[thefatshizms]

Hello, im using mysql and i need to hash the passwords i tried like this

pawn Code:

format(Query,sizeof(Query),"INSERT INTO `users` (`username` , `password`, `money`, `score`, `bank`, `stat`, `swat`, `army`, `admin`, `cop`, `regdate`, `prison`, `vip`, `arrest`, `surender`, `rob`, `rape`, `heal`, `hitman`, `sales`, `wep` , `drug`, `taze`, `truck`) VALUES ('%s', md5('%s'), '0', '0', '0', '0', '0', '0', '0', '0', '%02d/%02d/%d', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0') ",PlayerName(playerid),EscapedText, Day, Month, Year);

and the 'md5' managed to hash it fine but now i cant login as it says its wrong password

[Kindred]

Give us more info for god's sake.

Are you hashing the password you type in and checking if it is the same password that is in the database?

[Luke_James]

You could use the Whirlpool plugin/include.

[fiki574]

Quote:

Originally Posted by thefatshizms Hello, im using mysql and i need to hash the passwords i tried like this pawn Code: format(Query,sizeof(Query),"INSERT INTO `users` (`username` , `password`, `money`, `score`, `bank`, `stat`, `swat`, `army`, `admin`, `cop`, `regdate`, `prison`, `vip`, `arrest`, `surender`, `rob`, `rape`, `heal`, `hitman`, `sales`, `wep` , `drug`, `taze`, `truck`) VALUES ('%s', md5('%s'), '0', '0', '0', '0', '0', '0', '0', '0', '%02d/%02d/%d', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0') ",PlayerName(playerid),EscapedText, Day, Month, Year); and the 'md5' managed to hash it fine but now i cant login as it says its wrong password

Are you using md5 hash at logging in? What I think on is, you should compare hashed password from database and hash + compare password that player typed on login! If they match, player logins, if they dont - they fail!

Also, usage of Whirlpool instead of md5 would be better!

[thefatshizms]

Yes im checking if its the same in the database. And how exactly would i use whirlpool (never used it)

[HuSs3n]

show us the lines where you load the password (from mysql) , and how you check if its a right password

[thefatshizms]

pawn Code:

stock LoginPlayer(playerid,const password[])
{
    new EscapedText[60], Query[200];
    WP_Hash( EscapedText, sizeof ( EscapedText ), password );
    mysql_real_escape_string(password, EscapedText);
    format(Query,sizeof(Query),"SELECT * FROM `users` WHERE `username` = '%s' AND `password` ='%s'",PlayerName(playerid),EscapedText);
    mysql_query(Query);
    mysql_store_result();
    if(mysql_num_rows() != 0) {
        SendClientMessage(playerid,COLOR_GREEN,"You have been logged in!");
        LoadStats(playerid);
    }
    else {
        SendClientMessage(playerid,COLOR_RED,"Wrong password!");
        Kick(playerid);
    }
    mysql_free_result();
    return 1;
}

i deleted the md5 stuff and tried the whirlpool but it didnt work

[fiki574]

Quote:

Originally Posted by thefatshizms pawn Code: stock LoginPlayer(playerid,const password[]) {     new EscapedText[60], Query[200];     WP_Hash( EscapedText, sizeof ( EscapedText ), password );     mysql_real_escape_string(password, EscapedText);     format(Query,sizeof(Query),"SELECT * FROM `users` WHERE `username` = '%s' AND `password` ='%s'",PlayerName(playerid),EscapedText);     mysql_query(Query);     mysql_store_result();     if(mysql_num_rows() != 0) {         SendClientMessage(playerid,COLOR_GREEN,"You have been logged in!");         LoadStats(playerid);     }     else {         SendClientMessage(playerid,COLOR_RED,"Wrong password!");         Kick(playerid);     }     mysql_free_result();     return 1; } i deleted the md5 stuff and tried the whirlpool but it didnt work

Thats because you need Whirlpool plugin! Also, just use MD5 in comparing and it'll work!

[iTorran]

Quote:

Originally Posted by HuSs3n using whirlpool with mysql is a bad idea

Could not be more wrong

[ReneG]

Quote:

Originally Posted by HuSs3n using whirlpool with mysql is a bad idea

Quote:

Originally Posted by iTorran Could not be more wrong

Could you at least provide SOME good points on why using whirlpool with mysql is bad? If you won't, then quit misinforming people.

EDIT:

Quote:

Originally Posted by HuSs3n Why should he use a whole plugin while he can just use md5(); in mysql ? that what i meant with 'bad idea'

When your talking about security, you shouldn't give a damn about convenience. You're responsible for users' passwords, that excuse is just selfish and lazy.