Jump to content

  • Curse Sites
Become a Premium Member! Help
Latest News Article

Premium Account Validation Script

account premium minecraft script

  • Please log in to reply
19 replies to this topic

#1

DanielRHarris
  • Minecraft: DanielRHarris

Posted 07 September 2012 - 09:42 AM

A little while back i decided i would like to make sure that any user signing up for my server website would in fact be a real Minecraft player with a valid username.

I wrote a small script to do just that, it receives a username and checks the username against Minecraft.net's list of premium usernames.

Hope this helps people out, if anyone has any questions feel free to comment here with them.

Script:
<?php
// Code written by DanielRHarris (DanielRH)
// Code written for VectronCraft (IP: MC.VectronCraft.com -- Website: www.VectronCraft.com)

// PHP Function to check whether the minecraft username ($mcUser) is a premium minecraft account holder
function check_user($mcUser)
{

// $check_mcUser gets the contents of the file from minecraft.net that does the checking for premium user
$check_mcUser = file_get_contents('http://www.minecraft.net/haspaid.jsp?user='.$mcUser.'');

// If $check_mcUser is true (premium user), it executes the code within
if ($check_mcUser == 'true') {
echo 'Username Is Premium!';
}

// If $check_mcUser is not true, it executes the code within the else statement
else {
echo 'Username Not Premium.';
}

}

// Please comment/uncomment a method you would like to use to recieve the username (leave only one activated at once and comment the others out with a // at the begginning of the line

// Gets the username from a form submit, or via url (eg. www.example.com/checkuser.php?mcUser=DanielRHarris):
$mcUser = $_GET["mcUser"];

// Declares the username right here within the quotes:
//$mcUser = 'DanielRHarris';

// Executes function that checks whether the user is a premium minecraft account holder
check_user($mcUser);
?>

Long live the creeper! - Ssssss.....
/DanielRH

Register or log in to remove.

#2

BeanmenMinecraft

Posted 07 September 2012 - 06:25 PM

And how do it put this script in html?

#3

Kovu
    Kovu

    Memory Returned

  • Sectional Moderator
  • Curse Premium
  • 5325 posts
  • Location: California, Shingle Springs
  • Minecraft: Rainfur

Posted 08 September 2012 - 03:55 AM

Nice script. :) Good job.
Posted Image

#4

DanielRHarris
  • Minecraft: DanielRHarris

Posted 09 September 2012 - 12:13 AM

View PostBeanmenMinecraft, on 07 September 2012 - 06:25 PM, said:

And how do it put this script in html?

Just put this into a .php page and upload it to a webhost then navigate to the page and add a ?mcUser=USERNAMEHERE to the url and hit enter, that will check to see if its valid and tell you if it is.

IF you want it to do something special when it checks whether its a premoum account  or not, your gonna have to write special PHP code for that.

#5

Logicx
    Logicx

    Nether Resident

  • Members
  • 2060 posts
  • Location: New Zealand

Posted 09 September 2012 - 08:28 AM

Just thought I'd make the code a little easier for some people. Create a file called 'Minecraft.class.php' and add the php code:

class Minecraft {
// Code written by DanielRHarris (DanielRH)
// Code written for VectronCraft (IP: MC.VectronCraft.com -- Website: www.VectronCraft.com)
// PHP Function to check whether the minecraft username ($mcUser) is a premium minecraft account holder
function check_user($mcUser)
{
// $check_mcUser gets the contents of the file from minecraft.net that does the checking for premium user
$check_mcUser = file_get_contents('http://www.minecraft.net/haspaid.jsp?user='.$mcUser.'');
// If $check_mcUser is true (premium user), it executes the code within
if ($check_mcUser == 'true') {
return true;
}
// If $check_mcUser is not true, it executes the code within the else statement
else {
return false;
}
}

}

Then all you have to do is the follwing:

include('Minecraft.class.php');

$verify = new Minecraft();
$mc_user = $_GET['mc_user'];
$valid = $verify::check_user($mc_user);

if($valid) {
//user is premium
} else {
//user is not premium
}


#6

frostyfrog

Posted 09 September 2012 - 01:25 PM

Nice code Logicx! :D

It's a nice script, although I use the following code on my site:
in Minecraft.class.php
class Minecraft {

function check_login($username, $password)
{
if(!(empty($username) || empty($password)))
{

