Welcome to AC Web.
Results 1 to 2 of 2
  1. #1

    Exclamation SRP6 Support PHP Registration Script.


    REGISTER! (FREE)
    Registered members see less ads
    and also gain access to other great features.
    PHP Code:
    <?php
        
    try 
        { 
            
    $conn = new mysqli('ip','user''Pass''auth'); 
        } 
        catch(
    mysqli_sql_exception $e
        {
            echo 
    'Mysql connection error, wrong configuration!';
        }
        
        if (
    $conn->connect_error) {
            die(
    "Connection failed!");
        } 
        else
        {
            if(!empty(
    $_POST['uu']) && !empty($_POST['pp']) &&!empty($_POST['ee']))
            {
                
    // get parameters
                
    $username_input $_POST['uu'];
                
    $password_input $_POST['pp'];
                
    $email_input    $_POST['ee'];
                
                
    // convert password to sha1
                
    $passhash sha1(strtoupper($username_input.':'.$password_input));
                
                if (
    strlen($username_input) < or strlen($username_input) > 16)
                {
                    echo 
    'Account must be between 6 and 10 characters';
                    return;
                }
                
                if (
    strlen($password_input) < 6)
                {
                    echo 
    'Password must be atleast 6 characters';
                    return;
                }
                
                
    $stmt $stmt $conn->prepare('INSERT INTO account (username, sha_pass_hash, email) VALUES (?, ?, ?);');
                
                
    $stmt->bind_param('sss'$username_input$passhash$email_input);
                
                
    $stmt->execute();
                
                if (
    $stmt->affected_rows 0
                    echo 
    'Account registered successfully.';
                else 
                    echo 
    'Account already exists!';
                
                
    // vip 1 free
                
    $stmt $stmt $conn->prepare('INSERT INTO account_vip (id, vip_level, no_due, active) SELECT id, 1, 1, 1 FROM account WHERE username=?;');
                
                
    $stmt->bind_param('s'$username_input);
                
                
    $stmt->execute();
            }
        }
        
        
    mysqli_close($conn);
    ?>

    Hello Ac-webs I am in need of help from the community with updating this registration php script, The current revision is using srp6 , this php version is using php 5.6 & using the old auth system. if you could help out please feel free to reach out ☠Revolve☠#2637 on discord.

  2. #2

    REGISTER! (FREE)
    Registered members see less ads
    and also gain access to other great features.
    Code:
    function calculateSRP6Verifier($username, $password, $salt)
        {
            // algorithm constants
            $g = gmp_init(7);
            $N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
    
            // calculate first hash
            $h1 = sha1(strtoupper($username . ':' . $password), TRUE);
    
            // calculate second hash
            $h2 = sha1($salt.$h1, TRUE);
    
            // convert to integer (little-endian)
            $h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
    
            // g^h2 mod N
            $verifier = gmp_powm($g, $h2, $N);
    
            // convert back to a byte array (little-endian)
            $verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
    
            // pad to 32 bytes, remember that zeros go on the end in little-endian!
            $verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
    
            // done!
            return $verifier;
        }
    
        // Returns SRP6 parameters to register this username/password combination with
        function getRegistrationData($username, $password)
        {
            // generate a random salt
            $salt = random_bytes(32);
    
            // calculate verifier using this salt
            $verifier = $this->calculateSRP6Verifier($username, $password, $salt);
    
            // done - this is what you put in the account table!
            return array($salt, $verifier);
        }
    
        function verifySRP6($user, $pass, $salt, $verifier)
        {
            $g = gmp_init(7);
            $N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
            $x = gmp_import(
                sha1($salt . sha1(strtoupper($user . ':' . $pass), TRUE), TRUE),
                1,
                GMP_LSW_FIRST
            );
            $v = gmp_powm($g, $x, $N);
            return ($verifier === str_pad(gmp_export($v, 1, GMP_LSW_FIRST), 32, chr(0), STR_PAD_RIGHT));
        }
    to get the salt and verifier you just have to use
    Code:
    list($salt, $verifier) = getRegistrationData($username, $password);
    I'm not 100% sure if list works on php5.6 but the following will work as well
    Code:
    $data = = getRegistrationData($username, $password);
    $salt = $data[0];
    $verifier = $data[1];
    and for log in you'll need the following function
    Code:
    function verifySRP6($user, $pass, $salt, $verifier)
        {
            $g = gmp_init(7);
            $N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
            $x = gmp_import(
                sha1($salt . sha1(strtoupper($user . ':' . $pass), TRUE), TRUE),
                1,
                GMP_LSW_FIRST
            );
            $v = gmp_powm($g, $x, $N);
            return ($verifier === str_pad(gmp_export($v, 1, GMP_LSW_FIRST), 32, chr(0), STR_PAD_RIGHT));
        }
    Last edited by darksoke; 04-06-2021 at 09:36 AM.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •