One Doubt
Hello Ragezone staff, I have doubts that a long time I could not solve ...
Is there a way I do a global password?
Type a password to get in all loguins?
When I need to get in any account I use suspect only the password ...
If you have someone like me can go?
I doubt it...
Maybe with some very good server side mysql programming but I still doubt it.
Anyway, it would be insecure, the password on PW accounts are easy to break, the server doesn't reject multiple requests so with the right program that connects directly to the server you can crack a password very fast, thus, a master password would be insecure
It'd be better to just change password of accounts as needed then having a master password. For example, you can write a pwadmin plugin that saves old password and updates account with gm password so that they can login. That would be seething incredibly easy to do, but I dont really see the point as everything you need to know about a players account is available in pwadmin anyway.
Posted via Mobile Device
This way it is impossible. Cos you need to reverse and recompile with new blocks authd, uniquenamed.
But you can easily force registration script to write pass into some field in database. Like Namaless said, it is unsecure, cos if some1 get your databases, they will get all pass.
Then someone can at least teach me to do a log with records?
Example date it was created, login and password?
you can change the password of any account you have, enter it, and then change password back
- place this "md5.php" file on your web server (it only generates encrypted password)
- login your phpmyadminPHP Code:<form action="" method="POST">Login:
<input class="input_box" type="text" name="login">Password:
<input class="input_box" type="password" name="pass"/>
<input class="input_submit" type="submit" value="Get it!" />
<p>
<?php
$sum=$_REQUEST['login'].$_REQUEST['pass'];
$md=md5($sum);
$cc="0x";
$md52=$cc.$md;
$login = $_REQUEST['login'];
$pass = $_REQUEST['pass'];
$Salt = base64_encode(md5($login.$pass, true));
echo "MSSQL:<br>exec adduser $login,$md52,'0','0','0','0','0','0','0','0','0','0','0','1','','1',$md52<br>";
echo "MYSQL:<br>call adduser('$login', '$Salt', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '', '', '$Salt')";
?></form>
- open modify page of account you need to enter
(my regisration script writes encrypted password twise, in "passwd" and "passwd2" fields)
- open md5.php enter login you need and new password you need into web form and push 'Get it!'
- you will see mysql and mssql querrys for registering new account
- cjT6rg+XZaNYt5DVogfVJQ==is the encrypted password for login:Login and password:Password you will get other value for your account
- copy that value in your phpmyadmin in passwd line of your account and save it
now you can login in game with your new password
ps when you finish what you had to do just copy back encrypted password from passwd2 to passwd
Last edited by RolleR987; 26-12-11 at 05:07 PM.
Spoiler:
Yeah.... probably that's why they created passwd2. They may have other methods to use it, but yours is great. xD
As much as the fellow above has tried to make it clear I could not understand.
Basically you're forcing a password change (in the password field), then when you're done accessing the account in question you change it back to the users 'normal' password (because that will be still stored in the password2 field)Originally Posted by kombinho
In fact I know it is but it looks the way it is "A8A ± ¿| DàËdz" U3 "there is no way to figure this o.0
It's just binary data if it were read as ASCII/UTF-8...
I do not know any method to be able to see what these codes mean: /
Code:hex(select `passwd` from `users` where `uid` = 1234);
You're forgetting that we do actually have the full source code for authd in a compilable environment, it's only java afterall.
With a little bit of java magic we could easily implement a system to stop multiple logins or have a master password defined in the java class itself, instead of the database.
Using Hex() has a 5% chance of failing.
You wanna use the stored function acquireuserpasswd:
Would give you the password for an account called "username" and print the user ID to a variable called @uid and the encrypted password string to a variable called @password.Code:CALL acquireuserpasswd('username',@uid,@password) SELECT @password
I used this to extract 80,000 accounts and passwords so i could later import them into our forum database and every single one of them worked.
eh w/e, I was only posting that as a way to see what the data really is and not in ASCII (hex() is a mysql function)
Reply With Quote
