Jump to content

Lua Tutorial - System Login and Register Online PHP and Lua


DarkingCheater
 Share

Recommended Posts

Useless, everyone easily can see and access your file uploaded in public_html folder.

gg.makeRequest API cant work on file with permission access. So, you cant cover your vip scripts code.

Link to comment
Share on other sites

NICE ... I did a similar system, but it was not 100% safe for scripting codes, maybe my lack of study and ability.
I really liked it, congratulations.

whisper:"parabéns brother,não é só os estrangeiros que manjam dos paranauês kkkk"
 

Link to comment
Share on other sites

  • 2 weeks later...
On 1/17/2019 at 9:21 PM, noblack said:

SQL leak exploit comes.

BANG

Ur DB are Dead

*There's have a way to fix, but I'm not gonna tell ya ?

 Man, I also know I do not need you to speak the purpose of this tutorial is PHP LOGIN not how to protect your file you expect to know differentiate one thing from the other ??

_______________________________________________
added 1 minute later
On 1/17/2019 at 3:24 PM, bukandewa said:

Useless, everyone easily can see and access your file uploaded in public_html folder.

gg.makeRequest API cant work on file with permission access. So, you cant cover your vip scripts code.

 Just create an index.php I think you did not have the proper knowledge to know this, but that's fine.

Link to comment
Share on other sites

19 minutes ago, DarkingCheater said:

 Man, I also know I do not need you to speak the purpose of this tutorial is PHP LOGIN not how to protect your file you expect to know differentiate one thing from the other ??

_______________________________________________
added 1 minute later

 Just create an index.php I think you did not have the proper knowledge to know this, but that's fine.

How about a ddos or cc

YOUR WEBSITE IS DEAD

_______________________________________________
added 1 minute later

Btw, i can do cracking to username and password.

It's so easy to crack.

Link to comment
Share on other sites

58 minutes ago, noblack said:

How about a ddos or cc

YOUR WEBSITE IS DEAD

_______________________________________________
added 1 minute later

Btw, i can do cracking to username and password.

It's so easy to crack.

 Wow are you able to cracking for username and password in free domain Our you are very good at ?????

Link to comment
Share on other sites

nice, idea, I Use a database to store my Donor passwords in, a more secure way to do this would be to have your script data stored in a database and once password and username are matched against the database have the page you are querying return the code for the script and then load the content as lua into the script.

I will be doing exactly that once someone gets around my current setup.

 

Also log device ID's for each password so if you see a big list of ID's you know who is sharing their password

Edited by BadCase
Link to comment
Share on other sites

50 minutes ago, BadCase said:

Also log device ID's for each password so if you see a big list of ID's you know who is sharing their password

That's good idea, but how are you going to generate those IDs?

Link to comment
Share on other sites

  • Moderators
54 minutes ago, BadCase said:

nice, idea, I Use a database to store my Donor passwords in, a more secure way to do this would be to have your script data stored in a database and once password and username are matched against the database have the page you are querying return the code for the script and then load the content as lua into the script.

I will be doing exactly that once someone gets around my current setup.

 

Also log device ID's for each password so if you see a big list of ID's you know who is sharing their password

Yea, script could definitely check device id, and you can log device id with password that was attempted. Once it's been done once (the first time) you could probably consider that a "pair" and cannot be used by another id unless user contacts you.

So now people don't have to find this info and give you it and you pair it. 

Script that only acts as the ability to call everything on server is good. And for those arguing the need for internet connection, a script for an offline game would be waste of time. The games worth scripting require internet as it is.

Link to comment
Share on other sites

11 minutes ago, CmP said:

That's good idea, but how are you going to generate those IDs?

I am not sure if you can retrieve the Device ID in script but if not I think the best way would be to read /system/build.prop and any other files that store values unique to the device type at the very least

and to generate a relatively unique ID from a combination of the info there, that way even if you cant get the actual device id it will add entries for every different device type that uses the password and in php you can script that if the number of ID's exceeds say 5 devices the password will be disabled.

_______________________________________________
added 3 minutes later
7 minutes ago, NoFear said:

Script that only acts as the ability to call everything on server is good. And for those arguing the need for internet connection, a script for an offline game would be waste of time. The games worth scripting require internet as it is.

most people are just freaked out by Enyby's scary warning lol

Link to comment
Share on other sites

11 minutes ago, NoFear said:

Yea, script could definitely check device id, and you can log device id with password that was attempted. Once it's been done once (the first time) you could probably consider that a "pair" and cannot be used by another id unless user contacts you.

This approach looks good, but it won't guarantee protection against leechers. With some knowledge a potential leecher can easily get "ID" that is generated for his device, then just share this ID and the password to someone else. After this, "someone else" will be able to use the script by modifying "makeRequest" function to perform a "valid" (with correct ID and password) request to the server. The "leecher" even won't need to be bothered by how the ID and the request is generated, because simple modification of "makeRequest" function to print received arguments will do everything for him.

Link to comment
Share on other sites

13 minutes ago, CmP said:

This approach looks good, but it won't guarantee protection against leechers. With some knowledge a potential leecher can easily get "ID" that is generated for his device, then just share this ID and the password to someone else. After this, "someone else" will be able to use the script by modifying "makeRequest" function to perform a "valid" (with correct ID and password) request to the server. The "leecher" even won't need to be bothered by how the ID and the request is generated, because simple modification of "makeRequest" function to print received arguments will do everything for him.

used in combination with things like logging the IP or other values which would be handled server side im fairly confident that they would not be able to bypass it

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.