1. Ce site utilise des "témoins de connexion" (cookies) conformes aux textes de l'Union Européenne. Continuer à naviguer sur nos pages vaut acceptation de notre règlement en la matière. En savoir plus.

Résolu Configurer authme

Discussion dans 'Demandes de scripts' démarrée par Hyper_Shadow, 17 Janvier 2017.

  1. Hyper_Shadow
    Offline

    Hyper_Shadow Voyageur

    Inscrit depuis le :
    23 Décembre 2016
    Messages :
    6
    "J'aime" reçus :
    0
    Points de Trophée :
    1
    Sexe :
    Masculin
    Lieu de résidence :
    Toulouges
    Lier le site au serveur avec authme

    Bonjours,
    J'aimerai lier le site à mon serveur avec le plugin authme, pour mieux expliquer, j'aimerai qu'un joueur pour pouvoir ce connecter sur le serveur, doit déjà être inscrit sur le site, et le mot de passe qu'il a inscrit sur le site, serai le même à inscrire sur le serveur, lorsqu'il ce connecte.

    Je suis sur un serveur dédié chez OVH, donc je n'ai aucun problème pour faire communiquer le site et le serveur avec une même base de donnée MySQL, j'ai la version 1.13 de ExtazCMS, la version de ma base de donnée MySQL est la 5.5.53 et la version PHP est 5.6.29.

    Voici un aperçu de mon fichier de config du plugin authme si cela peut aidé (j'ai changer par des * les adresses, identifiants et mot de passes):

