Just OK Login

Script Just OK Login 1.1

  • Welcome to skUnity!

    Welcome to skUnity! This is a forum where members of the Skript community can communicate and interact. Skript Resource Creators can post their Resources for all to see and use.

    If you haven't done so already, feel free to join our official Discord server to expand your level of interaction with the comminuty!

    Now, what are you waiting for? Join the community now!

Pikachu

Supporter
Addon Developer
Jan 25, 2017
870
144
43
USA
Pikachu submitted a new resource:

Just OK Login - Finally, a login skript safe for server owners and players

Requires:
  • Skellett
  • SkStuff
  • SkQuery
  • MundoSK
  • Skript 2.2+ (preferably Bensku fork)
Features:
  • Passwords are hashed and salted (a player's plaintext password is never stored)
  • Salts are randomly generated and stored for each player
  • Utilizes packets to create commands so that login commands are not logged and therefore passwords are not logged
  • Stops logged out players from moving without the use of any events
  • Very configurable, every message and...

Read more about this resource...
 
But it's hashed with MD5, a deprecated algorithm. Never use MD5 when hashing passwords.
Yeah, I know MD5 has collisions. I suppose I could've added skutilities to hash with SHA-256 (maybe I will, at a later date), but my main worry here wasn't true security but rather server owners or more specifically malicious staff being able to easily access passwords since in a ton of other login skripts passwords are just stored as plaintext.
 
  • Like
Reactions: Rezz
logo.png


Woop - featured resource!
Thanks for your awesome contribution to skUnity Forums, Pikachu! Your resource has been featured on the front page Resources | skUnity Forums
 
Pikachu updated Just OK Login with a new update entry:

SHA-256 hashing, Peppers, events, kick fix and multiple potential salts

If you update to this, you will have to reset all player's passwords. I've provided a function for this in the update that can be called via
code_language.skript:
loginResetAll()
***
Now requires SkUtilities
***

Added peppers, SHA-256 hashing (by default), custom events and multiple potential salts...
Custom events added:
Login (login)
Register (register)
Incorrect password (incorrectpass)
Kick for too many tries (incorrectkick)

Read the rest of this update entry...