[TheArcher]

Hi i setted up Whirpool and its hashing aswell. The password match when i log in game but not in the UCP.

I tried for over 1 hour to find the problem but with any results.

index.php

PHP код:


<?php
          //SELECT COUNT(*)
            if(!isset($_SESSION["kasutaja"]) && !isset($_POST["name"]))
            {
                echo '
                <form name="input" action="index.php?page=home" method="post">
                <h3>Login</h3>';
                if(isset($_SESSION["JLO"]))
                {
                    echo '<p><font color="green">You have been logged out!</font></p>';
                    unset($_SESSION["JLO"]);
                }
                if($page == "stats")
                {
                    echo "<br />
                    <ul>
                    <li><a href='?page=bans'>Bans</a></li>
                    <li><a href='?page=players'>Players</a></li>
                    <li><a href='?page=top'>Top Stats</a></li>
                    </ul>";
                }
                else
                {
                echo'
                <p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
                <p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
                <p><input class="login" name="login" type="submit" value="Login" /></p>
                </form>';
                }
            }
            else if(isset($_POST["name"]))
            {
                $kasutaja = $_POST["name"];
                $pass = $_POST["pass"];
                $querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja'";
                $result = mysql_query($querytxt);
                $nouser = mysql_num_rows($result);
                $row = mysql_fetch_row($result);
                if($nouser == 0)
                {
                    if($page == "stats")
                    {
                        echo "<br />
                        <ul>
                        <li><a href='?page=bans'>Bans</a></li>
                        <li><a href='?page=players'>Players</a></li>
                        <li><a href='?page=top'>Top Stats</a></li>
                        </ul>";
                    }
                    else
                    {
                        echo '
                        <form name="input" action="index.php?page=home" method="post">
                        <h3>Login</h3>
                        <p><font color="red">User doesnt exist!</font></p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
                        <p><input class="login" name="login" type="submit" value="Login" /></p>
                        </form>';
                    }
                }    
                else if($pass != $row[1])
                {
                    if($page == "stats")
                    {
                        echo "<br />
                        <ul>
                        <li><a href='?page=bans'>Bans</a></li>
                        <li><a href='?page=players'>Players</a></li>
                        <li><a href='?page=top'>Top Stats</a></li>
                        </ul>";
                    }
                    else
                    {
                        echo '
                        <form name="input" action="index.php?page=home" method="post">
                        <h3>Login</h3>
                        <p><font color="red">Wrong password!</font></p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
                        <p><input class="login" name="login" type="submit" value="Login" /></p>
                        </form>';
                    }
                }
                else
                {
                    if($page == "stats")
                    {
                        echo "<br />
                        <ul>
                        <li><a href='?page=bans'>Bans</a></li>
                        <li><a href='?page=players'>Players</a></li>
                        <li><a href='?page=top'>Top Stats</a></li>
                        </ul>";
                    }
                    else
                    {
                    echo "<br />
                    <h5>Welcome, $kasutaja!</h5>
                    <ul>
                    <li><a href='?page=ucp'>My Account</a></li>
                    <li><a href='?page=skin'>Change Skin</a></li>
                    <li><a href='?page=pass'>Change Password</a></li>
                    <li><a href='?page=money'>Transfer Money</a></li>
                    <li><a href='logout.php'>Logout</a></li>
                    </ul>";
                    }
                    $_SESSION["kasutaja"] = $kasutaja;
                }
            }
            else if(isset($_SESSION["kasutaja"]))
            {
                $kasutaja = $_SESSION["kasutaja"];
                if($page == "stats")
                {
                    echo "<br />
                    <h5>Welcome, $kasutaja!</h5>
                    <ul>
                    <li><a href='?page=ucp'>My Account</a></li>
                    <li><a href='?page=bans'>Bans</a></li>
                    <li><a href='?page=players'>Players</a></li>
                    <li><a href='?page=top'>Top Stats</a></li>
                    <li><a href='logout.php'>Logout</a></li>
                    </ul>";
                }
                else
                {
                echo "<br />
                    <h5>Welcome, $kasutaja!</h5>
                    <ul>
                    <li><a href='?page=ucp'>My Account</a></li>
                    <li><a href='?page=skin'>Change Skin</a></li>
                    <li><a href='?page=pass'>Change Password</a></li>
                    <li><a href='?page=money'>Transfer Money</a></li>
                    <li><a href='logout.php'>Logout</a></li>
                    </ul>";
                }
            }
            ?>
        </div>
      </div>
      <div id="content">
      <?php
        if($page == "home")
        {
            echo "<h1>Antroprox Gaming &bull; Home</h1>
            <p>Welcome to Antroprox Roleplay Homepage!
            <hr width='100%' color='#35BDF5' size='6' /><br />
            This is our homepage and roleplay's server user control panel.<br /> Here you can see your in-game statistics like: Money, Skin, Faction, Bans and a lot more!
            <br />You can also change your password, change your skin, transfer money to other players and more!
            <br />Besides that, you can also see latest news, updates and announcements!</p>";
        }
        else if($page == "pass")
        {
            echo '<form name="input" action="?page=changed" method="post"> 
            Current Password: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="currentpassword" /> <br />
            New Password: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="newpass" />
            New Password Confirm: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="newpassconfirm" />            <br />
            <input class="myButton" style="width: 267px;" type="submit" value="Submit" />
            </form>';
        }
        else if($page == "changed")
        {
            if(!isset($_SESSION["kasutaja"]) && !isset($_POST["kasutaja"]))
            {
                echo "<p>You are not logged in!</p>";
            }
            else
            {
                $newpass = mysql_escape_string($_POST['newpass']);
                $newpassconfirm = mysql_escape_string($_POST['newpassconfirm']);
                $password = mysql_escape_string($_POST['currentpassword']);
                $username = mysql_escape_string($_SESSION["username"]);
                if($newpass != $newpassconfirm)
                {
                    echo "Password's aren't identical, please retype them.";
                    echo "<meta http-equiv='Refresh' content='5;url=?page=pass' />";
                }
                else 
                {
                    $kasutaja = $_SESSION["kasutaja"];
                    $querytxt = "SELECT Password FROM accounts WHERE Name = '$kasutaja' AND Password = '$password'";
                    $result = mysql_query($querytxt);
                    if(!mysql_num_rows($result)) 
                    {
                        echo "Current password is incorrect.";
                        echo "<meta http-equiv='Refresh' content='5;url=?page=pass' />";
                    }
                    else
                    {
                        echo "Password changed.";
                        echo "<meta http-equiv='Refresh' content='5;url=?page=home' />";
                        mysql_query("UPDATE accounts SET Password = '$newpass' WHERE Name = '$kasutaja'");
                    }
                }
            }
        }

