Flux CP Birthdate field in register page...

[Arcana]

Cuz new ragnarok client use birthdate to delete character..,

Any 1 plz help to improve this

[Jamy]

Well I wanted to know how to ask for date of birth when registering in fluxcp because newhexeds deletam by date of birth.

[Mystery]

Does anyone have information about this yet?

[JayPee]

Here is the solution:

themes Folder

1.) edit themes/THETHEMEYOUAREUSING/account/create.php

Now search:

<t
<th><label for="register_email_address"><?php echo htmlspecialchars(Flux::message('AccountEmailLabel')) ?></label></th>
<td><input type="text" name="email_address" id="register_email_address" value="<?php echo htmlspecialchars($params->get('email_address')) ?>" /></td>
</t

then add this below

<t
<th><label for="register_birth_date"><?php echo htmlspecialchars(Flux::message('BirthDateLabel')) ?></label></th>
<td><input type="text" name="birth_date" id="register_birth_date" value="<?php echo htmlspecialchars($params->get('birth_date')) ?>" /><i>(Format: YYYY-MM-DD)</i></td>
</t

Result looks like this:

<t
<th><label for="register_email_address"><?php echo htmlspecialchars(Flux::message('AccountEmailLabel')) ?></label></th>
<td><input type="text" name="email_address" id="register_email_address" value="<?php echo htmlspecialchars($params->get('email_address')) ?>" /></td>
</t
<t
<th><label for="register_birth_date"><?php echo htmlspecialchars(Flux::message('BirthDateLabel')) ?></label></th>
<td><input type="text" name="birth_date" id="register_birth_date" value="<?php echo htmlspecialchars($params->get('birth_date')) ?>" /><i>(Format: YYYY/MM/DD)</i></td>
</t

We are now done with the themes part.

---

modules folder

1. edit modules/account/create.php
   

Now find this:

$code	 = $params->get('security_code');

then add below

$birthdate = $params->get('birth_date');

Result looks like this:

$code	 = $params->get('security_code');
$birthdate = $params->get('birth_date');

And find also this:

case Flux_RegisterError::INVALID_SECURITY_CODE:
$errorMessage = Flux::message('InvalidSecurityCode');
break;

then add this below

case Flux_RegisterError::INVALID_BIRTHDATE_FORMAT:
$errorMessage = Flux::message('BirthDateError');
break;
case Flux_RegisterError::BIRTHDATE_MUSTNOTBE_EMPTY:
$errorMessage = Flux::message('BirthDateEmptyError');
break;

Result looks like this:

case Flux_RegisterError::INVALID_SECURITY_CODE:
$errorMessage = Flux::message('InvalidSecurityCode');
break;
case Flux_RegisterError::INVALID_BIRTHDATE_FORMAT:
$errorMessage = Flux::message('BirthDateError');
break;
case Flux_RegisterError::BIRTHDATE_MUSTNOTBE_EMPTY:
$errorMessage = Flux::message('BirthDateEmptyError');
break;

Find:

// Woohoo! Register 
$result = $server->loginServer->register($username, $password, $confirm, $email, $gender, $code);

Replace it with this:

$result = $server->loginServer->register($username, $password, $confirm, $email, $gender, $code, $birthdate);

Result looks like this:

// Woohoo! Register 
$result = $server->loginServer->register($username, $password, $confirm, $email, $gender, $code, $birthdate);

---

lang folder

1. edit lang/en_us.php or which language you use
   

Now find:

'WoeNotScheduledInfo'	 => 'There are no scheduled WoE hours.',

then add this below:

'BirthDateLabel'   => 'Enter your Birthdate:',
'BirthDateError'   => 'Format for Birthdate is YYYY-MM-DD',
'BirthDateEmptyError'   => 'Birthdate field must not be empty, Format for Birthdate is YYYY-MM-DD',

Result looks like this

'WoeNotScheduledInfo'	 => 'There are no scheduled WoE hours.',
'BirthDateLabel'   => 'Enter your Birthdate:',
'BirthDateError'   => 'Format for Birthdate is YYYY-MM-DD',
'BirthDateEmptyError'   => 'Birthdate field must not be empty, Format for Birthdate is YYYY-MM-DD',

