diff options
author | Jesusaves <cpntb1@ymail.com> | 2022-02-06 01:15:11 -0300 |
---|---|---|
committer | Jesusaves <cpntb1@ymail.com> | 2022-02-06 01:15:11 -0300 |
commit | 9bf7e921e7807def51f32ff48ad6920618735a8d (patch) | |
tree | bc326d6fe86cb538a724d064788cbaae96ba1edf /src/elogin/parse.c | |
parent | 660b9e5afc01a2db7c0a796b599f80deddc0cfd2 (diff) | |
download | evol-hercules-9bf7e921e7807def51f32ff48ad6920618735a8d.tar.gz evol-hercules-9bf7e921e7807def51f32ff48ad6920618735a8d.tar.bz2 evol-hercules-9bf7e921e7807def51f32ff48ad6920618735a8d.tar.xz evol-hercules-9bf7e921e7807def51f32ff48ad6920618735a8d.zip |
All new accounts will now have their passwords stored in SHA256.
Supersedes all previous authentication methods, except VAULT TOKEN.
This is done on registration and when changing password.
Diffstat (limited to 'src/elogin/parse.c')
-rw-r--r-- | src/elogin/parse.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/elogin/parse.c b/src/elogin/parse.c index 73e1ab1..2eb71f5 100644 --- a/src/elogin/parse.c +++ b/src/elogin/parse.c @@ -185,15 +185,15 @@ enum parsefunc_rcode elogin_parse_ping_pre(int *fd __attribute__ ((unused)), void elogin_parse_change_paassword(int fd) { - char actual_pass[24], new_pass[24]; + char actual_pass[65], new_pass[65]; int status = 0; struct mmo_account acc; const int accountId = RFIFOL (fd, 2); - memcpy (actual_pass, RFIFOP (fd, 6), 24); - actual_pass[23] = '\0'; - memcpy (new_pass, RFIFOP (fd, 30), 24); - new_pass[23] = '\0'; + memcpy (actual_pass, RFIFOP (fd, 6), 65); + actual_pass[64] = '\0'; + memcpy (new_pass, RFIFOP (fd, 30), 65); + new_pass[64] = '\0'; if (!login->accounts->load_num(login->accounts, &acc, accountId)) { @@ -202,12 +202,15 @@ void elogin_parse_change_paassword(int fd) return; } - if (!strcmp(actual_pass, acc.pass) || pass_ok(actual_pass, acc.pass)) + if (!strcmp(actual_pass, acc.pass) || + pass_ok(actual_pass, acc.pass) || + pass_sha256(actual_pass, acc.pass)) { // changed ok status = 1; // Hash password - safestrncpy(acc.pass, MD5_saltcrypt(new_pass, make_salt()), sizeof(acc.pass)); + //safestrncpy(acc.pass, MD5_saltcrypt(new_pass, make_salt()), sizeof(acc.pass)); + safestrncpy(acc.pass, SHA256_CRYPT(new_pass), sizeof(acc.pass)); login->accounts->save(login->accounts, &acc); } else |