UCP help - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: UCP help (/showthread.php?tid=487239)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: UCP help (/showthread.php?tid=487239)
UCP help - TheWay - 12.01.2014
I want to make a panel for my server, but I got a problem, my password in mysql is hashed, and if I try to login with my password ex: 1234 dosen't work, if I try to use password from mysql (hased) like "5345435wfrwjefqwjieriwqjerjiwqjriwqerweq" works.
Login.php
PHP код:
<?php
include 'includes/config.php';
include 'includes/header.php';
if(isset($_POST['username']) && isset($_POST['password'])){
$username = sec($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$check = get_row("SELECT id FROM players WHERE Name='$username' && Password='$password'");
if(isset($check['id'])){
$banned = get_row("SELECT * FROM banuri WHERE Nume='$username'");
if(isset($banned['id'])){
if($banned['BanaP'] == 0){
$err = 'Esti banat permanent';
}else{
$err = 'Esti banat pana la data de '.$banned['BanzP'].'.'.$banned['BanlP'].'.'.$banned['BanaP'].'.'.$banned['BanoP'].':'.$banned['BanmP'];
}
}else{
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
mysql_query("UPDATE players SET rpgon=2 WHERE Name='$username'");
header('location: cont.php');
}
}else{
$err = 'Username sau parola incorecte';
}
}
?>
<form method="POST" action="login.php">
<center><table id="loginstyle">
<br />
<br />
<tr>
<td id="intxt"><p style="color:#FFFFFF">Utilizator:</p></td></center>
<td><input id="instyle" type="text" name="username" /></td>
</tr>
<tr>
<td id="intxt"><p style="color:#FFFFFF">Parola:</p></td></center>
<td><input id="instyle" type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" style="color:#FF0000">
<input background="images/user.png" id="sbm" type="submit" value="Submit" >
</td>
</tr>
<?php if(isset($err)): ?>
<tr>
<td colspan="2" style="color:#FF0000;font-weight:bold;">
<?=$err?>
</td>
</tr>
<?php endif; ?>
</table>
<center>
<img src="http://www.game-state.eu/188.241.14.22:7777/FFFFFF/FFFFFF/n-560x95.png" alt="www.Game-State.eu" style="border-style: none;" />
</center>
</form>
<?php include 'includes/footer.php'; ?>
Re: UCP help - Seif- - 12.01.2014
Wrong section to post this, but if your password is hashed in MySQL, then you cannot login without hashing the password because they won't match. You need to hash the password that you enter in the field to see if they match. You should also specify what hash you're using.
Re: UCP help - TheWay - 12.01.2014
How I can see what Hash i use?
?
Re: UCP help - Seif- - 12.01.2014
Well if you're hashing your passwords, you must know what you're using. Check your script.
Re: UCP help - TheWay - 12.01.2014
strtoupper(hash
this?
Re: UCP help - Seif- - 12.01.2014
No, you should post your login/registration part.
Re: UCP help - TheWay - 12.01.2014
forward MySQLCreateAccount(newplayersname[], newpassword[], playerid);
forward OnPlayerLogin(playerid,password[]);
forward OnPlayerRegister(playerid, password[]);
public MySQLCreateAccount(newplayersname[], newpassword[], playerid)
{
new query[300];
new sqlplyname[64];
//new sqlpassword[64];
new parolacript[129];
mysql_real_escape_string(newplayersname, sqlplyname);
//mysql_real_escape_string(newpassword, sqlpassword);
WP_Hash(parolacript, sizeof(parolacript), newpassword);
Re: UCP help - Seif- - 12.01.2014
So you're using Whirlpool hashing. In that case, use the PHP function "hash" with whirlpool as the algorithm right before your first query:
PHP код:
$password = hash("whirlpool", $password);
Re: UCP help - TheWay - 12.01.2014
To use this in login.php?
Re: UCP help - Seif- - 12.01.2014
Yes, before the first query.