login.php

PHP код:

<?php
session_start();
include("connect.php");
if(isset($_POST["nimi"]))
{
    $kasutaja = $_POST["nimi"];
    $pass = $_POST["parool"];
    $querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja'";
    $result = mysql_query($querytxt);
    $nouser = mysql_num_rows($result);
    $row = mysql_fetch_row($result);
    if($nouser == 0)
    {
        echo '<div class="oskar"><font color="red">User doesent Exist!</font><form name="input">
                Username: <input type="text" name="kasutaja" />
                Password: <input type="password" name="parool" />
                <br />
                <input type="button" value="Submit" onClick="get();" />
                </form></div>';
    }    
    else if($pass != $row[1])
    {
        echo '<div class="oskar"><font color="red">Wrong Password!</font><br /><form name="input">
                Username: <input type="text" name="kasutaja" />
                Password: <input type="password" name="parool" />
                <br />
                <input type="button" value="Submit" onClick="get();" />
                </form></div>';
    }
    else
    {
        echo "<ul class='sb_menu'>
        <li><h3>Welcome, $kasutaja!</h3></li>
        <li><a href='?page=ucp'>My Account</a></li>
        <li><a href='logout.php'>Logout</a></li>
        </ul>";
        $_SESSION["kasutaja"] = $kasutaja;
    }
}
?>

[1337connor]

Add $password = hash('whirlpool',$password);

[TheArcher]

@1337connor doesn't work.