---

lib folder

1.) edit lib/Flux/RegisterError.php

Find:

const INVALID_SECURITY_CODE  = 10;

then add below

const INVALID_BIRTHDATE_FORMAT  = 11;
const BIRTHDATE_MUSTNOTBE_EMPTY  = 12;

Result looks like this:

const INVALID_SECURITY_CODE  = 10;
const INVALID_BIRTHDATE_FORMAT  = 11;
const BIRTHDATE_MUSTNOTBE_EMPTY  = 12;

2.) edit lib/Flux/LoginServer.php

Find:

public function register($username, $password, $confirmPassword, $email, $gender, $securityCode)

replace it with this:

public function register($username, $password, $confirmPassword, $email, $gender, $securityCode,$birthdate)

Inside the function find:

elseif ($password !== $confirmPassword) {
throw new Flux_RegisterError('Passwords do not match', Flux_RegisterError::PASSWORD_MISMATCH);
}

then add below:

elseif (!preg_match('#^((19|20)?[0-9]{2}[- /.](0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01]))*$#', $birthdate))
{
throw new Flux_RegisterError('Birthdate must be YYYY-MM-DD', Flux_RegisterError::INVALID_BIRTHDATE_FORMAT);
}

elseif (empty($birthdate))
{
throw new Flux_RegisterError('Birthdate field must not be empty', Flux_RegisterError::BIRTHDATE_MUSTNOTBE_EMPTY);
}

We're still inside the function

Note: This is for those who are using 'level' column name in your login table

Find:

$sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, level) VALUES (?, ?, ?, ?, ?)";

then replace it with this:

$sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, level, birthdate) VALUES (?, ?, ?, ?, ?, ?)";

Note: This is for those who are using 'group_id' column name in your login table

Find:

$sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, group_id) VALUES (?, ?, ?, ?, ?)";

then replace it with this:

$sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, group_id, birthdate) VALUES (?, ?, ?, ?, ?, ?)";

Find:

$res = $sth->execute(array($username, $password, $email, $gender, (int)$this->config->getLevel()));

then replace it with this:

$res = $sth->execute(array($username, $password, $email, $gender, (int)$this->config->getLevel(),$birthdate));

Now try to register

[EriN_KillerSoul]

Try this

http://rathena.org/board/topic/58932-flux-cp-birthdate-field-in-register-page/

[Emistry]

Topic Closed due to same topic already exist in the board..

and topic starter please make sure you did "Search" through the board before make a topic to avoid of creating similar topics.

Thank You.

[Jamy]

I did here and it did not work.

[Mystery]

Jay, seems to be an error when you register:

[16-Mar-2012 18:51:33] PHP Warning: PDOStatement::execute() [<a href="pdostatement.execute">pdostatement.execute</a>]: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in ...../lib/Flux/Connection/Statement.php on line 20

I fixed the other errors that were put out because when I re-registered, those errors didn't get spit out and only the one above got repeated.

Edited March 16, 2012 by Mysterious

[JayPee]

I tested it in my FluxCP and it works fine. Does it report any error?

Edit:

Sorry I forgot to include another step in the modules part. Please read again the modules folder part.

[Mystery]

Format for Birthdate is YYYY-MM-DD is wrong.

If you enter year-month-day for example, 2012-10-20, you get the Format for Birthdate is YYYY-MM-DD. If you enter the birthdate like this 20121020, you still get Format for Birthdate is YYYY-MM-DD error.

*Edit

Tested with 2012/10/20 as the Birthdate and still wrong.

Edited March 16, 2012 by Mysterious

[Jamy]

Now it was perfectly.

#edit

I found an error if the User does not put the the date of birth it records normally.

Edited March 16, 2012 by DeMoNiAC

[JayPee]

base on my understanding in the regular expression it allows YYYY-MM-DD and YYYY/MM/DD. It works fine on my FluxCP

[Mystery]

I found an error if the User does not put the the date of birth it records normally.

Confirmed. Happens to me.

Fixed my date issue. But not the issue mentioned above.

