I am aware this may not be the right place at all to ask this, most definitely not the right index to post this.
If there was another forum index that this could have went in, I'm deeply sorry about it.
But anyway, I was wondering what the hashing algorithm the client uses to hash the passwords before storing them in the database, this may come off like "Hacker" since I'm asking about what hashing algorithm is used, but I've been building a website for a server and trying to hash the passwords in register.php correctly to match the servers passwords, but it's just been ending up badly, thought it might have been sha1(sha1($pass));
Scoured the internet a bit, it's came close to telling me that it's a mysql hash, as I believe, but if I may have found it on a page, I have poor attention so I may have went past it.
Password Hashing
Re: Password Hashing
Maybe equivalent to SHA1(UNHEX(SHA1())) perhaps? I'll try it out.
Re: Password Hashing
DSP uses the following to create the login data/password:
You should be able to use the same query from PHP and have the same results.
Code: Select all
fmtQuery = "INSERT INTO accounts(id,login,password,timecreate,timelastmodify,status,priv)\
VALUES(%d,'%s',PASSWORD('%s'),'%s',NULL,%d,%d);";
if( Sql_Query(SqlHandle,fmtQuery,accid,login,password,
strtimecreate,ACCST_NORMAL,ACCPRIV_USER) == SQL_ERROR )
{
WBUFB(session[fd]->wdata,0) = LOGIN_ERROR_CREATE;
WFIFOSET(fd,1);
do_close_login(sd,fd);
return -1;
}Re: Password Hashing
Thank you guys, I'll do it now, took me a while when setting up a page for creating accounts(if possible soon characters), noticed auto increment was off so I couldn't type in DEFAULT for id, change it to Auto Increment, so even the webpage could create accounts, I'm wondering if it can cause any problems having it set to auto Incremented?
Never was a big fan of functions so I never did a few of the typical ones.
Edit: The id situation was done last night, so both web and client are creating accounts, from being said above, was wondering if you don't mind on posting opinions of security and functionality of setting it to auto increment.
Never was a big fan of functions so I never did a few of the typical ones.
Edit: The id situation was done last night, so both web and client are creating accounts, from being said above, was wondering if you don't mind on posting opinions of security and functionality of setting it to auto increment.
Re: Password Hashing
You can pull the max current id from the database using:
SELECT max(accounts.id) FROM accounts;
Then just +1 to the result for the next creation that you insert into the database.
SELECT max(accounts.id) FROM accounts;
Then just +1 to the result for the next creation that you insert into the database.