yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

SRP6 for user auth (#38)

Browse Source 
* SRP6 for user auth, implementation of 3164b58c7d
This commit is contained in:
Treeston
2020-08-03 15:20:34 +02:00
committed by GitHub
parent 72e950713a
commit fb2ab8f613
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
includes/user.class.php
View File

@@ -283,12 +283,11 @@ class User
if (!DB::isConnectable(DB_AUTH))
return AUTH_INTERNAL_ERR;
$wow = DB::Auth()->selectRow('SELECT a.id, a.sha_pass_hash, ab.active AS hasBan FROM account a LEFT JOIN account_banned ab ON ab.id = a.id AND active <> 0 WHERE username = ? LIMIT 1', $name);
$wow = DB::Auth()->selectRow('SELECT a.id, a.salt, a.verifier, ab.active AS hasBan FROM account a LEFT JOIN account_banned ab ON ab.id = a.id AND active <> 0 WHERE username = ? LIMIT 1', $name);
if (!$wow)
return AUTH_WRONGUSER;
self::$passHash = $wow['sha_pass_hash'];
if (!self::verifySHA1($name, $pass))
if (!self::verifySRP6($name, $pass, $wow['salt'], $wow['verifier']))
return AUTH_WRONGPASS;
if ($wow['hasBan'])
@@ -387,15 +386,17 @@ class User
return $_ === crypt($pass, $_);
}
// sha1 used by TC / MaNGOS
private static function hashSHA1($name, $pass)
private static function verifySRP6($user, $pass, $salt, $verifier)
{
return sha1(strtoupper($name).':'.strtoupper($pass));
}
private static function verifySHA1($name, $pass)
{
return strtoupper(self::$passHash) === strtoupper(self::hashSHA1($name, $pass));
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
$x = gmp_import(
sha1($salt . sha1(strtoupper($user . ':' . $pass), TRUE), TRUE),
1,
GMP_LSW_FIRST
);
$v = gmp_powm($g, $x, $N);
return ($verifier === str_pad(gmp_export($v, 1, GMP_LSW_FIRST), 32, chr(0), STR_PAD_RIGHT));
}
public static function isValidName($name, &$errCode = 0)