Passwords sent and recieved do differ

[Smartfoxer]

Hello,

I am now done with research and have asked fellow students, they tell me the code seems fine.

I have the following: Sending a loginRequest to the server, with (username, password, zone, paramsObject).

Yes I know, the documentation says it is (username, password, paramsObject, zone). This worked for a while, then Unity gave me parsing errors and wanted me to change the order.

First weird thing for a couple of days now.

But the major issue: The password I put into the packet is always the same, but on the server side the password is different each time.

How can that be ? Any explanations?

Any help is much appreciated, thanks!

[Lapo]

Hi,

Hello,

I have the following: Sending a loginRequest to the server, with (username, password, zone, paramsObject).
Yes I know, the documentation says it is (username, password, paramsObject, zone). This worked for a while, then Unity gave me parsing errors and wanted me to change the order.

The former is correct, while the latter isn't. The paramsObj is the last parameter in the request signature.

But the major issue: The password I put into the packet is always the same, but on the server side the password is different each time.

How can that be ? Any explanations?

Because it is encrypted. You don't receive the password in clear you receive an hashcode which you can compare to the original password via a specific API function.
You can learn the details in the documentation here:
http://docs2x.smartfoxserver.com/Gettin ... wtos#item3

See the "Secure passwords" section.
On the same topic, take also a look at this recent article in our blog:
http://smartfoxserver.com/blog/?p=297

If there's any question let us know.

[Smartfoxer]

Hello Lapo,

thanks for your reply!

Okay, I see your point; and that was my only last resort that would make any sense to me. If you knew how many hours I put overlooking the code......

I thought that what you described is only active when using the ILoginAssistantPlugin.

BUT: Even if SFS hashes what I put into the packet, how can it be that the same input results in different output on the server side?
EDIT: Answer, due to the salt, okay.


But how will I be able to achieve the following:

My first idea was to send the password in plain text, but then for security reason I changed the handling to hashing the input from the user on the client side using MD5, taking the output string of MD5 to put it into the packet and send it to the server. Then I use the username to fetch the string (MD5) from the database and compare the two. If they are equal, login passes, if not, login is unsucessfull.

Shouldn't it work when I put the MD5 string into the params object and use that string after extraction for comparison?
EDIT: Answer: yup, thats what your link tells me.

Well, thanks again for the reply, helped a lot !

Best,
James

[Smartfoxer]

Hi,

Hello,

I have the following: Sending a loginRequest to the server, with (username, password, zone, paramsObject).
Yes I know, the documentation says it is (username, password, paramsObject, zone). This worked for a while, then Unity gave me parsing errors and wanted me to change the order.

The former is correct, while the latter isn't. The paramsObj is the last parameter in the request signature.

But the major issue: The password I put into the packet is always the same, but on the server side the password is different each time.

.

Hey, it's me again. Just for completion, here is what the documentation says: "SFS2X.Requests.System.LoginRequest(userName, password, params, zoneName) "

http://docs2x.smartfoxserver.com/api-do ... quest.html

So if you say the first is correct, maybe this site should get updated

Cheers

[Lapo]

Strangely in JS we have the two last params inverted, so it is consistent, at least in terms of code and documentation