Categories > Coding > Lua >

[RELEASE] MoobleFlurf Authentication Sample (FREE LUAU)

Verbum

Posts: 34

Threads: 8

Joined: Jul, 2022

Reputation: 10

Posted

This is the source code of this very secure authentication system

Pepperingand salting as well! Enjoy

-- Load the SHA-256 hash library
local sha256 = require("sha256")

-- List of allowed usernames and their corresponding hashed passwords with salts and pepper
local whitelist = {
  user1 = {
    passwordHash = "4b2dd16341f5c5f5e5b1d602726dfbe05c785f8d231f21575c11a329a3c3bf94",
    salt = "3a7a437a4c4e4d4f4e4d4f474f4e475241",
    pepper = "fb1c7f2a2c62347fc9ac9f6d0c6e05f6"
  },
  user2 = {
    passwordHash = "52764e3f93a9f3d04c129efda057167c93dc7b2b287a40b47b6de344c3bf313e",
    salt = "3f525a42414e475f5245434f5244",
    pepper = "2a2f52aa9f28b1a7d1e0b404857f7f6d"
  },
  user3 = {
    passwordHash = "9d4b4bb4d47c53b89a7f504d0075f5b5e5f1651f7a9a59a75d7c332a3c3bf7d1",
    salt = "7a6f726f6e",
    pepper = "f3dd3dcbdfb1f470da02f6c91d8e2e6b"
  }
}

-- List of allowed IP addresses
local ipWhitelist = {
  "127.0.0.1"
}

-- Maximum number of login attempts before a user is temporarily locked out
local maxLoginAttempts = 5

-- Time in seconds for a user to be locked out after maxLoginAttempts is reached
local lockoutTime = 60

-- Table to keep track of failed login attempts
local failedLogins = {}

-- Function to check if a user is allowed
function isAllowed(user, password, ipAddress)
  -- Generate a random salt value for each login attempt
  local loginSalt = sha256(os.time() .. math.random(1000, 9999))

  -- Check if user is in the whitelist and the password is correct
  if whitelist[user] and sha256(whitelist[user].salt .. password .. whitelist[user].pepper .. loginSalt) == whitelist[user].passwordHash then
    -- Check if the IP address is also allowed
    for j, allowedIP in ipairs(ipWhitelist) do
      if ipAddress == allowedIP then
        -- Reset the failed login attempts for the user
        failedLogins[user] = nil
        return true
      end
    end
  end

  -- Increment the failed login attempts for the user
  if not failedLogins[user] then
    failedLogins[user] = 1
  else
    failedLogins[user] = failedLogins[user] + 1
  end

  -- Check if the user has reached the maximum number of login attempts and should be locked out
  if failedLogins[user] >= maxLoginAttempts then
    failedLogins[user] = nil
    os.execute("sleep " .. lockoutTime)
  end

  return false
end

  • 0

veh_handler and seh_handler disliker

<p>enis</p>

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )