SA-MP Forums Archive
hashing passwords - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: hashing passwords (/showthread.php?tid=372652)


hashing passwords - thefatshizms - 27.08.2012

Hello, im using mysql and i need to hash the passwords i tried like this

pawn Code:
format(Query,sizeof(Query),"INSERT INTO `users` (`username` , `password`, `money`, `score`, `bank`, `stat`, `swat`, `army`, `admin`, `cop`, `regdate`, `prison`, `vip`, `arrest`, `surender`, `rob`, `rape`, `heal`, `hitman`, `sales`, `wep` , `drug`, `taze`, `truck`) VALUES ('%s', md5('%s'), '0', '0', '0', '0', '0', '0', '0', '0', '%02d/%02d/%d', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0') ",PlayerName(playerid),EscapedText, Day, Month, Year);
and the 'md5' managed to hash it fine but now i cant login as it says its wrong password

Re: hashing passwords - Kindred - 27.08.2012

Give us more info for god's sake.

Are you hashing the password you type in and checking if it is the same password that is in the database?

Re: hashing passwords - Luke_James - 27.08.2012

You could use the Whirlpool plugin/include.

Re: hashing passwords - fiki574 - 27.08.2012

Quote:
Originally Posted by thefatshizms
View Post
Hello, im using mysql and i need to hash the passwords i tried like this

pawn Code:
format(Query,sizeof(Query),"INSERT INTO `users` (`username` , `password`, `money`, `score`, `bank`, `stat`, `swat`, `army`, `admin`, `cop`, `regdate`, `prison`, `vip`, `arrest`, `surender`, `rob`, `rape`, `heal`, `hitman`, `sales`, `wep` , `drug`, `taze`, `truck`) VALUES ('%s', md5('%s'), '0', '0', '0', '0', '0', '0', '0', '0', '%02d/%02d/%d', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0') ",PlayerName(playerid),EscapedText, Day, Month, Year);
and the 'md5' managed to hash it fine but now i cant login as it says its wrong password
Are you using md5 hash at logging in? What I think on is, you should compare hashed password from database and hash + compare password that player typed on login! If they match, player logins, if they dont - they fail!

Also, usage of Whirlpool instead of md5 would be better!

Re: hashing passwords - thefatshizms - 27.08.2012

Yes im checking if its the same in the database. And how exactly would i use whirlpool (never used it)

Re: hashing passwords - HuSs3n - 27.08.2012

show us the lines where you load the password (from mysql) , and how you check if its a right password

Re: hashing passwords - thefatshizms - 27.08.2012

pawn Code:
stock LoginPlayer(playerid,const password[])
{
    new EscapedText[60], Query[200];
    WP_Hash( EscapedText, sizeof ( EscapedText ), password );
    mysql_real_escape_string(password, EscapedText);
    format(Query,sizeof(Query),"SELECT * FROM `users` WHERE `username` = '%s' AND `password` ='%s'",PlayerName(playerid),EscapedText);
    mysql_query(Query);
    mysql_store_result();
    if(mysql_num_rows() != 0) {
        SendClientMessage(playerid,COLOR_GREEN,"You have been logged in!");
        LoadStats(playerid);
    }
    else {
        SendClientMessage(playerid,COLOR_RED,"Wrong password!");
        Kick(playerid);
    }
    mysql_free_result();
    return 1;
}
i deleted the md5 stuff and tried the whirlpool but it didnt work

Re: hashing passwords - fiki574 - 27.08.2012

Quote:
Originally Posted by thefatshizms
View Post
pawn Code:
stock LoginPlayer(playerid,const password[])
{
    new EscapedText[60], Query[200];
    WP_Hash( EscapedText, sizeof ( EscapedText ), password );
    mysql_real_escape_string(password, EscapedText);
    format(Query,sizeof(Query),"SELECT * FROM `users` WHERE `username` = '%s' AND `password` ='%s'",PlayerName(playerid),EscapedText);
    mysql_query(Query);
    mysql_store_result();
    if(mysql_num_rows() != 0) {
        SendClientMessage(playerid,COLOR_GREEN,"You have been logged in!");
        LoadStats(playerid);
    }
    else {
        SendClientMessage(playerid,COLOR_RED,"Wrong password!");
        Kick(playerid);
    }
    mysql_free_result();
    return 1;
}
i deleted the md5 stuff and tried the whirlpool but it didnt work
Thats because you need Whirlpool plugin! Also, just use MD5 in comparing and it'll work!

Re: hashing passwords - iTorran - 27.08.2012

Quote:
Originally Posted by HuSs3n
View Post
using whirlpool with mysql is a bad idea
Could not be more wrong

Re: hashing passwords - ReneG - 27.08.2012

Quote:
Originally Posted by HuSs3n
View Post
using whirlpool with mysql is a bad idea
Quote:
Originally Posted by iTorran
View Post
Could not be more wrong
Could you at least provide SOME good points on why using whirlpool with mysql is bad? If you won't, then quit misinforming people.

EDIT:
Quote:
Originally Posted by HuSs3n
View Post
Why should he use a whole plugin while he can just use md5(); in mysql ?
that what i meant with 'bad idea'
When your talking about security, you shouldn't give a damn about convenience. You're responsible for users' passwords, that excuse is just selfish and lazy.