bCrypt Migration... - Printable Version

bCrypt Migration... - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: bCrypt Migration... (/showthread.php?tid=677035)

bCrypt Migration... - SkyFlare - 27.06.2020

So I moved away from Whirlpool today.... well atleast I am trying to....
#include <bcrypt>

bCrypt is working, sort of... I can create an account but logging back in is the issue, however the hash has stored correctly in db.

PHP Code:



enum E_PLAYERS

{

    Name[MAX_PLAYER_NAME],

    Password[BCRYPT_HASH_LENGTH] // bCrypt Hashingis a 61-character-long string (60 + null terminator), which is also defined as constant BCRYPT_HASH_LENGTH.

};

new Player[MAX_PLAYERS][E_PLAYERS];

PHP Code:



ONPLAYERCONNECT

    new query[84];

    new pname[MAX_PLAYER_NAME+1];

    GetPlayerName(playerid, pname, sizeof(pname));

    mysql_format(g_SQL, query, sizeof(query), "SELECT * FROM `players` WHERE `username` = '%e' LIMIT 1", pname);

    mysql_tquery(g_SQL, query, "OnPlayerJoin", "dd", playerid, g_MysqlRaceCheck[playerid]);

PHP Code:



ONPLAYERJOIN

forward OnPlayerJoin(playerid, race_check);

public OnPlayerJoin(playerid, race_check)

{

    if (race_check != g_MysqlRaceCheck[playerid]) return Kick(playerid);

    new string[256];

    new pname[MAX_PLAYER_NAME+1];

     GetPlayerName(playerid, pname, sizeof(pname));

    if(cache_num_rows() > 0)

    {

        cache_get_value(0, "password", Player[playerid][Password], 61);

        Player[playerid][Cache_ID] = cache_save();

        format(string, sizeof string, "This account (%s) is registered. Please login by entering your password in the field below:", pname);

        ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "Login", string, "Login", "Abort");

    }

    else

    {

        format(string, sizeof string, "Welcome %s, you can register by entering your password in the field below:", pname);

        ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_PASSWORD, "Registration", string, "Register", "Abort");

    }

    return 1;

}

PHP Code:



ONDIALOGRESPONSE

case DIALOG_LOGIN:

        {

            new query[128], pname[MAX_PLAYER_NAME];

            GetPlayerName(playerid, pname, sizeof(pname));

            SetPVarString(playerid, "Unhashed_Pass",inputtext);

            

            mysql_format(g_SQL, query, sizeof(query), "SELECT password from `players` WHERE username = '%e'", pname);

            mysql_tquery(g_SQL, query, "OnPlayerLogin", "d", playerid);

        }

        case DIALOG_REGISTER:

        {

            if(response)

            {

                if(strlen(inputtext) <= 5) return ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_PASSWORD, "Registration", "Your password must be longer than 5 characters!\nPlease enter your password in the field below:", "Register", "Abort");

                bcrypt_hash(inputtext, 12, "OnPassHash", "d", playerid);

            }

        }

PHP Code:



forward OnPlayerLogin(playerid);

public OnPlayerLogin(playerid)

{

    new pPass[61], unhashed_pass[61];

    GetPVarString(playerid, "Unhashed_Pass",unhashed_pass,sizeof(unhashed_pass));

    if(cache_num_rows())

    {

        cache_get_value_name(0, "password", Player[playerid][Password], 60);

        bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

    }

    else printf("ERROR: OnPlayerLogin, cant Cache_Num_Rows!");

    return 1;

}


forward OnPassCheck(playerid, DBID);

public OnPassCheck(playerid, DBID)

{

    if(bcrypt_is_equal())

    {

        SpawnPlayer(playerid);

        return 1;

    }

    else

    {

        if(Player[playerid][LoginAttempts] >= 3)

        {

            ShowPlayerDialog(playerid, DIALOG_UNUSED, DIALOG_STYLE_MSGBOX, "Login", "You've mistyped your password too often (3 times).", "Okay", "");

            return 1;

        }

        else  return ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "Login", "Wrong password!\nPlease enter your password in the field below:", "Login", "Abort");

    }

}


forward OnPassHash(playerid);

public OnPassHash(playerid)

{

    new pass[BCRYPT_HASH_LENGTH], query[512], pname[MAX_PLAYER_NAME];

    GetPlayerName(playerid, pname, sizeof(pname));

    bcrypt_get_hash(pass);

    mysql_format(g_SQL, query, sizeof(query), "INSERT INTO `players`(`username`, `password`) VALUES('%e', '%s')", pname, pass);

    mysql_tquery(g_SQL, query, "OnPlayerRegister", "d", playerid);

    return 1;

}


forward OnPlayerRegister(playerid);

public OnPlayerRegister(playerid)

{

    return 1;

}

I bet the issue is something stupid, thanks in advance.

Re: bCrypt Migration... - Kwarde - 28.06.2020

I never used bcrypt so I probably can't help you (didn't look at the code yet though), but wondering, why not use SHA256_PassHash() (included in SAMP since 0.3.7 R1)
https://sampwiki.blast.hk/wiki/SHA256_PassHash

Re: bCrypt Migration... - SkyFlare - 28.06.2020

Quote:

Originally Posted by Kwarde

I never used bcrypt so I probably can't help you (didn't look at the code yet though), but wondering, why not use SHA256_PassHash() (included in SAMP since 0.3.7 R1)
https://sampwiki.blast.hk/wiki/SHA256_PassHash

Wanted to see what bCrypt was like, really wanna give it a fair run for its usage, apparently it's harder to crack, if I can't manage to sort it out I will probably give passhash a go.

Re: bCrypt Migration... - GameOvr - 28.06.2020

bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

I didnt look much at the code just cought this, if it's not the one which cause the problem.. post "lol, its not the problem". I'll analyze then

.

You are right. bcrypt is very secure almost like impossible to crack but also horribly slow.. which gives a bad sense for players about the server.

Re: bCrypt Migration... - SkyFlare - 28.06.2020

Fixed it... and yes it was something stupid, I got me a coffee :P wake up SkyFlare lol
Incase anyone else seems to have a issue with bCrypt this was the issue.

PHP Code:



bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

Changed to now execute like this.

PHP Code:



bcrypt_check(unhashed_pass, Player[playerid][Password], "OnPassCheck", "d", playerid);

The way bcrypt_check works is it checks your unhashed password (inputtext)
and then gets the hash(from MySQL or Enumerator)
then you get the result, however I was checking Unhashed password, for a empty string "pPass", not the Hashed Password.

EDIT: Just seen your Response now GameOvr.

Quote:

Originally Posted by GameOvr

bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

I didnt look much at the code just cought this, if it's not the one which cause the problem.. post "lol, its not the problem". I'll analyze then

.

You are right. bcrypt is very secure almost like impossible to crack but also horribly slow.. which gives a bad sense for players about the server.

yeah it was the issue lol, I do see some slowness there, however I believe you can lower its strength to begin with, and also rehash without players ever knowing, so you can slowly increase its hash and rehash passwords over time, they will get used to the login speed lmao although new players will think its crap