[PHP] World of Warcraft: WoTLK Password encryption

Anomaly

Junior
31 December 2016
19
0
23
Denmark

Reputation:

This is how i would code the registration or login from a websites system.
This is a really good encryption, and i personally use it for every project i do. Though, i recommend you to add some characters in if you want to use it for another project than World of Warcraft.


Code:
if($_POST['password'] == $_POST['password2']) { 
$exp="2";
$adminlevel="0";
$email=$_POST['email'];
$password=strtoupper($_POST['password']);
$username=strtoupper($_POST['username']);
$email=strtoupper($_POST['email']);
$username=$conn->real_escape_string($username);
$password=$conn->real_escape_string($password);
$email=$conn->real_escape_string($email);
$password2=sha1($username . ":" . $password);

 ?$stmt = $conn->prepare("INSERT INTO account (username, sha_pass_hash, email, web_admin, expansion) VALUES (?, ?, ?, ?, ?)"); 
 ?$stmt->bind_param("ssssi", $username, $password2, $email, $adminlevel, $exp); 
 ?if($stmt->execute()) {
	header("Location: ../");
 ?}else{ 
 ? ?echo "Failed to create account<br>" . $stmt->error; 
 } 
}

Line: 11
Encryption starts there, it allows people to use the same password to login to WoW.

Code:
$password2=sha1($username . ":" . $password);

Back in the day i always used MD5 to encrypt passwords. I figured it's really insecure unless you're like MyBB and "salt" the encryption.

(And yes, you guessed right! This is from my CMS.) :)
 

bitm0de

Junior
24 May 2016
10
0

Reputation:

Hashing algorithms are not encryption in the same way Base64 is an encoding, not an encryption algorithm, but since you're not formatting the text for user-display, instead of "username:pass" being SHA-1 hashed, why not something like -> "$@!xusername!>password" being hashed? Not that people are likely to guess that you're hashing username and pass with a colon between, but something like I've suggested is still a bit more random and less likely to predict.
 

Anomaly

Junior
31 December 2016
19
0
23
Denmark

Reputation:

bitm0de said:
Hashing algorithms are not encryption in the same way Base64 is an encoding, not an encryption algorithm, but since you're not formatting the text for user-display, instead of "username:pass" being SHA-1 hashed, why not something like -> "$@!xusername!>password" being hashed? Not that people are likely to guess that you're hashing username and pass with a colon between, but something like I've suggested is still a bit more random and less likely to predict.
ok
 

About Us

Forum Authority is a general discussion forum. We currently have a variety of categories to choose from, where you can participate in discussions. We also have many features such as a powerful credits & awards system, custom upgrades, plugins + more! Here you have the opportunity to meet new people, learn something new, find unique resources & tutorials, win contests & prizes, receive freebies and be given advice or help.

Top