I want users to be able to login with their account in that same database.
However, I also want to keep the salt a secret server side.
Is it safe to use world.Export to send the username/password over ssl(once implemented) to have it hashed server side via php? Then checked to ensure the login credentials match and then return a value via echo that is read by world.Export? Any security risks with this approach?
I want the salt to stay secret, so getting the salt via dantom.db and hashing client side isn't an option.
Example:
https://www.yourwebsite.com/scripts/account_auth.php?account_name=yourusername&account_password=yourpassword
PHP Code would run behind the scenes. Grabbing the salt for the user and then hashing their password server side with php. Afterwards, being compared to the hash stored in the database for that user. If they match, echo a response code. If not, echo an error response code.
In DM it would look something like this:
var/login_auth[] = world.Export("https://www.yourwebsite.com/scripts/account_auth.php?account_name=[account_name]&account_password=[account_password]")
Then you'd check the response code via the login_auth list.