search

IkeC / evo-league

evo-league website, ladder system and PES6 online server
http://www.facebook.com/evoleague
MIT License
15 stars 11 forks source link

Generating password hash for Sixserver login #4

Closed themasterz closed 9 years ago

themasterz commented 9 years ago

Hello, I had succesfully install evo-league, however i can't connect in PES6 game. In sixserver log i have this line:

UnknowUserError: Unknow user: 2b062612121552d52313be6....

I had seen in weblm_players and there is nothing in hash6's column.

Thank for your help

IkeC commented 9 years ago

Check what happens in join.php:

$hash6 = mysql_real_escape_string($_POST["hash6"]);
if (!empty($serial6)) {
  $result = array();
  $res6 = exec("/opt/sixserver/sixserver-env/bin/python2.6 /opt/sixserver/lib/fiveserver/gethash.py ".$hash6, $result);
  $hash6 = $result[0];
}
themasterz commented 9 years ago

I replace python2.6 by python2.7 but nothing on hash6. If i insert value for hash6 directly in dbb that works but if i update password with evo website hash6 value is blank again It's same thing with editprofile.php

IkeC commented 9 years ago

You may encounter problems using Python 2.7. It did not work properly when I tried.

Did you run

/opt/sixserver/sixserver-env/bin/python2.6 /opt/sixserver/lib/fiveserver/gethash.py <posted $hash6 value>

on the command line as I suggested? What is the output?

themasterz commented 9 years ago

Your command line say syntax error in python console. So i try this line: execfile(/home/masterz/evo-league-master/Sixserver/lib/fiveserver/gethash.py then this error appear: Line 5 from Crypto.Cipher import Blowfish ImportError: No module named Crypto.Cipher.

So i reinstal pycrypto, but now when i type in python console: execfile("/home/masterz/evo-league-master/Sixserver/lib/fiveserver/gethash.py") i had this line: File "", line 1, in File "/home/masterz/evo-league-master/Sixserver/lib/fiveserver/gethash.py", Line 7 in hash = hash[0]

????

Thank you for your help

IkeC commented 9 years ago

gethash.py expects a hash as an input parameter, and outputs an encoded hash.

I wrote this:

/opt/sixserver/sixserver-env/bin/python2.6 /opt/sixserver/lib/fiveserver/gethash.py <posted $hash6 value>

Of course, you need to replace < posted $hash6 value > with the posted $hash6 value from the PHP code that you should have logged earlier in your PHP file.

$hash6 = mysql_real_escape_string($_POST["hash6"]);

So the actual call may look something like this:

/opt/sixserver/sixserver-env/bin/python2.6 /opt/sixserver/lib/fiveserver/gethash.py a4G6Hs2edfewuj2

It also doesn't make sense to use execfile from a Python console - how do you want to call that from your PHP code later? You should use the python executable from the virtualenv environment you created in the setup process (in my case, /opt/sixserver/sixserver-env/bin/python2.6).

themasterz commented 9 years ago

Hello, sorry for my low skill... I had try your command line and output is working, but hash6 column in database stay empty. So I think there is mistake before gethash From where comes hash6 value before gethash? I don't find how it comes

IkeC commented 9 years ago

When you click the submit button on the join or editProfile page, the javascript-function validateProfile() is called.

<form method="post" action="join.php?submit=1" onsubmit="return validateProfile();" enctype="multipart/form-data">

This function is defined in /js/md5.js.


function validateProfile() {
    retval = true;
    if (document.getElementById('serial5').value.length > 0) {
        retval = makeHash('5');
    }
    if ((retval == true) && (document.getElementById('serial6').value.length > 0)) {
        retval = makeHash('6');
    }
    return retval;
}

So validateProfile() calls makeHash() if you entered a serial number.


function makeHash(version) {
    a = document.getElementById('serial' + version).value;
    a = a.replace(/^\s+/,'').replace(/\s+$/,'').replace(/-/g,'').toUpperCase();
    if (!a.match(/^[A-Z0-9]{20}$/)) {
        alert('The serial number for PES ' + version + ' appears to be invalid. Please enter a good one.');
        return false;
    }
    document.getElementById('serial' + version).value = a;
    while(a.length<36) { a += '\0'; }
    u = document.getElementById('name').value;
    u = u.replace(/^\s+/,'').replace(/\s+$/,'');
    if (u.length<3 || !u.match(/^[0-9a-zA-Z]+$/)) {
        alert('Invalid username. Must be 3+ characters long and contain only letters and digits.');
        return false;
    }
    p = document.getElementById('password').value;
    if (p.length<3) {
        alert('The password too short. It must be 3+ characters long.');
        return false;
    }
    document.getElementById('hash' + version).value = hex_md5(a+u+'-'+p);
    return true;
}

In this line

document.getElementById('hash' + version).value = hex_md5(a+u+'-'+p);

the value of _hexmd5(a+u+'-'+p) is written to the field named "hash6". This is the field that the PHP code reads after submitting (= POSTing the form).

$hash6 = mysql_real_escape_string($_POST["hash6"]);

So, if your $hash6 field doesn't contain a value after that line (I asked you to log it in my second comment), something's wrong with the javascript. Use alert-statements to debug it, for example like this:

    document.getElementById('hash' + version).value = hex_md5(a+u+'-'+p);
    alert('hash' + version + ' value is [' + document.getElementById('hash' + version).value + ']');
    return true;

You should get an informative javascript alert box after submitting the form.

themasterz commented 9 years ago

Hello, I had add your line in md5.js, and when i try submit i see the hash in alert box. So js file works, but hash6 value in database still blank.

When i do this: /home/fsenv/bin/python2.7 /home/masterz/evo-league-master/Sixserver/lib/fiveserver/gethash.py 123a456c789d1011 result is: 31f9f6499b157d66 So i think that works.

When i add manually hash6 in database and submit again, value disappear.

I will check join.php & editprofile.php

Many thanks

IkeC commented 9 years ago

You really need to debug the PHP file. The simplest logging method would be

$hash6 = mysql_real_escape_string($_POST["hash6"]);
echo "<p>hash6 after post=".$hash6;
if (!empty($serial6)) {
  $result = array();
  $res6 = exec("/opt/sixserver/sixserver-env/bin/python2.6 /opt/sixserver/lib/fiveserver/gethash.py ".$hash6, $result);
  $hash6 = $result[0];
  echo "<p>hash6 after gethash=".$hash6;
}
die();

Note the echo statements. After submitting the form, check the page source in your browser to see the output.

The exec statement might fail due to insufficient permissions, so you might try setting chmod 777 on /opt/sixserver/sixserver-env/bin/python2.6 and /opt/sixserver/lib/fiveserver/gethash.py for debugging purposes.

themasterz commented 9 years ago

I had this results with your last comment.

hash6 after post=cc38de7c206f533c6f607b010b9b1619

hash6 after gethash=

Still blank

IkeC commented 9 years ago

Well then exec doesn't work.

Did you chmod the files? What's your PHP version? What does the $res6 variable contain after the exec command was executed?

themasterz commented 9 years ago

I had chmod files PHP Version 5.6.7-1 i add $res6 in your line echo "

hash6 after gethash=".$hash6." res6=".$res6; but res6= blank like hash6 after gethash.

That's strange when i use this command line: /home/masterz/fsenv/bin/python2.7 /home/masterz/evo-league-master/Sixserver/lib/fiveserver/gethash.py 1233321321231231231231231231 i obtain the good hash because when i add in dbb i can succesfull login and create profile in sixserver. But when i try with website that doesn't works.

Edit: I had uninstall/reinstall my debian and al is works now. Thank you for all I closed