![[Security]Bcrypt hash algorithm in Shaiya](https://www.elitepvpers.com/forum/iconimages/shaiya-pserver-guides-releases/security-bcrypt-hash-algorithm-shaiya_ltr.gif){kind=small}
![[ADM]Sky's Avatar](https://www.elitepvpers.com/forum/customavatars/avatar6895826_8.gif){kind=avatar}
Example of implementing the BCrypt algorithm for Shaiya servers.
Step 1
Step 2Quote:
EXEC sp_configure 'CLR ENABLED' , '1'
GO
RECONFIGURE
GO
ALTER DATABASE PS_UserData SET TRUSTWORTHY ON
GO
Execute the file BCrypt_assembly.sql, which is located below.
Step 3 (BCrypt-Function)
This step is optional, because the hash itself will be created by the site, but thanks to this function, you can perform verification.Quote:
CREATE FUNCTION [dbo].[BCrypt](@password [nvarchar](4000), @rounds [int])
RETURNS [nvarchar](4000) WITH EXECUTE AS CALLER
AS
EXTERNAL NAME [BCrypt].[BCryptPackage.UserDefinedFunctions].[BCrypt]
GO
EXEC sys.sp_addextendedproperty @name=N'AutoDeployed', @value=N'yes' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',@level1name=N'BCrypt'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFile', @value=N'BCryptAssembly' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',@level1name=N'BCrypt'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFileLine', @value=813 , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',@level1name=N'BCrypt'
Step 4(CheckPassword function)
If you get an error, you need to change the database compatibility level.Quote:
CREATE FUNCTION [dbo].[CheckPassword](@password [nvarchar](4000), @hashed [nvarchar](4000))
RETURNS [bit] WITH EXECUTE AS CALLER
AS
EXTERNAL NAME [BCrypt].[BCryptPackage.UserDefinedFunctions].[CheckPassword]
GO
EXEC sys.sp_addextendedproperty @name=N'AutoDeployed', @value=N'yes' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',
@level1name=N'CheckPassword'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFile', @value=N'BCryptAssembly' , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',
@level1name=N'CheckPassword'
GO
EXEC sys.sp_addextendedproperty @name=N'SqlAssemblyFileLine', @value=820 , @level0type=N'SCHEMA',@level0name=N'dbo', @level1type=N'FUNCTION',
@level1name=N'CheckPassword'
Step 5
Now run it to check.
Сheck result:Quote:
DECLARE @passwd VARCHAR(60)
DECLARE @crypted_passwd VARCHAR(60)
SET @passwd = 'weakPassword1234'
select @crypted_passwd = dbo.Bcrypt('weakPassword1234',10)
print @crypted_passwd
-- Check if the passwords match
select dbo.CheckPassword(@passwd,@crypted_passwd)
Step 6
Execute the file usp_Try_GameLogin_Taiwan.sql, which is located below.
Сheck result:
Very important:
PHP once made the Bcrypt function, but the first versions of it did not work correctly. This is why they started changing the prefix at the beginning of the hash to indicate that it is a new version, but this is not suitable for us to check in the database, so we will do this little trick.
PHP Code:
$pw = 'test9080';
$PwHash = password_hash($pw, PASSWORD_BCRYPT);
echo $PwHash;
echo "<br>";
$PwHash = str_replace("$2y$", "$2a$", $PwHash);
echo $PwHash;
I wish you the best of everything!
![[ADM]Sky is offline](images/elitepvpers/statusicon/user_offline.gif){kind=small}
![[BSG]Reeya's Avatar](https://www.elitepvpers.com/forum/customavatars/avatar7878599_1.gif){kind=avatar}
