From 309cc134916ea23be201055e9d858b0b7042e30a Mon Sep 17 00:00:00 2001 From: Jesusaves Date: Sun, 6 Feb 2022 01:14:27 -0300 Subject: All new accounts will now have their passwords stored in SHA256. Supersedes all previous authentication methods, except VAULT TOKEN. --- src/login/account.h | 2 +- src/login/login.c | 5 ++++- src/login/login.h | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/login/account.h b/src/login/account.h index 312bb85c5..c00afaae6 100644 --- a/src/login/account.h +++ b/src/login/account.h @@ -37,7 +37,7 @@ struct mmo_account { int account_id; char userid[NAME_LENGTH]; - char pass[32+1]; // 23+1 for plaintext, 32+1 for md5-ed passwords + char pass[64+1]; // 23+1 for plaintext, 32+1 for md5-ed passwords char sex; // gender (M/F/S) char email[40]; // e-mail (by default: a@a.com) int group_id; // player group id diff --git a/src/login/login.c b/src/login/login.c index 2f40498bf..68b53608f 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -1033,7 +1033,10 @@ static int login_mmo_auth_new(const char *userid, const char *pass, const char s memset(&acc, '\0', sizeof(acc)); acc.account_id = -1; // assigned by account db safestrncpy(acc.userid, userid, sizeof(acc.userid)); - safestrncpy(acc.pass, pass, sizeof(acc.pass)); + char *spass; + spass = (char *)aMalloc((64+1)*sizeof(char)); + md5->sha256(pass, spass); + safestrncpy(acc.pass, spass, sizeof(acc.pass)); acc.sex = sex; safestrncpy(acc.email, "a@a.com", sizeof(acc.email)); acc.expiration_time = (login->config->start_limited_time != -1) ? time(NULL) + login->config->start_limited_time : 0; diff --git a/src/login/login.h b/src/login/login.h index 7f74057c6..2bdf68f50 100644 --- a/src/login/login.h +++ b/src/login/login.h @@ -51,7 +51,7 @@ enum password_enc { #define PASSWORDENC PWENC_BOTH -#define PASSWD_LEN (32+1) // 23+1 for plaintext, 32+1 for md5-ed passwords +#define PASSWD_LEN (64+1) // 23+1 for plaintext, 32+1 for md5-ed passwords struct login_session_data { int account_id; -- cgit v1.2.3-60-g2f50