Password Hashing

I want to create a Legion Registration Site and now i am stuck at the Password hashing you are using.


line 175-188

			std::string Battlenet::AccountMgr::CalculateShaPassHash(std::string const& name, std::string const& password)
			SHA256Hash email;
			SHA256Hash sha;
			sha.UpdateData(ByteArrayToHexStr(email.GetDigest(), email.GetLength()));
			return ByteArrayToHexStr(sha.GetDigest(), sha.GetLength(), true);

As i Understand, you first hash the email with sha256

then you rehash it with the password like email:password

i cant reproduce that in php

public function RegisterBattleNetAccount($email, $password)
# $GLOBALS[‘mysqli’]->query(“use {$GLOBALS[‘db_auth’]}”);
$pass = hash(‘sha256’, strtoupper(hash(‘sha256’, $email)).‘:’.$password);
$pass = strtoupper($pass);
$email = strtoupper($email);
// $stmt = $GLOBALS[‘mysqli’]->prepare(“INSERT INTO battlenet_accounts (email,sha_pass_hash) VALUES (?, ?)”);

 // $stmt->bind_param("ss", $email, $pass);
     // $stmt->execute();       

Always returns a wrong hash when i run it with details already in the databse for testing purpose.

I didnt check the code, but are you sure “email” is really the email?
This thread: seems to suggest that the username is used instead of the email, though that may have changed.