9bbeb35c08
Fixed an issue that prevented the password reset tokens from working. Added email templates for password reset success and new account creation. Added more dynamic email template support. |
||
|---|---|---|
| .idea | ||
| __pycache__ | ||
| scripts | ||
| static | ||
| templates | ||
| venv | ||
| config.json | ||
| README.md | ||
| requirements.txt | ||
| restart_website.sh | ||
| start_virtualenv.sh | ||
| start_website.sh | ||
| website.py | ||
AzerothCore Account Management
This application allows users to create and manage accounts for the World of Warcraft: Wrath of the Lich King private server. It provides features such as account creation, password reset, and email notifications.
Features
- Account Creation: Create new accounts with username, email, password, and expansion details.
- Password Reset: Reset account passwords through email verification.
- Secure Communication: Utilizes Gmail App Passwords for secure email communication.
Prerequisites
- Python 3.8+
- MySQL: Database for storing user data
- Gmail App Passwords: For sending emails securely
Installation
-
Clone the repository:
git clone https://github.com/BeardedInfoSec/AzerothCore-website.git cd AzerothCore-website -
Configure the application:
Ensure the
config.jsonfile in the root directory has the following structure and update it with your details:{ "USERNAME": "acore", "PASSWORD": "password", "SERVER_IP": "127.0.0.1", "MYSQL_PORT": 3306, "DATABASE": "acore_auth", "SMTP_EMAIL_ADDRESS": "your_email@gmail.com", "SMTP_EMAIL_PASSWORD": "your_app_password" }Note: Ensure you create a Gmail App Password and enable 2-Step Verification for your Google account.
Running the Application
-
Start the Flask application:
python website.pyThe application will be available at
http://127.0.0.1:5000/.Note: The SQLite database for password reset tokens will be auto-initialized when the website is run.
Configuration Notes
HTTP vs. HTTPS
- HTTP: Sends web traffic in plain text, making it potentially vulnerable to interception and attacks. It is not secure.
- HTTPS: Encrypts web traffic, ensuring data is securely transmitted between the client and server. It is recommended for all web applications to protect sensitive data.
To secure your application:
- Open ports 80 (HTTP) and 443 (HTTPS) on your server.
- Configure your firewall to allow traffic on these ports and point to your server's IP address or domain.
- Obtain and install an SSL/TLS certificate to enable HTTPS.
Email Configuration
- Important: The password reset functionality will not work without having the Gmail account configured, as it sends the reset link through email.
Security Best Practices
- Disable Debug Mode: Ensure
debug=Falsein your app configuration. - Use Environment Variables: Store sensitive data in environment variables.
- Enable HTTPS: Secure your application with HTTPS.
- Set Secure Headers: Use libraries like
Flask-Talismanto set secure headers. - Rate Limiting: Implement rate limiting to protect against brute force attacks.
- Input Validation: Always validate and sanitize input data.
Contact
For any issues or questions, please contact [thesoargoat@gmail.com].
This README provides comprehensive instructions for setting up and running your AzerothCore account management application securely.