Infinity-Login names a function, with lambda list (CLIENT PACKET):
Notification of a new player in the game.
See TOOTSVILLE INFINITY-GET-APPLE for an overview of the login process.
Response: logOK or @{ from: "login", status: false, err: "login.fail", msg: reason @}
{ userName: LOGIN,
password: SHA1-HEX,
zone: "$Eden" }
The input packet must have 3 data elements:
The name of the Toot character signing in
The SHA1 hex hash of the concatenated apple and password values (see TOOTSVILLE INFINITY-GET-APPLE for details)
Must always be $Eden exactly.
In the event of failure, see TOOTSVILLE LOGIN-FAIL for possible failure (error) codes that can be returned.
{ c: "login",
d: { userName: "Pil",
password: "6b4cd72086d278a9a0df40de7b4011fceae538dd",
zone: "$Eden" } }
In 1.2, users would log in to zone $Eden, then log in again to a specific zone. Now, $Eden is just a placeholder and there are no sharded zones.
Login does not completely succeed without parental approval.
The err2 value was added to error packets for better client software support.
Password hashing used the MD5 digest, which is no longer considered strong enough for Tootsville security.
The TOOTSVILLE INFINITY-GET-APPLE system was implemented. Previously, users submitted unsalted hashes of their password, which was (potentially) subject to replay attacks.
Defined in file src/websockets.lisp.