From fab8823cecf60b5c5f6fbf9626a1a8852f80ced4 Mon Sep 17 00:00:00 2001
From: Juliandev02 <juli.mackenstein@gmail.com>
Date: Sat, 30 Sep 2023 21:55:13 +0200
Subject: [PATCH] Added Password Hashing to account registration (#21)

---
 server/server.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/server/server.py b/server/server.py
index 4a07680a..de56a917 100644
--- a/server/server.py
+++ b/server/server.py
@@ -1226,7 +1226,7 @@ def register():
         client.send(f"{GREEN + Colors.BOLD}Role Color (Red, Green, Cyan, Blue, Yellow, Magenta): {RESET + Colors.RESET}".encode("utf8"))
         registeredRoleColor = client.recv(2048).decode("utf8")
 
-        client.send(f"{YELLOW + Colors.BOLD}Are you sure? Changing the username is currently not possible and requires a lot of time.{RESET + Colors.RESET}".encode("utf8"))
+        client.send(f"{YELLOW + Colors.BOLD}Is everything correct? (You can change your username, role color and password at any time){RESET + Colors.RESET}".encode("utf8"))
         confirmUsername = client.recv(2048).decode("utf8")
         
         if confirmUsername == "yes":
@@ -1244,6 +1244,11 @@ def register():
                 
                 creation_date = time.time()
                 
+                registeredPassword = str.encode(registeredPassword)
+                hashed_password = SHAKE256.new()
+                hashed_password.update(registeredPassword)
+                registeredPassword = hashed_password.read(26).hex()
+                
                 logcur.execute('INSERT INTO users (username, password, role, role_color, enable_blacklisted_words, account_enabled, muted, user_id, msg_count, enable_dms, creation_date) VALUES (?, ?, "member", ?, "true", "true", "false", ?, ?, "true", ?)', (registeredUsername, registeredPassword, registeredRoleColor.lower(), user_ids, 0, creation_date))
                 db.commit()
                 
@@ -1333,7 +1338,13 @@ def register():
                 sys.exit()
             
             client.send(f"{GREEN + Colors.BOLD}Password: {RESET + Colors.RESET}".encode("utf8"))
-            password = client.recv(2048).decode("utf8")
+            password = escape_ansi(client.recv(2048).decode("utf8"))
+            password = password.strip("\n")
+            password = str.encode(password)
+            
+            hashed_password = SHAKE256.new()
+            hashed_password.update(password)
+            password = hashed_password.read(26).hex()
             time.sleep(0.01)
             
             try: