Welcome!

Join our community of MMORPG enthusiasts and private server developers! By registering, you'll gain access to in-depth discussions on source codes, binaries, and the latest developments in MMORPG server files. Collaborate with like-minded individuals, explore tutorials, and share insights on building and optimizing private servers. Join us today and unlock the full potential of MMORPG server development!

Join Today!

One Doubt

Junior Spellweaver
Joined
Nov 27, 2011
Messages
121
Reaction score
2
Hello Ragezone staff, I have doubts that a long time I could not solve ...
Is there a way I do a global password?
Type a password to get in all loguins?
When I need to get in any account I use suspect only the password ...
If you have someone like me can go?
 
I doubt it...

Maybe with some very good server side mysql programming but I still doubt it.

Anyway, it would be insecure, the password on PW accounts are easy to break, the server doesn't reject multiple requests so with the right program that connects directly to the server you can crack a password very fast, thus, a master password would be insecure
 
It'd be better to just change password of accounts as needed then having a master password. For example, you can write a pwadmin plugin that saves old password and updates account with gm password so that they can login. That would be seething incredibly easy to do, but I dont really see the point as everything you need to know about a players account is available in pwadmin anyway.
 
This way it is impossible. Cos you need to reverse and recompile with new blocks authd, uniquenamed.

But you can easily force registration script to write pass into some field in database. Like Namaless said, it is unsecure, cos if some1 get your databases, they will get all pass.
 
you can change the password of any account you have, enter it, and then change password back
- place this "md5.php" file on your web server (it only generates encrypted password)
PHP:
<form action="" method="POST">Login:
    <input class="input_box" type="text" name="login">Password:
    <input class="input_box" type="password" name="pass"/>            
	<input class="input_submit" type="submit" value="Get it!" />
	<p>
<?php 
$sum=$_REQUEST['login'].$_REQUEST['pass'];
$md=md5($sum);
$cc="0x";
$md52=$cc.$md;
$login = $_REQUEST['login'];
$pass = $_REQUEST['pass'];
$Salt = base64_encode(md5($login.$pass, true));
echo "MSSQL:<br>exec adduser $login,$md52,'0','0','0','0','0','0','0','0','0','0','0','1','','1',$md52<br>";
echo "MYSQL:<br>call adduser('$login', '$Salt', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '', '', '$Salt')";
?></form>
- login your phpmyadmin
- open modify page of account you need to enter
kombinho - One Doubt - RaGEZONE Forums

(my regisration script writes encrypted password twise, in "passwd" and "passwd2" fields)
kombinho - One Doubt - RaGEZONE Forums

- open md5.php enter login you need and new password you need into web form and push 'Get it!'
- you will see mysql and mssql querrys for registering new account
kombinho - One Doubt - RaGEZONE Forums

- cjT6rg+XZaNYt5DVogfVJQ==is the encrypted password for login:Login and password:Password you will get other value for your account
- copy that value in your phpmyadmin in passwd line of your account and save it
now you can login in game with your new password
ps when you finish what you had to do just copy back encrypted password from passwd2 to passwd
 
Last edited:
you can change the password of any account you have, enter it, and then change password back
- place this "md5.php" file on your web server (it only generates encrypted password)
PHP:
<form action="" method="POST">Login:
    <input class="input_box" type="text" name="login">Password:
    <input class="input_box" type="password" name="pass"/>            
	<input class="input_submit" type="submit" value="Get it!" />
	<p>
<?php 
$sum=$_REQUEST['login'].$_REQUEST['pass'];
$md=md5($sum);
$cc="0x";
$md52=$cc.$md;
$login = $_REQUEST['login'];
$pass = $_REQUEST['pass'];
$Salt = base64_encode(md5($login.$pass, true));
echo "MSSQL:<br>exec adduser $login,$md52,'0','0','0','0','0','0','0','0','0','0','0','1','','1',$md52<br>";
echo "MYSQL:<br>call adduser('$login', '$Salt', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '', '', '$Salt')";
?></form>
- login your phpmyadmin
- open modify page of account you need to enter
kombinho - One Doubt - RaGEZONE Forums

(my regisration script writes encrypted password twise, in "passwd" and "passwd2" fields)
kombinho - One Doubt - RaGEZONE Forums

- open md5.php enter login you need and new password you need into web form and push 'Get it!'
- you will see mysql and mssql querrys for registering new account
kombinho - One Doubt - RaGEZONE Forums

- cjT6rg+XZaNYt5DVogfVJQ==is the encrypted password for login:Login and password:Password you will get other value for your account
- copy that value in your phpmyadmin in passwd line of your account and save it
now you can login in game with your new password
ps when you finish what you had to do just copy back encrypted password from passwd2 to passwd


Yeah.... probably that's why they created passwd2. They may have other methods to use it, but yours is great. xD
 
As much as the fellow above has tried to make it clear I could not understand.

Basically you're forcing a password change (in the password field), then when you're done accessing the account in question you change it back to the users 'normal' password (because that will be still stored in the password2 field) :wink:
 
This way it is impossible. Cos you need to reverse and recompile with new blocks authd, uniquenamed.

But you can easily force registration script to write pass into some field in database. Like Namaless said, it is unsecure, cos if some1 get your databases, they will get all pass.

You're forgetting that we do actually have the full source code for authd in a compilable environment, it's only java afterall.
With a little bit of java magic we could easily implement a system to stop multiple logins or have a master password defined in the java class itself, instead of the database.

Code:
hex(select `passwd` from `users` where `uid` = 1234);
Using Hex() has a 5% chance of failing.

You wanna use the stored function acquireuserpasswd:
Code:
CALL acquireuserpasswd('username',@uid,@password)
SELECT @password
Would give you the password for an account called "username" and print the user ID to a variable called @uid and the encrypted password string to a variable called @password.

I used this to extract 80,000 accounts and passwords so i could later import them into our forum database and every single one of them worked.
 
You're forgetting that we do actually have the full source code for authd in a compilable environment, it's only java afterall.
With a little bit of java magic we could easily implement a system to stop multiple logins or have a master password defined in the java class itself, instead of the database.


Using Hex() has a 5% chance of failing.

You wanna use the stored function acquireuserpasswd:
Code:
CALL acquireuserpasswd('username',@uid,@password)
SELECT @password
Would give you the password for an account called "username" and print the user ID to a variable called @uid and the encrypted password string to a variable called @password.

I used this to extract 80,000 accounts and passwords so i could later import them into our forum database and every single one of them worked.

eh w/e, I was only posting that as a way to see what the data really is and not in ASCII (hex() is a mysql function)
 
Back