[RELEASE] vAuth

[steadyfi]

vAuth - Simple, yet powerful resource for automatic account recovery in case of password loss, using email.

https://github.com/steadyfi/mta-vauth

Features:

•Email Based

•Lightweight and fast execution

•Uncompiled for extensibility

•Anti-Spam System

•Logging System

Screenshots:

Download (GitHub)

Setup:

More details in README.md on my GitHub repository!

Commands:

/vauth - Shows Auth Panel

/vauth-ucp - Shows User Control Panel

Details:

Restrictions:

Auth Panel: NONE

Detail Change Panel: YOU NEED TO BE LOGGED IN (not guest)

•The email is being stored as accountData under "steadyfi.vauth.email" and can be easily changed from meta.xml.

•The vCode is being stored as accountData under "steadyfi.vauth.vcode" and can be easily changed from meta.xml.

Note: The vCode is a random value around 1000 and 99999999 ! After recovery it turns 0.

•I'm already hosting the default WebServer for mailing! You can use my, or you can make your own (see README.md).

^^^ CURRENTLY OFFLINE

Feedback:

Want to give me some feedback ? Don't be shy, post a reply.

Issues:

Found a bug/an issue? Report it on the issue section from the GitHub repository!

NO MORE HEADACHES, ENJOY

p.s: star my repo plz thx

Edited May 15, 2016 by Guest

[Tekken]

Nice, keep it up.

[steadyfi]

Nice, keep it up.

Thanks man. Always cheering me up, good friend

[roaddog]

The resource is suspended :c

[steadyfi]

The resource is suspended :c

Security problems ! I'm currently working on fixing everything !

Thanks to ccw for reporting it to me.

[steadyfi]

MAJOR SECURITY UPDATE !

-Added: Logs

-Added: Emailing when password is changed

-Added: Debugscript when password is changed

-Added: Anti-Spam Systems

-Modified: Client-Side is much safer now, everything important is Server-Side

Hello.

Since ccw reported to me that there was a exploit in the script, i decided to update it and make it more secure. Here I'm gonna tell you what has been changed and how it works.

Anti-Spam System:

Since there was a exploit in the events where you could've found the account's vCode, I added Anti-Spam Systems.

These are the limitations:

You can only send 1 request mail per session.

You have only 3 tries to recover per session.

Logs:

There are 2 kinds of logs: Request Logs; and Recover Logs.

Request Logs: Here, all the vCode requests events are logged.

What information is logged here ? Action ID, Player Name, Player IP, Player Serial, Time, Date. Action, Account

Recover Logs: Here, all the password changes events are logged

What information is logged here ? Action ID, Player Name, Player IP, Player Serial, Time, Date. Action, Account, New Password

Logs are stored in a separate folder for each action (request, recover) and .log files are names after the date

EX: 29.3.2015.log

Action IDs:

I think you already know what they are, they are IDs used to identify Actions in the logs because they can get quite big.

Every time a action is triggered, a Action ID is being created.

For example, when you request the vCode, a Action ID is being generated and send via Email to the person and the same Action ID is also logged in the specific log file.

They are meant to be used for identifying hackers. For instance: Let's say you play on a popular server, someone found your account name and they somehow find a way to brute force the vCode (i don't think is possible after this update). In the Password Change mail you will get the following details:

Action ID; Player Name; Player IP; Time; Date

If it wasn't you, you can contact a Owner and send him the Action ID and the Player IP. Much easier for him to find the suspect, and way much easier to ban him because in the logs he has the hackers Name, IP and Serial. Way easier

This should wrap up this update, don't forget to report me any bugs, glitches, or exploits.

Have a great day !

Edit: Video comming soon

[steadyfi]

Please stand by! vAuth will soon be updated!

[BluntZ]

Awesome job

[steadyfi]

Hi everybody, PewDiePie here,

A couple days ago I fell into boredom, and started working on vAuth again.

So here it is, fresh and updated:

vAuth 1.2 RELEASED, now moved to GitHub!

Changelog:

- Recoded & Cleaned the whole resource.

- Moved to GitHub.

- Added MIT License to the code.

- Appended "steadyfi" namespace to all events to avoid conflicts.

- All account data keys, email templates, the webserver url, and recover tries can be easily changed from the meta.xml settings, and can even be changed during run-time without the need of a restart.

Even tho the changelog isn't too... exciting, I took my time and recoded or cleaned the whole files, and made sure it can deliver better performance and stability. Hence it's only a very small script, nothing can go wrong, error-wise at least.

If you discover any bugs or exploits, please report them immediately to the Issue section of the repository or here as a reply. DO NOT PM ME, as I'm blind as a bat in sunlight, and rarely even notice the notification counter.

I will try to respond as fast as possible to every issue.

If you have any suggestions, don't hesitate to write them down here.

That's pretty much all of it.

I might release a simple, minimalist and easy to setup, Login Panel later.

Until then, please enjoy your lives... no rly, pls dont be liek me.

The memes are over, thank you for the attention.

Greetings, Steady.

[steadyfi]

Quick disclaimer, my server is down, so you need to use your own HTTP w/ PHP server to make emails work!