SAMP SHA_256 vs PHP SHA_256 - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SAMP SHA_256 vs PHP SHA_256 (/showthread.php?tid=624584)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SAMP SHA_256 vs PHP SHA_256 (/showthread.php?tid=624584)
SAMP SHA_256 vs PHP SHA_256 - BiosMarcel - 18.12.2016
Hello,
I am making a password recovery system, by simply clicking a link the user password will be set to 'RANDOMGENERATEDSTRING' + Salt from database. The random generated string will be sent to the users email account.
SO, this is how the new password + old salt is used to create and set the new password
PHP код:
$newPasswordUnhashed = generateRandomString();
$result = mysqli_query($connection, "SELECT Salt FROM users WHERE Name='" . $name . "'");
$row = mysqli_fetch_assoc($result);
$salt = $row['Salt'];
if($salt == null)
{
exit("Couldn't receive salt.");
}
$newPassword = hash('sha256', $newPasswordUnhashed . $salt);
if(!mysqli_query($connection, "UPDATE users SET Password='" . $newPassword ."' WHERE Name='" . $name . "'")) {
exit("Unable to set new temporary password.");
}
PHP код:
forward loginPlayer(playerid, enteredPassword[]);
public loginPlayer(playerid, enteredPassword[])
{
new password[65];
new salt[11];
cache_get_value_name(0, "Password", password);
cache_get_value_name(0, "Salt", salt);
new passwordToCheck[65];
SHA256_PassHash(enteredPassword, salt, passwordToCheck, sizeof(passwordToCheck));
if(!strcmp(password, passwordToCheck, false, strlen(password)))
{
loadProfile(playerid);
return true;
}
ShowPlayerDialog(playerid, LOGIN_DIALOG, DIALOG_STYLE_PASSWORD, "Log into your account", "Please enter your password to log into your account.", "Login", "Exit");
return false;
}
greetings Marcel
Re: SAMP SHA_256 vs PHP SHA_256 - Vince - 18.12.2016
If you generate a new password you should also generate a new salt. I don't think that's the root cause of the problem, though. Can you set case insensitivity to true? It's a string of hex characters so case shouldn't matter. SA-MP may output it in upper case while PHP doesn't, or the other way around.
Re: SAMP SHA_256 vs PHP SHA_256 - BiosMarcel - 18.12.2016
Sure, i'll try
EDIT: you were right
But, isn't that kind of the wrong way?