wrong password for user on custom login

Post here your questions about the Unity / .Net / Mono / Windows 8 / Windows Phone 8 API for SFS2X

Moderators: Lapo, Bax

geekedatbirth
Posts: 20
Joined: 19 May 2011, 22:23

wrong password for user on custom login

Postby geekedatbirth » 06 Nov 2011, 04:22

I am building a custom login for my Unity application. I have everything working on my local server perfectly.... system checks my username and password against the database and logs me in if the password is correct. So far so good....

I have the same exact database structure with the same exact data on my remote server (Virtual Dedicated Server). I use the same jar files and custom login for THIS server and I am constantly getting the message "Wrong password for the user...." and that's it. I'm stumped at this point... I've double checked the data over and over, tried using toLowerCase() on the password encrypted from Unity (saw that in another thread, doesn't work on the remote server at all, but still works on the local server whether I conver to lower case or not).

I've checked my SF logs, nothing in there except that a session was created and then promptly closed for the user. Is there something that I haven't run across in my hours of google searches that may be causing this issue? It's beyond frustrating to be so close to a custom login on my remote server only to be thwarted by it telling me my password is incorrect for that user when I know for sure that it is correct.

* ADDED *

I added trace statements to my custom login script so that I would see what data was being pulled from my database... everythings correct there, so it seems as though the password that is being sent from unity does not match up with the password in the DB when it arrives.... but I've checked repeatedly and they match, as do the usernames. Is there a way to trace an unecrypted version of the password/username combo that is sent from unity once it arrives at the custom login script, so I can compare?
geekedatbirth
Posts: 20
Joined: 19 May 2011, 22:23

Postby geekedatbirth » 06 Nov 2011, 06:17

Alright, it's not my code at all... something isn't right with the lobby tutorial I downloaded or something.

When I click play in Unity while the SmartFox server is stopped, I get this looped over and over, EVEN AFTER I click the play button in unity again to stop the project from running... just keeps showing up in the console, adding more and more lines, displaying the same error :

Code: Select all

[SFS DEBUG] ## BlueBox Error: Http error creting http connection: System.Security.SecurityException: Unable to connect, as no valid crossdomain policy was found
  at System.Net.Sockets.Socket.Connect_internal (IntPtr sock, System.Net.SocketAddress sa, System.Int32& error, Boolean requireSocketPolicyFile) [0x00000] in <filename unknown>:0
  at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP, Boolean requireSocketPolicy) [0x00000] in <filename unknown>:0
  at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP) [0x00000] in <filename unknown>:0
  at System.Net.Sockets.Socket.Connect (System.Net.IPAddress address, Int32 port) [0x00000] in <filename unknown>:0
  at Sfs2X.Http.SFSWebClient.UploadValuesAsync (System.Uri uri, System.String paramName, System.String encodedData) [0x00000] in <filename unknown>:0



I'm not sure if this is causing the entire issue I'm having, but I know for a fact it's not my custom login causing the issue. Without editing it whatsoever, it seems as though I can login once and then not again... until restarting the server and then connecting while the server is down.. then bring the server back up and try connecting again... then and only then can I connect.

My suspicion is that unity isn't closing the connection to smartfox correctly when I stop testing the game in Unity, but I lack the experience in Unity to know for sure. If anyone can help I would really, really appreciate it.

[/code]
appels
Posts: 464
Joined: 28 Jul 2010, 02:12
Contact:

Postby appels » 06 Nov 2011, 09:52

Unable to connect, as no valid crossdomain policy was found

http://www.smartfoxserver.com/forums/viewtopic.php?t=8878
geekedatbirth
Posts: 20
Joined: 19 May 2011, 22:23

Postby geekedatbirth » 06 Nov 2011, 18:06

That isn't the issue at all.. I have a cross domain policy and the program connects just fine. I can turn off my custom login script and I have no issues whatsoever, so I know the crossdomain policy I have in place is working.
geekedatbirth
Posts: 20
Joined: 19 May 2011, 22:23

Postby geekedatbirth » 06 Nov 2011, 20:38

So, I created a new temporary database with just a username, id and password. I swapped my zone file to point to the new database... worked perfectly the first time. As soon as I stop the program in Unity and then click Play again, it says the password is now wrong... how can the password go from correct to incorrect in the two seconds it took me to click the button twice?
appels
Posts: 464
Joined: 28 Jul 2010, 02:12
Contact:

Postby appels » 07 Nov 2011, 08:01

It can't, you must be overlooking something.
How do you validate your password in the extension, can you post some code. It would be easier for us to see if there is a problem.
I'm using custom login without any problem.
geekedatbirth
Posts: 20
Joined: 19 May 2011, 22:23

Postby geekedatbirth » 07 Nov 2011, 17:29

my Custom Login Script :