Edited March 17, 2012 by Mysterious

[JayPee]

Hi, my bad I forgot to put a validation for null value i thought pre_reg(); will be able to detect it. Kindly read again the module, lib and lib folder

[Jamy]

It worked more how do you show for example: Date of birth blank.

[JayPee]

here is the screenshot when I register with date of birth blanked.:

[Jamy]

You did everything you posted does not show over here.

[Aleos]

I think this needs a bit more security. Being email was the way to delete characters from the server, now that birthdate is, I think an email should be sent to the user before the birthdate is change to confirm the changes.

Although most server owners let users re-use email addresses or may not even verify if the emails are real (through email verification) so this might not be as good. Also Flux is setup to where if the email of the account is changed it's sent to the new email address to confirm rather than the old email address to confirm the new email address (I had to change this, it drove me insane). Again, leads to my points above which makes it still insecure if people were to take over accounts. I've been writing my own recently to account for these things since I have email validation on.

Good job none the less.

Edited March 19, 2012 by Aleos

[JayPee]

I think this needs a bit more security. Being email was the way to delete characters from the server, now that birthdate is, I think an email should be sent to the user before the birthdate is change to confirm the changes.

Although most server owners let users re-use email addresses or may not even verify if the emails are real (through email verification) so this might not be as good. Also Flux is setup to where if the email of the account is changed it's sent to the new email address to confirm rather than the old email address to confirm the new email address (I had to change this, it drove me insane). Again, leads to my points above which makes it still insecure if people were to take over accounts. I've been writing my own recently to account for these things since I have email validation on.

Good job none the less.

I dont get this....

I think @Celestica is pertaining to the Client Side deletion of characters.

[Aleos]

You are correct. But still it's like releasing something that's half done or something with an exploit. I'm just saying there needs to be a bit of security added to it so that if someone gains access to someone's account they can't easily change the birthdate to delete the characters.

[JayPee]

I still really don't get it. In the registration there's not updating of birthdate field of the account. How the hacker going to edit birthdate field of the character if there is no Update SQL query is coded for editting the birthdate? FluxCP uses PDO, fields are automatically getting escaped before its get inserted to the database by using the prepared statement function.

Edit1:

Just really concern of the security party coz I dont want other's server to get into trouble problem.

Edit2:

Well anyways as Jman told me, I think your talking about in the update/editing part of the birthdate of the user for the registered accounts which is not included in the modification I post. Thanks I'll take note of your suggestion if I decided to make the editing part, but it will be a problem to the other server FluxCP's if they cant send email's but I guess I'll add Secret Question and Secret Answer the yahoo registration like thing.

[Aleos]

Right, it only is a concern when someone is going to modify their account. I didn't read your whole post to see what you added exactly, but since you didn't add a Change Birth Date feature it wouldn't be a concern. I actually just finished my modification (haven't gotten to test it yet). I'll have to go back and split it from my source to produce a patch file.

And yes, from my first post, it will pose a problem for those servers that don't use email verification on account creation.

[JayPee]

I think a secret question and secret answer in the registration can be an alternative solution for those server that does not email sending features but for those who have email sending features i guess Secret Question and Answer + Email Verification is good solution?

[Mystery]

I don't think there's a problem with the Birthdate process. CP side, there's no way of changing your birthdate, plus, clients NOW require a birthdate field and guess one, it was an exploit because all you do was enter 00000000 and your char would be deleted which was VERY GOOD for hackers. Now, now that the birthdate field is in, HACKERS WOULDN"T GUESS a birthdate. They have A MILLION of birthdates to guess.

[Aleos]

That is another good way.

Here's my patch. I used some of your stuff from the validation process to parse the dates. Everything should have been covered. I haven't gotten to test it yet but I don't think I have any typos. If I do tell me and I'll redo the patch!

Edit: Added missing alter table script for cp_createlog table.

cp_birthdatechange.sql

cp_createlog.sql

birthdate_rA.diff

birthdate_eA.patch

Edited March 20, 2012 by Aleos

[JayPee]

@Aleos

I think your patch is for those who have `level` column in there login tablei

Its in the lib/Flux/LoginServer.php at the

$sql = "INSERT INTO {$this->loginDatabase}.login (userid, user_pass, email, sex, level) VALUES (?, ?, ?, ?, ?)";