Whirlpool Encrption and PHP -
=AV=Gibson - 27.11.2011
Hello,
I hope someone on here can help me but this is driving me mad. I've tried a few different setup's and none seem to work so here's my dilema.
I have a gameserver for which I am writing a game panel for ( for players and admins) the panel will allow the users to login (using there ingame usernames and passwords) and access their own information including punishment history, contact other players and additional admistration functions BUT my main issue is the login system.
I cannot find a WORKING way to encrypt the attempted password against the database password that is encrypted with the SAMP whirlpool plugin.
Here is what will happen when a user attempts to login
index.php -
If session is active forward to dashboard.php
If session is NOT active, display login information,
Once information is entered for is submitted to PHP_SELF
the attempted password is encrpyted from $_GET['password'] and stored to $attemptedpassword
The actual password is then fetched from the database and compared to the attempted password
If correct then they are forwarded to the dashboard
If not then the are redirected to the dashboard again where using and URL rewrite error message is displayed.
So to clarify i HAVE a login system all i need assistance with is the encrypting of the attempted password using our own SALT to compare against the database.
Thank you for reading and i hope there is someone who can help as this is the make or break for this project,
Gibson
Re: Whirlpool Encrption and PHP -
woot - 27.11.2011
Ehm, something like this should do it!? Just a bare example, don't forget to escape inputs, ...
PHP код:
$username = $_POST['username'];
$password = hash('whirlpool', $_POST['password']);
$mResult = mysql_query("SELECT NULL FROM `players` WHERE `name`='$username' AND `password`='$password' LIMIT 1");
if(!mysql_num_rows($mResult)) {
// invalid
}
else {
// valid
}}
Re: Whirlpool Encrption and PHP -
=AV=Gibson - 27.11.2011
We use a custom salt,... Will it still recognise the encryption or do i have to include it somewhere? as that's the nit that's been throwing me off.