I think this should work from what I've read on the internets... it's not ideal, but it will work (avoids users choosing their own passwords, which isn't something I want to deal with now, doesn't require an oauth login via browser, and persists between games).
Register (if the client does not have a .freecell_token file):
client->server: Register(username)
if username exists already:
server->client: NameTaken(username) (END HERE)
server->client: LoginToken(username)
client then stores the token in .freecell_token
Login:
client->server: Login(username)
server->client: Nonce(random_number, salt)
client->server: TokenHash(username, hash(hash(token+salt)+nonce))
if the hash matches in the database:
server->client: LoggedIn(username)
else:
server->client: LoginFailed(username)
The connection is then passed off to the competition server
Need a simple server authentication scheme.
I think this should work from what I've read on the internets... it's not ideal, but it will work (avoids users choosing their own passwords, which isn't something I want to deal with now, doesn't require an oauth login via browser, and persists between games).
Register (if the client does not have a .freecell_token file): client->server: Register(username) if username exists already: server->client: NameTaken(username) (END HERE) server->client: LoginToken(username) client then stores the token in .freecell_token
Login: client->server: Login(username) server->client: Nonce(random_number, salt) client->server: TokenHash(username, hash(hash(token+salt)+nonce)) if the hash matches in the database: server->client: LoggedIn(username) else: server->client: LoginFailed(username)
The connection is then passed off to the competition server