Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Custom Auth Plugin

Comments in 'Plugin Development' started by TeamCraft, Jan 14, 2015.

  1. TeamCraft
    Offline

    TeamCraft New Member

    Joined:
    May 17, 2014
    Posts:
    36
    Hello developers!

    I have an idea.
    I know how to code with PHP, but I dont know how to make a pm plugin :/

    I need someone to help me, just really simple.
    A plugin which authenticate players from the MySQL database.

    With something like this
    Code:
    #SELECT * FROM simpleauth_players WHERE username = $mcpeplayer#
    if password is the correct one from the database = logged in
    
    The passwords needs to be unhashed in the database, I have a website http://socily.net, and I will make a system to use your Socily account to login to my MCPE server. I just need a phar to make this working.

    Just the same database connection as simpleauth use, I will make a script that transfers the Socily account to the simpleauth database.
  2. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    You don't need to unhash the password. Just hash the password and check if both hashes are identical.

    Note that SimpleAuth has an API for you to use if your software and SimpleAuth are run at the same runtime.
    iksaku likes this.
  3. iksaku
    Offline

    iksaku Notable Member Plugin Developer

    Joined:
    Sep 2, 2013
    Posts:
    1,132
    Plugins:
    4
    Minecraft User:
    iksaku
    Also, SimpleAuth has built-in MySQL support ;)
  4. TeamCraft
    Offline

    TeamCraft New Member

    Joined:
    May 17, 2014
    Posts:
    36
    I cant cause simpleauth is using hashed passwords with salt.
    And im not dumb... I use simpleauth already...
  5. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,201
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    why wouldnt you hash passwords? if u dont, i dont feel secured in using your service. most of the users too, not just me.
    iksaku likes this.
  6. iksaku
    Offline

    iksaku Notable Member Plugin Developer

    Joined:
    Sep 2, 2013
    Posts:
    1,132
    Plugins:
    4
    Minecraft User:
    iksaku
    Why then you don't hash them when entered to the website and compare the 2 hashes? it's that simple!
  7. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Also, exactly because you can't unhash them (without brute force), SimpleAuth uses hash. It is to protect players' passwords.
    iJoshuaHD likes this.
  8. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,201
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    and gives player a privacy too. good thing i use dummy passwords on servers i dont really trust.
    iksaku likes this.
  9. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    I searched the hash of "123456" on the LegionPE database and found 8 players' hash same to the 123456 hash ;)
  10. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,201
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    well pity on them
  11. TeamCraft
    Offline

    TeamCraft New Member

    Joined:
    May 17, 2014
    Posts:
    36
    I need a custom auth plugin which hashes the password in MD5 format.
    But I guess no one will make one for me :/
  12. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,201
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    just replace simpleauth hash algorithm with this then:
    from:
    private function hash($salt, $password){
    return bin2hex(hash("sha512", $password . $salt, true) ^ hash("whirlpool", $salt . $password, true));
    }
    to:
    private function hash($salt, $password){
    return md5($password);
    }

    no sweat.
    RekkuzaRage likes this.
  13. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    @TeamCraft Why can't you use this?

    PHP:
    $mysqli blah;
    $ret $mysqli->query("SELECT * FROM simpleauth_players WHERE hash = '" simpleauth_hash($_POST["password"], $_POST["username"]) . "' AND name = '{$_POST["username"]}'");
    // check $ret
    Last edited: Jan 18, 2015
  14. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Please stop discussion on how to unhash passwords or return passwords to their raw form, or this will be detrimental to the community's trust to server owners in using secure passwords.
    KyleTheHack3r and iJoshuaHD like this.
  15. TeamCraft
    Offline

    TeamCraft New Member

    Joined:
    May 17, 2014
    Posts:
    36
    :/ you didnt read my post...
    I said I want to use a MD5 hash. As "Plugin developer" you should know what it is.
  16. TeamCraft
    Offline

    TeamCraft New Member

    Joined:
    May 17, 2014
    Posts:
    36
    To be honest, I dont have any experience in making pocketmine plugins.
    Would you mind to pack it into a .phar for me?
  17. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Pack your PHP files and plugin.yml into a ZIP and submit it at http://pemapmodder.zapto.org/pm :)

Share This Page

Advertisement