I'm creating this thing called a "loader" for a cheat in a game. Basically, a loader is executable that has a log in (which is usually HWID/IP locked), which then, provided the given information is correct, opens another form which allows you to inject the cheat into the game.
As for the login part, there are definitely some server side stuff going on, and this is where I need help. So far I've got the login script and everything working, except for one part. Since there is no way for me to get the user's HWID before I create each account, I need some method of writing them to the database. This is what I've come up with; each row has three columns; pwd, uid, and hwid. Whenever the accounts are created you leave the HWID empty.Then in the PHP script, when you log in, it checks to see if the HWID is empty, if so, then write to the HWID column on the same row as the uid and pwd. However, I don't know what php I should use to do this.
KEEP IN MIND, THERE IS NO SESSION OR ANYTHING INVOLVED HERE. IF THE LOGIN IS SUCCESSFUL, IT WILL ECHO A MESSAGE WHICH IS THEN READ BY THE EXECUTABLE
This is what I have so far;
$sql = "SELECT * FROM users WHERE user_hwid='$hwid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
// run code to verify if the HWID is right
echo("It worked");
} elseif ($row = mysqli_fetch_assoc($result)) {
$sql = //I don't know what command to put in here
}
Here is the full login script if you need it;
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$hwid = mysqli_real_escape_string($conn, $_POST['hwid']);
//Error handlers
//Check if inputs are empty
if (empty($uid) || empty($pwd)) {
echo("fill it in");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
echo("error logging in 1");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
echo("error logging in 2");
exit();
} elseif ($hashedPwdCheck == true) {
$sql = "SELECT * FROM users WHERE user_hwid='$hwid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
// run code to verify if the HWID is right
echo("It worked");
} elseif ($row = mysqli_fetch_assoc($result)) {
$sql = //I don't know what command to put in here
}
}
}
}
}
} else {
echo("error logging in 3");
}
And now the HTML;
<html>
<head>
<title>idk</title>
<meta name="viewport" content="width=device-width">
<meta charset="utf-8">
</head>
<h1>idk</h1>
<p>idk.</p>
<form action="includes/login.inc.php" method="POST">
<input type="text" name="uid" id="uid" placeholder="Username"><br>
<input type="password" name="pwd" id="pwd" placeholder="Password"><br>
<br>
<br>
<input type="text" name="hwid" id="hwid" placeholder="HWID"><br>
<input name="submit" id="submit" type="submit">
<form>
<body>
</body>
</html>
Aucun commentaire:
Enregistrer un commentaire