Member Avatar for bradly.spicer

Hello,

I'm looking into making an account validator for wordpress which runs off a validator for another server. Shown here:

http://www.minecraftwiki.net/wiki/User:Oxguy3/Minecraft.net_API

It's running in Wordpress and I just wanted to ask for your opinions on how to do this. The idea I had is that the username they signed up to on the site with would have to be the username being looked for in :

http://login.minecraft.net/?user=<USERNAME>&password=<PASSWORD>&version=12

The only problem with this is the PASSWORD field... how would I go about allowing them to do this and feel secure?

edit:

Is it possible to check if theyre in the database and if so then ALLOW them to register?

$mpaccountvalidator = wp_remote_get('http://www.minecraft.net/haspaid.jsp?user='($login));
if( is_wp_error( $response ) ) {
   echo 'Something went wrong!';
} else {
   echo 'Response:<pre>';
   print_r( $response );
   echo '</pre>';
}

Thanks guys,

Edited by bradly.spicer
  • 2 Contributors
  • 2 Replies
  • 120 Views
  • 10 Hours Discussion Span
  • Latest Post Latest Post by bradly.spicer
Member Avatar for veedeoo

Will the data from $login will be encrypted? As long as the data are sent and processed by script ( php to php ), I don't see any possibilities for human to hack whatever is sent by the php script to another server.

Paypal API works the same way as this, with the only exemption of implementing the cURL to do the submission of the data and grab the remote response from paypal. So far, I have not heard anyone able to intercept this process. Interception only occurs when there is a browser involved.

Do not allow your user's browser to go in that url, it should be the script sending the data and pick up the response. For example, I wrote a similar script before as shown here. What this script can do is to remotely validate First Name, Last Name, and credit number ( this is a test form only ). The data are being sent out to two different servers. The first server is in Nevada and the Other is in Texas.

API works in the background and in the server side... as long as you keep it this way, your applications will be safe.

Edited by veedeoo because: more info. added
Member Avatar for bradly.spicer

Thanks Veedo, the plan is to make it check the username being used in Wordpress and fill <username> in with it

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.