SteamAuth PHP Login System

Anyone knows how can I allow only some SteamIDS to login in the SteamAuth system made by SmItH197 (https://github.com/SmItH197/SteamAuthentication)?

1 answer

  • answered 2018-03-13 21:34 Lawrence Cherone

    You could have a list of ids which you check against the login.

    So create an array of allowed ids in SteamAuthentication/steamauth/SteamConfig.php

    <?php
    //Version 3.2
    $steamauth['apikey'] = ""; // Your Steam WebAPI-Key found at http://steamcommunity.com/dev/apikey
    $steamauth['domainname'] = ""; // The main URL of your website displayed in the login page
    $steamauth['logoutpage'] = ""; // Page to redirect to after a successfull logout (from the directory the SteamAuth-folder is located in) - NO slash at the beginning!
    $steamauth['loginpage'] = ""; // Page to redirect to after a successfull login (from the directory the SteamAuth-folder is located in) - NO slash at the beginning!
    
    // System stuff
    if (empty($steamauth['apikey'])) {die("<div style='display: block; width: 100%; background-color: red; text-align: center;'>SteamAuth:<br>Please supply an API-Key!<br>Find this in steamauth/SteamConfig.php, Find the '<b>\$steamauth['apikey']</b>' Array. </div>");}
    if (empty($steamauth['domainname'])) {$steamauth['domainname'] = $_SERVER['SERVER_NAME'];}
    if (empty($steamauth['logoutpage'])) {$steamauth['logoutpage'] = $_SERVER['PHP_SELF'];}
    if (empty($steamauth['loginpage'])) {$steamauth['loginpage'] = $_SERVER['PHP_SELF'];}
    
    // allow only these ids
    $allowed_ids = [
        '123abc',
        '987zxy',
    ];
    ?>
    

    Then in the file which does the auth SteamAuthentication/steamauth/steamauth.php line 34 check the ids against the one matched. If its not in the array do a redirect to an error page which tells the user, they are not allowed to login.

    ...
      preg_match($ptn, $id, $matches);
    
      if (!in_array($matches[1], $allowed_ids)) {
          exit(header('Location: some-page-with-error.php'));
      }
    
      $_SESSION['steamid'] = $matches[1];
    ...