flashadvocate/srp6crypto

SRP6 implementation in PHP for TrinityCore

Maintainers

Details

github.com/flashadvocate/srp6crypto

Source

Issues

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

dev-main 2024-05-08 18:05 UTC

Requires

  • php: ^8.0|^8.1
  • ext-gmp: *

AGPL-3.0-or-later 658509fb5ad5060001cfb49888dba94fe43ea64c

This package is auto-updated.

Last update: 2024-11-08 19:08:49 UTC

README

Replaces sha_password_hash usage for account credential verification. Read https://gtker.com/implementation-guide-for-the-world-of-warcraft-flavor-of-srp6/ for more intimate details.

Credits to Treeston for his work on TrinityCore Minimanager.

Usage

composer require flashadvocate/srp6crypto

Example implementation

<?php

require __DIR__ . '/vendor/autoload.php';

$username = 'olstumpy';
$password = 'elephant frank disco ceremony apple josh herringbone';


/**
 * Generate a salt and verifier
 */
list($salt, $verifier) = (new \SRP6Crypto\Verifier(
    username: $username,
    password: $password
))->generate();


/**
 * create a new user account
 */
$connection = new PDO("mysql:host=127.0.0.1;dbname=auth", username: 'trinity', password: 'trinity');
$sth = $connection->prepare('INSERT INTO account (username, salt, verifier) VALUES (:username, UNHEX(:salt), UNHEX(:verifier));');

if ($sth instanceof \PDOStatement) {
    $rowsAffected = $sth->execute([
        ':username' => $username,
        ':salt' => bin2hex($salt),
        ':verifier' => bin2hex($verifier)
    ]);
}

if ($rowsAffected)
    echo "Account created successfully!";


/**
 * later, check that salt and verifier match login credentials
 */
$isVerified = (new \SRP6Crypto\Verifier(
    username: $username,
    password: $password,
    salt: $salt,
    verifier: $verifier
))->verify(); 

var_dump($isVerified); // returns true if credentials match