[hadzx]

hi i made a register system so long ago i cant remember and my friend said you should hash the passwords so i said ok and made a hasher and now i forgot how to remove the hash so can somebody plz remove it heres the code

Код:

///////////////////////////////////////////////////////////////
// LOGIN SYSTEM BY HADZX MADE 2020 JANUARY 2ND 8:39PM//////////
///////////////////////////////////////////////////////////////

#include <a_samp>
#include <dudb>

#define COLOR_RED 0xFF0000AA
#define COLOR_YELLOW 0xFFFF00AA
#define COLOR_GREEN 0x00FF00AA

new logged[MAX_PLAYERS];
new adminlevel[MAX_PLAYERS];
new money[MAX_PLAYERS];
new playername[MAX_PLAYER_NAME];

main()
{
    print("===============================");
    print("");
    print("===============================");
}

public OnGameModeInit()
{
    /*SetGameModeText("Blank Script");
    AddPlayerClass(93, 1958.3783, 1343.1572, 15.3746, 269.1425, 0, 0, 0, 0, 0, 0);*/
    return 1;
}


public OnPlayerRequestClass(playerid, classid)
{
    SetPlayerPos(playerid, 1958.3783, 1343.1572, 15.3746);
    SetPlayerCameraPos(playerid, 1968.3783, 1345.1572, 17.3746);
    SetPlayerCameraLookAt(playerid, 1958.3783, 1343.1572, 15.3746);
    return 1;
}

public OnPlayerConnect(playerid)
{
    logged[playerid] = 0;
    return 1;
}

public OnPlayerRequestSpawn(playerid)
{
    if(IsPlayerNPC(playerid)) return 1;
	if(!logged[playerid])
	{
	GameTextForPlayer(playerid,"~r~Register & Login To Spawn!", 3000, 3);
	SendClientMessage(playerid, 0xFFFFFFAA, "{F81414}You Need To Register&Login To Spawn");
	return 0;
	}
   	return 1;
}

public OnPlayerCommandText(playerid, cmdtext[])
{
    new cmd[256],tmp[256], tmp2[256];
    new idx;
    new string[256];
    cmd = strtok(cmdtext, idx);
    GetPlayerName(playerid, playername, sizeof(playername));
    if(strcmp(cmd, "/register", true) == 0)
    {
        tmp = strtok(cmdtext, idx);
        if(!strlen(tmp))
        {
            if(logged[playerid] == 1)
            {
            SendClientMessage(playerid, COLOR_YELLOW, "{6EF83C}Your Already Logged In!");
            return 1;
            }
            if(logged[playerid] == 0)
            SendClientMessage(playerid, COLOR_YELLOW, "{6EF83C}USAGE: {0049FF}/register (password)");
        	}
        else
        {
            if (!dini_Exists(udb_encode(playername)))
            {
                dini_Create(udb_encode(playername));
                dini_IntSet(udb_encode(playername), "password", udb_hash(tmp));
                dini_IntSet(udb_encode(playername), "adminlevel", 0);
                dini_IntSet(udb_encode(playername), "money", 0);
                format(string, sizeof(string), "Account %s created! You can now login with /login %s", playername, tmp);
                SendClientMessage(playerid, COLOR_YELLOW, string);
            }
            else
            {
                format(string, sizeof(string), "%s is already registered.", playername,tmp);
                SendClientMessage(playerid, COLOR_RED, string);
            }
        }
        return 1;
    }


    if(strcmp(cmd, "/login", true) == 0)
    {
        if(logged[playerid] == 1)
        {
            SendClientMessage(playerid, COLOR_RED, "You are already logged in!");
            return 1;
        }
        tmp = strtok(cmdtext, idx);
        if(!strlen(tmp))
        {
            SendClientMessage(playerid, COLOR_YELLOW, "{6EF83C}USAGE: {0049FF}/login [password]");
        }
        else
        {
            if (dini_Exists(udb_encode(playername)))
            {
                tmp2 = dini_Get(udb_encode(playername), "password");
                if (udb_hash(tmp) != strval(tmp2))
                {
                    SendClientMessage(playerid, COLOR_RED, "Wrong/Invalid Password!");
                }
                else
                {
                    logged[playerid] = 1;
                    money[playerid] = dini_Int(udb_encode(playername), "money");
                    adminlevel[playerid] = dini_Int(udb_encode(playername), "adminlevel");
                    format(string, sizeof(string), "%s, You Are Now Logged In!", playername, adminlevel[playerid], money[playerid]);
                    SendClientMessage(playerid, COLOR_GREEN, string);
                    GivePlayerMoney(playerid, money[playerid]);
                }
            }
            else
            {
                format(string, sizeof(string), "You are not registered Type /register [password] to create a account", playername);
                SendClientMessage(playerid, COLOR_RED, string);
            }
        }
        return 1;
  	}
    return 0;
}

public OnPlayerDisconnect(playerid, reason)
{
    money[playerid] = GetPlayerMoney(playerid);
    dini_IntSet(udb_encode(playername), "money", money[playerid]);
    dini_IntSet(udb_encode(playername), "adminlevel", adminlevel[playerid]);
    logged[playerid] = 0;
    return 1;
}

thanks

[Stylock]

Why would you want to remove the hash?

[hadzx]

yeah but what if i forget my password lawl i can look into the script files because its all a bunch of numbers is their a website that can decode hashed passwords or not?:P

[alpha500delta]

Copy your stats, delete the account, re-register and paste the stats in again lol
And yes, there are some websites but they are mainly MD5 and Barcodes lol

[JaTochNietDan]

Quote:

Originally Posted by hadzx yeah but what if i forget my password lawl i can look into the script files because its all a bunch of numbers is their a website that can decode hashed passwords or not?:P

Technically decoding a hashed password, assuming it's in a good format, would take a serious amount of time. The hashing system you're using is very primitive and quite pointless, it can be reversed. What's the point of hashing passwords if you can de-hash them! That's like cooking a chicken just to throw it into the bin! Hashing passwords is crucial in the security of servers and websites alike that accept user registrations, what if someone gains access to the database? Then they'll have access to everyone's account password in plain text format, if you've hashed it with a reliable hash system, then they won't get their hands on the password for an extremely long time, if ever.

Anyway, there are websites that can "decrypt" password hashes, but generally are un-reliable. Most of them just have a database of words and their corresponding hash, and just look through the database for that hash when you put it in, so if your password is any bit unique, it won't work.

There are other ways to attempt to decrypt password hashes, but again they are extremely unreliable, the whole point of the hash is that it's supposed to be impossible to decrypt!

[hadzx]

Quote:

Originally Posted by JaTochNietDan Technically decoding a hashed password, assuming it's in a good format, would take a serious amount of time. The hashing system you're using is very primitive and quite pointless, it can be reversed. What's the point of hashing passwords if you can de-hash them! That's like cooking a chicken just to throw it into the bin! Hashing passwords is crucial in the security of servers and websites alike that accept user registrations, what if someone gains access to the database? Then they'll have access to everyone's account password in plain text format, if you've hashed it with a reliable hash system, then they won't get their hands on the password for an extremely long time, if ever. Anyway, there are websites that can "decrypt" password hashes, but generally are un-reliable. Most of them just have a database of words and their corresponding hash, and just look through the database for that hash when you put it in, so if your password is any bit unique, it won't work. There are other ways to attempt to decrypt password hashes, but again they are extremely unreliable, the whole point of the hash is that it's supposed to be impossible to decrypt!

thank you for writing this every usefull and will remmeber this thank you all