Welcome to TRiBot Forums

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.

Sign in to follow this  
Followers 0
Sea Shepard

[Release] PHP/Java Authentication System

8 posts in this topic

Hey guys,

I was going through some old workspaces and files the other day and found a super simple php/java authentication system I wrote for a Frosty Flowers Host script on powerbot.

I figured there must be a lot of people on here who have never worked with anything like this before, so I thought I might as well post it here.

I was learning a bit about hash's and encrypting at the time, so this authsystem does use a basic md5 implementation. Fun stuff if you have never done anything with that before.

I'm not saying you should use this in your script or that its a good auth system; it worked for what was being asked of me. Don't be an asshole and post about how l33t your hacking skilz are or how you could spoof the data if you wanted. No one cares.

Here is what the .java code contains, you will just have to download the archive to see the php code.

AuthSystem.java

package org.roadprophet.propheticapi.authsystem;import java.io.IOException;import java.security.NoSuchAlgorithmException;import org.roadprophet.propheticapi.authsystem.net.UserHandler;import org.roadprophet.propheticapi.authsystem.util.Security;/** * A simple hash/salt authentication system writtin by RoadProphet for CBot and Ampzz * for their RSBot dicing bot.  * @author UNUMSANCTUM * */public class AuthSystem {		/**	 * Authenticates the user based on their display name. This will most commonly be used. :3	 * @param username	 * @return	 * @throws IOException	 */	public static boolean authenticate(String username) throws IOException {		return UserHandler.userExists(username);	}		/**	 * Authenticate's a user. Uses MD5 and Base64 encoding for the password. 	 * @param username The user's name	 * @param password The user's password	 * @return True for successful authentication, false if otherwise or if an exception was thrown.	 * @throws NoSuchAlgorithmException 	 * @throws IOException 	 */	public static boolean authenticate(String username, String password) throws NoSuchAlgorithmException, IOException {		if(UserHandler.userExists(username)) {			String salt = UserHandler.getSalt(username);			String hash = Security.getHash(password, salt);			return UserHandler.validate(username, hash);		}		return false;	}		/**	 * Creates a new user. 	 * @param username User's name	 * @param password The completely unmodified password	 * @return True if user creation successful, false if otherwise	 * @throws NoSuchAlgorithmException	 */	public static boolean createUser(String username, String password) throws NoSuchAlgorithmException {		//TODO: this :c		return false;	}}

Security.java

package org.roadprophet.propheticapi.authsystem.util;import java.io.IOException;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;import java.util.Random;import sun.misc.BASE64Decoder;import sun.misc.BASE64Encoder;//The imports for base64. Access restricted unless modified otherwise. /** * Provides various security utilities for the authentication system, including Base64 * encoding/decoding and salt generation * @author UNUMSANCTUM * */public class Security {		/** Our secure random number gen */	protected static Random random = new SecureRandom();		/** Our message digest */	protected static MessageDigest md5;			/**	 * Length of 32, yo. 	 * 	 * @return The salt array	 */	public static byte[] genSalt() {		byte[] salt = new byte[15];		random.nextBytes(salt);		return salt;	}		/**	 * Returns the salted md5 hash for the given password and salt.	 * @param password	 * @param salt	 * @return	 * @throws NoSuchAlgorithmException	 * @throws IOException	 */	public static String getHash(String password, String salt) throws NoSuchAlgorithmException, IOException {		if(md5 == null) {			md5 = MessageDigest.getInstance("MD5");		}		md5.reset(); //clear salts		byte[] passwordBytes = password.getBytes();		byte[] saltBytes = Security.base64ToByte(salt);		md5.update(saltBytes); //update salt		byte[] hashedPass = md5.digest(passwordBytes);		return Security.byteToBase64(hashedPass);	}		//To enable base64 for your script, change the access restriction "error" to level "warning". I wrote this and realized that perhaps RSBot won't like that.	/**	 * From a base 64 representation, returns the corresponding byte[]	 * 	 * @param data	 *            String The base64 representation	 * @return byte[]	 * @throws IOException	 */	public static byte[] base64ToByte(String data) throws IOException {		BASE64Decoder decoder = new BASE64Decoder();		return decoder.decodeBuffer(data);	}	/**	 * From a byte[] returns a base 64 representation	 * 	 * @param data	 *            byte[]	 * @return String	 * @throws IOException	 */	public static String byteToBase64(byte[] data) {		BASE64Encoder endecoder = new BASE64Encoder();		return endecoder.encode(data);	}}