$url='https://login.minecraft.net/?user='.$username.'&password='.$password.'&version=99999';
$mc_curl = curl_init($url);
curl_setopt($mc_curl, CURLOPT_RETURNTRANSFER, true);
$mc_https_page = curl_exec($mc_curl);
curl_close($mc_curl);
$mc_str_arr = explode(" ", $mc_https_page);

if($mc_str_arr[0] != 'Bad')
{
if($mc_str_arr[0] != 'User')
{
if($mc_str_arr[0] != 'Account')
return true;
else
return 'Your account has been migrated to mojang.com, please use your email instead.';
}
else
return 'Sorry, you haven\'t bought Minecraft. ';
}
else
return 'Failed to login, are you sure you entered the right username and password? ';
}
}

}

In mclogin.php
// Code modified from Logicx's post
include('Minecraft.class.php');

$verify = new Minecraft();
$mc_user = htmlentities(mb_convert_encoding($_POST['user'], 'UTF-8', 'UTF-8'), ENT_QUOTES, 'UTF-8');
$mc_pass = htmlentities(mb_convert_encoding($_POST['pass'], 'UTF-8', 'UTF-8'), ENT_QUOTES, 'UTF-8');
$valid = $verify::check_login($mc_user, $mc_pass);

if($valid === true) {
print('%s is premium!', $mc_user.);
} else {
print('An error has occured while trying to log you in: %s', $mc_user.);
}

Posted Image
Signaturecraft is back!@SigCraft

#7

Lockhead
    Lockhead

    Tree Puncher

  • Curse Premium
  • Curse Premium
  • 14 posts
  • Location: Berlin, Germany

Posted 09 September 2012 - 05:07 PM

A simplified and more robust version to check if a given Minecraft username belongs to a premium account.
<?php

namespace Minecraft;

class User {
  public static function isValid($username) {
	$username = filter_var($username, FILTER_SANITIZE_STRING));
	$result = (bool) file_get_contents('http://www.minecraft.net/haspaid.jsp?user=' . $username);
	return $result;
  }
}

How to use:
<?php

use Minecraft\User;

if(User::isValid($_GET['username'])) {
  echo 'Premium User';
}

@frostyfrog
Nice way to get minecraft accounts...
Posted Image

#8

DarkStormDragon
  • Location: X: -256, Y:40, Z: 1024
  • Minecraft: DragonGilbert
  • Xbox:DarkDForce

Posted 10 September 2012 - 12:22 AM

Only thing i have a problem with with this script is it can be used in a malicious way. but all in all a great idea and a fantastic way to validate premium users

Posted Image


#9

Drakken255
  • Location: In cyberspaaaaace!!!
  • Minecraft: Drakken255

Posted 10 September 2012 - 03:35 PM

Very nice script. I myself made one for C# .NET for anyone making tools with that:

//Login Form gets username and password. (I used this in a Win Forms program)

WebClient doanloadClient = new WebClient();

//Try to download Minecraft login reply.
//Used version 99 because the current launcher is version 13. Anything larger is safe, anything smaller is not.
try
{
downloadClient.DownloadFile("http://login.minecraft.net?user=" + loginForm.Username + "&password=" + loginForm.Password + "&version=99", <DESTINATION FILE PATH>);
}
catch
{
//Failed to download the Minecraft login reply.
}
//Get the reply and delete.
string reply = File.ReadAllText(<PATH TO DOWNLOADED FILE>);
File.Delete(<PATH TO DOWNLOADED FILE>);

//Compare reply.

if (reply == "Bad login")
{
//"Bad login" = invalid information.
}
else if (reply == "User not premium")
{
//"User not premium" = user hasn't bought Minecraft
}

//Get username for direct launch of Minecraft.
username = loginForm.Username;

//Get session ID for direct launch of Minecraft.
sessionID = reply;
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(0, sessionID.IndexOf(':'));

I'm using this in my program (see siggy!) to be sure the user doesn't steal the game.

Posted ImageThe most user friendly version switcher: Get it here!


#10

winercai
    winercai

    Tree Puncher

  • Members
  • 14 posts
  • Minecraft: Winercai

Posted 10 September 2012 - 11:01 PM

In Spanish?