    Code:
    DataSource:
        # What type of database do you want to use?
        # Valid values: sqlite, mysql
        backend: mysql
        # Enable database caching, should improve database performance
        caching: true
        # Database location
        mySQLHost: ***********
        # Database Port
        mySQLPort: '3306'
        # Username about Database Connection Infos
        mySQLUsername: ********
        # Password about Database Connection Infos
        mySQLPassword: '************'
        # Database Name, use with converters or as SQLITE database name
        mySQLDatabase: *********
        # Table of the database
        mySQLTablename: authme
        # Column of IDs to sort data
        mySQLColumnId: id
        # Column for storing or checking players nickname
        mySQLColumnName: username
        # Column for storing players passwords
        mySQLColumnPassword: password
        # Column for storing players emails
        mySQLColumnEmail: email
        # Column for Saving if a player is logged in or not
        mySQLColumnLogged: isLogged
        # Column for storing players IPs
        mySQLColumnIp: ip
        # Column for storing players lastlogins
        mySQLColumnLastLogin: lastlogin
        # Column for SaveQuitLocation - X
        mySQLlastlocX: x
        # Column for SaveQuitLocation - Y
        mySQLlastlocY: y
        # Column for SaveQuitLocation - Z
        mySQLlastlocZ: z
        # Column for SaveQuitLocation - World name
        mySQLlastlocWorld: world
        # Column for RealName
        mySQLRealName: realname
    settings:
        # The name shown in the help messages.
        helpHeader: AuthMeReloaded
        sessions:
            # Do you want to enable the session feature?
            # If enabled, when a player authenticates successfully,
            # his IP and his nickname is saved.
            # The next time the player joins the server, if his IP
            # is the same of the last time, and the timeout time
            # hasn't expired, he will not need to authenticate.
            enabled: false
            # After how many minutes a session should expire?
            # Consider that session will end only after the timeout time, and
            # if the player's ip has changed but the timeout hasn't expired,
            # player will be kicked out of sever due to invalidSession!
            timeout: 10
            # Should the session expire if the player try to login with an
            # another IP Address?
            sessionExpireOnIpChange: true
        restrictions:
            # Can not authenticated players chat and see the chat log?
            # Care that this feature blocks also all the commands not
            # listed in the list below.
            allowChat: false
            # Can not authenticated players see the chat log?
            hideChat: false
            # Commands allowed when a player is not authenticated
            allowCommands:
            - /login
            - /register
            - /l
            - /reg
            - /email
            - /captcha
            # Max number of allowed registrations per IP (default: 1)
            maxRegPerIp: 1
            # Max allowed username length
            maxNicknameLength: 16
            # When this setting is enabled, online players can't be kicked out
            # due to "Logged in from another Location"
            # This setting will prevent potetial security exploits.
            ForceSingleSession: true
            ForceSpawnLocOnJoin:
                # If enabled, every player will be teleported to the world spawnpoint
                # after successful authentication.
                # The quit location of the player will be overwritten.
                # This is different from "teleportUnAuthedToSpawn" that teleport player
                # back to his quit location after the authentication.
                enabled: true
                # WorldNames where we need to force the spawn location
                # Case-sensitive!
                worlds:
                - 'lobby'
            # This option will save the quit location of the players.
            SaveQuitLocation: false
            # To activate the restricted user feature you need
            # to enable this option and configure the
            # AllowedRestrctedUser field.
            AllowRestrictedUser: false
            # The restricted user feature will kick players listed below
            # if they don't match of the defined ip address.
            # Example:
            #   AllowedRestrictedUser:
            #   - playername;127.0.0.1
            AllowedRestrictedUser: []
            # Should unregistered players be kicked immediately?
            kickNonRegistered: false
            # Should players be kicked on wrong password?
            kickOnWrongPassword: false
            # Should not logged in players be teleported to the spawn?
            # After the authentication they will be teleported back to
            # their normal position.
            teleportUnAuthedToSpawn: true
            # Minimum allowed nick length
            minNicknameLength: 4
            # Can unregistered players walk around?
            allowMovement: false
            # Should not authenticated players have speed = 0?
            # This will reset the fly/walk speed to default value after the login.
            removeSpeed: true
            # After how many time players who fail to login or register
            # should be kicked? Set to 0 to disable.
            timeout: 30
            # Regex sintax of allowed characters in the player name.
            allowedNicknameCharacters: '[a-zA-Z0-9_]*'
            # How far can unregistered players walk? Set to 0
            # for unlimited radius
            allowedMovementRadius: 100
            # Enable double check of password when you register
            # when it's true, registration require that kind of command:
            # /register <password> <confirmPassword>
            enablePasswordConfirmation: true
            # Should we protect the player inventory before logging in? Requires ProtocolLib.
            ProtectInventoryBeforeLogIn: true
            # Should we deny the tabcomplete feature before logging in? Requires ProtocolLib.
            DenyTabCompleteBeforeLogin: true
            # Should we display all other accounts from a player when he joins?
            # permission: /authme.admin.accounts
            displayOtherAccounts: true
            # Ban ip when the ip is not the ip registered in database
            banUnsafedIP: false
            # Spawn Priority, Values : authme, essentials, multiverse, default
            spawnPriority: authme,essentials,multiverse,default
            # Maximum Login authorized by IP
            maxLoginPerIp: 0
            # Maximum Join authorized by IP
            maxJoinPerIp: 0
