AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   loading users with md5 passwords (https://forums.alliedmods.net/showthread.php?t=5880)

remain 09-15-2004 16:23

loading users with md5 passwords
 
I have users.ini with all users passwords are md5 encrypted.

I edited the admin.sma and implement the md5 password check. But there is an error that i couldn't fix.
On the getAccess function i changed the code like below:

Code:

if (index != -1) {

// i added
    new hash[34] 
    md5(password, hash)
    log_amx("Login: ^"%s %s %s^"",hash,password,g_aPassword[index])
//

    if (g_aFlags[index] & FLAG_NOPASS){
      result |= 8
      new sflags[32]
      get_flags(g_aAccess[index],sflags,31)
      set_user_flags(id,g_aAccess[index])
      log_amx("Login: ^"%s<%d><%s><>^" became an admin (account ^"%s^") (access ^"%s^") (address ^"%s^")",
        name,get_user_userid(id),authid,g_aName[index] ,sflags,ip)
    }

// i changed
else if (equal(hash,g_aPassword[index])) {
//

    result |= 12
      set_user_flags(id,g_aAccess[index])
      new sflags[32]
      get_flags(g_aAccess[index],sflags,31)
      log_amx("Login: ^"%s<%d><%s><>^" became an admin (account ^"%s^") (access ^"%s^") (address ^"%s^")",
        name,get_user_userid(id),authid,g_aName[index] ,sflags,ip)
    }

When i tried to connect, on the server console the password fron csusers.ini, the password given and the md5 password is written on the console.
The line written on console is:

Code:

L 09/15/2004 - 23:08:26: [admin.amxx] Login: "a029d0df84eb5549c641e04a9ef389e5 mypass a029d0df84eb5549c641e04a9ef389e"
The first field is md5 of the given password, the second one is the password given and the third one is the password from csusers.ini. The problem is that the third one is 1 character short. I tried some fix on the code but i couldn't fix the error.

Where can be the problem?

Thanks

devicenull 09-15-2004 17:50

Change the hash[34] to hash[35]

remain 09-16-2004 02:29

The hash value is correct but the "g_aPassword[index]"'s value is 1 character short.

BillyTheKid 09-16-2004 21:53

what are you putting in your config. The pass or md5!!!!!

remain 09-17-2004 02:03

I put the md5 of the password in the config.
There is nothing wrong but the g_aPassword value is 1 character short from the password written in the config file. The md5 is 32 character in the config file and i think when the q_aPassword is reading from config file the function read it 1 character short.

remain 09-17-2004 02:06

for example the value of g_qPassword is:
a029d0df84eb5549c641e04a9ef389e
but i wrote:
a029d0df84eb5549c641e04a9ef389ef
to the config file

BillyTheKid 09-27-2004 22:30

Ok it's sounds like to me what your doing wrong is checking the md5. Ok in the users.ini you want the md5 password and in the config.ini for the player/admin you want the unhashed password.

md5 the password.
Place the md5 {hashed} password in the users.ini
Then place your password {unhased} in your config file.
Then in admin.amx have it take the {unhashed}password and hash it then compare the new hashed value to the one in users.ini and if they match your all set if not the passwords didn't match.

I'm not sure why you are doing this it gives you no added security it just makes overhead. The password is still sent in clear text. So unless you are worried about physical security there's no point!!!!!!

Let me know how it works out!!!!

remain 09-28-2004 01:50

I must do it because i have a site and forum with 3500+ users. The forum stores users passwords as md5. I all want to do is authenticate users with their forum passwords. Many of cs servers have this problem and most of them uses adminmod, because it has an encryption type in config. But i don't want to use it, i like amx :)

BigBaller 09-28-2004 02:27

Quote:

Originally Posted by remain
I must do it because i have a site and forum with 3500+ users. The forum stores users passwords as md5. I all want to do is authenticate users with their forum passwords. Many of cs servers have this problem and most of them uses adminmod, because it has an encryption type in config. But i don't want to use it, i like amx :)

Dont hold me to this, but I believe someone created a addon module for phpbb where you could edit your admins thru your phpbb based forums.

I believe if you searched these forums (this post was a while back, I believe back in march or may??????)

I hope that helps.

EDIT

WOOT I FOund it :)

http://forums.alliedmods.net/showthread.php?t=2179

remain 09-28-2004 02:47

I am using vbulletin :)


All times are GMT -4. The time now is 17:23.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.