Login

phillip875 · 31.07.2012, 12:56

I've tried to make a login and registration system using ******'s whirlpool.

The registration part works fine, but I am having problems with the login.

If anyone can see what I am doing wrong and can give me a solution, I would be very grateful:

pawn Код:

case DLG_LOGIN:
        {
            if(response == 1)
            {
                new encpass[129],stored[129];
                GetPlayerName(playerid,pName,sizeof(pName));
                format(pFile,sizeof(pFile),"Users/%s.txt",pName);
                DOF2_GetStringEx(pFile,"password",stored,sizeof(stored));
                WP_Hash(encpass,sizeof(encpass),inputtext);
                if(strcmp(stored, inputtext,true) && strcmp(stored, encpass, true))
                {
                    ShowPlayerDialog(playerid,DLG_LOGIN,DIALOG_STYLE_PASSWORD,"Galaxy RPG - Login","You entered your password incorrectly.\nPlease enter your password to login:","Login","Cancel");
                    return 1;
                }
                else
                {
                    LoadPlayerStats(playerid);
                    return 1;
                }
            }
            if(response == 0)
            {
                ShowPlayerDialog(playerid,DLG_LOGREGQUIT,0,"Quit","You have cancelled your login.","Ok","");
                Kick(playerid);
                return 1;
            }
        }

Cjgogo · 31.07.2012, 13:19

pawn Код:

case DLG_LOGIN:
        {
            if(response == 1)
            {
                new encpass[129],stored[129];
                GetPlayerName(playerid,pName,sizeof(pName));
                format(pFile,sizeof(pFile),"Users/%s.txt",pName);
                DOF2_GetStringEx(pFile,"password",stored,sizeof(stored));
                WP_Hash(encpass,sizeof(encpass),inputtext);
                if(!strcmp(encpass,stored))
                {
                     LoadPlayerStats(playerid);
                     return 1;
                }
                else
                {
                    ShowPlayerDialog(playerid,DLG_LOGIN,DIALOG_STYLE_PASSWORD,"Galaxy RPG - Login","You entered your password incorrectly.\nPlease enter your password to login:","Login","Cancel");
                    return 1;
                }
            }
            if(response == 0)
            {
                ShowPlayerDialog(playerid,DLG_LOGREGQUIT,0,"Quit","You have cancelled your login.","Ok","");
                Kick(playerid);
                return 1;
            }
        }

Try that...

phillip875 · 31.07.2012, 13:26

Well, now I have the problem that when I enter my password correctly, it keeps on saying wrong password..

phillip875 · 31.07.2012, 13:35

Well, I mean it loads the stats... but keeps on showing incorrect password

Cjgogo · 31.07.2012, 13:43

Try without the "return 1's",I mean like:

pawn Код:

case DLG_LOGIN:
        {
            if(response == 1)
            {
                new encpass[129],stored[129];
                GetPlayerName(playerid,pName,sizeof(pName));
                format(pFile,sizeof(pFile),"Users/%s.txt",pName);
                DOF2_GetStringEx(pFile,"password",stored,sizeof(stored));
                WP_Hash(encpass,sizeof(encpass),inputtext);
                if(!strcmp(encpass,stored))
                {
                     LoadPlayerStats(playerid);
                }
                else
                {
                    ShowPlayerDialog(playerid,DLG_LOGIN,DIALOG_STYLE_PASSWORD,"Galaxy RPG - Login","You entered your password incorrectly.\nPlease enter your password to login:","Login","Cancel");
                }
            }
            if(response == 0)
            {
                ShowPlayerDialog(playerid,DLG_LOGREGQUIT,0,"Quit","You have cancelled your login.","Ok","");
                Kick(playerid);
            }
        }

phillip875 · 31.07.2012, 13:45

Still the same, just tested.

DeathOnaStick · 31.07.2012, 13:51

The "return 1;"'s were good where they were, because that was the point where the procedure shall end. I'd leave them there.

Taking a look at the main problem now.

#Update#: Is there any reason why you are using an array with the size of 129?

The real Whirlpool-Hashfunction actually produces a 512bit hash. If you shorten it (and you do that at the moment) it's possible that you have collisions (which means one hash has many passwords that fit).
Probably this is also what bugs, but I doubt it. Just wanted to tell you this, I guess this is an important point in the security of this hash function. You should always use a 512-bit string if you work with Whirlpool.

phillip875 · 31.07.2012, 14:07

I changed it to 512 and still get the same problem

BrandyPenguin

Quote:

Originally Posted by DeathOnaStick

#Update#: Is there any reason why you are using an array with the size of 129?

I quote Whirlpool plugin thread:

Quote:

Originally Posted by ******@ Whirlpool Thread

To use simply call the function, passing a buffer of at least 129 characters, the size of that buffer and the string you want to hash. This used to say 145 but I have no idea why! You need 128 for the hash and 1 for the NULL terminator

Anyway back to the topic here - Try checking if it get called twice (debug prints.)

DeathOnaStick · 31.07.2012, 14:27

Quote:

Originally Posted by BrandyPenguin

#Update#: Is there any reason why you are using an array with the size of 129?

I quote Whirlpool plugin thread:

Anyway back to the topic here - Try checking if it get called twice (debug prints.)

Thanks for the correction! I orrientated on the real hashfunction not on the plugin. Thanks for that!
+rep

Login
Username:
Password:	Lost Password?
	Remember me