[Help] ZNOTE AAC!

Wartio · Feb 18, 2014

Can anyone here tell me how i make my znote aac "website" stop making sha1 encrypted passwords? I know the security is less with plain but i dont care, and i even think plain is better if some one lost account i can just give them their password, well atm i have sha1 encrypted passwords, but i dont know how to make so i get plain passwords in phpmyadmin..

This is ( database2znoteaac.php ):

Code:

<?php
require '../config.php';
require '../engine/database/connect.php';
require '../engine/function/general.php';
require '../engine/function/users.php';
?>

<h1>Old database to Znote AAC compatibility converter:</h1>
<p>Converting accounts and characters to work with Znote AAC:</p>
<?php
    // some variables
    $updated_acc = 0;
    // $updated_acc += 1;
    $updated_char = 0;
    // $updated_char += 1;
    $updated_pass = 0;
  
    // install functions
    function fetch_all_accounts() {
            return mysql_select_multi("SELECT `id` FROM `accounts`");
    }
  
    function user_count_znote_accounts() {
        $data = mysql_select_single("SELECT COUNT(`account_id`) AS `count` from `znote_accounts`;");
        return ($data !== false) ? $data['count'] : 0;
    }
  
    function user_character_is_compatible($pid) {
        $data = mysql_select_single("SELECT COUNT(`player_id`) AS `count` from `znote_players` WHERE `player_id` = '$pid';");
        return ($data !== false) ? $data['count'] : 0;
    }
  
    function fetch_znote_accounts() {
            return mysql_select_multi("SELECT `account_id` FROM `znote_accounts`");
    }
    // end install functions
  
    // count all accounts, znote accounts, find out which accounts needs to be converted.
    $all_account = fetch_all_accounts();
    $znote_account = fetch_znote_accounts();
    if ($all_account !== false) {
        if ($znote_account != false) { // If existing znote compatible account exists:
            foreach ($all_account as $all) { // Loop through every element in znote_account array
                if (!in_array($all, $znote_account)) {
                    $old_accounts[] = $all;
                }
            }
        } else {
            foreach ($all_account as $all) {
                $old_accounts[] = $all;
            }
        }
    }
    // end ^
  
    // Send count status
    if (isset($all_account) && $all_account !== false) {
        echo '<br>';
        echo 'Total accounts detected: '. count($all_account) .'.';
      
        if (isset($znote_account)) {
            echo '<br>';
            echo 'Znote compatible accounts detected: '. count($znote_account) .'.';
          
            if (isset($old_accounts)) {
                echo '<br>';
                echo 'Old accounts detected: '. count($old_accounts) .'.';
            }
        } else {
            echo '<br>';
            echo 'Znote compatible accounts detected: 0.';
        }
        echo '<br>';
        echo '<br>';
    } else {
        echo '<br>';
        echo 'Total accounts detected: 0.';
    }
    // end count status
  
    // validate accounts
    if (isset($old_accounts) && $old_accounts !== false) {
        $time = time();
        foreach ($old_accounts as $old) {
      
            // Make acc data compatible:
            mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old', '0', '$time')");
            $updated_acc += 1;
          
            // Fetch unsalted password
            if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) {
                $password = user_data($old, 'password', 'salt');
                $p_pass = str_replace($password['salt'],"",$password['password']);
            }
            if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) {
                $password = user_data($old, 'password');
                $p_pass = $password['password'];
            }
          
            // Verify lenght of password is less than 28 characters (most likely a plain password)
            if (strlen($p_pass) < 28 && $old > 1) {
                // encrypt it with sha1
                if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) $p_pass = sha1($p_pass);
                if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) $p_pass = sha1($password['salt'].$p_pass);
              
                // Update their password so they are sha1 encrypted
                mysql_update("UPDATE `accounts` SET `password`='$p_pass' WHERE `id`='$old';");
                $updated_pass += 1;
            }
          
        }
    }
  
    // validate players
    if ($all_account !== false) {
        $time = time();
        foreach ($all_account as $all) {
          
            $chars = user_character_list_player_id($all);
            if ($chars !== false) {
                // since char list is not false, we found a character list
              
