Login

NickD

........

Kirollos · 31.05.2013, 23:46

Just hash the password written in the UCP login and check if it equals the hashed password in your SQL.

DanLore · 31.05.2013, 23:46

How are you hashing passwords? Some hashes can actually be used in PHP (such as whirlpool). Unless it's a custom hash which I doubt, there is most likely no chance of decryption for the passwords, otherwise what would be the point of encryption in the first place.

Anyway, if I can know what encryption method you're using, I can tell you if you can check the hashes via PHP (I assume you're using PHP).

iTorran · 31.05.2013, 23:47

You don't need to unhash the passwords, and you shouldn't.
http://php.net/manual/en/function.hash.php

I guess this would also be the wrong section.

NickD

........

DanLore · 01.06.2013, 00:01

Quote:

Originally Posted by NickD

We are using PHP, and the encryption with the server passwords is from the ysi wp hash encryption.
wp_hash, is this compatible with PHP?

Should be! I'd assume it'd be used like the following, it's how I used it in one of my previous projects.

PHP код:



hash('whirlpool', $their_password);

nmader · 01.06.2013, 00:41

Quote:

Originally Posted by DanLore

Should be! I'd assume it'd be used like the following, it's how I used it in one of my previous projects.

PHP код:



hash('whirlpool', $their_password);

I'm working with Nick on this project (I was the one who asked him to create a topic seeing as I am on my phone) Where exactly would the script provided go?

DanLore · 01.06.2013, 00:47

You would hash the password the user tried using at the UCP:

PHP код:



$hashed_password = hash("whirlpool", $_POST["password"]);

And, after hashing the password they tried using, you would compare it to the value you have in your SQL database.

PHP код:



if($hashed_password == $sql_result["password"])
{
    // They're a match.
}

nmader · 01.06.2013, 00:56

It does not seem to be working, I have the following code:

PHP код:



<?php 


include("config.php");

session_start();

error_reporting(0);


$submit = $_POST['submit'];

$username = $_POST['username'];

$password = hash('whirlpool', $_POST['password']);  



if($submit)

{     

    if($username && $password)

    {   

        $query = mysql_query("SELECT playerName, playerPassword FROM playeraccounts WHERE playerName = '$username'");

        if(mysql_num_rows($query) == 1)

        { 

            while($row = mysql_fetch_assoc($query))

            { 

                $dbusername = $row['playerName']; 

                $dbpassword = $row['playerPassword'];

            } 

            if($username == $dbusername && $password == $dbpassword)

            { 

                $_SESSION['username'] = $dbusername;

                echo header('location: profile.php'); //redirecting user to his profile page (profile.php) 

            } 

            else 

            {

                header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php 

                echo '.$password';

            }

        } 

        else 

        {

        header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php  

        echo '.$password';

        }

    } 

    else 

    {

        header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php  

        echo '.$password';

    }

} 


mysql_close();

flush();


?>

Is says that the password is invalid each time. :/

iTorran · 01.06.2013, 01:12

Are the hashes the same? (Hash a random word on both your server and website and see if its the same)

Login
Username:
Password:	Lost Password?
	Remember me