Edit:
I also tried to do

PHP код:

$password = hash('whirlpool',$_POST['currentpassword']); 


and it doesn't work, any good suggestions?

[[HiC]TheKiller]

1. Make sure that the passwords are both the same case, this matters.
2. On the login.php that you posted, you're not even using whirlpool. Instead of

PHP код:

$pass = $_POST["parool"]; 


use

PHP код:

$pass = hash('whirlpool', $_POST["parool"]); 


And do the same for

PHP код:

$newpass = mysql_escape_string($_POST['newpass']); 
$newpassconfirm = mysql_escape_string($_POST['newpassconfirm']); 
$password = mysql_escape_string($_POST['currentpassword']); 


3. A better way to do the login would probably be the following:

PHP код:

$pass = hash('whirlpool', $_POST["parool"]);
$querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja' AND password = '$pass'"; 
$result = mysql_query($querytxt); 
$nouser = mysql_num_rows($result); 
if($nouser == 0)
{
    echo '<div class="oskar"><font color="red">User or password doesnt exist!</font><form name="input"> 
                Username: <input type="text" name="kasutaja" /> 
                Password: <input type="password" name="parool" /> 
                <br /> 
                <input type="button" value="Submit" onClick="get();" /> 
                </form></div>'; 
}
else
{
        echo "<ul class='sb_menu'> 
        <li><h3>Welcome, $kasutaja!</h3></li> 
        <li><a href='?page=ucp'>My Account</a></li> 
        <li><a href='logout.php'>Logout</a></li> 
        </ul>"; 
        $_SESSION["kasutaja"] = $kasutaja; 
} 


The above makes it so you don't need to fetch the whole line from the MySQL database.

[TheArcher]

Still not working :/

[TheArcher]

Quote:

Originally Posted by ****** Are you sure the input data is exactly what you think and exactly the same as what is passed to the PAWN version? It is almost never a good idea to use $_POST data directly - you never know what the users are actually sending.

Since i worked hours and hours to fix this problem i'll put the whole PHP files. http://www.solidfiles.com/d/7d8483595d/

PAWN code where i hash

[pawn]

pawn Код:

........
mysql_real_escape_string(pName, pName);
            format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' LIMIT 1", pName);
            mysql_query(Query);
            mysql_store_result();
            mysql_free_result();
            WP_Hash(Query, 129, inputtext);
            new IP[16];
            GetPlayerIp(playerid, IP, 16);
            format(Query, sizeof Query, "INSERT INTO `accounts` (Name, Password, IP, Admin, Money, Score, Kills, Deaths, Faction, Rank, HouseKey, Level, Exp, Bank, PlayingHours, Age, Skin, Sex, Job, Drugs, Packages, PhoneNumber, PhoneBook, CarKey, VIP, CarLic, FlyLic, WepLic) VALUES ('%s', '%s', '%s', %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, '5000', %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i)",
                pName,
                Query,
                IP,
                GetPVarInt(playerid, "Admin"),

.....

