UCP and mysql password hashing - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: UCP and mysql password hashing (/showthread.php?tid=427692)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: UCP and mysql password hashing (/showthread.php?tid=427692)
UCP and mysql password hashing - Zalman - 02.04.2013
I am using a vortex 2 script and I am wondering how I would recive hashed passwords from my data, this is what I have so far with checking login details.
PHP код:
<?php
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="samp"; // Database name
$tbl_name="playeraccounts"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// To protect MySQL injection (more detail about MySQL injection)
$Username = stripslashes($username);
$Password = stripslashes($password);
$Username = mysql_real_escape_string($Username);
$Password = mysql_real_escape_string($Password);
$sql="SELECT * FROM $tbl_name WHERE playerName='$Username' and playerPassword='". hash('whirlpool', $Password) ."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_register("Username");
session_register("Password");
header("location:Dashboard.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
Re: UCP and mysql password hashing - 3ventic - 02.04.2013
You cannot receive the password itself. All you can receive is the hash of it.
A few notes though; session_register is removed in new PHP versions and you don't need quotes around the variables in mysql_connect or mysql_select_db. I highly recommend that you use mysqli though.
Re: UCP and mysql password hashing - Zalman - 02.04.2013
Quote:
|
Originally Posted by 3ventic
 You cannot receive the password itself. All you can receive is the hash of it.
A few notes though; session_register is removed in new PHP versions and you don't need quotes around the variables in mysql_connect or mysql_select_db. I highly recommend that you use mysqli though. |
Re: UCP and mysql password hashing - Vince - 02.04.2013
You don't. What isn't working, exactly? 'Cause this is exactly how it's done.
Re: UCP and mysql password hashing - 3ventic - 02.04.2013
http://www.w3schools.com/html/html_forms.asp
http://www.w3schools.com/php/php_forms.asp
Read those to get started. After that take a look at your existing code. It's a good start.
Re: UCP and mysql password hashing - Zalman - 02.04.2013
Quote:
|
Originally Posted by Vince
You don't. What isn't working, exactly? 'Cause this is exactly how it's done.
|
Re: UCP and mysql password hashing - Zalman - 02.04.2013
I have now fixed the issue, thanks anyway guys.