UCP De-hashing Help - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: UCP De-hashing Help (/showthread.php?tid=650201)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: UCP De-hashing Help (/showthread.php?tid=650201)
UCP De-hashing Help - Speaker - 23.02.2018
Hello Guys i am using SHA256_PassHash to hash the password if a player registers on the server..
i am also working on UCP but there's a problem in Checking the hashed password plzz help me fixing it here's the code below.i am having problem in De-Hashing The Password On The Website For UCP
Код:
<?php
session_start();
include 'dbh.inc.php';
if(isset($_POST['name'], $_POST['password'])) {
$name = $_POST['name'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE Name='$name'";
$result = $conn->query($sql);
if (empty($name && $password)) {
header("Location: ../page1.php?invalid=empty");
exit();
} else {
if($result->num_rows < 1) {
header("Location: ../page1.php?invalid=login");
exit();
} else {
$row = mysqli_fetch_assoc($result);
//De-hashing the password
$salt = "786t!t>D<QW*@!)#$>C)_Agdh";
$hash1 = hash('sha256', $password . $salt);
$hash = strtoupper($hash1);
if ($row['Password'] == $hash) {
header("Location: ../page1.php?login=success");
$_SESSION['user-name']= $name;
$_SESSION['user-password']=$password;
exit();
} else {
header("Location: ../page1.php?invalid=login");
exit();
}
}
}
}
?>
Re: UCP De-hashing Help - Chocopie - 23.02.2018
Why not hash these password and compare them with database?
Re: UCP De-hashing Help - Speaker - 23.02.2018
Quote:
|
Originally Posted by Chocopie
 Why not hash these password and compare them with database?
|
PHP код:
//De-hashing the password
$salt = "786t!t>D<QW*@!)#$>C)_Agdh";
$hash1 = hash('sha256', $password . $salt);
$hash = strtoupper($hash1);
if ($row['Password'] == $hash) {
header("Location: ../page1.php?login=success");
$_SESSION['user-name']= $name;
$_SESSION['user-password']=$password;
exit();
} else {
header("Location: ../page1.php?invalid=login");
exit();
}
Re: UCP De-hashing Help - Logic_ - 23.02.2018
There's no such thing as "de-hashing", anything that is hashed can't be reversed back.
You save the player password hashed. Hash the entered password and compare as said above.
Re: UCP De-hashing Help - Speaker - 23.02.2018
Ok got it but how to hash the input so that they are same.i know i have to go through the same aalgoritham but how to do it in PHP. I am using sha256_passwordhash. Please tell me
Re: UCP De-hashing Help - rfr - 23.02.2018
PHP код:
$hashedpw = hash('sha256', $_SESSION['user-password']); //+ what ever your salt is
//compare hashedpw to the one in the database
//may not be valid code
$getuserpw = $connection->prepare('SELECT `password` FROM `users` WHERE `username` = "$user-name");
if (password_verify($getuserpw , $hashedpw)) //or $row['password'] i don't know
{
//do whatever
}
else
{
//do whatever
}
https://stackoverflow.com/questions/...sunderstanding
http://php.net/manual/en/function.password-verify.php
Re: UCP De-hashing Help - Speaker - 23.02.2018
Quote:
|
Originally Posted by rfr
PHP код:
|
Код:
#define PASSWORDSALT "any a Salt here" When password entered SHA256_PassHash(inputtext, PASSWORD_SALT, password, 64);
Re: UCP De-hashing Help - kingmk - 23.02.2018
I think the problem it's on your gamemode samp server, when u hashing the password, NOT in your UCP "De-Hashing". I had this problem some time ago, and the problem was that, the hashing SHA256 on my server didn't return the same hashed string like the PHP version. I suggest you to post the method that you hashing the password on your gamemode, so we can figure out what's wrong.
Re: UCP De-hashing Help - Speaker - 23.02.2018
Quote:
|
Originally Posted by kingmk
I think the problem it's on your gamemode samp server, when u hashing the password, NOT in your UCP "De-Hashing". I had this problem some time ago, and the problem was that, the hashing SHA256 on my server didn't return the same hashed string like the PHP version. I suggest you to post the method that you hashing the password on your gamemode, so we can figure out what's wrong.
|
here is the code
PHP код:
<?php
$password = "21dec2001";
$crypted = hash('sha256',$password);
echo $crypted;
?>
Re: UCP De-hashing Help - kingmk - 23.02.2018
Quote:
|
Originally Posted by Speaker
I think u r right because i just make a code where i entered my password and try to see the hashed output and i saw that they are just not the same..
here is the code PHP код:
|
Some others tips:
1) Don't make a script who De-hashing... You just need to hash the entered password and compare it with the hashed password stored in your DB.
2) Read this to make what I'v said on (#) -> https://sampforum.blast.hk/showthread.php?tid=319574
3) Hashing a password in your samp server, will eat a lot of resources, so it may lagging when some players will requesting the hashing on same time. (I recomand use a_https.inc)
4) Also, i recommand you to create a GET on your PHP hashing, that will store a uniq CODE, like a password, to avoid spam. (You will use something like this "password=%s&algo=%s&data=%s", when u request the hashing )
Disadvantages -> Your login system will not work if the web server it's down.
Hope u understood.
