summaryrefslogtreecommitdiff
path: root/src/net/manaserv/loginhandler.cpp
diff options
context:
space:
mode:
authorPhilipp Sehmisch <crush@themanaworld.org>2009-12-04 22:16:26 +0100
committerPhilipp Sehmisch <crush@themanaworld.org>2009-12-04 22:16:26 +0100
commit625d8282af5a4da4b6d5c9a31e542680acd5e7b3 (patch)
treeaccd2ed06790318b54bb88cc4e1290626429bf09 /src/net/manaserv/loginhandler.cpp
parent51fc0fa1fffda1da0a71f7248ca809bbc5b87620 (diff)
downloadmana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.gz
mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.bz2
mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.tar.xz
mana-625d8282af5a4da4b6d5c9a31e542680acd5e7b3.zip
Moved password hashing during registration to the client
Diffstat (limited to 'src/net/manaserv/loginhandler.cpp')
-rw-r--r--src/net/manaserv/loginhandler.cpp6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/net/manaserv/loginhandler.cpp b/src/net/manaserv/loginhandler.cpp
index bd29d1d9..9abef806 100644
--- a/src/net/manaserv/loginhandler.cpp
+++ b/src/net/manaserv/loginhandler.cpp
@@ -421,10 +421,8 @@ void LoginHandler::registerAccount(LoginData *loginData)
msg.writeInt32(0); // client version
msg.writeString(loginData->username);
- // When registering, the password and email hash is assumed by server.
- // Hence, data can be validated safely server-side.
- // This is the only time we send a clear password.
- msg.writeString(loginData->password);
+ // Use a hashed password for privacy reasons
+ msg.writeString(sha256(loginData->username + loginData->password));
msg.writeString(loginData->email);
msg.writeString(loginData->captchaResponse);