UserHandler.java

package org.roadprophet.propheticapi.authsystem.net;import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.net.MalformedURLException;import java.net.URL;import java.net.URLConnection;/** * Handles any and all calls that require the offsite php files * @author UNUMSANCTUM * */public class UserHandler {	/** Our base address */	public static final String address = "http://www.illiumonline.com/propheticscripts/hostbot/";		/**	 * Validates a user. 	 * @param username poo 	 * @param hashpass poop	 * @return tits	 */	public static boolean validate(String username, String hashpass) {		try {			//LELELELELE REPEATED CODE LEELLELELELELE			URL url = new URL(address+"authenticate.php?" +				"username=" + username + "&" 				+ "password=" + hashpass);			URLConnection connection = url.openConnection();			connection.setDoInput(true);			connection.connect();			BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));			String line = "";			while((line = br.readLine()) != null) {				if(line.equalsIgnoreCase("Success")) {					return true;				}			}		} catch (Exception e) {			e.printStackTrace();		}		return false;	}		/**	 * Acquires this user's salt. 	 * @param username	 * @return	 */	public static String getSalt(String username) {		try {			//LELELELELE REPEATED CODE LEELLELELELELE			URL url = new URL(address+"getsalt.php?" + "username=" + username);			URLConnection connection = url.openConnection();			connection.setDoInput(true);			connection.connect();			BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));			String line = "";			while((line = br.readLine()) != null) {				if(line.contains("Salt:")) {					return line.replace("Salt: ", "");				}			}		} catch (Exception e) {			e.printStackTrace();		}		return null;	}	/**	 * Whether or not this user already exists	 * @param username The username we are checking	 * @return True if they exist, false if...false.	 */	public static boolean userExists(String username) {		try {			//LELELELELE REPEATED CODE LEELLELELELELE			URL url = new URL(address+"userexists.php?" + "username=" + username);			URLConnection connection = url.openConnection();			connection.setDoInput(true);			connection.connect();			BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));			String line = "";			while((line = br.readLine()) != null) {				if(line.equalsIgnoreCase("true")) {					return true;				}			}		} catch (IOException e) {			// TODO Auto-generated catch block			e.printStackTrace();		}		return false;	}		/**	 * Creates a new user	 * @param username Username	 * @param password Password	 * @param salt Salt	 * @return True if successful, false if not	 */	public static boolean createUser(String username, String password, String salt) {		try {			//LELELELELE REPEATED CODE LEELLELELELELE			URL url = new URL(address+"createuser.php?" +			"username=" + username + "&" + 					"password=" + password + "&" +					"salt=" + salt);			URLConnection connection = url.openConnection();			connection.setDoInput(true);			connection.connect();			BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));			String line = "";			while((line = br.readLine()) != null) {				System.out.println(line);				if(line.equalsIgnoreCase("success")) {					return true;				}			}		} catch (Exception e) {			e.printStackTrace();		}		System.err.println("Error creating user: " + username);		return false;	}	/**	 * A simple test to see that everything is working as it should. 	 */	public static boolean test() {		try {			//LELELELELE REPEATED CODE LEELLELELELELE			URL url = new URL(address+"test.php?");			URLConnection connection = url.openConnection();			connection.setDoInput(true);			connection.connect();			BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));			String line = "";			while((line = br.readLine()) != null) {				if(line.equalsIgnoreCase("test")) {					return true;				}			}					} catch (MalformedURLException e) {			// TODO Auto-generated catch block			e.printStackTrace();		} catch (IOException e) {			// TODO Auto-generated catch block			e.printStackTrace();		}		return false;	}}

Download

*It's a simple filesystem, I removed project metadata and errythang.

PHP/Java Authentication System - LINK

As always, questions are welcome. :)

Thank you!

Share this post


Link to post
Share on other sites

No problem. Remember if your gonna Se it up, edit the configuration. Php file to point to your db

Mind directing me to a good php tutorial? Time to dig in. :P

Share this post


Link to post
Share on other sites

No problem. Remember if your gonna Se it up, edit the configuration. Php file to point to your db

Mind directing me to a good php tutorial? Time to dig in. :P

Check this out mate.

http://thenewboston.org/tutorials.php

Thank you! That's a massive collection of videos. I like it. I'm gonna add it to my Dev Resources thread.

Share this post


Link to post
Share on other sites

No problem. Remember if your gonna Se it up, edit the configuration. Php file to point to your db

Mind directing me to a good php tutorial? Time to dig in. :P

Check this out mate.

http://thenewboston.org/tutorials.php

Thank you! That's a massive collection of videos. I like it. I'm gonna add it to my Dev Resources thread.

It's by far the best tutorials out there! :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.