Third Party Custom Authentication Help. [Photon Networking]

I also have this posted on the Photon Help forums: http://forum.photonengine.com/discussion/8411/custom-authentication-help#latest

So i'm just a little confused on the Custom Authentication Process. Here is my setup:

I am trying to use my wordpress website as the authenticator.
(for instance you would register on my website, then use that usernamer and password to login to my game)

So far i have setup my custom authentication with the login URL for my website (http://trollywogglers.com/login/) , the keys are the values from the database, and the values are my variables in game.

(this is the part that confuses me the most, for one not sure if http://trollywogglers.com/login/ would even be the correct way to have photon authenticate through my website, and i assume the keys should match what is in my user database for the site (which I have full access too, and double checked that they are right), and I guess the values are the variables i use in my script again not sure what else i would put there.)

Then i took a look at this page https://doc.photonengine.com/en/realtime/current/reference/custom-authentication, and got to this point:

Code (CSharp):

1. PhotonNetwork.AuthValues = new AuthenticationValues();
2. PhotonNetwork.AuthValues.AuthType = CustomAuthenticationType.Custom;
3. PhotonNetwork.AuthValues.AddAuthParameter("user", loginUser);
4. PhotonNetwork.AuthValues.AddAuthParameter("pass", loginPass);

I had to change the LBClient part I assume i was supposed too since this was made universal.

So if everything i have is correctly setup my question is where should i put the code above, basically my code to connect is the following:

Code (CSharp):

1. void Connect() {
2. PhotonNetwork.ConnectUsingSettings ("MyServerIP");
3. PhotonNetwork.automaticallySyncScene = true;
4. }

and that is just called from Start(), so i assume i would authenticate before I try to connect to the server, but i'm not sure.

Now i'm not a complete novice on this I have been working with PUN for a while now. Just the first time trying to setup some custom authentication, and i have no desire to use FaceBook to login.

So any help will be greatly appreciated, I also tried the whole load from PHP script, but that is a question for a different topic.

 

Hi @Mrslayer01,

The issue is in the URL itself.
You're trying to return a webpage (HTML) to Photon instead of JSON response.
You should implement a web service endpoint to return a JSON response in the format that Photon expects.

So for your case you should have an URL, for example: http://trollywogglers.com/auth
and when you execute the Photon client code it will trigger a HTTP request from Photon Servers to:
http://trollywogglers.com/auth?user=foo&pass=bar
then if the PHP code launched by that URL succeeds to authenticate user it should return at least:
{ResultCode:1}

Now I also recommend the following:
- Do not send plain text passwords! Use hash.
- Return UserId and Nickname from custom auth: {ResultCode:1, UserId: foo, Nickname: foobar}
- Optionally return AuthCookie and Data as well.

Here is an old Photon forum discussion about how to do custom auth in PHP.

 

Thank you for the fast comment (Honestly expected if i put photon in the title no one would actually respond to it) So taking your advice i looked in to adding some type of client authentication into my website, and i found this. Not quite sure how to use this, but i will if this is something Photon will actually see since it sends JSON responses, but again if this will work then i will learn how to use it.

I also looked at the post about php alot and it just comes down to my lack of knowledge with PHP Scripting, but i found a old Highscores php script that i was able to link to my database, and pull every user to my unity client (just as an output, and it was encrypted with what i assume is Wordpress standard encryption found here) So what it really comes down too is if that OAuth1 plugin will not work for photon I will have to put together my own PHP script. Just need to learn how to do it really so here is what I got so far (Will blank out my server information ofc):

Code (CSharp):

1. <?php
2.     // Send variables for the MySQL database class.
3.     $database = mysql_connect('My Address', 'My Address', 'My DB Password') or die('Could not connect: ' . mysql_error());
4.     mysql_select_db('DB Name') or die('Could not select database');
5.  
6.     $query = "SELECT `ID`, `user`, `pwd` FROM `User Database` WHERE 1";
7.     $result = mysql_query($query) or die('Query failed: ' . mysql_error());
8.  
9.     $username = $_GET["loginUser"]; //My Unity Variables just like in the tutorial.
10.     $password = $_GET["loginPass"]; //the password is comming in plain text, it is trully NOT RECOMMENDED to keep it that way
11.  
12.   //Start Decryption for Wordpress
13.     $wp_hasher = new PasswordHash(8, TRUE);
14.  
15.     $password_hashed = 'My Encrypted password passed from the DB';
16.     $plain_password = 'The password the user input from unity';
17.  
18.     if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
19.         echo "YES, Matched";
20.     } else {
21.         echo "No, Wrong Password";
22.  
23.     }
24.  
25.    /* //This just displays all the users in my database, and this works just fine for me.
26.     for($i = 0; $i < $num_results; $i++)
27.     {
28.  
29.          $row = mysql_fetch_array($result);
30.          echo $row['ID'] . "," . $row['user'] . "," .  $row['pwd'];
31.     }
32.     */
33. ?>

