Password migration to SHA256

[verden]

Has anyone considered implementing an accessible function for changing email address associated to the account before implementing this change? Surprised this thread hasn't erupted yet, maybe nobody is paying attention.

[weltall]

no and i don't plan to for now

[bilbous]

So just to re-iterate, as I understand it, once the 0.5.8 client is released we will need to log in with all our accounts, freshly inputting our passwords in order to update the password encryption. If we do not do this before the 0.5.8 client is subsequently updated any accounts we have that have not had this encryption updated will need to have this done before we update our clients to 0.5.9 if it is offered. This client will use the new encryption and require the use of the password recovery service and any accounts that are associated with defunct email addresses will become a problem to renew as they will take manual effort on the part of the server admin. Once the 0.6.0 client is released not updating will not be an option and password recovery will be the only way to access accounts that have not had their password updated.  Is that a fair reading of the situation?

 Can we expect that 0.5.8 will stick around for at least a month or possibly two to give us a fair chance of updating our passwords painlessly? I know I have several accounts where the email address is no longer valid and it seems to me that they are already problematic to change the password for. Fortunately that has not been a problem for me as I do not need to change their passwords.

Are the myplane passwords the same hash file as the game passwords or will we need to repeat the procedure there as well?

[weltall]

yes that's sorta it.
I expect 0.6.0 to take several months to be done (up to a year even) as combat will be merged, char creation and quest will have a major rework, prolly npcclient changes will be merged too and compatibility with previous clients will be broken.

[weltall]

I'd like to point out that we have 1,6% of the accounts  already migrated.
If we consider only accounts which logged in since january this percentual increases to 32%. (it seems some migrated accounts never logged in the game ever... i wonder if it's a problem with the email)

[bilbous]

I have a couple accounts with email addresses which are gone and will not be back, I have a couple more for which the domain is under my control and could be returned to service. You suggest in the original post that

As an additional note: if your username is not a valid email anymore you are suggested during the migration period to correct this by contacting developers.

and I am wondering if this is best done by pm on the forums or directly on irc -- perhaps on the #planeshift-build or #planeshift-gmtalk channel on IRC. Are you, weltall, the only one who has the proper server authority to do this or are there others you can name who we can look for to share the burden and assist us? I realize you are a busy person but if you alone have the ability, perhaps others you trust can take user details to pass along to you.


I am curious about that 32% does that indicate that that percentage of "current" accounts have had their password reset or have registered since July of this year?

Also I gather that this will affect both servers.

[novacadian]

I have a couple accounts with email addresses which are gone and will not be back, I have a couple more for which the domain is under my control and could be returned to service.

 

Not meaning to derail the thread, so just a quick yes or no will do. Are multiple accounts allowed?

- Nova

[Soloyos]

Last i knew you could but that was back in 2009 or so.

[Aiwendil]

http://www.hydlaaplaza.com/smf/index.php?topic=25815.msg288252#msg288252

[weltall]

I have a couple accounts with email addresses which are gone and will not be back, I have a couple more for which the domain is under my control and could be returned to service. You suggest in the original post that

As an additional note: if your username is not a valid email anymore you are suggested during the migration period to correct this by contacting developers.

and I am wondering if this is best done by pm on the forums or directly on irc -- perhaps on the #planeshift-build or #planeshift-gmtalk channel on IRC. Are you, weltall, the only one who has the proper server authority to do this or are there others you can name who we can look for to share the burden and assist us? I realize you are a busy person but if you alone have the ability, perhaps others you trust can take user details to pass along to you.


I am curious about that 32% does that indicate that that percentage of "current" accounts have had their password reset or have registered since July of this year?

Also I gather that this will affect both servers.

leaving a petition from the account with the destination email is the best way to verify it easily.

yes it does.

i see no issues with multiple accounts.

[weltall]

ok today we reached stage 1.5 on both servers. If you've an svn client you can start sending your converted password with that.

[BoevenF]

[Soloyos]

Haha Love It!

[LigH]

I see you got the point, Boeven!

[weltall]

Talad doesn't want the option in the login window so there will be no graphical way to disable the password conversion. if you wish to disable it open the planeshift.cfg in the same folder of log and change this option (or add it if missing):
PlaneShift.Connection.ConvertPass

in this way
PlaneShift.Connection.ConvertPass = false

you could also restore visibility of the option by removing visible="false" in the definition of the widget in the loginwindow.xml