Hello developers! I have an idea. I know how to code with PHP, but I dont know how to make a pm plugin :/ I need someone to help me, just really simple. A plugin which authenticate players from the MySQL database. With something like this Code: #SELECT * FROM simpleauth_players WHERE username = $mcpeplayer# if password is the correct one from the database = logged in The passwords needs to be unhashed in the database, I have a website http://socily.net, and I will make a system to use your Socily account to login to my MCPE server. I just need a phar to make this working. Just the same database connection as simpleauth use, I will make a script that transfers the Socily account to the simpleauth database.
You don't need to unhash the password. Just hash the password and check if both hashes are identical. Note that SimpleAuth has an API for you to use if your software and SimpleAuth are run at the same runtime.
I cant cause simpleauth is using hashed passwords with salt. And im not dumb... I use simpleauth already...
why wouldnt you hash passwords? if u dont, i dont feel secured in using your service. most of the users too, not just me.
Also, exactly because you can't unhash them (without brute force), SimpleAuth uses hash. It is to protect players' passwords.
I searched the hash of "123456" on the LegionPE database and found 8 players' hash same to the 123456 hash
I need a custom auth plugin which hashes the password in MD5 format. But I guess no one will make one for me :/
just replace simpleauth hash algorithm with this then: from: private function hash($salt, $password){ return bin2hex(hash("sha512", $password . $salt, true) ^ hash("whirlpool", $salt . $password, true)); } to: private function hash($salt, $password){ return md5($password); } no sweat.
@TeamCraft Why can't you use this? PHP: $mysqli = blah;$ret = $mysqli->query("SELECT * FROM simpleauth_players WHERE hash = '" . simpleauth_hash($_POST["password"], $_POST["username"]) . "' AND name = '{$_POST["username"]}'");// check $ret
Please stop discussion on how to unhash passwords or return passwords to their raw form, or this will be detrimental to the community's trust to server owners in using secure passwords.
:/ you didnt read my post... I said I want to use a MD5 hash. As "Plugin developer" you should know what it is.
To be honest, I dont have any experience in making pocketmine plugins. Would you mind to pack it into a .phar for me?