Password hashing problem. - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Password hashing problem. (/showthread.php?tid=619683)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Password hashing problem. (/showthread.php?tid=619683)
Password hashing problem. - Clora - 20.10.2016
Alright basically when you join you get a temp password, if you get accepted that password gets used to create a player account, if not it removes it, that works fine, however once the player gets accepted and relogs and they enter their password it's saying it is incorrect, I'm really stumped and cannot find the problem.
Код:
Dialog:Register(playerid, response, listitem, inputtext[])
{
if (response)
{
if(isnull(inputtext))
{
//Dialog here
return 1;
}
if(strlen(inputtext) < 6)
{
//Dialog here
return 1;
}
SetPVarInt(playerid, "Approve", 0);
SetPVarString(playerid, "TempPassword", inputtext);
SetPVarInt(playerid, "TutQuestAmount", 0);
SetIntVar(playerid, "RegisterPart", 1);
return CallRemoteFunction("TutorialAnswers","i",playerid);
}
else
{
//Kick
}
return 1;
}
Код:
Dialog:Login(playerid, response, listitem, inputtext[])
{
if (response)
{
if(isnull(inputtext))
{
//DIALOG CODE
return 1;
}
new pass[129];
WP_Hash(pass, sizeof(pass), inputtext);
format(query, sizeof(query), "SELECT * FROM `users` WHERE `name` = '%s' AND `password` = '%s' LIMIT 0,1", GetName(playerid), pass);
mysql_function_query(dbHandle, query, true, "LoginPlayer", "i", playerid);
}
else
{
//Kick
}
return 1;
}
Код:
public TutorialAnswers(playerid)
{
new string[128], playersip[32];
if(GetPVarInt(playerid, "TutQuestAmount") >= 10)
{
GetPlayerIp(playerid,playersip,sizeof(playersip));
DeletePVar(playerid,"AppSetup"), DeletePVar(playerid,"TutQuestAmount");
new stxt[65];
GetPVarString(playerid,"TempPassword",stxt,65);
SHA256_PassHash(stxt, HASH_KEY, stxt, 65);
DeletePVar(playerid,"TempPassword");
}
Код:
format(query, sizeof(query), "SELECT `Pass` FROM `applications` WHERE `Name`='%s'", name); mysql_function_query(dbHandle, query, true, "OnPlayerRegister", "s", name);
Код:
public OnPlayerRegister(name[])
{
if(cache_get_row_count() < 1) return print("[ERROR] OnPlayerRegister returned 'rows' as '0'.");
new password[65], string[64], ip[16];
cache_get_field_content(0, "Pass", password);
new playerid = FindPlayer(name);
if(playerid != -1)
{
// if player is online
CreatePlayerAccount(playerid, password);
}
else
{
//else code
}
return 1;
}
Код:
stock CreatePlayerAccount(playerid, password[])
{
new ip[16], pass[129];
WP_Hash(pass, sizeof(pass), password);
GetPlayerIp(playerid, ip, sizeof(ip));
format(query, sizeof(query), "INSERT INTO `users` (name, password, registered, origin, playerIP) VALUES ('%s', '%s', 0, 'None', '%s')", GetName(playerid), pass, ip);
mysql_function_query(dbHandle, query, true, "OnPlayerCreateAccount", "d", playerid);
return 1;
}
Re: Password hashing problem. - AndySedeyn - 20.10.2016
You are mixing Whirlpool and SHA256 (+salt), which are two different hashing algorithms with a different output hash. They are not interchangeable. While touching the subject of security, there's absolutely no need to save the user's password in a variable in its plain form. Store it as a hash immediately after it has been inputted in the dialog.
Re: Password hashing problem. - Clora - 20.10.2016
I've also completely removed SHA256 hashing and used Whirlpool instead for TutorialAnswers and i received the same output.
Re: Password hashing problem. - AndySedeyn - 20.10.2016
Is the hash correctly being saved and loaded? An obvious thing to do would be to reset the account and register it again, I can only assume you have done so already.
Re: Password hashing problem. - Clora - 20.10.2016
Yes it is being saved and loaded correctly as i believe and i've also tried that.
Re: Password hashing problem. - AndySedeyn - 21.10.2016
There must be an error in either your new implementation of Wirlpool without SHA256 or a problem in your saving/loading script. Can you update the topic with all code related to the above mentioned? Also, I am assuming that you are leaving out big chunks of code between logical blocks (if password from the database is equal to the hashed input of the login dialog, etc..). If not, you have to do exactly that: evaluate whether the hashed input of the login dialog exactly matches the hashed password from the database (use strcmp for a string comparison; it returns a non-zero value [1 or -1] when string1 has non-matching characters with string2: https://sampwiki.blast.hk/wiki/Strcmp)
PHP код:
Dialog:Login(playerid, response, listitem, inputtext[]) {
if(response) {
if(isnull(inputtext)) {
// ...
}
new hashedinput[129];
WP_Hash(hashedinput, sizeof(hashedinput), inputtext);
if(!strcmp(hashedinput, password_from_db)) {
// Hashed input matches hashed password from the database
}
else {
// else ...
}
}
return 1;
}
Re: Password hashing problem. - Clora - 21.10.2016
Yeah, do you have skype or we can forum pm, so it's easier to share and explain?
Re: Password hashing problem. - Clora - 21.10.2016
Still having troubles.. :/
Re: Password hashing problem. - Clora - 21.10.2016
Bump i believe it is a loading problem anyone have any ideas?