fix: Fixes bad password with SHA1/SHA2 (#1952)

modernuo · Sep 13, 2024 · 8639ed2 · 8639ed2
1 parent 257825d
commit 8639ed2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/Projects/Server/Main.cs b/Projects/Server/Main.cs
@@ -463,7 +463,6 @@ public static void RunEventLoop()
 
                 // Handle networking
                 NetState.Slice();
-                // PingServer.Slice();
 
                 // Execute captured post-await methods (like Timer.Pause)
                 LoopContext.ExecuteTasks();

diff --git a/Projects/UOContent/Accounting/Account.cs b/Projects/UOContent/Accounting/Account.cs
@@ -362,13 +362,17 @@ public void Delete()
 
     public void SetPassword(string plainPassword)
     {
-        Password = AccountSecurity.CurrentPasswordProtection.EncryptPassword(plainPassword);
+        var phrase = _passwordAlgorithm is PasswordProtectionAlgorithm.SHA1 or PasswordProtectionAlgorithm.SHA2
+            ? $"{_username}{plainPassword}"
+            : plainPassword;
+
+        Password = AccountSecurity.CurrentPasswordProtection.EncryptPassword(phrase);
         PasswordAlgorithm = AccountSecurity.CurrentAlgorithm;
     }
 
     public bool CheckPassword(string plainPassword)
     {
-        var phrase = _passwordAlgorithm == PasswordProtectionAlgorithm.SHA1
+        var phrase = _passwordAlgorithm is PasswordProtectionAlgorithm.SHA1 or PasswordProtectionAlgorithm.SHA2
             ? $"{_username}{plainPassword}"
             : plainPassword;