Jump to content

Session_key, v, s...how they work?

Guest Princess

Recommended Posts

Hi, I'm doing a cms for mangos, but I have some little problems:

I have:

"UPDATEaccount SET sha_pass_hash='$npass', sessionkey='', v='', s='' WHERE username='$login'" this works ok on game, but when I tried to login on web this fail because, session_key, v and s...How they work?

Link to comment
Share on other sites

Do you want an login on an web frontend with your account credentials from realm database? if so, you don't need session_key, v or s, they are only needed for game clients. a check agains a sha1 hash should be enough.

Link to comment
Share on other sites

yes, but it too strangle.

In realm database I have:

sha_pass_hash = fe6f7b9ad8bb5a6caad5b6c5dc5568e2196bdc1a

but If I use the algoritm on php:

sha1(strtoupper($login) . ":" . strtoupper($opass));

it give me:


the same login and the same password, it works only in wow login, but on web it fails :S

Link to comment
Share on other sites

30f71ce763fa241a988e9a20314a124f8229fa70 T_T

How mangos does to login? I don't undertands why mangos can login on wow with fe6f7b9ad8bb5a6caad5b6c5dc5568e2196bdc1a but when I use the "supposed" algoritm to hash the password, it gives me other password :S

Link to comment
Share on other sites

i can assure u, its upper user/pass, just look at mangos source its clear

if u cant figure it out, in a couple of days when i check out forum again, i will provide a working example that u can easily get either from read source or any 3rd party project, from memory try something like

SET sha_pass_hash=SHA1(CONCAT(UPPER('$username'),':',UPPER('$pass'))), v=0, s=0

hint minimanager has got it right, same as dozens of other projects, i cant name now cos im drunk

Link to comment
Share on other sites

Well, here is mi poltergeist!

The account/password is kili/petardo

If I use sha1(strtoupper($login) . ":" . strtoupper($opass)) it gives me: 4bb5e28d95f82a3ea265177381a6d3bd60944dbe <------------CORRECT

But if I go to realm account database I have: fe6f7b9ad8bb5a6caad5b6c5dc5568e2196bdc1a <-----WTF??

I can't log into web with 4bb5e28d95f82a3ea265177381a6d3bd60944dbe BUT I CAN log ingame into wow with fe6f7b9ad8bb5a6caad5b6c5dc5568e2196bdc1a

What's the problem? I don't understand :S

Link to comment
Share on other sites

std::string AccountMgr::CalculateShaPassHash(std::string& name, std::string& password)
   Sha1Hash sha;

   std::string encoded;
   hexEncodeByteArray(sha.GetDigest(), sha.GetLength(), encoded);

   return encoded;

That is mangos password check, which is equal to yours in php. Just look at another mangos CMS's code and see how they do it? :)

Link to comment
Share on other sites

That is very strange, the accounts not working is probably not created properly.

maybe, but those accounts can be logged perfectly by game...

Client apply upper case to login/password before send. Mangos apply upper case at accound creating by internal command and expect that in DB you store hascode created from _upper_ version login/password if it calculated by external tools

Link to comment
Share on other sites

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use