18.06.2014, 08:29
Hello SA-MP'ers,
i need your help to convert whirlpool hash to simple sql sha1. am using [HiC]TheKiller's UCP script and there password hashing is based on Whirlpool and i want to convert it to simple SHA1 hash.
how?
i need your help to convert whirlpool hash to simple sql sha1. am using [HiC]TheKiller's UCP script and there password hashing is based on Whirlpool and i want to convert it to simple SHA1 hash.
how?
playerpage.php
pawn Код:
<?php
include("servervariables.php");
include("crypting.php");// Whirlpool hash.
include("database.php");
if(!isset($_SESSION['logged']))
{
if(!isset($_POST['user']) || !isset($_POST['password']))
{
die;
}
}
if(checksessioncookie(0) == 0 && isset($_SESSION['logged']))
{
echo "Cookie error malfunction, please visit the cookie monster for more information";
die;
}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title><?php echo SERVERNAME;?></title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="default.css" rel="stylesheet" type="text/css" />
</head>
<style>
@font-face { font-family: JuneBug; src: url('JUNEBUG.TTF'); }
raz {
font-family: JuneBug
}
</style>
<style>
@font-face { font-family: PricedownBl-Regular; src: url('pricedown.TTF'); }
price {
font-family: PricedownBl-Regular
}
</style>
<body>
<div id="header">
<price><font size="6.5"><?php echo SERVERNAME;?></font></price>
<h2 style="background-color:grey;"><?php echo SLOGAN;?></h2>
<price><font width=20 size="10">UCP/ACP - Section</font></price>
</div>
<div id="left">
<div id="menu" class="boxed">
<h2 class="heading">Pages</h2>
<ul>
<li class="first"><a href="index.php" title=""><raz><font size="5">Home</font><raz></a></li>
<li><a href="stats.php" title=""><raz><font size="5">Stats</font><raz></a></li>
<li><a href="admins.php" title=""><raz><font size="5">Admins</font><raz></a></li>
<li><?php echo'<a href="adminpage.php" title=""><raz><font size="5">A.c.p</font><raz></a>'?></li>
<li><?php if(!isset($_SESSION['logged'])) echo'<a href="login.php" title=""><raz><font size="5">U.c.p</font><raz></a>'; if(isset($_SESSION['logged'])) echo'<a href="playerpage.php" title=""><raz><font size="5">U.c.p</font><raz></a>'?></li>
<?php if(defined("FORUMURL")) echo "<li><a href='FORUMURL'><h2>VISIT FORUM</h2></a></li>"; else echo "<p> </p>";?>
</ul>
<p> </p>
<p> </p>
</div>
</div>
<!-- end #left -->
<div id="right">
<div class="boxed">
<h2 class="heading">News</h2>
<p>
<?php
include("news.php");
mysql_close($con);
?></p>
</div>
</div>
<!-- end #right -->
<div id="center">
<div class="boxed">
<h1 class="heading">Welcome to <?php echo SERVERNAME;?>!
</h1>
<center><h1>User Control Panel</h1></center>
<td rowspan=3 width=200><a href='changepass.php'><img src='images/avatar.png'><br></a></td>
<?php
$con = mysql_connect(SQL_SERVER, SQL_USERNAME, SQL_PASSWORD);
mysql_select_db(SQL_DB, $con);
if(isset($_POST['password']) && isset($_POST['user']))
{
$pass = hash( 'whirlpool', htmlentities(mysql_escape_string($_POST['password'])));
$user = htmlentities(mysql_escape_string($_POST['user']));
}
else
{
$user = htmlentities(mysql_escape_string(getuser()));
}
if(isset($_POST['password']) && isset($_POST['user']))
{
$result = mysql_query("SELECT `adminlvl` FROM `playerinfo` WHERE `user` = '$user' AND `password` = '$pass'");
if(mysql_num_rows($result) !=0)
{
while ($row2 = mysql_fetch_array($result, MYSQL_ASSOC)) $alvl = $row2['adminlvl'];
givesessioncookie($user, $alvl);
}
}
if(!isset($_POST['password']) && !isset($_POST['user']))
{
$user = getuser();
$result = mysql_query("SELECT `user` FROM `playerinfo` WHERE `user` = '$user'");
}
if(!mysql_num_rows($result)) echo "<strong>Incorrect Username Or Password!</strong>";
else
{
$result = mysql_query("SELECT * FROM `playerinfo` WHERE `user` = '$user' LIMIT 1");
