrypts the password from user data in the MySQL database. As the structure of the Xenforo database changed with the latest update, this method uses Xenforo's framework so that in case of futu…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Script for XenForo 1.X | |
Tested with: 1.2.4 | |
Created by: #SG# Sharkiller | |
Forked by: radie1230 | |
Verison: 0.2.1 | |
*/ | |
############### | |
## Variables ## | |
############### | |
# Reject all connections exept this IP. | |
$secret = "changeme"; //Password needed to use this script | |
# Database info | |
$db_server = 'localhost'; | |
$db_user = ''; | |
$db_passwd = ''; | |
$db_name = ''; | |
# Name of the custom field of XenForo where the Minecraft nicknames are stored. | |
// Here Sharkiller had the option to add the players in-game username as an alias in the profile information. | |
// But my for my server, the usernames of the players on the forums match those in-game so it became irrelevant. | |
// The MySQL lookup has been changed for this too, you might want to go back and adopt his method if that is what you require. | |
#$field = 'username'; | |
# Minecraft nicks ignored from successful message | |
$ignore = array("admin1","admin2"); // Admin nicknames ignored from broadcast message on login. | |
############## | |
## Messages ## | |
############## | |
$msg = array( | |
"login_successful" => "§8%s §7has logged in. Forum account: §8%s", | |
"user_not_exist" => "§6§kasdasd§4 Does the user exist? §6§kasdasd", | |
"player_not_exist" => "§4§kasdas§6 Nick not associated in forum. §4§kasdas", | |
"user_banned" => "§6§kasdasd§4 The user is banned. §6§kasdasd", | |
"wrong_data" => "§6Failed to read the user data. Contact an admin!", | |
"wrong_password" => "§4Wrong password! §6 Use §a/login forum-password" | |
); | |
//////////////////////////////////////////////// | |
// Don't change bellow this if you don't know // | |
//////////////////////////////////////////////// | |
#################### | |
## Security check ## | |
#################### | |
//Restrict access to localhost | |
//Removing Restrictions | |
############### | |
## FUNCTIONS ## | |
############### | |
$nickname = $_POST['user']; | |
$password = $_POST['pass']; | |
$action = $_POST['action']; | |
# Response message | |
function done($msg, $template = "ERROR\n%s"){ | |
global $mysqli; | |
printf($template, $msg); | |
$mysqli->close(); | |
exit; | |
} | |
# Ignore users from successfull message. | |
function ignore($nick){ | |
global $ignore; | |
if(in_array($nick, $ignore)) | |
return true; | |
else | |
return false; | |
} | |
################################ | |
## Only support login for now ## | |
################################ | |
# login, register, online, offline | |
//Removing Restrictions | |
############### | |
## Code here ## | |
############### | |
# Init MySQL connection | |
$mysqli = new mysqli($db_server, $db_user, $db_passwd, $db_name); | |
# Obtain user data (UserID, DataBlob) from Minecraft Nickname. | |
$stmt = $mysqli->prepare("SELECT `data`, `user_id` FROM `xf_user_authenticate` WHERE `user_id` = (SELECT `user_id` FROM `xf_user` WHERE `username` = '$nickname') LIMIT 1") or done('MySQL Error 1'); | |
$stmt->execute(); | |
$stmt->bind_result($data, $user_id); | |
$success = $stmt->fetch(); | |
$stmt->close(); | |
# Check if a user have the nickname associated in the forum | |
if(!$success) | |
done($msg["player_not_exist"]); | |
# Obtain user data (Username, Ban Status) from UserID. | |
$stmt = $mysqli->prepare("SELECT `username`, `is_banned` FROM `xf_user` WHERE `user_id` = $user_id LIMIT 1") or done('MySQL Error 2'); | |
$stmt->execute(); | |
$stmt->bind_result($username, $is_banned); | |
$success = $stmt->fetch(); | |
$stmt->close(); | |
# Check if user exist | |
if(!$success) | |
done($msg["user_not_exist"]); | |
# Check if banned | |
if($is_banned == 1) | |
done($msg["user_banned"]); | |
# Check password | |
// | |
// The next part sends a HTTP POST to the remote forum website for authentication of the credentials passed along. | |
// As if signing in through login form from browser. | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_URL,"http://yourwebsite.com/index.php?login/login"); | |
curl_setopt($ch, CURLOPT_POST, 1); | |
curl_setopt($ch, CURLOPT_POSTFIELDS, | |
http_build_query(array('login' => $nickname, 'password' => $password))); | |
// receive server response ... | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |
$response = curl_exec ($ch); | |
curl_close ($ch); | |
# Login Failed | |
// Will only receive response if there is an error with the credentials | |
if($response) | |
done($msg["wrong_password"]); | |
# Login Successful | |
// As no response is received, the server is trying to pass you through, here it can be assumed the credentials have been verified | |
if (!$response) | |
$message = sprintf($msg["login_successful"], $nickname, $username); | |
done($message, "YES\n%s"); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how to i do this with pocket mine