Now the problem is more than likely coming from:

Code (CSharp):

1.   //Start Decryption for Wordpress
2.     $wp_hasher = new PasswordHash(8, TRUE);
3.  
4.     $password_hashed = 'My Encrypted password passed from the DB';
5.     $plain_password = 'The password the user input from unity';
6.  
7.     if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
8.         echo "YES, Matched";
9.     } else {
10.         echo "No, Wrong Password";
11.  
12.     }

So that is about as far as I have gotten on the PHP side of things. So my main question is should I use something like this PHP script, and try to learn it, or if possible use the OAuth1 plugin since it is obviously more secure. Either way I would need to do some digging to learn both.

 

Well this is a PHP problem, here is what you should try:

Code (CSharp):

1. if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
2. $login_info_success = array(
3.     "ResultCode" => 1,
4.     "Message" => "Success!",
5. );
6. $json_success = json_encode($login_info_success);
7. echo $json_success;
8. } else {
9. $login_info_error = array(
10.     "ResultCode" => 2,
11.     "Message" => "Wrong username or password",
12. );
13. $json_error = json_encode($login_info_error);
14. echo $json_error;
15. }

 

John you are a Miracle worker man, That worked perfectly, I will make a video tutorial on exactly how i did this with your help man thank you so much saved me so much head trauma from slamming my head into my desk.

 

You are welcome!
If you want to make a tutorial, please consider the best practices (security) and also handle all cases (e.g. missing auth param: return ResultCode: 3).
Good luck!
Do not forget to share the video on Photon forum!

 

Will do man. Thanks again.

 

Hi Fellas. I know this is old but maybe you could help me out? I seem to have found a sim ilar script and but I painstakingly converted it from mysql to mysqli and I think it's pretty much all good. I gets right to the end but the password never works how does this look?


<?php
/*
A good way to test this php script is to browse to it using paramaters basically you would do something like this:
http://YourWebSite/Auth.php?username=test&password=test123
if the User test had a password of test123 it will display a code like this:
{"ResultCode":1,"Message":"Success!"} if not {"ResultCode":2,"Message":"Wrong username or password"}
all Photon looks for it the ResultCode. 1 = Authenticated, 2 = Not Authenticated.
*/
//include_once('/wp-includes/class-phpass.php'); //needs to be included for wordpress allows use of $hasher.
require_once $_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class-phpass.php';
// prepare database connection
$ip_address="localhost";
$user_db="marshall_Taloose";
$pass_db="********";
$name_db="marshall_Revenance";
$con= mysqli_connect($ip_address,$user_db,$pass_db,$name_db) or die ("could not connect to mysql");
mysqli_select_db($con, $name_db)or die ("no database");

// wordpress' username
$user = $_GET["username"]; //These are the values we sent from unity.
$user_name = htmlspecialchars($user,ENT_QUOTES);
// plain password to compare
$password = $_GET["password"]; //These are the values we sent from unity.
$hasher = new PasswordHash(8, TRUE); //The Standard password Hasher for wordpress, not recommended in a live environment.
// get user_name's hashed password from wordpress database
$start = ;
$result = "select * from wp-users where user_login= $user_name3"; //Change usrDB to the name of the database containing your login information. remove ''
$Resultx = mysqli_query($con, $result);

if($Resultx) {
while($row = mysqli_fetch_array($Resultx)){
$passnya = $row[user_pass];
}
}
// compare plain password with hashed password
if ($hasher->CheckPassword( $password, $passnya )){ //This is needed for Photon to know we got connected. These are the minimum that you need Thanks again John!
$login_info_success = array(
"ResultCode" => 1,
"Message" => "Success!",
);
$json_success = json_encode($login_info_success);
echo $json_success;
} else {
$login_info_error = array(
"ResultCode" => 2,
"Message" => "Wrong username or password",
);
$json_error = json_encode($login_info_error);
echo $json_error;
}
?>

 

Oh hahaha upon doing some creeping I have discovered that the tutorial I followed and am trying to make with sqli was by you.

 

Oh yeah it's been a while, but this PHP uses a hasher for the passwords that is specific to Wordpress passwords.

That might be where you are running into issues and just need to either match the hasher that wordpress uses to encrypt their passwords or remove the check when comapring the plain text password passed to the hashed one.

Code (CSharp):

1. if ($hasher->CheckPassword( $password, $passnya )){

replace either the variable passed to $hasher with your response from your table or change the hasher from the one that wordpress uses.

Not very well versed on hashers my self, but hopefully this will set you in the right direction.