Code: Select all

package sfs2x.extension.login.src;

import java.sql.SQLException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.PreparedStatement;
import com.smartfoxserver.bitswarm.sessions.ISession;
import com.smartfoxserver.v2.entities.data.SFSArray;
import com.smartfoxserver.v2.core.SFSEventParam;
import com.smartfoxserver.v2.core.ISFSEvent;
import com.smartfoxserver.v2.exceptions.SFSException;
import com.smartfoxserver.v2.exceptions.SFSLoginException;
import com.smartfoxserver.v2.exceptions.SFSErrorData;
import com.smartfoxserver.v2.exceptions.SFSErrorCode;
import com.smartfoxserver.v2.extensions.BaseServerEventHandler;
import com.smartfoxserver.v2.extensions.ExtensionLogLevel;

public class LoginHandler extends BaseServerEventHandler {

   @Override
   public void handleServerEvent(ISFSEvent event) throws SFSException
   {
        String username = (String) event.getParameter(SFSEventParam.LOGIN_NAME);
        String password = (String) event.getParameter(SFSEventParam.LOGIN_PASSWORD);

        ISession session = (ISession)event.getParameter(SFSEventParam.SESSION);

        try {
            //get a connection to the database
            Connection conn = getParentExtension().getParentZone().getDBManager().getConnection();

            //This will strip potential SQL injections
            PreparedStatement sql = conn.prepareStatement("SELECT id, password FROM members WHERE username = ?");
            sql.setString(1, username);

            // Obtain ResultSet
            ResultSet result = sql.executeQuery();

            //Put the result into an SFSobject array
            SFSArray row = SFSArray.newFromResultSet(result);

            //make sure there is a password before you try to use the checkSecurePassword function
            if (password.equals(""))
            {
                SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);
                data.addParameter(username);
                throw new SFSLoginException("You must enter a password.", data);
            }

           //SFS always encrypts passwords before sending them so you need to decrypt the password
           //received from the database and compare that to what they entered in flash
           if (!getApi().checkSecurePassword(session, row.getSFSObject(0).getUtfString("password"), password))
           {
                SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);

                data.addParameter(username);

                throw new SFSLoginException("Login failed for user: "  + username, data);
            }

            //this was in one of the SFS examples so I left it in there for testing purposes
            if (username.equals("Gonzo") || username.equals("Kermit"))
            {

                // Create the error code to send to the client
                SFSErrorData errData = new SFSErrorData(SFSErrorCode.LOGIN_BAD_USERNAME);
                errData.addParameter(username);

                // Fire a Login exception
                throw new SFSLoginException("Gonzo and Kermit are not allowed in this Zone!", errData);
            }

            //make sure you close the database connection when you're done with it, especially if you've
            //set a low number of maximum connections
            conn.close();

            //at this point you could trigger an joinRoom request if you wanted to, otherwise
            //this will return success to your LOGIN event listener
            trace("Login successful, joining room!");

        } catch (SQLException e) {
            trace(ExtensionLogLevel.WARN, " SQL Failed: " + e.toString());
        }
    }
}


Again, works every time with my local smartfox server, works once with my remote server, then repeatedly tells me my password is wrong.

* ADDED *

Granted, I'm new to all this, but according to the script above (one I got from a tutorial which seems pretty simple and straightforward to me), if I leave my password blank I should get a different error other than "wrong password"... it should say "You must enter a password." This does not happen either. It continues to tell me that my password is incorrect.

Is there a cache that I'm unaware of that I should clean out? I'm running this from directly in Unity, and it seems that the only issue is my password, everything else is running great (when I turn off custom login for the zone I login just fine, both via Unity and in a browser).

I feel my only next two logical steps would be to install Unity on my server (really hate to do that) to try and run it from within the editor there... either that or go back to Flash, which I've been working with for several years.

I don't expect anyone to do this for me, but if someone could provide some direction, even if it's direction towards being able to see my unecrypted password traced from smartfox in the log, so I can compare the two strings and say to myself "oh, it's because those letters don't match up" etc. then I would be SOO grateful.

This has been 3 days of 14+ hours each day with no progress... all because it says my password is wrong. I'm stumped, I'm incredibly frustrated and exhausted, and my entire project (which effects my income) is on halt and has been for way too long. I'm not a n00b programmer, I know this should work, but it doesn't, and I can't seem to figure out why or even get help as to what could possibly be happening.
appels
Posts: 464
Joined: 28 Jul 2010, 02:12
Contact:

Postby appels » 07 Nov 2011, 21:10

The password is a one way encrypted hash so you can't reverse it, thats why you need to use the password check command on the server.
All you can trace out is if that command succeeded or not.
The code looks good.
But the fact that it works on local but not remotely still makes me think that it's not the code but the policy thats failing.
geekedatbirth
Posts: 20
Joined: 19 May 2011, 22:23

Postby geekedatbirth » 07 Nov 2011, 22:35

It works, just not very often. Take this for instance : A log file, from when the login worked, then I clicked to stop the unity test, clicked play again and it told me it was the wrong password. The password being sent from Unity is always the same in the code, but tracing the password in smartfox does not always yield the same results... it IS always refusing my login when the encrypted string = 5fc.... which makes me think that is possibly the equivlant of a blank password.... but my unity c# file sets the password immediately.