That's for registration

This is the login

pawn Код:

.........
new Query[420], pName[MAX_PLAYER_NAME];
            GetPlayerName(playerid, pName, MAX_PLAYER_NAME);
            mysql_real_escape_string(pName, pName);
            format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' LIMIT 1", pName);
            mysql_query(Query);
            mysql_store_result();
            mysql_free_result();
            WP_Hash(Query, 129, inputtext);
            format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' AND `Password` = '%s' LIMIT 1", pName, Query);
            mysql_query(Query);
            mysql_store_result();
            if(!mysql_num_rows())
            {
                SetPVarInt(playerid, "LoginWarns", GetPVarInt(playerid, "LoginWarns") + 1);
                if(GetPVarInt(playerid, "LoginWarns") == 3)
                {
                    format(Query, sizeof Query, "%s has been kicked for 3 wrong login attempts!", pName);
                    SendClientMessageToAll(COLOR_ROYALBLUE, Query);
                    Kick(playerid);
                }
                else
                {
                    format(Query, sizeof Query, "Wrong password! Attempt %i out of 3.", GetPVarInt(playerid, "LoginWarns"));
                    SendClientMessage(playerid, COLOR_ORANGE, Query);
                    ShowPlayerDialog(playerid, DIALOGLOGIN, DIALOG_STYLE_INPUT, "Login", "{FFFFFF}Welcome to {6EF83C}Rockstar Roleplay. {FFFFFF} \nWe see that your registered here already! \nTo login please input your registration password below!", "Login", "Leave");
                }
                return 1;
            }
            mysql_fetch_row(Query);
            new values[25];
            sscanf(Query, "p<|>{s[24]s[129]s[16]}a<i>[25]", values);
            SetPVarInt(playerid, "Admin", values[0]);
            PlayerInfo[playerid][pMoney] = values[1];
            SetPlayerCash(playerid, values[1]);
            SetPlayerScore(playerid, values[8]);
            SetPVarInt(playerid, "Kills", values[3]);
            SetPVarInt(playerid, "Deaths", values[4]);
            SetPVarInt(playerid, "Logged", 1);
            PlayerInfo[playerid][pFaction] = values[5];
            PlayerInfo[playerid][pRank] = values[6];
            PlayerInfo[playerid][pHouseKey] = values[7];
            PlayerInfo[playerid][pLevel] = values[8];
            PlayerInfo[playerid][pExp] = values[9];
            PlayerInfo[playerid][pBank] = values[10];
            PlayerInfo[playerid][pPlayingHours] = values[11];
            PlayerInfo[playerid][pAge] = values[12];
            PlayerInfo[playerid][pSkin] = values[13];
            PlayerInfo[playerid][pSex] = values[14];
            PlayerInfo[playerid][pJob] = values[15];
            PlayerInfo[playerid][pDrugs] = values[16];
            PlayerInfo[playerid][pPackages] = values[17];
            PlayerInfo[playerid][pPhoneNumber] = values[18];
            PlayerInfo[playerid][pPhoneBook] = values[19];
            PlayerInfo[playerid][pCarKey] = values[20];
            PlayerInfo[playerid][pVIP] = values[21];
            PlayerInfo[playerid][pCarLic] = values[22];
            PlayerInfo[playerid][pFlyLic] = values[23];
            PlayerInfo[playerid][pWepLic] = values[24];
            SendClientMessage(playerid, COLOR_LIMEGREEN, "Succesfully logged in!");
            LoadAchiv(playerid);
            GetPlayerIp(playerid, Query, 16);
            format(Query, sizeof Query, "UPDATE `accounts` SET `IP` = '%s' WHERE `Name` = '%s' LIMIT 1", Query, pName);
            mysql_query(Query); 
......

[kikito]

Why don't you try sha1 or md5(i use md5, but some people says sha1 is better...)?
I can give you a little help if you want.

[TheArcher]

Quote:

Originally Posted by (A)rray Why don't you try sha1 or md5(i use md5, but some people says sha1 is better...)? I can give you a little help if you want.

Beacause Whirpool is more secure than the others. My GM is using Whirpool as hashing and i can't put md5 or sha1 on PHP beacause the strings don't match.

[kikito]

Btw, i can help you with the login system if you want to (:

[TheArcher]

Quote:

Originally Posted by ****** That didn't actually answer my question at all...

LOL my bad i just meant i worked hours without any results...so still not working :S