Parallel Fractional Go Game 4

Round 35

Game link

2 Likes

Reminder @benjito @A_Normal_Name

2 Likes

Round 35

Game link

5 Likes

i’m having a lot of trouble visually estimating who is ahead. one of our teams could be completely demolishing the other and i’d have no idea lol

6 Likes

Reminder @benjito @yebellz @fuseki3 @A_Normal_Name

4 Likes

Does anyone know how to reset the password on the Go Variants server?

4 Likes

giphy

Annoying answer
  1. Submit PR to implement a ā€œforgot password?ā€ button
  2. Click the ā€œforgot password?ā€ button
More pragmatic answer

We have ability to kick users from games, so you could make a new account and re-join.

4 Likes
Annoying answer for admins, who should have added a reset password feature

Or create a new user with the new password and ask someone with database access to copy the encrypted password to your old user (and delete the new one).

2 Likes

Should be impossible, if the passwords are salted as they should be.

You salt with user ID?

1 Like

Salting with just the user id is not advisable, but some sort of unique salt should be used. If two users with the same password get the same hash, you’re doing it wrong.

Normally isn’t the salt part of the encrypted password, so it can be copied around? Unix passwords work this way, for example.

4 Likes

Exactly this - assuming you haven’t permanently tied salt to a user somehow, it’s very possible for an admin to do what @Jon_Ko suggested.

I’m not really in favor of doing it, just wanted to point out, it is possible even with a standard security system.

4 Likes

If two users can choose the same password, and the resulting password hash comes out the same for both, either there was no salt or the salt was pointless. Salt is meant to be unique per user so that the 30 people that all used password123 all still have unique hashes.

However, presumably one could copy over the salt too, not just the hash.

5 Likes

Aaah yeah, that’s a good point. I forgot about that :stuck_out_tongue: then yeah as long as it’s not set up in such a way that salt contains or checks itself against some other uuid such as username, then yeah copying salt and hash from one user to another should work, although definitely not advisable to make a habit of :rofl:

For me the big hurdle with this feature is adding email notifications.

However implementing the following ā€œworkaroundā€ would probably be doable currently:

  • make it so users can change their password while logged-in
  • make it so admins can set a new password for users (so they can send it to this person privately).
4 Likes

We could also allow admin to generate the ā€œreset passwordā€ link for a user. That way, user doesnt need to reset password another time, and we’re a step closer to the legit email flow, even though we don’t have email.

3 Likes

Ok, I am now yebellz2 on the GoVariants server. Could someone kick yebellz and I will rejoin as yebellz.

I’ll try to remember my password this time

6 Likes

Done!

5 Likes