Raised This Month: $ Target: $400
 0% 

loading users with md5 passwords


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
remain
Member
Join Date: Aug 2004
Old 09-15-2004 , 16:23   loading users with md5 passwords
Reply With Quote #1

I have users.ini with all users passwords are md5 encrypted.

I edited the admin.sma and implement the md5 password check. But there is an error that i couldn't fix.
On the getAccess function i changed the code like below:

Code:
 if (index != -1) {

// i added
    new hash[34]   
    md5(password, hash)
    log_amx("Login: ^"%s %s %s^"",hash,password,g_aPassword[index])
//

    if (g_aFlags[index] & FLAG_NOPASS){
      result |= 8
      new sflags[32]
      get_flags(g_aAccess[index],sflags,31)
      set_user_flags(id,g_aAccess[index])
      log_amx("Login: ^"%s<%d><%s><>^" became an admin (account ^"%s^") (access ^"%s^") (address ^"%s^")",
        name,get_user_userid(id),authid,g_aName[index] ,sflags,ip)
    }

// i changed
else if (equal(hash,g_aPassword[index])) {
//

    result |= 12 
      set_user_flags(id,g_aAccess[index])
      new sflags[32]
      get_flags(g_aAccess[index],sflags,31)
      log_amx("Login: ^"%s<%d><%s><>^" became an admin (account ^"%s^") (access ^"%s^") (address ^"%s^")",
        name,get_user_userid(id),authid,g_aName[index] ,sflags,ip)
    }
When i tried to connect, on the server console the password fron csusers.ini, the password given and the md5 password is written on the console.
The line written on console is:

Code:
L 09/15/2004 - 23:08:26: [admin.amxx] Login: "a029d0df84eb5549c641e04a9ef389e5 mypass a029d0df84eb5549c641e04a9ef389e"
The first field is md5 of the given password, the second one is the password given and the third one is the password from csusers.ini. The problem is that the third one is 1 character short. I tried some fix on the code but i couldn't fix the error.

Where can be the problem?

Thanks
remain is offline
devicenull
Veteran Member
Join Date: Mar 2004
Location: CT
Old 09-15-2004 , 17:50  
Reply With Quote #2

Change the hash[34] to hash[35]
__________________
Various bits of semi-useful code in a bunch of languages: http://code.devicenull.org/
devicenull is offline
remain
Member
Join Date: Aug 2004
Old 09-16-2004 , 02:29  
Reply With Quote #3

The hash value is correct but the "g_aPassword[index]"'s value is 1 character short.
remain is offline
BillyTheKid
Senior Member
Join Date: Jun 2004
Old 09-16-2004 , 21:53  
Reply With Quote #4

what are you putting in your config. The pass or md5!!!!!
__________________
Select * from * where *=*;
BillyTheKid is offline
Send a message via AIM to BillyTheKid
remain
Member
Join Date: Aug 2004
Old 09-17-2004 , 02:03  
Reply With Quote #5

I put the md5 of the password in the config.
There is nothing wrong but the g_aPassword value is 1 character short from the password written in the config file. The md5 is 32 character in the config file and i think when the q_aPassword is reading from config file the function read it 1 character short.
remain is offline
remain
Member
Join Date: Aug 2004
Old 09-17-2004 , 02:06  
Reply With Quote #6

for example the value of g_qPassword is:
a029d0df84eb5549c641e04a9ef389e
but i wrote:
a029d0df84eb5549c641e04a9ef389ef
to the config file
remain is offline
BillyTheKid
Senior Member
Join Date: Jun 2004
Old 09-27-2004 , 22:30  
Reply With Quote #7

Ok it's sounds like to me what your doing wrong is checking the md5. Ok in the users.ini you want the md5 password and in the config.ini for the player/admin you want the unhashed password.

md5 the password.
Place the md5 {hashed} password in the users.ini
Then place your password {unhased} in your config file.
Then in admin.amx have it take the {unhashed}password and hash it then compare the new hashed value to the one in users.ini and if they match your all set if not the passwords didn't match.

I'm not sure why you are doing this it gives you no added security it just makes overhead. The password is still sent in clear text. So unless you are worried about physical security there's no point!!!!!!

Let me know how it works out!!!!
__________________
Select * from * where *=*;
BillyTheKid is offline
Send a message via AIM to BillyTheKid
remain
Member
Join Date: Aug 2004
Old 09-28-2004 , 01:50  
Reply With Quote #8

I must do it because i have a site and forum with 3500+ users. The forum stores users passwords as md5. I all want to do is authenticate users with their forum passwords. Many of cs servers have this problem and most of them uses adminmod, because it has an encryption type in config. But i don't want to use it, i like amx :)
remain is offline
BigBaller
Veteran Member
Join Date: Mar 2004
Location: Everett, WA
Old 09-28-2004 , 02:27  
Reply With Quote #9

Quote:
Originally Posted by remain
I must do it because i have a site and forum with 3500+ users. The forum stores users passwords as md5. I all want to do is authenticate users with their forum passwords. Many of cs servers have this problem and most of them uses adminmod, because it has an encryption type in config. But i don't want to use it, i like amx
Dont hold me to this, but I believe someone created a addon module for phpbb where you could edit your admins thru your phpbb based forums.

I believe if you searched these forums (this post was a while back, I believe back in march or may??????)

I hope that helps.

EDIT

WOOT I FOund it

http://forums.alliedmods.net/showthread.php?t=2179
__________________

BigBaller is offline
remain
Member
Join Date: Aug 2004
Old 09-28-2004 , 02:47  
Reply With Quote #10

I am using vbulletin :)
remain is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 17:23.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode