Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

MasterCMS | The RetroServers Revolution | Themes System | Multi Emulator | Multi Lan

The Best DDoS Protected Servers
Emily

Emily

Custom Title Activated
Loyal Member
1000 Posts Got A Reaction 10 Happy Years
Joined
Oct 26, 2012
Messages
2,357
Reaction score
1,086
LxBlack said:
I will change to MD5, Thanks!
Click to expand...

You should as others suggested as well use password_hash. It will become like:

PHP: 
$password = password_hash('password');

Where as 'password' is the password you want to hash.

You can verify using password_verify:

PHP: 
if (password_verify('inputpassword', $hash))

Where as 'inputpassword' is the input password you want to check the user inserts (non-hashed) and $hash is the hashed password from the database.
 
ovflowd

ovflowd

git bisect -m
Loyal Member
1000 Posts 10 Happy Years
Joined
Sep 2, 2011
Messages
2,171
Reaction score
916
Glaceon said:
You should as others suggested as well use password_hash. It will become like:

PHP: 
$password = password_hash('password');

Where as 'password' is the password you want to hash.

You can verify using password_verify:

PHP: 
if (password_verify('inputpassword', $hash))

Where as 'inputpassword' is the input password you want to check the user inserts (non-hashed) and $hash is the hashed password from the database.
Click to expand...

Regarding, that by default password_hash() will use RANDOM Salts. Because that, recommend to use "PASSWORD_BCRYPT" flag.

becoming something like

PHP: 
$hash = password_hash('password', PASSWORD_BCRYPT);

You also can provide a custom salt, becoming something like

PHP: 
$hash = password_hash('password', PASSWORD_BCRYPT, 'my-hash');

For the signature verification just:

PHP: 
$hash = RECOVER_HASH_FROM_DATABASE();

if(password_verify('password', $hash)) {
//SEEMS LEGIT
}
 
Emily

Emily

Custom Title Activated
Loyal Member
1000 Posts Got A Reaction 10 Happy Years
Joined
Oct 26, 2012
Messages
2,357
Reaction score
1,086
saamus said:
Regarding, that by default password_hash() will use RANDOM Salts. Because that, recommend to use "PASSWORD_BCRYPT" flag.

***
Click to expand...

Warning
The salt option has been deprecated as of PHP 7.0.0. It is now preferred to simply use the salt that is generated by default.
Click to expand...

So, shouldn't use custom salts.
 
Taiga

Taiga

◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜
Developer
Joined
May 29, 2007
Messages
2,167
Reaction score
899
Not going to bash on this but there is nothing advanced on this project. I think this is more of an learning experience for you guys and you should drop the 'advanced framework' and just call it a website for retro servers.

It's good to see you guys working on this project and I really encourage you guys to keep working on it but don't say it's something that it isn't it just makes it look bad.

MD5 on it's own was never secure in the first place, it's just another hashing algorythm.
You should always seed your passwords when you hash them so it will not be obvious inside the database if users share the same password.

Anyways as many suggested, use the password_hash function which is build-in into PHP since 5.5. It has hashing and seeding built-in.
You must be registered to see links


Here is a friendly warning as a developer:
YOU SHOULD NEVER ENCRYPT PASSWORDS; HASH THEM INSTEAD.
HASHING IS A ONE WAY OPERATION AND CANNOT BE REVERSED.
DO NOT USE OLD TUTORIALS FOR PASSWORD HASHING; LOOK UP RECENT ONES.
Click to expand...



saamus said:
The salt option is the third argument from the function, the second one "PASSWORD_BCRYPT" still recommended.
Click to expand...

No need to manually supply a salt since it's done on the fly in PHP. I suggest a minimum cost of 10.
Code: 
password_hash("test", PASSWORD_BCRYPT, ["cost" => 10]);
 
Livar

Livar

swagggggg
Loyal Member
1000 Posts 10 Happy Years
Joined
Oct 28, 2008
Messages
1,557
Reaction score
368
lol this section turned to Ducking poop. look at you all acting like you're 10x better than him and are naturally born web developers, stfu

i don't quite get why u all overcomplicate cms' now adays, it's not that deep bro. just use ubercms or idk make one from scratch, use joopies mysqli class, use raintpl and bobs your uncle fannys your aunt.
 
JerryCool

JerryCool

Junior Spellweaver
Joined
Jul 7, 2013
Messages
147
Reaction score
37
Livar said:
lol this section turned to Ducking poop. look at you all acting like you're 10x better than him and are naturally born web developers, stfu

i don't quite get why u all overcomplicate cms' now adays, it's not that deep bro. just use ubercms or idk make one from scratch, use joopies mysqli class, use raintpl and bobs your uncle fannys your aunt.
Click to expand...
Sorry, but the fact that he used str_replace to "prevent" SQL injections.
You must be registered to see links
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
203
Guests online
7,272
Total visitors
7,475
Totals may include hidden visitors.

Forum statistics

Threads
429,075
Messages
4,590,166
Members
280,573
Latest member
14yue
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top