WP_Hash/mySQL Password Problem - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: WP_Hash/mySQL Password Problem (/showthread.php?tid=587611)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: WP_Hash/mySQL Password Problem (/showthread.php?tid=587611)
WP_Hash/mySQL Password Problem - Andre02 - 01.09.2015
Hello, i've been working on the register and login system of a new project!
But i have a problem with password hashing, I am using Whirlpool hashing function, but the problem is that when the player registers there is nothing in the "Password" field it's blank, so people can login with random passwords on the account
Here's a picture:
and here is my code
PHP код:
// Includes
#include <a_samp>
#include <a_mysql>
// Native WP_Hash On top of the script
native WP_Hash(buffer[], len, const str[]);
// mysql defines
#define mysql_host "localhost"
#define mysql_user "root"
#define mysql_password ""
#define mysql_database "sfrp"
// Dialogs defines
#define RegDialog 0
#define LoginDialog 1
// playerdata
enum playerInfo
{
Password[129],
skin,
db_id
}
new pInfo[MAX_PLAYERS][playerInfo];
// forwards
forward CheckUser(playerid);
forward CheckPassword(playerid);
// mysql variable
new dbhandle;
// OnGameModeInit
dbhandle = mysql_connect(mysql_host, mysql_user, mysql_database, mysql_password);
if(mysql_errno() != 0)
{
printf("[MySQL] Failed to connect.");
}
else
{
printf("[MySQL] Succesfully connected.");
}
// OnGameModeExit
mysql_close(dbhandle);
// OnPlayerConnect
new query[128];
mysql_format(dbhandle, query, sizeof(query), "SELECT `Password`, `ID` FROM `users` WHERE `Username` = '%e' LIMIT 1", PlayerName(playerid));
mysql_tquery(dbhandle, query, "CheckUser", "i", playerid);
// OnPlayerDisconnect
// SavePlayerStats
SavePlayerStats(playerid);
ResetPlayerStats(playerid);
public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
/***************
Login Dialog
****************/
if(dialogid == LoginDialog)
{
if(response)
{
if (strlen(inputtext) > 0)
{
new hashpass[129], query[128];
WP_Hash(hashpass, sizeof(hashpass), inputtext);
if(!strcmp(hashpass, pInfo[playerid][Password]))
{
mysql_format(dbhandle, query, sizeof(query), "SELECT * FROM `users` WHERE `Username` = '%e' LIMIT 1", PlayerName(playerid));
mysql_tquery(dbhandle, query, "CheckPassword", "i", playerid);
}
}
else
{
new string[159 + MAX_PLAYER_NAME];
format(string, sizeof(string),"Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {00FF00}Registered.\n\n{FF0000}You must type the password related to this account to login.", PlayerName(playerid));
ShowPlayerDialog(playerid, LoginDialog, DIALOG_STYLE_PASSWORD, "{00FF00}Account found - Logging in...", string, "Login", "Cancel");
}
}
else
{
Kick(playerid);
}
return 1;
}
/***************
Register Dialog
****************/
if(dialogid == RegDialog)
{
if(response)
{
if (strlen(inputtext) > 0)
{
new query[128];
WP_Hash(pInfo[playerid][Password], 129, inputtext);
mysql_format(dbhandle, query, sizeof(query), "INSERT INTO `users` (`Username`, `Password`) VALUES ('%e', '%e')", PlayerName(playerid), pInfo[playerid][Password]);
mysql_tquery(dbhandle, query, "", "");
}
else
{
new string[145 + MAX_PLAYER_NAME];
format(string, sizeof(string), "Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {FF0000}Unregistered.\n\nYou must create a password below to register this account.", PlayerName(playerid));
ShowPlayerDialog(playerid, RegDialog, DIALOG_STYLE_INPUT, "{FF0000}Account not found - Registering...", string, "Register", "Cancel");
