Alexoune001 7 Posted April 8, 2020 Hello, I turn to you after having done so and trying to test a recording system via my website (for the moment local test). I know the API system is available, but I don't like and have never really managed to use API systems. I checked in your documentation to encrypt the password and the Salt. However, it fits well in the user table, I manage to connect to the website (always test locally), but I cannot connect via the test account, on the client.exe. So I would like to know if you could help me a little more, give me a sample code to encrypt the password AND the salt so that I can try to make my registration system. I specify that it has been 2-3 days that I am trying to find a small solution (in PHP) to try to encrypt its correctly, I have the basis of the code, but I do not know if it is really good, knowing that it works well via the website but not the client.exe (I'm talking about the connection with the account I created via register.php). <?php $id = gen_uuid(); $username = $_POST['Name']; $pass = hash('sha256', $_POST['Password']); $password = mb_strtoupper($pass, 'UTF-8'); $salt = bin2hex(random_bytes(64)); $salt_mdp = hash('sha256', $pass.$salt); $salt_finish = strtoupper($salt_mdp, 'UTF-8'); ?> Thank you in advance if you can take me on the right track. (Sorry for the translation, I don't speak English and sorry if it's not in the right section, I didn't really know where to put my message) Share this post Link to post Share on other sites
Cheshire 356 Posted April 8, 2020 I'd really not recommend doing this manually, and figure out a way to use the API really. But if you insist to do it te hard way you could copy the registration system the client uses and look at what that does to make the password and save it. Just bear in mind that if you use SQLite you might cause some weird issues with the databases not saving or loading properly messing with it in two programs. Share this post Link to post Share on other sites
Alexoune001 7 Posted April 8, 2020 I use MySQL for the user database so that I can better manage this with PHP;) I was very comfortable with PHP earlier, and that is why I prefer not to use the API, especially since I tried to set up, but it is not really done for me i think lol Share this post Link to post Share on other sites
Cheshire 356 Posted April 8, 2020 If you're comfortable with PHP the API should really not be an issue. It's nothing but some HTTP calls. If HTTP Sessions and headers are too much for you, I would really not trust your homegrown account system with my information. Share this post Link to post Share on other sites
jcsnider 3,546 Posted April 8, 2020 If you change the user DB while the server is running you are very very likely to lose data and experience player rollbacks. This is because the server retains DB info at all times and when saving if the DB has changed the server will panic and crash. That means that you can't add users via PHP. It's API or bust, it's literally why we made the API. 2 Alexoune001 and Cheshire reacted to this Share this post Link to post Share on other sites
wishy 298 Posted April 8, 2020 If you are very comfortable with php, then you really should be doing the registration through the API, I don't think messing with the database while the game is running is a good idea. Share this post Link to post Share on other sites
Cheshire 356 Posted April 8, 2020 Good to know it does that even in MySQL form. Share this post Link to post Share on other sites
Alexoune001 7 Posted April 8, 2020 Ah okay, thanks for your reply jc snider. To answer other people: Yes I am comfortable in PHP. It's just that I never really understood how the API works, even when reading the documentation. Well if not, don't worry, I will try to read the documentation again and try to do something correct locally. Thank you for your answers ! Share this post Link to post Share on other sites
wishy 298 Posted April 8, 2020 example code for registration: function APIcall_GET($server,$access_token,$calltype,$postData){ // Setup cURL $ch = curl_init('http://'.$server.$calltype); curl_setopt_array($ch, array( CURLOPT_HTTPGET => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_HTTPHEADER => array( 'authorization: Bearer '.$access_token, 'Content-Type: application/json' ), CURLOPT_POSTFIELDS => json_encode($postData) )); // Send the request $response = curl_exec($ch); // Check for errors if($response === FALSE){ die(curl_error($ch)); } // Decode the response $responseData = json_decode($response, TRUE); return $responseData; } $passwordhash = hash('sha256', $password); $postData = array( 'username' => $username, 'password' => $passwordhash, 'email' => $email ); $access_token = $login['access_token']; $calltype = '/api/v1/users/register'; $register = APIcall_GET($server,$access_token,$calltype,$postData); 1 Alexoune001 reacted to this Share this post Link to post Share on other sites
Alexoune001 7 Posted April 8, 2020 Oh thanks for the sample code ;), I especially block at the level of the implementation of the API that I do not understand too much ^^' Share this post Link to post Share on other sites