I'm so confused. This log information is spans just a few seconds, I never changed any of my code, just clicked the play button to test, then to stop, then to test again. The only consistent thing is that when the login is denied, the encryped password always traces out as

5ffc7d46cf7f0b09b98441c03c269478

my code (updated to set strings to lower case in the hopes it would help) :

Code: Select all

trace(row.getSFSObject(0).getUtfString("password").toLowerCase());
               trace(row.getSFSObject(0).getUtfString("password"));
               trace(password.toLowerCase());
               trace(password);
           //SFS always encrypts passwords before sending them so you need to decrypt the password
           //received from the database and compare that to what they entered in flash
           if (!getApi().checkSecurePassword(session, row.getSFSObject(0).getUtfString("password").toLowerCase(), password.toLowerCase()))
           {
                SFSErrorData data = new SFSErrorData(SFSErrorCode.LOGIN_BAD_PASSWORD);

                data.addParameter(username);

                throw new SFSLoginException("Login failed for user: "  + username, data);
            }


The output from the smartfox server as a result of this code... first one works, second doesn't.. .within a span of a few seconds.

"07 Nov 2011 15:18:08,674 INFO [com.smartfoxserver.v2.controllers.SystemController-1] v2.controllers.SystemController - {IN}: Login
07 Nov 2011 15:18:08,698 INFO [pool-1-thread-2] Extensions - {m7s_login}: shake
07 Nov 2011 15:18:08,698 INFO [pool-1-thread-2] Extensions - {m7s_login}: shake
07 Nov 2011 15:18:08,698 INFO [pool-1-thread-2] Extensions - {m7s_login}: 5ffc7d46cf7f0b09b98441c03c269478
07 Nov 2011 15:18:08,698 INFO [pool-1-thread-2] Extensions - {m7s_login}: 5FFC7D46CF7F0B09B98441C03C269478
07 Nov 2011 15:18:08,699 WARN [pool-1-thread-2] entities.managers.SFSExtensionManager - com.smartfoxserver.v2.exceptions.SFSLoginException: Login failed for user: geekedatbirth
07 Nov 2011 15:18:10,366 INFO [SocketReader] bitswarm.sessions.DefaultSessionManager - Session removed: { Id: 14, Type: DEFAULT, Logged: No, IP: 99.175.70.109:55685 }
07 Nov 2011 15:18:18,566 INFO [SocketReader] bitswarm.core.SocketAcceptor - Session created: { Id: 15, Type: DEFAULT, Logged: No, IP: 99.175.70.109:55689 } on Server port: 9933 <---> 55689
07 Nov 2011 15:18:18,708 INFO [SocketReader] bitswarm.sessions.DefaultSessionManager - Session removed: { Id: 15, Type: DEFAULT, Logged: No, IP: 99.175.70.109:55689 }
07 Nov 2011 15:18:18,912 INFO [SocketReader] bitswarm.core.SocketAcceptor - Session created: { Id: 16, Type: DEFAULT, Logged: No, IP: 99.175.70.109:55690 } on Server port: 9933 <---> 55690
07 Nov 2011 15:18:18,967 INFO [com.smartfoxserver.v2.controllers.SystemController-1] v2.controllers.SystemController - {IN}: Handshake
07 Nov 2011 15:18:19,180 INFO [com.smartfoxserver.v2.controllers.SystemController-1] v2.controllers.SystemController - {IN}: Login
07 Nov 2011 15:18:19,211 INFO [pool-1-thread-1] Extensions - {m7s_login}: shake
07 Nov 2011 15:18:19,211 INFO [pool-1-thread-1] Extensions - {m7s_login}: shake
07 Nov 2011 15:18:19,211 INFO [pool-1-thread-1] Extensions - {m7s_login}: d266e7912cedd8fcf687e2b0993ff070
07 Nov 2011 15:18:19,211 INFO [pool-1-thread-1] Extensions - {m7s_login}: D266E7912CEDD8FCF687E2B0993FF070
07 Nov 2011 15:18:19,211 INFO [pool-1-thread-1] Extensions - {m7s_login}: Login successful, joining room!"

I understand that I probably shouldnt' be setting both the strings used to lower case when checking the password, that was just a leap of faith from many many hours of nothing else I tried helping. The point isn't whether the code should work or not, it's that the code should either work or not work consistently, and it's not, which has me absolutely baffled.

