diff options
| author | Kitzunu <24550914+Kitzunu@users.noreply.github.com> | 2021-04-27 00:12:42 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-27 00:12:42 +0200 |
| commit | 0529af98c4b9e2959dde07e28fc095c007442294 (patch) | |
| tree | dd27cdea5a78d934df69d6a4cff24bfc81908147 /docs | |
| parent | c356cb1c2fb3d35fde37b6aa650cace33e514ec8 (diff) | |
| download | wiki-0529af98c4b9e2959dde07e28fc095c007442294.tar.gz wiki-0529af98c4b9e2959dde07e28fc095c007442294.tar.bz2 wiki-0529af98c4b9e2959dde07e28fc095c007442294.zip | |
chore(account): Update to latest master (#443)
* Update account.md
* Update account.md
* Update account.md
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/account.md | 153 |
1 files changed, 83 insertions, 70 deletions
diff --git a/docs/account.md b/docs/account.md index fe63a54..48eecb5 100644 --- a/docs/account.md +++ b/docs/account.md @@ -2,65 +2,63 @@ [<-Back-to:Auth](database-auth.md) -**The `account` table** +**The \`account\` table** This table holds information on all available accounts. -## Structure +**Structure** | Field | Type | Attributes | Key | Null | Default | Extra | Comment | |-----------------------|--------------|------------|-----|------|-------------------|----------------|------------| -| [id][1] | int(10) | unsigned | PRI | NO | | auto_increment | Identifier | -| [username][2] | varchar(32) | | UNI | NO | | | | -| [sha_pass_hash][3] | varchar(40) | | | NO | | | | -| [sessionkey][4] | varchar(80) | | | NO | | | | -| [v][5] | varchar(64) | | | NO | | | | -| [s][6] | varchar(64) | | | NO | | | | -| [token_key][7] | varchar(100) | | | NO | | | | -| [email][8] | varchar(255) | | | NO | | | | -| [reg_mail][9] | varchar(255) | | | NO | | | | -| [joindate][10] | timestamp | | | NO | CURRENT_TIMESTAMP | | | -| [last_ip][11] | varchar(15) | | | NO | 127.0.0.1 | | | -| [last_attempt_ip][12] | varchar(15) | | | NO | 127.0.0.1 | | | -| [failed_logins][13] | int(10) | unsigned | | NO | 0 | | | -| [locked][14] | tinyint(3) | unsigned | | NO | 0 | | | -| [lock_country][15] | varchar(2) | | | NO | 0 | | | -| [last_login][16] | timestamp | | | YES | NULL | | | -| [online][17] | int(10) | unsigned | | NO | 0 | | | -| [expansion][18] | tinyint(3) | unsigned | | NO | 2 | | | -| [mutetime][19] | bigint(20) | signed | | NO | 0 | | | -| [mutereason][20] | varchar(255) | | | NO | | | | -| [muteby][21] | varchar(50) | | | NO | | | | -| [locale][22] | tinyint(3) | unsigned | | NO | 0 | | | -| [os][23] | varchar(3) | | | NO | | | | -| [recruiter][24] | int(10) | unsigned | | NO | 0 | | | -| [totaltime][25] | int(10) | unsigned | | NO | 0 | | | +| [id][1] | INT | UNSIGNED | PRI | NO | | AUTO_INCREMENT | Identifier | +| [username][2] | VARCHAR(32) | | UNI | NO | | | | +| [salt][3] | BINARY(32) | | | NO | | | | +| [verifier][4] | BINARY(32) | | | NO | | | | +| [session_key][5] | BINARY(40) | | | YES | | | | +| [token_key][6] | VARCHAR(100) | | | NO | | | | +| [email][7] | VARCHAR(255) | | | NO | | | | +| [reg_mail][8] | VARCHAR(255) | | | NO | | | | +| [joindate][9] | TIMESTAMP | | | NO | CURRENT_TIMESTAMP | | | +| [last_ip][10] | VARCHAR(15) | | | NO | 127.0.0.1 | | | +| [last_attempt_ip][11] | VARCHAR(15) | | | NO | 127.0.0.1 | | | +| [failed_logins][12] | INT | UNSIGNED | | NO | 0 | | | +| [locked][13] | tinyint(3) | UNSIGNED | | NO | 0 | | | +| [lock_country][14] | VARCHAR(2) | | | NO | 0 | | | +| [last_login][15] | TIMESTAMP | | | YES | NULL | | | +| [online][16] | INT | UNSIGNED | | NO | 0 | | | +| [expansion][17] | TINYINT | UNSIGNED | | NO | 2 | | | +| [mutetime][18] | BIGINT | SIGNED | | NO | 0 | | | +| [mutereason][19] | VARCHAR(255) | | | NO | | | | +| [muteby][20] | VARCHAR(50) | | | NO | | | | +| [locale][21] | TINYINT | UNSIGNED | | NO | 0 | | | +| [os][22] | VARCHAR(3) | | | NO | | | | +| [recruiter][23] | INT | UNSIGNED | | NO | 0 | | | +| [totaltime][24] | INT | UNSIGNED | | NO | 0 | | | [1]: #id [2]: #username -[3]: #sha_pass_hash -[4]: #sessionkey -[5]: #v -[6]: #s -[7]: #token_key -[8]: #email -[9]: #reg_mail -[10]: #joindate -[11]: #last_ip -[12]: #last_attempt_ip -[13]: #failed_logins -[14]: #locked -[15]: #lock_country -[16]: #last_login -[17]: #online -[18]: #expansion -[19]: #mutetime -[20]: #mutereason -[21]: #muteby -[22]: #locale -[23]: #os -[24]: #recruiter -[25]: #totaltime +[3]: #salt +[4]: #verifier +[5]: #session_key +[6]: #token_key +[7]: #email +[8]: #reg_mail +[9]: #joindate +[10]: #last_ip +[11]: #last_attempt_ip +[12]: #failed_logins +[13]: #locked +[14]: #lock_country +[15]: #last_login +[16]: #online +[17]: #expansion +[18]: #mutetime +[19]: #mutereason +[20]: #muteby +[21]: #locale +[22]: #os +[23]: #recruiter +[24]: #totaltime ## Description of the fields @@ -72,32 +70,51 @@ The unique account ID. The user's account name. -**NOTE**: usernames are limited to 20 characters and have no character restriction. +**NOTE:** usernames are limited to 20 characters and have no character restriction. -### sha_pass_hash +### salt -This field contains the encrypted password. The encryption is SHA1 and is in the following format: username:password. The SQL to create the password (or to compare with the current hash) is: +salt is a cryptographically random 32-byte value. -| Language | Code | -|----------|---------------------------------------------------------------------| -| SQL | UPPER(SHA1(CONCAT(UPPER('myusername'), ':', UPPER('mypass')))); | -| PHP | strtoupper(sha1(strtoupper($username).':'.strtoupper($password))); | +### verifier -**NOTE**: Passwords are limited to 16 characters and have no character restriction. +verifier is derived from salt, as well as the user's username (all uppercase) and their password (all uppercase). -### sessionkey +To obtain the verifier you need to calculate: -`field-no-description|5` +1. Calculate `h1 = SHA1("USERNAME:PASSWORD")`, substituting the user's username and password converted to uppercase. + +2. Calculate `h2 = SHA1(salt || h1)`, where || is concatenation (the . operator in PHP). + +**NOTE:** Both `salt` and `h1` are binary, not hexadecimal strings! + +3. Treat `h2` as an integer in little-endian order (the first byte is the least significant). + +4. Calculate `(g ^ h2) % N`. + +**NOTE:** `g` and `N` are parameters, which are fixed in the WoW implementation. + +`g = 7` -### v -### s +`N = 0x894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7` -`v` and `s` fields are used by server authentication system since the client uses a SRP6 protocol to handle authentication +5. Convert the result back to a byte array in little-endian order. -If you change the password these fields must be set to 0 allowing the server to regenerate them at login. -The .account password command already does it, but you must take care about it on external registration systems (web client) +**For PHP implementations** + +Make sure the PHP GMP extension is loaded! Uncomment `extension=gmp` in your php.ini. + +[CalculateSRP6Verifier.php](https://gist.github.com/Treeston/db44f23503ae9f1542de31cb8d66781e) + +[GetSRP6RegistrationData.php](https://gist.github.com/Treeston/40b99dd71f55d55c68857919088b2e41) + +[VerifySRP6Login.php](https://gist.github.com/Treeston/34d9249fb467dddc11b2568e74f8cb1e) + +### session_key + +`field-no-description|5` -### **token_key** +### token_key The authenticator key. @@ -153,10 +170,6 @@ Integer 0, 1 or 2 controlling if the client logged in on the account has any exp | 0 | Classic | | 1 | The Burning Crusade (TBC) | | 2 | Wrath of the Lich King (WotLK) | -| 3 | Cataclysm | -| 4 | Mist of Pandaria (MOP) | -| 5 | Warlords of Draenor (WOD) | -| 6 | Legion | ### mutetime |