This application allows users to create and manage accounts for the World of Warcraft: Wrath of the Lich King private server. It provides features such as account creation, password reset, and email notifications.
- Account Creation: Create new accounts with username, email, password, and expansion details.
- Password Reset: Reset account passwords through email verification.
- Secure Communication: Utilizes Gmail App Passwords for secure email communication.
- Python 3.8+
- MySQL: Database for storing user data
- Gmail App Passwords: For sending emails securely
-
Clone the repository:
git clone https://github.com/BeardedInfoSec/AzerothCore-website.git cd AzerothCore-website -
Configure the application:
Ensure the
config.jsonfile in the root directory has the following structure and update it with your details:{ "USERNAME": "acore", "PASSWORD": "password", "SERVER_IP": "127.0.0.1", "MYSQL_PORT": 3306, "DATABASE": "acore_auth", "SMTP_EMAIL_ADDRESS": "[email protected]", "SMTP_EMAIL_PASSWORD": "your_app_password" }Note: Ensure you create a Gmail App Password and enable 2-Step Verification for your Google account.
-
Start the Flask application:
python website.py
The application will be available at
http://127.0.0.1:5000/.Note: The SQLite database for password reset tokens will be auto-initialized when the website is run.
- HTTP: Sends web traffic in plain text, making it potentially vulnerable to interception and attacks. It is not secure.
- HTTPS: Encrypts web traffic, ensuring data is securely transmitted between the client and server. It is recommended for all web applications to protect sensitive data.
To secure your application:
- Open ports 80 (HTTP) and 443 (HTTPS) on your server.
- Configure your firewall to allow traffic on these ports and point to your server's IP address or domain.
- Obtain and install an SSL/TLS certificate to enable HTTPS.
- Important: The password reset functionality will not work without having the Gmail account configured, as it sends the reset link through email.
- Disable Debug Mode: Ensure
debug=Falsein your app configuration. - Use Environment Variables: Store sensitive data in environment variables.
- Enable HTTPS: Secure your application with HTTPS.
- Set Secure Headers: Use libraries like
Flask-Talismanto set secure headers. - Rate Limiting: Implement rate limiting to protect against brute force attacks.
- Input Validation: Always validate and sanitize input data.
For any issues or questions, please contact [[email protected]].
This README provides comprehensive instructions for setting up and running your AzerothCore account management application securely.