                // Lets loop through the character list
                foreach ($chars as $c) {
                    // Is character not compatible yet?
                    if (user_character_is_compatible($c) == 0) {
                        // Then lets make it compatible:
                      
                        mysql_insert("INSERT INTO `znote_players` (`player_id`, `created`, `hide_char`, `comment`) VALUES ('$c', '$time', '0', '')");
                        $updated_char += 1;
                      
                    }
                }
            }
        }
    }
  
    echo "<br><b><font color=\"green\">SUCCESS</font></b><br><br>";
    echo 'Updated accounts: '. $updated_acc .'<br>';
    echo 'Updated characters: : '. $updated_char .'<br>';
    echo 'Detected:'. $updated_pass .' accounts with plain passwords. These passwords has been given sha1 encryption.<br>';
    echo '<br>All accounts and characters are compatible with Znote AAC<br>';
?>

BTW: I have already change the server config.lua to "plain" but the website is complicated so i need help to change website to "Plain".

Znote · Feb 18, 2014

DO NOT USE PLAIN NO MATTER WHAT STUPID REASON.

Generate sha1 passwords here:
http://www.sha1.cz/
You write test, and will get get encrypted password (a94a8fe5ccb19ba61c4c0873d391e987982fbbd3)

You can also set user passwords in admin panel.

You should not under any circumstance be able to read personal passwords. The very thought of it disgusts me. Also if you or someone else who have access to your database decides to leak it you may be responsible for leaking hundreds if not thousands of personal passwords.

Wartio · Feb 18, 2014

Znote said:
DO NOT USE PLAIN NO MATTER WHAT STUPID REASON.

Generate sha1 passwords here:
http://www.sha1.cz/
You write test, and will get get encrypted password (a94a8fe5ccb19ba61c4c0873d391e987982fbbd3)

You can also set user passwords in admin panel.

But i want to use Plain, can you help me???

Znote · Feb 18, 2014

You should not under any circumstance be able to read personal passwords. The very thought of it disgusts me. Also if you or someone else who have access to your database decides to leak it you may be responsible for leaking hundreds if not thousands of personal passwords.

I will create an email recovery system for Znote AAC 1.6, then users can easily reset their passwords automatic. Until then use admin panel.

Wartio · Feb 18, 2014

Znote said:
You should not under any circumstance be able to read personal passwords. The very thought of it disgusts me. Also if you or someone else who have access to your database decides to leak it you may be responsible for leaking hundreds if not thousands of personal passwords.

I will create an email recovery system for Znote AAC 1.6, then users can easily reset their passwords automatic. Until then use admin panel.

Well please create this email recovery fast then.. Cuz if some one lose their password and want to recovery it by asking me then i cant "decrypt" the pass to tell them their password, so please create something so they can get their password etc.. if they lose it

Znote · Feb 18, 2014

Wartio said:
Well please create this email recovery fast then.. Cuz if some one lose their password and want to recovery it by asking me then i cant "decrypt" the pass to tell them their password, so please create something so they can get their password etc.. if they lose it

I'm soon done with 1.5, and email system should be one of the first things I jump on in 1.6. You can look at the progress on github: https://github.com/Znote/ZnoteAAC

If they loose their passwords, you should just give them a new random password, tell them to login and change it to something they can remember more easily.

WibbenZ · Feb 18, 2014

There is no reason to use plain pws, do as znote said and give them a new password. I think Mark will start to nagg on your server aswell, he has banned alot of servers from his ip changer since they use plain passwords, look in his thread last pages if you don't belive me.

Wartio · Feb 18, 2014

WibbenZ said:
There is no reason to use plain pws, do as znote said and give them a new password. I think Mark will start to nagg on your server aswell, he has banned alot of servers from his ip changer since they use plain passwords, look in his thread last pages if you don't belive me.

I belive you, but i wanted to use it because some of the players i have didnt have access to recover their passwords, but since znote said hes working on one recovery system then i thought it would be better, since he always do it perfect

[Help] ZNOTE AAC!

Wartio

Any game ideas?

Znote

<?php echo $title; ?>

Wartio

Any game ideas?

Znote

<?php echo $title; ?>

Wartio

Any game ideas?

Znote

<?php echo $title; ?>

WibbenZ

Global Moderator

Wartio

Any game ideas?

Similar threads