angry.hair/AzerothCore-website
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
5 commits 1 branch 0 tags 19 MiB
Python 99.4%
C 0.3%
Find a file
Bearded_InfoSec 536fc5cdb6 Added requirements.txt
2024-09-27 22:14:09 -05:00
.idea Added functionality to Create account, send password reset links 2024-07-21 19:13:40 -05:00
scripts Added requirements.txt 2024-09-27 22:14:09 -05:00
static Added functionality to Create account, send password reset links 2024-07-21 19:13:40 -05:00
templates Added functionality to Create account, send password reset links 2024-07-21 19:13:40 -05:00
config.json Added functionality to Create account, send password reset links 2024-07-21 19:13:40 -05:00
README.md "Update README.md with new clone URL and add email configuration section; remove tokens.db file" 2024-07-21 19:21:25 -05:00
requirements.txt Added requirements.txt 2024-09-27 22:14:09 -05:00
website.py Added functionality to Create account, send password reset links 2024-07-21 19:13:40 -05:00

README.md

AzerothCore Account Management

This application allows users to create and manage accounts for the World of Warcraft: Wrath of the Lich King private server. It provides features such as account creation, password reset, and email notifications.

Features

  • Account Creation: Create new accounts with username, email, password, and expansion details.
  • Password Reset: Reset account passwords through email verification.
  • Secure Communication: Utilizes Gmail App Passwords for secure email communication.

Prerequisites

  • Python 3.8+
  • MySQL: Database for storing user data
  • Gmail App Passwords: For sending emails securely

Installation

  1. Clone the repository:

    git clone https://github.com/BeardedInfoSec/AzerothCore-website.git
cd AzerothCore-website

  2. Configure the application:

    Ensure the config.json file in the root directory has the following structure and update it with your details:

    {
    "USERNAME": "acore",
    "PASSWORD": "password",
    "SERVER_IP": "127.0.0.1",
    "MYSQL_PORT": 3306,
    "DATABASE": "acore_auth",
    "SMTP_EMAIL_ADDRESS": "your_email@gmail.com",
    "SMTP_EMAIL_PASSWORD": "your_app_password"
}

    Note: Ensure you create a Gmail App Password and enable 2-Step Verification for your Google account.

Running the Application

  1. Start the Flask application:

    python website.py

    The application will be available at http://127.0.0.1:5000/.

    Note: The SQLite database for password reset tokens will be auto-initialized when the website is run.

Configuration Notes

HTTP vs. HTTPS

  • HTTP: Sends web traffic in plain text, making it potentially vulnerable to interception and attacks. It is not secure.
  • HTTPS: Encrypts web traffic, ensuring data is securely transmitted between the client and server. It is recommended for all web applications to protect sensitive data.

To secure your application:

  • Open ports 80 (HTTP) and 443 (HTTPS) on your server.
  • Configure your firewall to allow traffic on these ports and point to your server's IP address or domain.
  • Obtain and install an SSL/TLS certificate to enable HTTPS.

Email Configuration

  • Important: The password reset functionality will not work without having the Gmail account configured, as it sends the reset link through email.

Security Best Practices

  • Disable Debug Mode: Ensure debug=False in your app configuration.
  • Use Environment Variables: Store sensitive data in environment variables.
  • Enable HTTPS: Secure your application with HTTPS.
  • Set Secure Headers: Use libraries like Flask-Talisman to set secure headers.
  • Rate Limiting: Implement rate limiting to protect against brute force attacks.
  • Input Validation: Always validate and sanitize input data.

Contact

For any issues or questions, please contact [thesoargoat@gmail.com].

This README provides comprehensive instructions for setting up and running your AzerothCore account management application securely.