Unhashing Passwords for UCP - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Unhashing Passwords for UCP (/showthread.php?tid=440953)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Unhashing Passwords for UCP (/showthread.php?tid=440953)
........ - NickD - 31.05.2013
........
Re: Unhashing Passwords for UCP - Kirollos - 31.05.2013
Just hash the password written in the UCP login and check if it equals the hashed password in your SQL.
Re: Unhashing Passwords for UCP - DanLore - 31.05.2013
How are you hashing passwords? Some hashes can actually be used in PHP (such as whirlpool). Unless it's a custom hash which I doubt, there is most likely no chance of decryption for the passwords, otherwise what would be the point of encryption in the first place.
Anyway, if I can know what encryption method you're using, I can tell you if you can check the hashes via PHP (I assume you're using PHP).
Re: Unhashing Passwords for UCP - iTorran - 31.05.2013
You don't need to unhash the passwords, and you shouldn't.
http://php.net/manual/en/function.hash.php
I guess this would also be the wrong section.
........ - NickD - 31.05.2013
........
Re: Unhashing Passwords for UCP - DanLore - 01.06.2013
Quote:
|
Originally Posted by NickD
 We are using PHP, and the encryption with the server passwords is from the ysi wp hash encryption.
wp_hash, is this compatible with PHP? |
PHP код:
hash('whirlpool', $their_password);
Re: Unhashing Passwords for UCP - nmader - 01.06.2013
Quote:
|
Originally Posted by DanLore
Should be! I'd assume it'd be used like the following, it's how I used it in one of my previous projects.
PHP код:
|
Re: Unhashing Passwords for UCP - DanLore - 01.06.2013
You would hash the password the user tried using at the UCP:
PHP код:
$hashed_password = hash("whirlpool", $_POST["password"]);
PHP код:
if($hashed_password == $sql_result["password"])
{
// They're a match.
}
Re: Unhashing Passwords for UCP - nmader - 01.06.2013
It does not seem to be working, I have the following code:
PHP код:
<?php
include("config.php");
session_start();
error_reporting(0);
$submit = $_POST['submit'];
$username = $_POST['username'];
$password = hash('whirlpool', $_POST['password']);
if($submit)
{
if($username && $password)
{
$query = mysql_query("SELECT playerName, playerPassword FROM playeraccounts WHERE playerName = '$username'");
if(mysql_num_rows($query) == 1)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['playerName'];
$dbpassword = $row['playerPassword'];
}
if($username == $dbusername && $password == $dbpassword)
{
$_SESSION['username'] = $dbusername;
echo header('location: profile.php'); //redirecting user to his profile page (profile.php)
}
else
{
header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php
echo '.$password';
}
}
else
{
header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php
echo '.$password';
}
}
else
{
header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php
echo '.$password';
}
}
mysql_close();
flush();
?>
Re: Unhashing Passwords for UCP - iTorran - 01.06.2013
Are the hashes the same? (Hash a random word on both your server and website and see if its the same)