}
}
else
{
Kick(playerid);
}
return 1;
}
return 1;
}
// Functions
SavePlayerStats(playerid)
{
new query[128];
mysql_format(dbhandle, query, sizeof(query), "UPDATE `users` SET `Skin` = %i WHERE `ID` = %i", GetPlayerSkin(playerid), pInfo[playerid][db_id]);
mysql_tquery(dbhandle, query, "", "");
return 1;
}
ResetPlayerStats(playerid)
{
for (new i=0; i< sizeof(pInfo[]); i++)
{
pInfo[playerid][playerInfo:i] = 0;
}
return 1;
}
// Callbacks
public CheckUser(playerid)
{
new rows, fields;
cache_get_data(rows, fields, dbhandle);
if (rows == 0)
{
new string[152 + MAX_PLAYER_NAME];
format(string, sizeof(string), "Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {FF0000}Unregistered.\n\n{9AB3D0}Create a password below to register this account.", PlayerName(playerid));
ShowPlayerDialog(playerid, RegDialog, DIALOG_STYLE_INPUT, "{FF0000}Account not found - Registering...", string, "Register", "Cancel");
}
else
{
new string[152 + MAX_PLAYER_NAME];
cache_get_field_content(0, "Password", pInfo[playerid][Password], dbhandle, 129);
pInfo[playerid][db_id] = cache_get_field_content_int(0, "ID");
format(string, sizeof(string), "Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {00FF00}Registered.\n\n{9AB3D0}Type the password related to this account to login.", PlayerName(playerid));
ShowPlayerDialog(playerid, LoginDialog, DIALOG_STYLE_PASSWORD, "{00FF00}Account found - Logging in...", string, "Login", "Cancel");
}
return 1;
}
public CheckPassword(playerid)
{
pInfo[playerid][skin] = cache_get_field_content_int(0, "Skin");
return 1;
}
Thank You for reading!
Re: WP_Hash/mySQL Password Problem - Vince - 01.09.2015
Make sure the field is set to CHAR(128). Enable debug and check the logs. Also the length for your insert query is way too short, considerint that the password itself is already 128 chars long. Moreover, you should add a salt. I would recommend you use SHA256_PassHash() so you don't need to load an entire plugin, but salts can be applied to any hash so it's ultimately your choice.
Re: WP_Hash/mySQL Password Problem - Andre02 - 01.09.2015
Looks like it was because of the query lenght, and i'll see that SHA256 too!
Thank you very much for the help
Re: WP_Hash/mySQL Password Problem - Andre02 - 01.09.2015
Sorry for double posting but i'm having 1 more litle problem, strcmp is not working correctly, i check if the password matches with the inputtext, but it is not working, i can login with every password!
PHP код:
// Includes
#include <a_samp>
#include <a_mysql>
// Native WP_Hash On top of the script
native WP_Hash(buffer[], len, const str[]);
// mysql defines
#define mysql_host "localhost"
#define mysql_user "root"
#define mysql_password ""
#define mysql_database "sfrp"
// Dialogs defines
#define RegDialog 0
#define LoginDialog 1
// playerdata
enum playerInfo
{
Password[129],
skin,
db_id
}
new pInfo[MAX_PLAYERS][playerInfo];
// forwards
forward CheckUser(playerid);
forward CheckPassword(playerid);
// mysql variable
new dbhandle;
// OnGameModeInit
dbhandle = mysql_connect(mysql_host, mysql_user, mysql_database, mysql_password);
if(mysql_errno() != 0)
{
printf("[MySQL] Failed to connect.");
}
else
{
printf("[MySQL] Succesfully connected.");
}
// OnGameModeExit
mysql_close(dbhandle);
// OnPlayerConnect
new query[128];
mysql_format(dbhandle, query, sizeof(query), "SELECT `Password`, `ID` FROM `users` WHERE `Username` = '%e' LIMIT 1", PlayerName(playerid));
