[Plugin] Bcrypt
#21

Support for Windows added, precompiled binary (dll) is now available.
Reply
#22

I need some help with this, i cant seem to find the plugin file but there is a c++ file named plugin and what do i do with all those c++ files i have no idea.
please help
Reply
#23

lol nevermind i downloaded the wrong file :P
Reply
#24

I have a few questions
  • Does it work with CentOS ?
  • And how do I know what is the maximum cost I can put in ?
  • If I change the cost someday with already a few accounts hashed with the previous cost, will their password still work after I change the cost ?
Reply
#25

Quote:
Originally Posted by xkirill
View Post
I have a few questions
  • Does it work with CentOS ?
  • And how do I know what is the maximum cost I can put in ?
  • If I change the cost someday with already a few accounts hashed with the previous cost, will their password still work after I change the cost ?
1. I'm not quite sure whether or not the plugin will compile on CentOS. The plugin requires C++11 or C++0x, which are present on most modern OSes, but I've never used CentOS, so I can't speak for it.

2. The minimum cost is 4 and the maximum cost is 31. However, you should find a cost that takes about 100-300 ms to calculate on the specific server in question. You can do this for instance by measuring the time using GetTickCount() and trying a couple of different costs. Usually costs 10-12 are suitable.

3. You can freely change the cost on the fly, and the old hashes will still work. Bcrypt_check will work regardless of the cost of the hash (which is identified automatically).

If you're ever planning to change the cost, it is recommended to update the old hashes as well when a player signs in. You can use function bcrypt_needs_rehash to check if the password needs to be rehashed and updated in the database. I could add an example of this to the repository.
Reply
#26

The highest compiler version on CentOS 6 is gcc 4.4, which supports almost none of the C++11 features. Only CentOS 7 (gcc 4.7.x) has proper support for C++11. So only CentOS 7 can run this plugin and I also encourage every server owner to upgrade to CentOS 7 (if you are using CentOS 6 ofc), because not using C++11 features really sucks if you are a plugin developer.
Reply
#27

Nice working
Reply
#28

In the example
pawn Code:
bcrypt_check(playerid, BCRYPT_LOGIN, inputtext, hash);
I believe it should be
pawn Code:
bcrypt_check(inputtext, hash, "OnPasswordChecked", "d",playerid);
Reply
#29

I am running the plugin on Debian 7.7, gcc version 4.7.2-5
The plugin loads and everything looks fine on the server log, but the callbacks are never called.
I put a print function in, to indicate when the callback is being called but it never prints it nor updates the password.
Quote:

[03:18:06] plugin.bcrypt: The plugin is up-to-date.
[03:18:05] Loading plugin: bcrypt-samp.so
[03:18:05] plugin.bcrypt v2.2.2 was loaded.
[03:18:05] plugin.bcrypt: 5 cores detected, 4 threads will be used.
[03:18:05] Loaded.

On my localhost - Win7 64bit it loads and works fine.
Reply
#30

Quote:
Originally Posted by xkirill
View Post
I am running the plugin on Debian 7.7, gcc version 4.7.2-5
The plugin loads and everything looks fine on the server log, but the callbacks are never called.
I put a print function in, to indicate when the callback is being called but it never prints it nor updates the password.

On my localhost - Win7 64bit it loads and works fine.
Are you using bcrypt-samp-v2.2.2-debian_7.tar.gz from the Releases page on GitHub?
Reply
#31

Quote:
Originally Posted by Johnson_boy
View Post
Are you using bcrypt-samp-v2.2.2-debian_7.tar.gz from the Releases page on GitHub?
Yes. (just not compressed tar)

bcrypt-samp.so -> plugins
bcrypt.inc -> includes
Reply
#32

Hello,
You have define password_hash for PHP but not connecting to panel for password bcrypt?
Reply
#33

Hello,
I am currently developing a panel samp and I use this plugin but I have trouble with the transition pawn - php ( password_verify (), password_hash ()).
A little help please , thank you

(sorry for my english , I'm french x))
Reply
#34

Quote:
Originally Posted by Nealll
View Post
Hello,
I am currently developing a panel samp and I use this plugin but I have trouble with the transition pawn - php ( password_verify (), password_hash ()).
A little help please , thank you

(sorry for my english , I'm french x))
Simply fetch the password hash from the database and use password_verify($password , $hash) to check if the password given by the user matches the hash fetched from the database.
Reply
#35

I have given the hash password and compare it to that of the database?
Thank
Reply
#36

Quote:

[13:01:48] plugin.bcrypt v2.2.3 was loaded.
[13:01:48] plugin.bcrypt: 5 cores detected, 4 threads will be used.
[13:01:48] Loaded.
[13:01:49] plugin.bcrypt: A new revision is available:
[13:01:49] plugin.bcrypt: Current version: 2.2.2
[13:01:49] plugin.bcrypt: Latest version: 2.2.3
[13:01:49] plugin.bcrypt: Download: http://api.ls-rcr.com/bcrypt/?upgrade
[13:01:49] plugin.bcrypt: Upgrading is recommended.

Downloaded v2.2.3 and updated the files.
it continues to say that there is a new version although it say above that it loaded version 2.2.3
Quote:
Originally Posted by Nealll
View Post
I have given the hash password and compare it to that of the database?
Thank
Yes with password_verify($input, $hashed_password_from_db);
Reply
#37

It's impossible because even if you enter exactly the same caracrtere chain, bcrypt hash of another ways ...

Show me a code example ^^
Reply
#38

Quote:
Originally Posted by xkirill
View Post
Downloaded v2.2.3 and updated the files.
it continues to say that there is a new version although it say above that it loaded version 2.2.3

Yes with password_verify($input, $hashed_password_from_db);
Did you remember to update bcrypt.inc and recompile the script? It seems to work fine for me

Quote:
Originally Posted by Nealll
View Post
It's impossible because even if you enter exactly the same caracrtere chain, bcrypt hash of another ways ...

Show me a code example ^^
This is the basic idea:
PHP Code:
<?php
$password 
'Hello World!';
$hash '$2y$12$D62QnfKU1bYMTode2W7UVeMb7maqY.Y7TCdWgQzj44HuOBK47Ej1Wl';
if(
password_verify($password$hash))
{
    
// Match
}
else
{
    
// No match
}
And something like this might resemble the actual use case:

PHP Code:
<?php
/**
 * Attempt to login using the given username and password. (simple example)
 * @param  string $username The username given by the user
 * @param  string $password The password given give the user
 * @return boolean            True if the login was successful, otherwise false
 */
public function login($username$password)
{
    
$success false;
    
$get_password_q "SELECT `id`, `password` FROM `users` WHERE `username` = ?";
    if(
$stmt $db->prepare($get_password_q))
    {
        
$stmt->bind_param("s"$username);
        
$stmt->execute();
        
$stmt->store_result();
        
$stmt->bind_result($id$hash);
        if(
$stmt->num_rows)
        {
            if(
password_verify($password$hash))
            {
                
// Correct password
                
$success true;
            }
            else
            {
                
// Wrong password
            
}
        }
        else
        {
            
// The user does not exist
        
}
        
$stmt->close();
    }
    return 
$success;
}
Reply
#39

Nice
Reply
#40

Ok. Thanks you.
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)