Armathentication

[deleet]

Not sure where to post this.

Anyway, simply, searched around a bit and couldn't find anywhere the says about setting up your own armathentication. E.g Calibur@phalanx.me

What are the requirements etc.

[Tank Program]

http://wiki.armagetronad.net/index.php? ... ion_Server

[deleet]

Confusing. What do I need to change to make it work?

[Z-Man]

On the complicated script from bzr, you need to tell it your database connection and which rows to find user name and password hash in; and you also need to adapt prefix and suffix and possibly the password hashing algorithm the forum uses so the stored password hash is md5( prefix . password. suffix ).

[deleet]

I mean, how can I tell which bits in the code to replace?

Code: Select all

if (mysql_num_rows($result) == 1) //if there's the user
96		
	{
97		
		$row = mysql_fetch_row($result);
98	0.1.15	
		if (strlen($row[0]) == 0) //make sure hash row isn't empty
99		
			$hashEmpty = true;
100		
		else
101		
		{
102	4	
            if ( $hashMethod == 'webform')
103		
            {
104		
                $correctUserName = $row[2];
105		
            }
106		
            else
107		
            {
108		
                $correctUserName = $row[1];
109		
            }
110		
            $correctHash = $method(pack('H*',$row[0]).$packedSalt); //calculate the correct hash
111	0.1.15	
			if (strcasecmp($hash, $correctHash) == 0) //and then compare it
112		
				$passwordOK = true;
113		
		}

Attached is my database blah blah.

[deleet]

Code: Select all

 if (in_array($hashMethod, $validMethods)) //make sure it's supported method
74	0.1.8	
{		//connect
75	0.1.18	
	$realDbDetails = get_db_details ($host, $hashMethod);
76		
	$db = mysql_connect($realDbDetails['host'], $realDbDetails['user'], $realDbDetails['passwd']);
77		
	mysql_select_db($realDbDetails['name'], $db);
78	0.1.6	
79	4	
	if ( $hashMethod === 'webform' )
80		
    {
81		
        if ( in_array('md5', $validMethods) ) $method = 'md5';
82		
    	    else if ( in_array('bmd5', $validMethods) ) $method = 'bmd5';
83		
            else die("METHOD_NOT_IMPLEMENTED"); // TODO: nice message
84		
85		
        $result = mysql_query('SELECT `'.$realDbDetails['row'].'`, `'.$realDbDetails['user_row'].'`,`' . $realDbDetails['username_row'] . '` FROM `'.$realDbDetails['table'].'` WHERE `'.$realDbDetails['user_row'].'` = \''.addslashes($user).'\'', $db);
86		
        $del_result = mysql_query('DELETE FROM `' . $realDbDetails['table'] . '`
87		
                       WHERE `'.$realDbDetails['user_row'].'` = \''.addslashes($user).'\'');
88		
    }
89		
    else
90		
    {
91		
        $method = $hashMethod;
92		
        $result = mysql_query('SELECT `'.$realDbDetails['row'].'`, `'.$realDbDetails['user_row'].'` FROM `'.$realDbDetails['table'].'` WHERE `'.$realDbDetails['user_row'].'` = \''.addslashes($user).'\'', $db);
93		
    }

What do I replace in here? I know my data base host name, the date base name, user name and password.

[deleet]

And finally;

and you also need to adapt prefix and suffix and possibly the password hashing algorithm the forum uses so the stored password hash is md5( prefix . password. suffix ).

How do I do this, presumably, after doing these three things. All data will have been uploaded and I just have to upload this armaauth.php file to domain.com/armaauth/0.1/armaauth.php

[Z-Man]

The quoted code doesn't need changing, the FORUM code maybe does. You need to create config.php (copy config.php.sample). It looks like 'user_row' needs to be set to 'forums_users' and 'user' needs to be 'Admin'. 'table' probably needs to be 'a8254372_data', though I don't fully understand that picture. And I don't see any row there that may contain the password hashes. Is maybe forums_users the table containing more rows?

And yeah, once the adaptions are done, you need to upload the scripts.

[deleet]

That forum doesn't support it. I will change it.

So let me get this straight. All I have to change is the config.php?

[deleet]

What about this?

EDIT: Is this md5, bmd5 or sha1?

[Z-Man]

Looks like md5 to me. That's rows in the forums_users table? Sounds useful, and yeah, the thing to set for 'users_row'. However, the members_pass_salt row is worrying. Looks like a per-user salt used in the password hash, so the hash would be something like md5(password . salt), which is not the kind of flexibility armathentication supports. It's not just a problem with the scripts, the game servers would need to support per-user prefix/suffix, which they don't. So can you dig out the forum code using those rows? the members_pass_salt one, in particular? Or just tell us what forum software you're using?

[deleet]

Powered By IP.Board 3.0.4 © 2010 IPS, Inc.

[Z-Man]

They don't seem to give out the source to non-customers, so you'll have to do the digging yourself, and also the checking whether you're allowed to share the results and whether you're allowed to make changes.

[deleet]

Decided to switch to a simpler forum, also twixted xats and crazy tronners have setup auth with this one. So should be able to.

This is what I got

[Z-Man]

Without the forum code, there's nothing to read from there.