Password hash for sql (small doubt)

Password hash for sql (small doubt) - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Password hash for sql (small doubt) (/showthread.php?tid=557744)

Password hash for sql (small doubt) - Bondage - 14.01.2015

Solved

Re: Password hash for sql (small doubt) - xVIP3Rx - 14.01.2015

We check if the hashed inputtext equal the one on the database, if so we load the data

pawn Код:

new query[100], pname[24], pass[30];
GetPlayerName(playerid, pname, 24);
mysql_escape_string(inputtext , pass);

mysql_format(Connectionhandle, query, sizeof(query), "SELECT * FROM `playerdata` WHERE `password`= SHA1('%s') AND `user`='%s'", pass, pname);//change `password` to your password name.
new cache:result = mysql_query(MySQL, query);

if(cache_get_row_count() > 0)
{
    mysql_format(mysql, query, sizeof(query), "SELECT * FROM `` WHERE `user` = '%e' LIMIT 1",);
    mysql_tquery(mysql, query, "OnAccountLoad", "i", playerid);
}

cache_delete(result);

Re: Password hash for sql (small doubt) - Abagail - 14.01.2015

password=SHA1('%s')

That is not how strings work. And, yes, whirlpool is considered more secure; and it shouldn't really have anything to do with special loading / saving. It should be saved as a normal string to the database, and loaded the same.

Re: Password hash for sql (small doubt) - Bondage - 15.01.2015

I got these two warnings

pawn Код:

C:\Users\Prabin\Desktop\0.3z\gamemodes\TGR.pwn(28492) : warning 213: tag mismatch
C:\Users\Prabin\Desktop\0.3z\gamemodes\TGR.pwn(28499) : warning 213: tag mismatch

Lines

pawn Код:

new cache:result = mysql_query(mysql, query);
cache_delete(result);

Full lines

pawn Код:

new query[100], pname[24], passw[30];
            GetPlayerName(playerid, pname, 24);
            mysql_escape_string(inputtext , passw);

            mysql_format(mysql, query, sizeof(query), "SELECT * FROM `playerdata` WHERE `password`= SHA1('%s') AND `user`='%e'", passw, pname);//change `password` to your password name.
            new cache:result = mysql_query(mysql, query); //this line

            if(cache_get_row_count() > 0)
            {
                mysql_format(mysql, query, sizeof(query), "SELECT * FROM `playerdata` WHERE `user` = '%e' LIMIT 1",pname);
                mysql_tquery(mysql, query, "OnAccountLoad", "i", playerid);
            }
            cache_delete(result); //this line

Re: Password hash for sql (small doubt) - xVIP3Rx - 15.01.2015

Umm, Try this

pawn Код:

new query[100], pname[24], pass[30];
    new cache:result;
    GetPlayerName(playerid, pname, 24);
    mysql_escape_string(inputtext , pass);

    mysql_format(Connectionhandle, query, sizeof(query), "SELECT * FROM `playerdata` WHERE `password`= SHA1('%s') AND `user`='%s'", pass, pname);//change `password` to your password name.
    result = mysql_query(MySQL, query);

    if(cache_get_row_count() > 0)
    {
        mysql_format(mysql, query, sizeof(query), "SELECT * FROM `` WHERE `user` = '%e' LIMIT 1",);
        mysql_tquery(mysql, query, "OnAccountLoad", "i", playerid);
    }

    cache_delete(result);

My result is a global variable, I didn't get any errors with it, if you got errors with that code ^^, try to make "Cashe:result" a global variable (Outside the function).