Posted
credits to Wabz for suggesting this method
So you want to make a key system/login system? Well today, I will be telling you how you can do so.
So, you may have tried this in the past and got your database or something else broken into. This is because of things like SQL Injection and/or poor obfuscation. Don't worry, this method is much better and wont allow people to do such a thing.
So to start, you are going to need some kind of database software like MySQL or MongoDB (MongoDB is recommended as it will be much better and secure in this case)
I recommend doing this in JavaScript (Node.JS). You are going to want to create your own Rest API to interact with your database/purchase system. In Node.JS, we will be using something called "Express". Express makes this very easy to do (Learn more here)
Next, (for MongoDB users) we need to install mongoose (npm i mongoose). This is how we interact with our MongoDB Database from Node.JS. (Learn more here)
So, to start, you are going to set up your Express environment. You need to tell Express to use your body parser, assign a port (3000), and other things you may want.
Next, this depends on how you want your system setup. Make your mongoose shemas. For a login system I recommend making an account schema with user, email, pass, and HWID. And a HWID shema (for blacklisting purposes.)
Then, you need to setup your API endpoints with express. You do this by using app.(request type) Example: app.post(), app.get().
I have a few endpoints in my API. I have index, orderpaid, signup, signin, resetpass, and some others. I am not showing you how to create 200 lines of code to make these function, you write that.
Now, lets talk about payment options. There are many sites that offer webhook support (sellix, shoppy, selly, etc.) When someone pays through one of these sites, you will need to send a post request to your API to handle payment and key/account generation.
These sites typically have am HMAC signature and a private webhook secret so you can verify the integrity of the webhook (so someone cant just fake a request). Read your sites documentation. Once you verify signature, id suggest generating a unique key and emailing it to the users email they used to pay. (It's easier than it sounds, trust me.)
Then, for signup/signin, you will make a post request from your UI with the needed information (user, pass, etc.) and make keys and email or any other information match the buyers email/key.
This is just a small rundown of what you need to do (Im not the best at explaining these things, but hopefully this helps you)
a mysterious creature from the past
Replied
yes very cool and finally u changed ur pfp very cool key sys tutorial
Cancel
Post
Replied
What if you spent 30 minutes typing this thread
But wrd said:
Faile to reach captcha
Cancel
Post
Replied
@Moon lol then just copy the text, refresh the page, paste the text back in and done
Cancel
Post
Replied
If some SQL fanboys starts saying "HOW IS MONGO MORE SECURE, STOP LYING YOU IDIOT SQL IS BETTER", please understand that interacting directly with SQL is less secure than using a library designed to interact with the mongodb database. This would avoid things such as SQL injection pretty easily. Now, things might exist to do that in SQL, but mongo is built like that, it's easier.
Cancel
Post
My new discord is Wabz#1337 with ID 777154062789509130
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post