#11

frostyfrog

Posted 11 September 2012 - 03:24 AM

View PostDrakken255, on 10 September 2012 - 03:35 PM, said:

Very nice script. I myself made one for C# .NET for anyone making tools with that:

if (reply == "Bad login")
{
//"Bad login" = invalid information.
}
else if (reply == "User not premium")
{
//"User not premium" = user hasn't bought Minecraft
}

I'm using this in my program (see siggy!) to be sure the user doesn't steal the game.
Problem with only doing this check is that they could type an incorrect password with a mojang.com account and get free access to the game. The reason behind my logic is that if they don't enter the email address, it will return "Account migrated, use e-mail as username." no matter what. I just tried it with my username, rathar than my email address, and got that message.

A bit OT but; you have a version switcher/launcher and I have a modded jar downloader ;D (too much effort to install mods on the mac)
Posted Image
Signaturecraft is back!@SigCraft

#12

Drakken255
  • Location: In cyberspaaaaace!!!
  • Minecraft: Drakken255

Posted 11 September 2012 - 04:34 AM

View Postfrostyfrog, on 11 September 2012 - 03:24 AM, said:

Problem with only doing this check is that they could type an incorrect password with a mojang.com account and get free access to the game. The reason behind my logic is that if they don't enter the email address, it will return "Account migrated, use e-mail as username." no matter what. I just tried it with my username, rathar than my email address, and got that message.

A bit OT but; you have a version switcher/launcher and I have a modded jar downloader ;D (too much effort to install mods on the mac)

Duely noted. Will patch tonight to prevent this and edit this post with the new code. And I'm not sure I get the meaning behind your OT statement.

EDIT: New code posted below.

Posted ImageThe most user friendly version switcher: Get it here!


#13

frostyfrog

Posted 11 September 2012 - 04:45 AM

Basically, I was stating that you were using login code to download different versions of minecraft, while I was using it to download a modded jar. I do it because it is overly complicated to install mods on a mac. Therefore, I created a shell script that will install mods for me, then I (or friends) could proceed to download the modded jar in a more legal manner from anywhere in the world.
Posted Image
Signaturecraft is back!@SigCraft

#14

Drakken255
  • Location: In cyberspaaaaace!!!
  • Minecraft: Drakken255

Posted 11 September 2012 - 12:28 PM

Ah, I see. One feature I want to have is the ability to preload different versions with mods upon download, but that would require a database of mods to download, meaning I actively search for them or they register. I know for a fact that until Patchcraft is very popular, that won't happen.

The altered code is as follows:


WebClient doanloadClient = new WebClient();

//Set to true because the code tests for problems and not a lack thereof.
//Any problem detected will set to false, and the loop will set back to true for next run.
bool verified = true;

//Login loop.
//As is, this code results in a a loop that will continue until the user gets the information correct.
//This can be cut to any number of times by using a "tries" integer variable.
do
{
//Login Form gets username and password.

//Set verified to true for current run.
verified = true;

//Try to download Minecraft login reply.
//Used version 99 because the current launcher is version 13. Anything larger is safe, anything smaller is not.
try
{
downloadClient.DownloadFile("http://login.minecraft.net?user=" + loginForm.Username + "&password=" + loginForm.Password + "&version=99", <DESTINATION FILE PATH>);
}
catch
{
//Failed to download the Minecraft login reply.
}
//Get the reply and delete.
string reply = File.ReadAllText(<PATH TO DOWNLOADED FILE>);
File.Delete(<PATH TO DOWNLOADED FILE>);

//Compare reply.

if (reply == "Bad login")
{
//"Bad login" = invalid information.
verified = false;
}
else if (reply == "User not premium")
{
//"User not premium" = user hasn't bought Minecraft
verified = false;
}
else if (reply == "Account migrated, use e-mail as username.")
{
//"Account migrated, use e-mail as username." = account has been migrated.
//User should use Mojang email in the username box instead of his/her actual MC username
verified = false;
}

} while (!verified);

//Get username for direct launch of Minecraft.
username = loginForm.Username;

//Get session ID for direct launch of Minecraft.
sessionID = reply;
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(0, sessionID.IndexOf(':'));

Posted ImageThe most user friendly version switcher: Get it here!