            # AuthMe will NEVER teleport players !
            noTeleport: false
            # Regex syntax for allowed Chars in passwords.
            allowedPasswordCharacters: '[\x21-\x7E]*'
            # Keeps collisions disabled for logged players
            # Works only with MC 1.9
            keepCollisionsDisabled: false
        GameMode:
            # ForceSurvivalMode to player when join ?
            ForceSurvivalMode: false
        security:
            # Minimum length of password
            minPasswordLength: 5
            # Maximum length of password
            passwordMaxLength: 30
            # this is very important options,
            # every time player join the server,
            # if they are registered, AuthMe will switch him
            # to unLoggedInGroup, this
            # should prevent all major exploit.
            # So you can set up on your Permission Plugin
            # this special group with 0 permissions, or permissions to chat,
            # or permission to
            # send private message or all other perms that you want,
            # the better way is to set up
            # this group with few permissions,
            # so if player try to exploit some account,
            # they can
            # do anything except what you set in perm Group.
            # After a correct logged-in player will be
            # moved to his correct permissions group!
            # Pay attention group name is case sensitive,
            # so Admin is different from admin,
            # otherwise your group will be wiped,
            # and player join in default group []!
            # Example unLoggedinGroup: NotLogged
            unLoggedinGroup: unLoggedinGroup
            # possible values: MD5, SHA1, SHA256, WHIRLPOOL, XAUTH, MD5VB, PHPBB,
            # MYBB, IPB3, IPB4, PHPFUSION, SMF, XENFORO, SALTED2MD5, JOOMLA, BCRYPT, WBB3, SHA512,
            # DOUBLEMD5, PBKDF2, PBKDF2DJANGO, WORDPRESS, ROYALAUTH, CUSTOM(for developpers only)
            passwordHash: SHA256
            # salt length for the SALTED2MD5 MD5(MD5(password)+salt)
            doubleMD5SaltLength: 8
            # If password checking return false, do we need to check with all
            # other password algorithm to check an old password?
            # AuthMe will update the password to the new passwordHash!
            supportOldPasswordHash: false
            # Cancel unsafe passwords for being used, put them on lowercase!
            #unsafePasswords:
            #- '123456'
            #- 'password'
            unsafePasswords:
            - '123456'
            - 'password'
            - 'qwerty'
            - '12345'
            - '54321'
            - '123456789'
        registration:
            # enable registration on the server?
            enabled: true
            # Send every X seconds a message to a player to
            # remind him that he has to login/register
            messageInterval: 5
            # Only registered and logged in players can play.
            # See restrictions for exceptions
            force: true
            # Do we replace password registration by an email registration method?
            enableEmailRegistrationSystem: false
            # Enable double check of email when you register
            # when it's true, registration require that kind of command:
            # /register <email> <confirmEmail>
            doubleEmailCheck: false
            # Do we force kicking player after a successful registration?
            # Do not use with login feature below
            forceKickAfterRegister: false
            # Does AuthMe need to enforce a /login after a successful registration?
            forceLoginAfterRegister: false
        unrestrictions:
            # below you can list all account names that
            # AuthMe will ignore for registration or login, configure it
            # at your own risk!! Remember that if you are going to add
            # nickname with [], you have to delimit name with ' '.
            # this option add compatibility with BuildCraft and some
            # other mods.
            # It is CaseSensitive!
            UnrestrictedName: []
        # Message language, available : en, de, br, cz, pl, fr, ru, hu, sk, es, zhtw, fi, zhcn, lt, it, ko, pt
        messagesLanguage: fr
        # Force these commands after /login, without any '/', use %p for replace with player name
        forceCommands: []
        # Force these commands after /login as a server console, without any '/', use %p for replace with player name
        forceCommandsAsConsole: []
        # Force these commands after /register, without any '/', use %p for replace with player name
        forceRegisterCommands: []
        # Force these commands after /register as a server console, without any '/', use %p for replace with player name
        forceRegisterCommandsAsConsole: []
        # Do we need to display the welcome message (welcome.txt) after a login?
        # You can use colors in this welcome.txt + some replaced strings:
        # {PLAYER}: player name, {ONLINE}: display number of online players, {MAXPLAYERS}: display server slots,
        # {IP}: player ip, {LOGINS}: number of players logged, {WORLD}: player current world, {SERVER}: server name
        # {VERSION}: get current bukkit version, {COUNTRY}: player country
        useWelcomeMessage: true
        # Do we need to broadcast the welcome message to all server or only to the player? set true for server or false for player
        broadcastWelcomeMessage: false
        # Should we delay the join message and display it once the player has logged in?
        delayJoinMessage: false
        # Should we remove the leave messages of unlogged users?
        removeUnloggedLeaveMessage: false
        # Should we remove join messages altogether?
        removeJoinMessage: false
        # Should we remove leave messages altogether?
        removeLeaveMessage: false
        # Do we need to add potion effect Blinding before login/register?
        applyBlindEffect: false
        # Do we need to prevent people to login with another case?
        # If Xephi is registered, then Xephi can login, but not XEPHI/xephi/XePhI
        preventOtherCase: false
        # Log level: INFO, FINE, DEBUG. Use INFO for general messages,
        # FINE for some additional detailed ones (like password failed),
        # and DEBUG for debug messages
        logLevel: 'FINE'
        # By default we schedule async tasks when talking to the database
        # If you want typical communication with the database to happen synchronously, set this to false
        useAsyncTasks: true
    ExternalBoardOptions:
        # MySQL column for the salt, needed for some forum/cms support
        mySQLColumnSalt: ''
        # MySQL column for the group, needed for some forum/cms support
        mySQLColumnGroup: ''
        # -1 mean disabled. If u want that only