mysql_tquery(dbhandle, query, "CheckUser", "i", playerid);
// OnPlayerDisconnect
// SavePlayerStats
SavePlayerStats(playerid);
ResetPlayerStats(playerid);
public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
/***************
Login Dialog
****************/
if(dialogid == LoginDialog)
{
if(response)
{
if (strlen(inputtext) > 0)
{
new hashpass[129], query[128];
WP_Hash(hashpass, sizeof(hashpass), inputtext);
if(!strcmp(hashpass, pInfo[playerid][Password]))
{
mysql_format(dbhandle, query, sizeof(query), "SELECT * FROM `users` WHERE `Username` = '%e' LIMIT 1", PlayerName(playerid));
mysql_tquery(dbhandle, query, "CheckPassword", "i", playerid);
}
}
else
{
new string[159 + MAX_PLAYER_NAME];
format(string, sizeof(string),"Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {00FF00}Registered.\n\n{FF0000}You must type the password related to this account to login.", PlayerName(playerid));
ShowPlayerDialog(playerid, LoginDialog, DIALOG_STYLE_PASSWORD, "{00FF00}Account found - Logging in...", string, "Login", "Cancel");
}
}
else
{
Kick(playerid);
}
return 1;
}
/***************
Register Dialog
****************/
if(dialogid == RegDialog)
{
if(response)
{
if (strlen(inputtext) > 0)
{
new query[200];
WP_Hash(pInfo[playerid][Password], 129, inputtext);
mysql_format(dbhandle, query, sizeof(query), "INSERT INTO `users` (`Username`, `Password`) VALUES ('%e', '%e')", PlayerName(playerid), pInfo[playerid][Password]);
mysql_tquery(dbhandle, query, "", "");
}
else
{
new string[145 + MAX_PLAYER_NAME];
format(string, sizeof(string), "Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {FF0000}Unregistered.\n\nYou must create a password below to register this account.", PlayerName(playerid));
ShowPlayerDialog(playerid, RegDialog, DIALOG_STYLE_INPUT, "{FF0000}Account not found - Registering...", string, "Register", "Cancel");
}
}
else
{
Kick(playerid);
}
return 1;
}
return 1;
}
// Functions
SavePlayerStats(playerid)
{
new query[128];
mysql_format(dbhandle, query, sizeof(query), "UPDATE `users` SET `Skin` = %i WHERE `ID` = %i", GetPlayerSkin(playerid), pInfo[playerid][db_id]);
mysql_tquery(dbhandle, query, "", "");
return 1;
}
ResetPlayerStats(playerid)
{
for (new i=0; i< sizeof(pInfo[]); i++)
{
pInfo[playerid][playerInfo:i] = 0;
}
return 1;
}
// Callbacks
public CheckUser(playerid)
{
new rows, fields;
cache_get_data(rows, fields, dbhandle);
if (rows == 0)
{
new string[152 + MAX_PLAYER_NAME];
format(string, sizeof(string), "Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {FF0000}Unregistered.\n\n{9AB3D0}Create a password below to register this account.", PlayerName(playerid));
ShowPlayerDialog(playerid, RegDialog, DIALOG_STYLE_INPUT, "{FF0000}Account not found - Registering...", string, "Register", "Cancel");
}
else
{
new string[152 + MAX_PLAYER_NAME];
cache_get_field_content(0, "Password", pInfo[playerid][Password], dbhandle, 129);
pInfo[playerid][db_id] = cache_get_field_content_int(0, "ID");
format(string, sizeof(string), "Hello %s, Welcome to San Fierro Roleplay.\n\nAccount status: {00FF00}Registered.\n\n{9AB3D0}Type the password related to this account to login.", PlayerName(playerid));
ShowPlayerDialog(playerid, LoginDialog, DIALOG_STYLE_PASSWORD, "{00FF00}Account found - Logging in...", string, "Login", "Cancel");
}
return 1;
}
public CheckPassword(playerid)
{
pInfo[playerid][skin] = cache_get_field_content_int(0, "Skin");
return 1;
}
Re: WP_Hash/mySQL Password Problem - Andre02 - 02.09.2015
Little bump