registration script

[james20020]

i make my oun registretion script for my server but i have a problem when i register the user register perfct
and enter on the databsae the problem is the password encrypt this is the normal encrypt make the server auto whit the add account.exe 0c25315dec023d2f421f73e9bd013e3b
but when a user register is diferent the encrypt
667E596B017517C6FA2701BDBBBCAA0C
this is the code i have
$_POST['pword'] = md5($_POST['pword']);

if (!get_magic_quotes_gpc()) {

$_POST['pword'] = addslashes($_POST['pword']);
}
i dont know what is the encript for the server accounts if some one know what is the encrypt because is no md5

[BlueCrab]

I'm assuming you're still talking about Tethealla? The passwords are salted. Look at the source code to the add account program to figure out how to do it yourself. If I'm not mistaken, they're actually salted something like this (in C, not in PHP):

Code: Select all

/* Variables needed for the calculation. */
uint32_t registration_time; /* Input: The time when the user registers. */
char *passwd; /* Input: The user's password */
char salted[strlen(passwd) + 32]; /* Output: Where to store the salted version. */

sprintf(salted, "%s_%lu_salt", passwd, registration_time);

You would then pass that salted variable into the md5 function, and that should give you the correct value. That said, I might be slightly off on how that's all dealt with, as I didn't write Tethealla and I don't remember all of its quirks off the top of my head.

Once again, the best place to look would be in the source code to the program. Look at how it is done there, and replicate it in your code.

[james20020]

can you make me one and i fallow one simple registration i look in the soure code but i see is md5 encrypt but dont work for me can i pass you my conpleate script and you chek it for me please heres my scipt

[BlueCrab]

Unfortunately, I don't really have time to be doing much programming at the moment. I haven't even had a chance to work on Sylverant in over a month.

As I said, I know that the salting function in Tethealla is very similar to what I posted earlier. It may not be exactly that, but it is pretty close. I'm absolutely sure it should be in the source code to the add account program.

In fact, here's the exact code from account_add.c in Tethealla (lines 412-421):

Code: Select all

	reg_seconds = (unsigned) regtime / 3600L;
	ch = strlen (&password[0]);
	_itoa (reg_seconds, &config_data[0], 10 );
	//Throw some salt in the game ;)
	sprintf (&password[ch], "_%s_salt", &config_data[0] );
	//printf ("New password = %s\n", password );
	MDString (&password[0], &MDBuffer[0] );
	for (ch=0;ch<16;ch++)
		sprintf (&md5password[ch*2], "%02x", (unsigned char) MDBuffer[ch]);
	md5password[32] = 0;

It's ugly, but pretty much identical to what I posted earlier (except that it divides the registration time by 3600).

[tueidj]

It's bad enough when people write code that references the address of array element x (instead of just adding x to the array pointer), but doing it for element 0 is just ridiculous.

[BlueCrab]

Tethealla's code does that all over the place, unfortunately. It does tend to make it really ugly to read and figure out.

[RyoDC]

Md5 is no more considered cryptographic safe.

[tueidj]

It's still safe enough for password hashing since a theoretical attacker would not know the hash value they are trying to match.