1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
UCP and mysql password hashing
Zalman
Big Clucker
***
Posts: 73
Threads: 26
Joined: Feb 2013
Reputation: 0
#1

02.04.2013, 18:20
I am using a vortex 2 script and I am wondering how I would recive hashed passwords from my data, this is what I have so far with checking login details.

PHP код:
<?php
ob_start();
$host="localhost"// Host name 
$username="root"// Mysql username 
$password=""// Mysql password 
$db_name="samp"// Database name 
$tbl_name="playeraccounts"// Table name
// Connect to server and select databse.
mysql_connect("$host""$username""$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
// To protect MySQL injection (more detail about MySQL injection)
$Username stripslashes($username);
$Password stripslashes($password);
$Username mysql_real_escape_string($Username);
$Password mysql_real_escape_string($Password);
$sql="SELECT * FROM $tbl_name WHERE playerName='$Username' and playerPassword='"hash('whirlpool'$Password) ."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_register("Username");
session_register("Password"); 
header("location:Dashboard.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
Find
Reply
3ventic
Huge Clucker
****
Posts: 318
Threads: 2
Joined: Jun 2009
Reputation: 0
#2

02.04.2013, 18:29
You cannot receive the password itself. All you can receive is the hash of it.

A few notes though; session_register is removed in new PHP versions and you don't need quotes around the variables in mysql_connect or mysql_select_db. I highly recommend that you use mysqli though.
Find
Reply
Zalman
Big Clucker
***
Posts: 73
Threads: 26
Joined: Feb 2013
Reputation: 0
#3

02.04.2013, 18:33
Quote:
Originally Posted by 3ventic
Посмотреть сообщение
You cannot receive the password itself. All you can receive is the hash of it.

A few notes though; session_register is removed in new PHP versions and you don't need quotes around the variables in mysql_connect or mysql_select_db. I highly recommend that you use mysqli though.
So how would I do it, like how would I get their password from the database to login.
Find
Reply
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#4

02.04.2013, 18:35
You don't. What isn't working, exactly? 'Cause this is exactly how it's done.
Find
Reply
3ventic
Huge Clucker
****
Posts: 318
Threads: 2
Joined: Jun 2009
Reputation: 0
#5

02.04.2013, 18:36
http://www.w3schools.com/html/html_forms.asp
http://www.w3schools.com/php/php_forms.asp

Read those to get started. After that take a look at your existing code. It's a good start.
Find
Reply
Zalman
Big Clucker
***
Posts: 73
Threads: 26
Joined: Feb 2013
Reputation: 0
#6

02.04.2013, 18:43
Quote:
Originally Posted by Vince
Посмотреть сообщение
You don't. What isn't working, exactly? 'Cause this is exactly how it's done.
It says the password is wrong when it is not.
Find
Reply
Zalman
Big Clucker
***
Posts: 73
Threads: 26
Joined: Feb 2013
Reputation: 0
#7

02.04.2013, 18:56
I have now fixed the issue, thanks anyway guys.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help