public function testPassword(HereAuth $main, $password) { $hash = HereAuth::hash($password, $this->name); if (strlen($this->passwordHash) === strlen($hash)) { return $hash === $this->passwordHash; } $salt = strtolower($this->name); if (isset($this->multiHash["nonhash:salt"])) { $salt = $this->multiHash["nonhash:salt"]; } foreach ($this->multiHash as $type => $value) { if ($type === "nonhash:salt") { continue; } $array = explode(";", $type); $name = $array[0]; $suffix = isset($array[1]) ? $array[1] : ""; $iHash = $main->getImportedHash($name); if ($iHash === null) { continue; } if ($iHash->hash($password, $salt, $suffix) === $value) { $this->multiHash = []; $this->passwordHash = $hash; return true; } } return false; }
public function onSubmit($value) { if ($this->validatePassword($this->user, $value)) { $this->user->getRegistration()->setTempHash(HereAuth::hash($value, $this->user->getPlayer())); return true; } return false; }
public function onSubmit($value) { $hash = HereAuth::hash($value, $this->user->getPlayer()); $tempHash = $this->user->getRegistration()->getTempHash(); $this->user->getRegistration()->setTempHash(""); if ($hash !== $tempHash) { $this->user->getRegistration()->rewind(); return false; } $this->user->getAccountInfo()->passwordHash = $hash; return true; }
public function onSubmit($value) { $hash = HereAuth::hash($value, $this->user->getPlayer()); $tempHash = $this->user->getRegistration()->getTempHash(); $this->user->getRegistration()->setTempHash(""); if ($hash !== $tempHash) { $this->user->getPlayer()->sendMessage($this->user->getMain()->getConfig()->getNested("Messages.Register.PasswordMismatch", "Incorrect password")); $this->user->getRegistration()->rewind(); return false; } $this->user->getAccountInfo()->passwordHash = $hash; return true; }
protected function onRun(array $args, User $user) { if (!isset($args[0])) { return "Usage: " . $this->getUsage(); } $password = $args[0]; $hash = HereAuth::hash($password, $user->getPlayer()); $firstHash = $user->getChangepwHash(); if ($firstHash !== null) { $user->setChangepwHash(null); if ($firstHash === $hash) { $user->getAccountInfo()->passwordHash = $hash; return $this->getMessage("Commands.ChangePassword.Success", "Your password has been changed."); } return $this->getMessage("Commands.ChangePassword.DoubleCheckFailure", "Your password is different this time! Aborted."); } if (!PasswordInputRegistrationStep::validatePassword($user, $password)) { return false; } $user->setChangepwHash($hash); return $this->getMessage("Commands.ChangePassword.RequestRepeat", "Please run this command again to confirm."); }
public function onMessage(PlayerCommandPreprocessEvent $event) { $message = $event->getMessage(); $hash = HereAuth::hash($message, $this->getPlayer()); if ($this->state === self::STATE_PENDING_LOGIN) { if ($hash === $this->accountInfo->passwordHash) { $this->onAuth(); } else { $this->loginAttempts++; $chances = $this->main->getConfig()->getNested("Login.MaxAttempts", 5); $left = $chances - $this->loginAttempts; if ($left <= 0) { $this->getPlayer()->kick("Failed to login in {$chances} attempts", false); } $msg = $this->getMain()->getConfig()->getNested("Messages.Login.WrongPass", "wrong pass"); $msg = str_replace('$CHANCES', $left, $msg); $this->getPlayer()->sendMessage($msg); } $event->setCancelled(); $event->setMessage(""); } elseif ($this->state === self::STATE_PLAYING) { if ($hash === $this->accountInfo->passwordHash and $this->getMain()->getConfig()->getNested("BlockPasswordChat", true)) { $event->setCancelled(); $event->setMessage(""); } } elseif ($this->state === self::STATE_REGISTERING) { $this->registration->handle($message); $event->setCancelled(); $event->setMessage(""); } }
public function hash($password, $salt, $suffix) { return HereAuth::hash($password, $suffix); }
public function onMessage(PlayerCommandPreprocessEvent $event) { $message = $event->getMessage(); $hash = HereAuth::hash($message, $this->getPlayer()); if ($this->state === self::STATE_PENDING_LOGIN) { if ($this->accountInfo->testPassword($this->main, $message) and $this->callLogin(HereAuthLoginEvent::METHOD_PASSWORD)) { $this->main->getAuditLogger()->logLogin(strtolower($this->player->getName()), $this->player->getAddress(), "password"); $this->onAuth(); } else { $this->main->getAuditLogger()->logInvalid(strtolower($this->player->getName()), $this->player->getAddress()); $this->loginAttempts++; $chances = $this->main->getConfig()->getNested("Login.MaxAttempts", 5); $left = $chances - $this->loginAttempts; if ($left <= 0) { $this->getPlayer()->kick("Failed to login in {$chances} attempts", false); $event->setCancelled(); $event->setMessage(""); $blockSecs = $this->main->getConfig()->getNested("Login.MaxAttemptsBlock", 600); if ($blockSecs > 0) { $this->main->getServer()->getNetwork()->blockAddress($this->player->getAddress(), $blockSecs); } return; } $msg = $this->getMain()->getMessages()->getNested("Login.WrongPass", "wrong pass"); $msg = str_replace('$CHANCES', $left, $msg); $this->getPlayer()->sendMessage($msg); } $event->setCancelled(); $event->setMessage(""); } elseif ($this->state === self::STATE_PLAYING) { if ($hash === $this->accountInfo->passwordHash and $this->getMain()->getConfig()->getNested("BlockPasswordChat", true)) { $event->setCancelled(); $event->setMessage(""); $this->getPlayer()->sendMessage($this->getMain()->getMessages()->getNested("Chat.DirectPass", "Don't tell your password")); } } elseif ($this->state === self::STATE_REGISTERING) { $this->registration->handle($message); $event->setCancelled(); $event->setMessage(""); } }
public function hash($password, $salt, $suffix) { return bin2hex(HereAuth::hash($password, $salt)); }
public function handle($value) { /** @noinspection PhpInternalEntityUsedInspection */ if (!$this->current() instanceof PasswordRegistrationStep) { if (HereAuth::hash($value, $this->user->getPlayer()) === $this->user->getAccountInfo()->passwordHash) { $this->user->getPlayer()->sendMessage("[HereAuth] If the message above is asking you to enter your password, it is not a message from HereAuth! Please beware your password being stolen!"); return; } } if ($this->current()->onSubmit($value)) { if ($this->next()) { return; } } $this->user->getPlayer()->sendMessage($this->current()->getMessage()); }
public function handle($value) { /** @noinspection PhpInternalEntityUsedInspection */ if (!$this->current() instanceof PasswordRegistrationStep) { if (HereAuth::hash($value, $this->user->getPlayer()) === $this->user->getAccountInfo()->passwordHash) { if ($this->current()->onSubmit($value)) { if ($this->next()) { return; } } } } $this->user->getPlayer()->sendMessage($this->current()->getMessage()); }