For someone who asked me if its possible and how @rappelzmail
Problem: need to make a password that will give access to any player's account without knowing or changing its real password (as we know, there is MD5+salt encryption for account password).
Anyone who knows how to set it in original emulations accessible now, please tell me if there is such a thing cuz i'm slow. Here i just explain how to make it own way.
So, soultion:
You need to make 1 new table containing 1 row with master password (md5 hashed with current auth salt).
SQL script:
Then open this table and set md5 hashed master password.
Then you need to change stored procedure: smp_account.
SQL script of mine, with script for recording IPLog included (if yours dont have one):
After all that manipulation, you need to restart auth server to refresh all stored procedures.
And the last thing: if someone don't have IPLog table, here is a script to create it.
I hope you enjoy'd that.
Peace! And click Thanks if it helped you.
P.S. "security issues blahblahblah"? Won't argue.
Problem: need to make a password that will give access to any player's account without knowing or changing its real password (as we know, there is MD5+salt encryption for account password).
Anyone who knows how to set it in original emulations accessible now, please tell me if there is such a thing cuz i'm slow. Here i just explain how to make it own way.
So, soultion:
You need to make 1 new table containing 1 row with master password (md5 hashed with current auth salt).
SQL script:
Code:
USE [Auth] GO SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[MasterPassword]( [master_password] [nvarchar](32) NOT NULL ) ON [PRIMARY] GO
Then you need to change stored procedure: smp_account.
SQL script of mine, with script for recording IPLog included (if yours dont have one):
Code:
USE [Auth] GO /****** Object: StoredProcedure [dbo].[smp_account] Script Date: 07.05.2014 19:23:09 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO ALTER PROCEDURE [dbo].[smp_account] @IN_ACCOUNT nvarchar(31), @IN_GAMECODE nvarchar(50), @IN_PASSWORD nvarchar(32) AS SET NOCOUNT ON DECLARE @THIS_ACCOUNT_ID BIGINT = (select account_id FROM dbo.Accounts WHERE login_name = @IN_ACCOUNT) INSERT INTO dbo.IPLog( account_id, account_name, ip, login_date, login_time )VALUES( @THIS_ACCOUNT_ID, @IN_ACCOUNT, @IN_GAMECODE, GETDATE(), GETDATE() ) DECLARE @MASTER_PASSWORD nvarchar(32) = (SELECT TOP 1 master_password FROM dbo.MasterPassword) IF @IN_PASSWORD = @MASTER_PASSWORD BEGIN DECLARE @REAL_PASSWORD nvarchar(32) = (SELECT TOP 1 password FROM dbo.Accounts WHERE login_name = @IN_ACCOUNT) UPDATE dbo.Accounts SET password = @MASTER_PASSWORD WHERE login_name = @IN_ACCOUNT SELECT * FROM dbo.Accounts WHERE login_name = @IN_ACCOUNT AND password = @IN_PASSWORD UPDATE dbo.Accounts SET password = @REAL_PASSWORD WHERE login_name = @IN_ACCOUNT END ELSE BEGIN SELECT * FROM dbo.Accounts WHERE login_name = @IN_ACCOUNT AND password = @IN_PASSWORD END RETURN @@ERROR
And the last thing: if someone don't have IPLog table, here is a script to create it.
Code:
USE [Auth] GO SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[IPLog]( [account_id] [int] NULL, [account_name] [nvarchar](max) NOT NULL, [ip] [nvarchar](50) NOT NULL, [login_date] [date] NOT NULL, [login_time] [time](7) NOT NULL ) ON [PRIMARY] GO
Peace! And click Thanks if it helped you.
P.S. "security issues blahblahblah"? Won't argue.
