Global Login Checker

Everything todo with programming goes HERE.
Post Reply
User avatar
LOVER$BOY
Match Winner
Posts: 725
Joined: Thu Jan 24, 2008 12:46 pm
Contact:

Global Login Checker

Post by LOVER$BOY »

I'll post about this after getting approval from Z-Man.
Image

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Global Login Checker

Post by Light »

It's not that hard to make. I made one just for fun because you sparked my curiosity. The only thing I don't know is where the @forums and whatnot actually point. Custom ones that show the URL are easy enough though.

Just curious. What would this be useful for? It would open up issues like people being able to dictionary attack users, and I can't really see a use beyond that. Sorry to be negative, just my thought.

http://lightron.no-ip.org/gid.php
No, it doesn't log your info, but if you would like to be careful, just make an auth on my index quick and try it with that. :P

It doesn't work with @forums either. It should work with aagid, but I didn't try it. Also, it works with any that have the address as the authority.

User avatar
Z-Man
God & Project Admin
Posts: 11426
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Re: Global Login Checker

Post by Z-Man »

Didn't we already have code that does this in our own modules somewhere? And even a better one where the password hashing is done in JS on the user's browser, so they have in theory the chance to check whether their passwords are treated safely?

Nevertheless, I don't think this is a good idea. Not because I don't trust you or the code, but because I would not like to see players getting used to entering their passwords at random websites. Someone will try to abuse that.

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Global Login Checker

Post by Light »

I'm sure it could be hashed in JS, but I don't actually plan on using that. I was just curious what the point of one may be. Maybe to use auth's as a login to a forum or something, that's about the only thing I could come up with.

Yeah ... I make a lot of things that are completely useless to me. :P

User avatar
kyle
Reverse Outside Corner Grinder
Posts: 1867
Joined: Thu Jun 08, 2006 3:33 pm
Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
Contact:

Re: Global Login Checker

Post by kyle »

Z-Man wrote:Didn't we already have code that does this in our own modules somewhere? And even a better one where the password hashing is done in JS on the user's browser, so they have in theory the chance to check whether their passwords are treated safely?
Yes it is someplace on launchpad
Z-Man wrote:Nevertheless, I don't think this is a good idea. Not because I don't trust you or the code, but because I would not like to see players getting used to entering their passwords at random websites. Someone will try to abuse that.
Not even for a resource repository? I'm not compleatly done with it, but the plans are to link @forums accounts to the usernames that people had at one time. Also i want to allow configuration files to be uploaded.
Image

User avatar
Z-Man
God & Project Admin
Posts: 11426
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Re: Global Login Checker

Post by Z-Man »

kyle wrote:Not even for a resource repository? I'm not compleatly done with it, but the plans are to link @forums accounts to the usernames that people had at one time. Also i want to allow configuration files to be uploaded.
You guys can do what you want. I'd feel better if there was a big fat warning on the login page saying something like "YOU ARE GIVING US YOUR PASSWORD. WE COULD USE IT TO TAKE OVER YOUR ACCOUNTS. THINK!".
Of course, our users are already gullible as hell. Downloading and running native code from the net. Who knows what it does on their machines? And before you say, no, it being open source does not help. I could upload binaries based on modified sources and nobody would notice.

epsy
Adjust Outside Corner Grinder
Posts: 2006
Joined: Tue Nov 07, 2006 6:02 pm
Location: paris
Contact:

Re: Global Login Checker

Post by epsy »

You could do token-based authentication with an actual server as token provider. It's safe, doesn't require new things, but does not let you authenticate without armagetron installed. I think I could set up such a thing.

XzL.Smart
Round Winner
Posts: 216
Joined: Sun Apr 30, 2006 4:21 am
Location: Arizona

Re: Global Login Checker

Post by XzL.Smart »

There's been something like this on my website, http://tronner.com, for a long time now. users can log in to any authentication and view their stats n' stuff.
Image

User avatar
AI-team
Shutout Match Winner
Posts: 1021
Joined: Tue Jun 23, 2009 6:17 pm
Location: Germany/Munich
Contact:

Re: Global Login Checker

Post by AI-team »

Yeah I'm also not sure what's so special about that
  
 
"95% of people believe in every quote you post on the internet" ~ Abraham Lincoln
 
 

User avatar
kyle
Reverse Outside Corner Grinder
Posts: 1867
Joined: Thu Jun 08, 2006 3:33 pm
Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
Contact:

Re: Global Login Checker

Post by kyle »

Not anything special, it is just the security concerns of the way it works. But i did think it was "as secure as tron"
Image

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Global Login Checker

Post by Light »

Since nobody seems to have a problem with it, and nobody ever posted the result, I figured I may as well do it.

It doesn't use a prehashed password because I didn't feel like doing it both ways, in case they didn't have JS enabled. Not much of a difference in security though, because nobody checks what JS does on the page anyways, so I could do about anything I wanted.

// Attached. Code boxes suck here.
Attachments
authenticate.tar.gz
(1.26 KiB) Downloaded 112 times

User avatar
LOVER$BOY
Match Winner
Posts: 725
Joined: Thu Jan 24, 2008 12:46 pm
Contact:

Re: Global Login Checker

Post by LOVER$BOY »

Oops...

Forgot to mention... I've merged the global script into vertrex_website in launchpad. The script and all related filed are located here: http://bazaar.launchpad.net/~zodiacsohm ... d:/global/

I've actually based the script off exactly how it is done in the game code. Not to the exact point but I was able to bring out the near exact result. :)

The script is as simple as it can be although the usage it still up to the user. So, don't use it to steal passwords and stuff like that... :/

Anyway you got two options now. Either to use mine or the one that Light kindly scripted for all to use :)
Image

Post Reply