Hey everyone, it's been a long time.
Today I implemented bcrypt in sweater and I decided i'd teach you how to do it without downloading my version of sweater directly, because who knows ? maybe you have your own version and don't want to replace the whole files.
I'll show you how to update everyone's passwords too, so no worries about that. (thanks to @Ben who helped me fix a bug so-to-speak).
Alright, let's begin with what's pretty obvious, the Hashing file (Cryptography.php). What you have to do is, replace everything in there with this:
Yeah I know, it looks like kitsune's now :)
Next, you probably want to set this in Client.php to public:
private $strRandomKey;
Change that to public.
Now, since I don't think any of you have modified the login handler in sweater, or if you did then you're competent enough to see what I modified in the handleLogin and replace the stuff.
If you didn't modify it, replace this whole function with yours in LoginHandler.php:
Replace the handleRndK function too with this:
function handleRndK($arrData, Client $objClient){
$objClient->strRandomKey = "e4a2dbcca10a7246817a83cd" . $objClient->strNickname;
$objClient->sendData('<msg t="sys"><body action="rndK" r="-1"><k>' . $objClient->strRandomKey . '</k></body></msg>');
$objClient->setRandomKey($objClient->strRandomKey);
}
You will also want to change your password column so our new password hash can fit in the column, so just run this SQL command:
ALTER TABLE `users` CHANGE `Password` `Password` VARCHAR(255) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL COMMENT 'Password hash';
Now you probably want to update everyone's md5 password to bcrypt, so you can simply run this PHP script:
For the register, since you are using sweater you are probably using my 'old' register, so use this new one.
Once you've completed all of these, you're done. Hope this helped you. Cya.