#15

Logicx
    Logicx

    Nether Resident

  • Members
  • 2060 posts
  • Location: New Zealand

Posted 12 September 2012 - 03:09 AM

View PostDrakken255, on 11 September 2012 - 12:28 PM, said:

Ah, I see. One feature I want to have is the ability to preload different versions with mods upon download, but that would require a database of mods to download, meaning I actively search for them or they register. I know for a fact that until Patchcraft is very popular, that won't happen.

The altered code is as follows:


WebClient doanloadClient = new WebClient();

//Set to true because the code tests for problems and not a lack thereof.
//Any problem detected will set to false, and the loop will set back to true for next run.
bool verified = true;

//Login loop.
//As is, this code results in a a loop that will continue until the user gets the information correct.
//This can be cut to any number of times by using a "tries" integer variable.
do
{
//Login Form gets username and password.

//Set verified to true for current run.
verified = true;

//Try to download Minecraft login reply.
//Used version 99 because the current launcher is version 13. Anything larger is safe, anything smaller is not.
try
{
downloadClient.DownloadFile("http://login.minecraft.net?user=" + loginForm.Username + "&password=" + loginForm.Password + "&version=99", <DESTINATION FILE PATH>);
}
catch
{
//Failed to download the Minecraft login reply.
}
//Get the reply and delete.
string reply = File.ReadAllText(<PATH TO DOWNLOADED FILE>);
File.Delete(<PATH TO DOWNLOADED FILE>);

//Compare reply.

if (reply == "Bad login")
{
//"Bad login" = invalid information.
verified = false;
}
else if (reply == "User not premium")
{
//"User not premium" = user hasn't bought Minecraft
verified = false;
}
else if (reply == "Account migrated, use e-mail as username.")
{
//"Account migrated, use e-mail as username." = account has been migrated.
//User should use Mojang email in the username box instead of his/her actual MC username
verified = false;
}

} while (!verified);

//Get username for direct launch of Minecraft.
username = loginForm.Username;

//Get session ID for direct launch of Minecraft.
sessionID = reply;
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(sessionID.IndexOf(':') + 1);
sessionID = sessionID.Substring(0, sessionID.IndexOf(':'));

It would also probably be easier to use WebClient.DownloadString() function instead. e.g.

string reply = WebClient.DownloadString("http://login.minecraft.net?user=" + loginForm.Username + "&password=" + loginForm.Password + "&version=99");



#16

Drakken255
  • Location: In cyberspaaaaace!!!
  • Minecraft: Drakken255

Posted 12 September 2012 - 05:47 AM

It might, but when testing my code I had problems and this was one of the things that changed until it began working. I never bothered to try it again once it started working. I'll try tonight.

Posted ImageThe most user friendly version switcher: Get it here!


#17

drinfernoo
  • Location: Washington

Posted 12 September 2012 - 06:27 PM

Can't you just set online-mode=true in your server.properties file?
Learn some Java before you mod, and skip over the chapter on ModLoader, straight to MinecraftForge. It's better. Trust me.
Posted Image

#18

frostyfrog

Posted 12 September 2012 - 06:59 PM

View Postdrinfernoo, on 12 September 2012 - 06:27 PM, said:

Can't you just set online-mode=true in your server.properties file?
While this forces the player to own minecraft in order to join the server, it doesn't tie the user account to a forum for example. And in Drakken's case, that wouldn't prevent someone from downloading and playing minecraft in a single player world.

In summary; That works for the minecraft server, but not for other things. (like a website, which this topic was originally about)
Posted Image
Signaturecraft is back!@SigCraft

#19

Drakken255
  • Location: In cyberspaaaaace!!!
  • Minecraft: Drakken255

Posted 12 September 2012 - 10:28 PM

frostyfrog is correct. Our situations call for more complex security measures because we are dealing with access to the game itself, modded or not, current version or not. We don't want the user who hasn't bought the game to be able to play it at all. I am personally very much against pirating. You are literally robbing the creators of hours upon hours of effort. I try as hard as I can to support the creators of whatever I use by buying every piece of software I have, and I wish the rest of the world were just as honest.

Posted ImageThe most user friendly version switcher: Get it here!


#20

drinfernoo
  • Location: Washington

Posted 13 September 2012 - 02:03 AM

Ah I see...
Learn some Java before you mod, and skip over the chapter on ModLoader, straight to MinecraftForge. It's better. Trust me.
Posted Image