        # activated player can login in your server
        # u can put in this options the group number
        # of unactivated user, needed for some forum/cms support
        nonActivedUserGroup: -1
        # Other MySQL columns where we need to put the Username (case sensitive)
        mySQLOtherUsernameColumns: []
        # How much Log to Round needed in BCrypt(do not change it if you do not know what's your doing)
        bCryptLog2Round: 10
        # phpBB prefix defined during phpbb installation process
        phpbbTablePrefix: 'phpbb_'
        # phpBB activated group id, 2 is default registered group defined by phpbb
        phpbbActivatedGroupId: 2
        # WordPress prefix defined during WordPress installation process
        wordpressTablePrefix: 'wp_'
    permission:
        # Take care with this options, if you dont want
        # to use Vault and Group Switching of
        # AuthMe for unloggedIn players put true
        # below, default is false.
        EnablePermissionCheck: false
    BackupSystem:
       # Enable or Disable Automatic Backup
        ActivateBackup: false
       # set Backup at every start of Server
        OnServerStart: false
       # set Backup at every stop of Server
        OnServerStop: true
       # Windows only mysql installation Path
        MysqlWindowsPath: 'C:\Program Files\MySQL\MySQL Server 5.1\'
    Security:
        SQLProblem:
            # Stop the server if we can't contact the sql database
            # Take care with this, if you set that to false,
            # AuthMe automatically disable and the server is not protected!
            stopServer: true
        ReloadCommand:
            # /reload support
            useReloadCommandSupport: true
        console:
            # Replace passwords in the console when player type a command like /login
            removePassword: true
            # Copy AuthMe log output in a separate file as well?
            logConsole: true
        captcha:
            # Enable captcha when a player uses wrong password too many times
            useCaptcha: false
            # Max allowed tries before a captcha is required
            maxLoginTry: 5
            # Captcha length
            captchaLength: 5
        tempban:
            # Tempban a user's IP address if they enter the wrong password too many times
            enableTempban: false
            # How many times a user can attempt to login before their IP being tempbanned
            maxLoginTries: 10
            # The length of time a IP address will be tempbanned in minutes
            # Default: 480 minutes, or 8 hours
            tempbanLength: 480
            # How many minutes before resetting the count for failed logins by IP and username
            # Default: 480 minutes (8 hours)
            minutesBeforeCounterReset: 480
        recoveryCode:
            # Number of characters a recovery code should have (0 to disable)
            length: 8
            # How many hours is a recovery code valid for?
            validForHours: 4
    Converter:
        Rakamak:
            # Rakamak file name
            fileName: users.rak
            # Rakamak use ip ?
            useIP: false
            # IP file name for rakamak
            ipFileName: UsersIp.rak
        CrazyLogin:
            # CrazyLogin database file
            fileName: accounts.db
    Email:
        # Email SMTP server host
        mailSMTP: smtp.gmail.com
        # Email SMTP server port
        mailPort: 465
        # Email account that send the mail
        mailAccount: ''
        # Email account password
        mailPassword: ''
        # Custom SenderName, that replace the mailAccount name in the email
        mailSenderName: ''
        # Random password length
        RecoveryPasswordLength: 8
        # Email subject of password get
        mailSubject: 'Your new AuthMe password'
        # Like maxRegPerIp but with email
        maxRegPerEmail: 1
        # Recall players to add an email?
        recallPlayers: false
        # Delay in minute for the recall scheduler
        delayRecall: 5
        # Blacklist these domains for emails
        emailBlacklisted:
        - 10minutemail.com
        # WhiteList only these domains for emails
        emailWhitelisted: []
        # Do we need to send new password draw in an image?
        generateImage: false
        # The email OAuth 2 token (leave empty if not used)
        emailOauth2Token: ''
    Hooks:
        # Do we need to hook with multiverse for spawn checking?
        multiverse: true
        # Do we need to hook with BungeeCord ?
        bungeecord: false
        # Send player to this BungeeCord server after register/login
        sendPlayerTo: ''
        # Do we need to disable Essentials SocialSpy on join?
        disableSocialSpy: true
        # Do we need to force /motd Essentials command on join?
        useEssentialsMotd: false
    Purge:
        # If enabled, AuthMe automatically purges old, unused accounts
        useAutoPurge: false
        # Number of Days an account become Unused
        daysBeforeRemovePlayer: 60
        # Do we need to remove the player.dat file during purge process?
        removePlayerDat: false
        # Do we need to remove the Essentials/users/player.yml file during purge process?
        removeEssentialsFile: false
        # World where are players.dat stores
        defaultWorld: 'world'
        # Do we need to remove LimitedCreative/inventories/player.yml, player_creative.yml files during purge process ?
        removeLimitedCreativesInventories: false
        # Do we need to remove the AntiXRayData/PlayerData/player file during purge process?
        removeAntiXRayFile: false
        # Do we need to remove permissions?
        removePermissions: false
    Protection:
        # Enable some servers protection ( country based login, antibot )
        enableProtection: false
        # Apply the protection also to registered usernames
        enableProtectionRegistered: true
        # Countries allowed to join the server and register, see http://dev.bukkit.org/bukkit-plugins/authme-reloaded/pages/countries-codes/ for countries' codes
        # PLEASE USE QUOTES!
        countries:
        - 'US'
        - 'GB'
        # Countries blacklisted automatically (without any needed to enable protection)
        # PLEASE USE QUOTES!
        countriesBlacklist:
        - 'A1'
        # Do we need to enable automatic antibot system?
        enableAntiBot: true
        # Max number of player allowed to login in 5 secs before enable AntiBot system automatically
        antiBotSensibility: 10
        # Duration in minutes of the antibot automatic system
        antiBotDuration: 10
    GroupOptions:
        # Registered permission group
        RegisteredPlayerGroup: ''
        # Unregistered permission group
        UnregisteredPlayerGroup: ''
    Merci d'essayer de trouver une solution si possible, cordialement.
     
