0

Hello,

I'm looking into making an account validator for wordpress which runs off a validator for another server. Shown here:

http://www.minecraftwiki.net/wiki/User:Oxguy3/Minecraft.net_API

It's running in Wordpress and I just wanted to ask for your opinions on how to do this. The idea I had is that the username they signed up to on the site with would have to be the username being looked for in :

http://login.minecraft.net/?user=<USERNAME>&password=<PASSWORD>&version=12

The only problem with this is the PASSWORD field... how would I go about allowing them to do this and feel secure?

edit:

Is it possible to check if theyre in the database and if so then ALLOW them to register?

$mpaccountvalidator = wp_remote_get('http://www.minecraft.net/haspaid.jsp?user='($login));
if( is_wp_error( $response ) ) {
   echo 'Something went wrong!';
} else {
   echo 'Response:<pre>';
   print_r( $response );
   echo '</pre>';
}

Thanks guys,

Edited by bradly.spicer

2
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by bradly.spicer
0

Will the data from $login will be encrypted? As long as the data are sent and processed by script ( php to php ), I don't see any possibilities for human to hack whatever is sent by the php script to another server.

Paypal API works the same way as this, with the only exemption of implementing the cURL to do the submission of the data and grab the remote response from paypal. So far, I have not heard anyone able to intercept this process. Interception only occurs when there is a browser involved.

Do not allow your user's browser to go in that url, it should be the script sending the data and pick up the response. For example, I wrote a similar script before as shown here. What this script can do is to remotely validate First Name, Last Name, and credit number ( this is a test form only ). The data are being sent out to two different servers. The first server is in Nevada and the Other is in Texas.

API works in the background and in the server side... as long as you keep it this way, your applications will be safe.

Edited by veedeoo: more info. added

0

Thanks Veedo, the plan is to make it check the username being used in Wordpress and fill <username> in with it

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.