Here is a section of my Unity code, in case that helps :

Code: Select all

public int serverPort = 9933;

   public SmartFox smartFox;
   private string zone = "myChat";
   private string username = "geekedatbirth";
   public string password = "abc";

        void Start()
   {
      Security.PrefetchSocketPolicy(serverName, serverPort);
      /*string myUrl = ("WebPlayer.unity3d?id=2");
      if(Application.isWebPlayer || Application.isEditor) {
         
         if(Application.isWebPlayer) {
            myUrl = Application.srcValue;
         }
      }
      
      string [] split = myUrl.Split(new Char [] {'='});
      user_id = System.Convert.ToInt32(split[1]);*/
      
      bool debug = true;
      if (SmartFoxConnection.IsInitialized)
      {
         smartFox = SmartFoxConnection.Connection;
      }
      else
      {
         smartFox = new SmartFox(debug);
      }
            
      // Register callback delegate
      smartFox.AddEventListener(SFSEvent.CONNECTION, OnConnection);
      smartFox.AddEventListener(SFSEvent.CONNECTION_LOST, OnConnectionLost);
      smartFox.AddEventListener(SFSEvent.LOGIN, OnLogin);
      smartFox.AddEventListener(SFSEvent.LOGIN_ERROR, OnLoginError);
      smartFox.AddEventListener(SFSEvent.LOGOUT, OnLogout);
      smartFox.AddEventListener(SFSEvent.ROOM_JOIN, OnJoinRoom);
      smartFox.AddEventListener(SFSEvent.PUBLIC_MESSAGE, OnPublicMessage);

      smartFox.AddLogListener(LogLevel.DEBUG, OnDebugMessage);
      
      smartFox.Connect(serverName, serverPort);
      
      Debug.Log(Application.platform.ToString());
   }

void OnGUI() {
      if (smartFox == null) return;
      
            
      if (!smartFox.IsConnected) {
         // if not connected, show connecting information...
         //GUI.Label(new Rect(10, 90, 100, 100), "Connecting...");
      }
      // Login
      else if (!isLoggedIn && !isLoggingIn) {
         print("sending login request");
         isLoggingIn = true;
         smartFox.Send(new LoginRequest(username, password, zone));
      }
   }


That's not my entire script, just the parts relevant to the situation. I set my variable, send a login, and set my isloggingin to true so that I do not loop login attempts. This came from a tutorial, and perhaps I should move it from the OnGUI section, which I will definitely try next, but I still don't understand how my server could connect in one moment, then I try and connect again a fwe second later and get denied a login when NOTHING has changed.

I swear I'm not crazy...[/code]
appels
Posts: 464
Joined: 28 Jul 2010, 02:12
Contact:

Postby appels » 08 Nov 2011, 00:51

This is my login extension i use for testing.

Code: Select all

package net.edje.projects.sfsExtension;

import com.smartfoxserver.bitswarm.sessions.ISession;
import com.smartfoxserver.v2.core.ISFSEvent;
import com.smartfoxserver.v2.core.SFSEventParam;
import com.smartfoxserver.v2.exceptions.SFSErrorCode;
import com.smartfoxserver.v2.exceptions.SFSErrorData;
import com.smartfoxserver.v2.exceptions.SFSException;
import com.smartfoxserver.v2.exceptions.SFSLoginException;
import com.smartfoxserver.v2.extensions.BaseServerEventHandler;

public class LoginEventHandler extends BaseServerEventHandler {

    @Override
    public void handleServerEvent(ISFSEvent event) throws SFSException {

        ISession session = (ISession) event.getParameter(SFSEventParam.SESSION);
        String username = (String) event.getParameter(SFSEventParam.LOGIN_NAME);
        String encryptedpass = (String) event.getParameter(SFSEventParam.LOGIN_PASSWORD);
        String myPW = "test";

        if (!getApi().checkSecurePassword(session, myPW, encryptedpass)) {
            SFSErrorData errData = new SFSErrorData(SFSErrorCode.LOGIN_BAD_USERNAME);
            errData.addParameter(username);
            throw new SFSLoginException("Wrong password", errData);
        }
    }
}


my client side code is about the same as yours
ThomasLund
Posts: 1297
Joined: 14 Mar 2008, 07:52
Location: Sweden

Postby ThomasLund » 08 Nov 2011, 10:54

If you run the code in the editor, remember to have the part about cleaning up nicely on application quit. Else the editor will most of the time keep a connection to the server semi alive and give issues when you hit play again

/T
Full Control - maker of Unity/C# and Java SFS API and indie games
Follow on twitter: http://twitter.com/thomas_h_lund

Return to “SFS2X C# API”

Who is online

Users browsing this forum: No registered users and 17 guests