Whirlpool Doesn't Hash my password

Whirlpool Doesn't Hash my password - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Whirlpool Doesn't Hash my password (/showthread.php?tid=621858)

Whirlpool Doesn't Hash my password - henkas - 15.11.2016

Hello i have one issue, when i register and later try login i can type any style of password and its still login me.
This is me register case INI

Код:

                new INI:File = INI_Open(UserPath(playerid));
                WP_Hash(buf, sizeof(buf), inputtext);
                INI_SetTag(File,"data");
                INI_WriteString(File, "pPassword", buf);
			    INI_WriteInt(File,"pXP",0);
			    INI_WriteInt(File,"pKills",0);
			    INI_WriteInt(File,"pDeaths",0);
			    INI_WriteInt(File,"pRank",0);
			    INI_WriteInt(File,"pEvac",0);
			    INI_WriteInt(File,"pAdminLevel",0);
			    INI_WriteInt(File,"pVipLevel",0);
			    INI_WriteInt(File,"pHour",0);
			    INI_WriteInt(File,"pMin",0);
			    INI_WriteInt(File,"pSec",0);
			    INI_WriteInt(File,"pMapsPlayed",0);
			    INI_WriteString(File,"pIP",IP);
                INI_Close(File);

And this is login case

Код:

    	case DIALOG_LOGIN:
        {
  			if(!response)
	        {
 				ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_MSGBOX,"Kicked",""chat" You must login to play at "NAME"","Close","");
				Kick(playerid);
	        }
            if(response)
            {
                new buf[129];
				WP_Hash(buf, sizeof(buf), inputtext);
				if(!strcmp(buf,pInfo[playerid][pPassword]))
                {
                    INI_ParseFile(UserPath(playerid), "LoadUser_data", .bExtra = true, .extra = playerid);
                    pInfo[playerid][pLogged] = 1;
				    playedtimer[playerid] = SetTimerEx("TimeOnServer", 1000, 1, "i", playerid);
				    SendClientMessage(playerid,-1,""chat""COL_LGREEN" Logged in!");
				    printf("%s",pInfo[playerid][pPassword]);

This is Load public

Код:

public LoadUser_data(playerid,name[],value[])
{
    INI_String("pPassword", pInfo[playerid][pPassword], 129);
    INI_Int("pXP",pInfo[playerid][pXP]);
    INI_Int("pKills",pInfo[playerid][pKills]);
    INI_Int("pDeaths",pInfo[playerid][pDeaths]);
    INI_Int("pRank",pInfo[playerid][pRank]);
    INI_Int("pEvac",pInfo[playerid][pEvac]);
    INI_Int("pAdminLevel",pInfo[playerid][pAdminLevel]);
    INI_Int("pVipLevel",pInfo[playerid][pVipLevel]);
    INI_Int("pHour",pInfo[playerid][pHour]);
    INI_Int("pMin",pInfo[playerid][pMin]);
    INI_Int("pSec",pInfo[playerid][pSec]);
    INI_Int("pMapsPlayed",pInfo[playerid][pMapsPlayed]);
    INI_Int("pAdminDuty",pInfo[playerid][pAdminDuty]);
    return 1;
}

Re: Whirlpool Doesn't Hash my password - Vince - 15.11.2016

And exactly how is it supposed to compare passwords if the password only gets fetched after the comparison? It's simple logic, my friend.

Re: Whirlpool Doesn't Hash my password - henkas - 16.11.2016

Give me example what are you talking about.

Re: Whirlpool Doesn't Hash my password - SyS - 16.11.2016

This is what he meant

Код:

case DIALOG_LOGIN:
        {
  			if(!response)
	        {
 				ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_MSGBOX,"Kicked",""chat" You must login to play at "NAME"","Close","");
				Kick(playerid);
	        }
            if(response)
            {
                new buf[129];
				WP_Hash(buf, sizeof(buf), inputtext);
				INI_ParseFile(UserPath(playerid), "LoadUser_data", .bExtra = true, .extra = playerid);//Should be placed before checking so as data needed is fetched before checking.
if(!strcmp(buf,pInfo[playerid][pPassword]))
                {
                    
                    pInfo[playerid][pLogged] = 1;
				    playedtimer[playerid] = SetTimerEx("TimeOnServer", 1000, 1, "i", playerid);
				    SendClientMessage(playerid,-1,""chat""COL_LGREEN" Logged in!");
				    printf("%s",pInfo[playerid][pPassword]);

Re: Whirlpool Doesn't Hash my password - henkas - 16.11.2016

Well still i can login with any type of password, its doesn't work.

Re: Whirlpool Doesn't Hash my password - henkas - 16.11.2016

Have more ideas?

Re: Whirlpool Doesn't Hash my password - henkas - 16.11.2016

Still need

Re: Whirlpool Doesn't Hash my password - henkas - 17.11.2016

Bump

Re: Whirlpool Doesn't Hash my password - Threshold - 17.11.2016

Load your password and ONLY your password BEFORE you compare a user's password to their input. If the input is correct, THEN you can load the player's entire statistics.

If you don't understand, then I suggest you read a tutorial on user registration/login systems before attempting to create your own.

Re: Whirlpool Doesn't Hash my password - henkas - 17.11.2016

Well i fix it cuz i didn't see one problem

i used same login/register dialog like if player have account i still use Dialog_Register so i have to change it to Dialog_Login and now everything work fine.