1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support

Threaded Mode
Help to fix my hasg
pdonald
Big Clucker
***
Posts: 154
Threads: 58
Joined: Nov 2013
Reputation: 0
#1

18.11.2015, 04:10
To login u dont need use your password on myserver all's players password work in all players

Someone can help me to fix it?

Код:
#define HASH_SENHA  "AEOAUEABABEAEAEOUAEIX"
Код:
	new query[1024], ip[25];
    if(dialogid == DIALOG_REGISTER)
    {
        if(!response) return Kick(playerid);
        if(response)
        {
            if(!strlen(inputtext)) return ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT, "Please enter a valid password!", "Please enter a valid registration password\nTo continue press Register\n\nOxiRegister 1.0\n", "Register", "Quit");
            else
            {
                SHA256_PassHash(inputtext, HASH_SENHA, pInfo[playerid][pSenha], 64);

                GetPlayerIp(playerid, ip, sizeof(ip));
                format(query, sizeof(query), "INSERT INTO `accounts` (`Username`, `Senha`, `IP`) VALUES ('%s', '%s', '%s')", GetName(playerid), pInfo[playerid][pSenha], ip);
                mysql_query(ConnectMYSQL,query);
                pInfo[playerid][Registered] = true;
                pInfo[playerid][LoggedIn] = true;
                Logado[playerid] = 1;
                tutorial[playerid] = -1;
                SetPlayerHealthEx(playerid, 100);

                pInfo[playerid][UserID] = cache_get_field_content_int(0, "UserID");
                OnPlayerLogin(playerid);
            }
        }
        return 1;
    }
    if(dialogid == DIALOG_LOGIN)
    {
        if(!response) return Kick(playerid);
        if(response)
        {
            if(!strlen(inputtext)) return ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "Please enter a valid password!", "Please enter your valid logging in password\nTo continue press log-in", "Log-in", "Quit");
            else
            {
                new Senha[64];
                SHA256_PassHash(inputtext,HASH_SENHA,Senha,64);

                mysql_format(ConnectMYSQL, query, sizeof(query), "SELECT * FROM accounts WHERE Senha = '%e' LIMIT 0,1", Senha);
                mysql_pquery(ConnectMYSQL, query, "OnLogin", "d", playerid);
            }
        }
        return 1;
    }
Find
Reply
lucamsx
Big Clucker
***
Posts: 197
Threads: 12
Joined: Oct 2015
Reputation: 0
#2

18.11.2015, 06:37
Wrong section.
look here: http://forum.sa-mp.com/forumdisplay.php?f=12
Find
Reply
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#3

18.11.2015, 08:57
There is a fatal flaw in your system. Because you use the same salt for everyone*, players with the same password will also have the same hash. Result: you will get into the account of the first player with that password even if it isn't your own. You need to add either name or id to that query so that it will always return only 1 result.

Furthermore, to store a Sha256 hash (in Pawn) you need 65 cells of space: 64 cells for the actual hash and 1 extra cell for the all important null terminator. If the null terminator is omitted or overwritten you will get nasty buffer overflow errors.

Lastly, you're not showing the actual login procedure and password comparison, which is the OnLogin function.

*The salt should be unique for each player and should be stored with the password in the database.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support