[PHP/MYSQL]WP_HASH
#1

Hello, I have a problem with php login system. In the gamemode login system very strange and I can't understand how to unhash mysql password with php.
Pawn
pawn Код:
if(strlen(inputtext) != 0)
{
    new string[310], HashedPW[145];
    WP_Hash(HashedPW, sizeof (HashedPW), inputtext);
    format(string, sizeof(string), "INSERT INTO `players` (Name, Password) VALUES ('%s', '%s')",ZaidejoVardas(playerid),HashedPW );
    mysql_query(string);
    CheckIfAccExist( playerid );
}
Reply
#2

EDIT:
explained here may be this help https://sampforum.blast.hk/showthread.php?tid=159785
it use SHA to hash may be that work in php idk much about php though
Reply
#3

Quote:
Originally Posted by Niko_boy
Посмотреть сообщение
hmm there is nothing like WP for PHP as far i know u need to make custom thing to unhash or use another way to hash!
What? Of course PHP has a whirlpool function.
http://php.net/manual/en/function.hash.php

PHP код:
hash'whirlpool'value[]); 
You cant actually unhash it. Whenever the user tries to login, you must hash what they have written and compare it to the current hash in the database.
Reply
#4

Quote:
Originally Posted by [HiC]TheKiller
Посмотреть сообщение
What? Of course PHP has a whirlpool function.
http://php.net/manual/en/function.hash.php

PHP код:
hash'whirlpool'value[]); 
You cant actually unhash it. Whenever the user tries to login, you must hash what they have written and compare it to the current hash in the database.
Thanks [HiC]TheKiller.
But I don't understand, impossible to unhash with that script?
I use your login script https://sampforum.blast.hk/showthread.php?tid=159785 . But how to change to this hash?
Reply
#5

Sorry for double post, but I still don't understand what I'm doing wrong.
PHP код:
if(!isset($_SESSION["username"]))  $result mysql_query("SELECT * FROM `players` WHERE Name='$username' AND Password=hash( 'whirlpool',$password)"); 
Reply
#6

I'm just gonna say, the SA-MP encryption methods are usually in all capitals where as in PHP they are not, best to strtoupper($password) before comparing the strings.

Try doing this

PHP код:
if(!isset($_SESSION["username"]))  $result mysql_query("SELECT * FROM `players` WHERE Name='$username' AND Password=strtoupper(hash( 'whirlpool',$password))"); 
For better management i tend to do any thing I need to prior to using it so I would

PHP код:
$hashedPassword strtoupper(hash'whirlpool',$password));
if(!isset(
$_SESSION["username"]))  $result mysql_query("SELECT * FROM `players` WHERE Name='$username' AND Password='$hashedPassword'"); 
Reply
#7

Quote:
Originally Posted by vital2k
Посмотреть сообщение
I'm just gonna say, the SA-MP encryption methods are usually in all capitals where as in PHP they are not, best to strtoupper($password) before comparing the strings.

Try doing this

PHP код:
if(!isset($_SESSION["username"]))  $result mysql_query("SELECT * FROM `players` WHERE Name='$username' AND Password=strtoupper(hash( 'whirlpool',$password))"); 
For better management i tend to do any thing I need to prior to using it so I would

PHP код:
$hashedPassword strtoupper(hash'whirlpool',$password));
if(!isset(
$_SESSION["username"]))  $result mysql_query("SELECT * FROM `players` WHERE Name='$username' AND Password='$hashedPassword'"); 
Thanks its works.
Reply
#8

You're welcome
Reply
#9

How to change this to sha1? this with Whirpool wp_hash i want change it to sha1.
can help? i already try, but dont work

PHP код:

<?php
    session_start
();
    include 
"koneksi.php";
    if(isset(
$_SESSION['playername']))
    {
        
go('index.php''You already logged in.');
    }
    if(!isset(
$_POST['username'], $_POST['password']))
    {
        
go('index.php''Please fillout all required forms.');
    }
    else
    {
        
$query $koneksi->prepare("SELECT `adminlevel`,`name` from `players` where `name` = ? and `pass` = ?");
        
$query->execute(array($_POST['username'], strtoupper(hash("whirlpool"$_POST['password']))));
        if(
$query->rowCount() > 0)
        {
            
$data $query->fetch();
            
go('index.php''Succesfully logged in.');
            
$_SESSION['playername'] = $data['name'];
            
$_SESSION['playerlevel'] = $data['adminlevel'];
        }
        else
        {
            
go('index.php''Wrong username or password.');
        }
    }
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)