passwordHash

Client-side

Server-side

Shared

Needs checking

This function was partially migrated from the old wiki. Please review manually:

Missing section: Options for each hashing algorithm

Manual Review Required

Please finish this page using the corresponding Old Wiki article. Go to Contribution guidelines for more information.

This function creates a new password hash using a specified hashing algorithm.

Note

Using passwordHash is the recommended way of storing passwords.

Caution

It is strongly recommended to use the async version of the function (i.e. provide a callback function). Otherwise, you will experience short freezes due to the slow nature of the bcrypt algorithm

Caution

If you will be using "Example 1" then you will have to save account data "hash_password" after server restart, otherwise this script will no longer work.

Syntax

string passwordHash ( string password, string algorithm, table options, function callback )

Required Arguments

password: The password to hash.
algorithm: The algorithm to use: bcrypt : use the bcrypt hashing algorithm. Hash length: 60 characters. Note that only the prefix $2y$ is supported (older prefixes can cause security issues).
options: table with options for the hashing algorithm, as detailed below.
callback: providing a callback will run this function asynchronously, the arguments to the callback are the same as the returned values below.

Returns

string: value

Returns the hash as a string if hashing was successful, false otherwise. If a callback was provided, the aforementioned values are arguments to the callback, and this function will always return true .

Code Examples

shared

-- lets add command handler that will handle the account creation
addCommandHandler("accountCreate",function(source,cmd,username,password)
  if (username and password) then
    local hashedPassword = passwordHash(password,"bcrypt",{}) -- create new hash for password
    if (hashedPassword) then -- check if hash has been generated
      local account = addAccount(username,hashedPassword) -- now lets add account with new hash what we got when we made it for password.
      if (account) then
        setAccountData(account,"hash_password",hashedPassword) -- store accounts password hash in order to verify it when it's needed.
        outputChatBox("Account successfuly created! Now please login. Syntax </accountLogin [username] [password]>",source,20,160,20)
      else
        outputChatBox("Account already exists! Please try again with different username.",source,20,160,20)
      end
    else
      outputChatBox("Securing your password failed! Please try again or contact an administrator.",source,160,20,20)
    end
  else
    outputChatBox("Wrong parameters! Correct Syntax </accountCreate [username] [password]>",source,160,20,20)
  end
end);

-- lets add command handler that will handle the account login
addCommandHandler("accountLogin",function(source,cmd,username,password)
  if (username and password) then
    local account = getAccount(username) -- get entered account
    if (account) then -- check if entered account exists
      local hashedPassword = getAccountData(account,"hash_password") -- lets get hashed password
      if (passwordVerify(password,hashedPassword)) then -- check if hash and entered password matches
        if logIn(source,account,hashedPassword) then -- now lets login player into account
          outputChatBox("Login successfull. Welcome, "..getAccountName(account).."!",source,20,160,20)
        end
      else
        outputChatBox("Password is incorrect!",source,160,20,20)
      end
    else
      outputChatBox("Account doesn't exist! Please try again with different account.",source,160,20,20)
    end
  else
    outputChatBox("Wrong parameters! Correct Syntax </accountLogin [username] [password]>",source,160,20,20)
  end
end);

passwordHash

Syntax

Required Arguments

Returns

Code Examples

See Also

Utility Functions

Reference