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$user = $row['user'];
$kills = $row['kills'];
$deaths = $row['deaths'];
$score = $row['score'];
$money = $row['money'];
$email = $row['email'];
}
if(!strlen($email)) $email = "None set";
echo "<center><strong>--------------------[ Welcome '$user' to your dashboard. ]--------------------</strong></center>";
echo "<center><strong> <br></strong></center>";
echo"<table border='0'>
<tr>
<td width=80 height=20>Username:</td>
<td width=90> <b>$user</b></td>
<td rowspan=3 width=200><center><a href='changepass.php'><img src='images/passlogo.png'><br>Change Password</center></a></td>
<td rowspan=3 width=200><center><a href='changeemail.php'><img src='images/emailimg.jpg'><br>Change Email</center></a></td>
<td rowspan=3 width=200><center><a href='linkip.php'><img src='images/linkip.jpg'><br>Link IP to account</center></a></td>
</tr>
<tr>
<td height=20>Password:</td>
<td><i><b>[Your current password]</i></b></a></td>
</tr>
<tr>
<td height=20>Kills:</td>
<td><b>$kills</b></td>
</tr>
<tr>
<td height=20>Deaths:</td>
<td><b>$deaths</b></td>
</tr>
<tr>
<td height=20>Score:</td>
<td><b>$score</b></td>
</tr>
<tr>
<td height=20>Money:</td>
<td><b>$$money</b></td>
</tr>
<tr>
<td width=80 height=20>E-Mail:</td>
<td><b>$email</b></td>
</tr></b>
</table><br><a href='logout.php'><img src='images/logat.png'><br> Logout</a>";
}
mysql_close($con);
?>
</p>
</div>
</div>
<!-- end #center -->
<div style="clear: both;"> </div>
<div id="footer">
<p id="legal">Copyright <?php echo SERVERNAME;?>. All Rights Reserved.<br>powered By <font color="red">Raza™ - Gaming</font>Website created by <font color="yellow">[HiC]TheKiller</font> and <font color="yellow">XFlawless.</font>.</br></p>
<p id="links"><a href="index.php">Home</a> | <a href="stats.php">Stats</a> | <a href="admins.php">Admins</a> | <a href=<?php if(isset($_SESSION['logged'])) echo "adminpage.php"; else echo "login.php?l=a";?>>ACP</a> | <a href=<?php if(isset($_SESSION['logged'])) echo "playerpage.php"; else echo "login.php";?>>UCP</a> </p>
</div>
</body>
</html>
crypting.php
pawn Код:
<?php
session_start();
include("servervariables.php");
function convert($str,$ky='')
{
if($ky=='') return $str;
$ky=str_replace(chr(32),'',$ky);
if(strlen($ky)<8)exit('key error');
$kl=strlen($ky)<32?strlen($ky):32;
$k=array();for($i=0;$i<$kl;$i++){
$k[$i]=ord($ky{$i})&0x1F;}
$j=0;for($i=0;$i<strlen($str);$i++){
$e=ord($str{$i});
$str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e);
$j++;$j=$j==$kl?0:$j;}
return $str;
}
function givesessioncookie($username, $adminlevel)
{
$string = "||" . $_SERVER['REMOTE_ADDR'] . "||" . $username . "||" . $adminlevel;
$_SESSION['logged'] = convert($string, PASSWORDHASH);
}
function getuser()
{
$decrpt = convert($_SESSION['logged'], PASSWORDHASH);
$str = explode("||", $decrpt);
return $str[2];
}
function getadmin()
{
$decrpt = convert($_SESSION['logged'], PASSWORDHASH);
$str = explode("||", $decrpt);
return $str[3];
}
function checksessioncookie($admin)
{
if(!isset($_SESSION['logged']))
{
return 0;
}
$decrpt = convert($_SESSION['logged'], PASSWORDHASH);
if(strpos($decrpt,$_SERVER['REMOTE_ADDR']) != 2)
{
return 0;
}
$str = explode("||", $decrpt);
if($_SERVER['REMOTE_ADDR'] == $str[1])
{
if(strlen($str[1]) < 25)
{
if($admin == 1 && $str[2] > 0)
{
return 1;
}
else if($admin == 1 && $str[2] == 0)
{
return 2;
}
else if($admin == 0)
{
return 1;
}
}
}
return 0;
}
//Credits to whover made it decrypt / encrypt
?>
servervariables.php
pawn Код:
<?php
if(!defined('SERVERNAME'))
{
define('SERVERNAME', 'Deserts War - Army Vs Terrorist');
define('WEBSITEMESSAGE', '"We are the best and will be" ');
define('SLOGAN', 'War Will Bring Peace" ');
define('PASSWORDHASH', 'oLy0?S4!EYto');
define('FORUMURL', 'www.dw-avt.uk.ht/forums');
}
?>
