Authentication Check [PHP]

Everything todo with programming goes HERE.
Post Reply
User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Authentication Check [PHP]

Post by Light »

// Thanks Tank
Last edited by Light on Tue Jan 20, 2015 2:25 pm, edited 1 time in total.

User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6709
Joined: Thu Dec 18, 2003 7:03 pm

Re: Authentication Check [PHP]

Post by Tank Program »

Do @ct and aagid support md5 authentication? It looks like that's all your script is compatible with.
Image

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Authentication Check [PHP]

Post by Light »

Tank Program wrote:Do @ct and aagid support md5 authentication? It looks like that's all your script is compatible with.
Arma only supports md5, so they have to? Also, checking the methods return md5 as a valid option.

http://ct.authentication.armagetronad.n ... ry=methods

Code: Select all

METHODS webform,md5,bmd5
http://aagid.authentication.armagetrona ... ry=methods

Code: Select all

methods md5,bmd5

User avatar
kyle
Reverse Outside Corner Grinder
Posts: 1867
Joined: Thu Jun 08, 2006 3:33 pm
Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
Contact:

Re: Authentication Check [PHP]

Post by kyle »

Code: Select all

  
   // Get the hash ready.
   $passHash   = $prefix . $pass . $suffix;
   $packedSalt = pack("H*", $salt);
   $packedPass = pack('H*', $passHash);
   
   $hash = md5($packedPass . $packedSalt)
I think that is where the problem is, authorities can control the way that the md5 is generated, I am pretty sure cts packs the username in there someplace
Image

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Authentication Check [PHP]

Post by Light »

kyle wrote:I think that is where the problem is, authorities can control the way that the md5 is generated, I am pretty sure cts packs the username in there someplace
That would be inside the prefix or suffix, which is included in $passHash. I can echo it out to show you ..

Code: Select all

Light:aaauth:{MD5 PASS REMOVED}:crazy-tronners.com

User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6709
Joined: Thu Dec 18, 2003 7:03 pm

Re: Authentication Check [PHP]

Post by Tank Program »

I guess we never got around to putting SHA1 into the game. Maybe another thing for 0.4?

Reading through the code in more detail, I suspect your %u substitution may be at fault, and or something to do with the rest of the prefix/suffix code. forums, rx, and lt, don't use them, while ct & aagid do. %u will be case sensitive to exactly how it is in the database. Specifically, I think you need

Code: Select all

   $passHash   = $prefix . $pass . $suffix;
to become

Code: Select all

   $passHash   = md5($prefix . $pass . $suffix);
and then to change

Code: Select all

   $pass = md5($_POST['password']);
to

Code: Select all

   $pass = $_POST['password'];
. If I do that, I can produce working code.
Image

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Authentication Check [PHP]

Post by Light »

Tank, I love you! :) lol Stupid mistakes cost too much frustration. Thanks for catching that.

qqNob
Posts: 4
Joined: Fri Jan 20, 2017 5:45 pm

Re: Authentication Check [PHP]

Post by qqNob »

Light wrote:// Thanks Tank
hey light, how use the method webform?

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1664
Joined: Thu Oct 20, 2011 2:11 pm

Re: Authentication Check [PHP]

Post by Light »

qqNob wrote:
Light wrote:// Thanks Tank
hey light, how use the method webform?
Dude, you're so far off topic in this thread. Don't dig up irrelevant posts from their grave. Use your current thread on the topic you're asking about.

User avatar
Z-Man
God & Project Admin
Posts: 11426
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Re: Authentication Check [PHP]

Post by Z-Man »

My bad! I approved the post thinking it was in the other thread, leaving my 'does this even make sense' filter turned off.

Post Reply