  2. Clyese
    Offline

    Clyese Administrateur Membre de l'équipe Administrateur Graphiste

    Inscrit depuis le :
    18 Octobre 2015
    Messages :
    539
    "J'aime" reçus :
    110
    Points de Trophée :
    43
    Sexe :
    Masculin
    Lieu de résidence :
    France
    Page d'accueil :
    Bonsoir,
    Tu peux pas le faire directement comme ça. Les mots de passe sont haché dans la base de données (encore heureux è_é ) du coup je vois pas comment Authme peut les récupérer ^^
     
  3. Spiikesan
    Offline

    Spiikesan Développeur Membre de l'équipe Développeur backend

    Inscrit depuis le :
    6 Mars 2017
    Messages :
    35
    "J'aime" reçus :
    10
    Points de Trophée :
    8
    Sexe :
    Masculin
    Travail/Loisirs :
    Informatique, développement
    Lieu de résidence :
    Bordeaux
    Bon, vu que chez moi (au moins) le forum ne fonctionne presque pas, je fais un nouveau post car j'ai réussi à mettre le système d'authentification qu'utilise AuthMe Reloaded

    Tout d'abord, il faut aller dans lib/Cake/Controller/Component/Auth et créer un fichier AuthMePasswordHasher.php

    il faut mettre ceci dedans :
    PHP:
    <?php
    /**
     * Spiikesan for AuthMe Reloaded sha256 - salt 8
     */

    App::uses('AbstractPasswordHasher''Controller/Component/Auth');

    class 
    AuthMePasswordHasher extends AbstractPasswordHasher {

        protected 
    $_config = array('saltSize' => 8,
                                   
    'hashType' => 'sha256');

        protected 
    $salt '';

        public function 
    generateSalt() {
           
            
    $chars = array('0''1''2''3''4''5''6''7''8''9''a''b''c''d''e''f');
            
    $maxcharsindex 15;
           
            
    $this->salt '';

            
    $s_2 $this->_config['saltSize'] * 2;
           
            for (
    $i 0$i $s_2$i += 1) {
                
    $this->salt .= $chars[mt_rand(0$maxcharsindex)];
            }
        }

        public function 
    getSaltFromHash($hashedPassword) {
            
    $content explode('$'$hashedPassword);
            
    //hash is like $SHA$salt$hash
            //            0$ 1 $ 2  $ 3
            
    if (count($content) >= 2) {
                
    $this->salt $content[2];
                return 
    true;
            }
            return 
    false;
        }

        public function 
    hash($password) {
            if (empty(
    $this->salt))
                
    $this->generateSalt();
            return 
    '$SHA$' $this->salt '$' hash($this->_config['hashType'], hash($this->_config['hashType'], $password) . $this->salt);
        }

        public function 
    check($password$hashedPassword) {
            if (
    $this->getSaltFromHash($hashedPassword))
                return 
    $hashedPassword === $this->hash($password);
            return 
    false;
        }
    }
    Ensuite, modifier dans App/Model/User.php
    PHP:
    /* Modifier ceci */
    App::uses('SimplePasswordHasher''Controller/Component/Auth');

    /* Par cela */
    App::uses('AuthMePasswordHasher''Controller/Component/Auth');

    /* Et en bas, dans la fonction beforeSave, remplacer */
    $passwordHasher = new SimplePasswordHasher();

    /* Par */
    $passwordHasher = new AuthMePasswordHasher();
    Ensuite, il suffit de modifier le fichier dans Cake/Controller/Component/Auth/BaseAuthenticate.php comme suit :
    PHP:
    public $settings = array(
            
    'fields' => array(
                
    'username' => 'username',
                
    'password' => 'password'
            
    ),
            
    'userModel' => 'User',
            
    'scope' => array(),
            
    'recursive' => 0,
            
    'contain' => null,
            
    /* ligne 49 */
            
    'passwordHasher' => 'Simple' /* Mettre AuthMe à la place de Simple. Attention à la casse */
        
    );
    En espérant que cela a pu t'aider.

    Cordialement,
    Spiikesan
     
    • Like Like x 1

Partager cette page

Utilisateurs qui regardent actuellement cette discussion : 0 membre(s) et 0 visiteur(s)