11.09.2015, 16:31
Ola pessoal, 1 ou 2 semanas atras fiz o meu sistema de login e register com a ajuda deste tutorial: https://sampforum.blast.hk/showthread.php?tid=574714
Hoje vi um thread dizendo que hashing pode ser decryptado facilmente e que o salting й melhor: https://sampforum.blast.hk/showthread.php?tid=350664
Portanto decidi adicionar o salting, mas agora nao consigo logar mesmo se a senha estiver correta..
Espero que me possam ajudar com isto ^^
Aqui esta o meu codigo:
A identation (nao sei dizer coretamente em PT 
ja vivo na franзa a muitos anos [Mas sou PT nao FR!]) nao ficou boa aqui no forum, mas ela esta boa no GM!
Hoje vi um thread dizendo que hashing pode ser decryptado facilmente e que o salting й melhor: https://sampforum.blast.hk/showthread.php?tid=350664
Portanto decidi adicionar o salting, mas agora nao consigo logar mesmo se a senha estiver correta..
Espero que me possam ajudar com isto ^^
Aqui esta o meu codigo:
pawn Код:
/************************
* INCLUDES *
*************************/
#include <a_mysql>
/************************
* NATIVES *
*************************/
native IsValidVehicle(vehicleid);
native WP_Hash(buffer[], len, const str[]);
/************************
* MYSQL *
*************************/
#define MYSQL_HOST "localhost"
#define MYSQL_USER "root"
#define MYSQL_DATABASE "sfrp"
#define MYSQL_PASSWORD ""
/************************
* DEFINES *
*************************/
#define SPAWN_X 10.0
#define SPAWN_Y 10.0
#define SPAWN_Z 14.0
#define SPAWN_A 0.0
/***************
Colors
****************/
#define RED 0xFF0000FF
#define BLUE 0x00FF00FF
#define GREEN 0x0000FFFF
/***************
Dialogs
****************/
#define RegDialog 0
#define LogDialog 1
/************************
* ENUMS *
*************************/
enum playerInfo
{
ID,
Name[MAX_PLAYER_NAME],
Password[129],
Salt[30],
IP[16],
Admin,
VIP,
Money,
Float:posX,
Float:posY,
Float:posZ,
Float:posA
};
new pInfo[MAX_PLAYERS][playerInfo];
/************************
* FORWARDS *
*************************/
forward DelayedKick(playerid);
forward OnAccountCheck(playerid);
forward OnAccountLoad(playerid);
forward OnAccountRegister(playerid);
/************************
* VARIABLES *
*************************/
new mysql;
public OnGameModeInit()
{
SetGameModeText("[Pre-Alpha] SF-RP 0.0.1");
AddPlayerClass(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
mysql_log(LOG_ALL);
mysql = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_DATABASE, MYSQL_PASSWORD);
if(mysql_errno() != 0)
{
printf("[MySQL] Failed to connect.");
}
else
{
printf("[MySQL] Connected successfully");
}
return 1;
}
public OnGameModeExit()
{
mysql_close(mysql);
return 1;
}
public OnPlayerConnect(playerid)
{
// Codigo de se o jogador nao tiver o nome RP й kickado
else
{
TogglePlayerSpectating(playerid, true);
new query[128];
mysql_format(mysql, query, sizeof(query), "SELECT `Password`, `Salt`, `ID` FROM `accounts` WHERE `Name` = '%e' LIMIT 1", PlayerName(playerid));
mysql_tquery(mysql, query, "OnAccountCheck", "i", playerid);
}
return 1;
}
public OnPlayerDisconnect(playerid, reason)
{
SavePlayerStats(playerid);
ResetPlayerStats(playerid);
return 1;
}
public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
switch(dialogid)
{
case LogDialog:
{
if(!response) return Kick(playerid);
new hashpass[129], query[100];
format(hashpass, sizeof(hashpass), "%s%s", pInfo[playerid][Salt], escape(inputtext));
WP_Hash(hashpass, sizeof(hashpass), inputtext);
if(!strcmp(hashpass, pInfo[playerid][Password], true))
{
mysql_format(mysql, query, sizeof(query), "SELECT * FROM `accounts` WHERE `Name` = '%e' LIMIT 1", PlayerName(playerid));
mysql_tquery(mysql, query, "OnAccountLoad", "i", playerid);
}
else
{
SendClientMessage(playerid, -1, "You have specified an incorrect password!");
ShowPlayerDialog(playerid, LogDialog, DIALOG_STYLE_PASSWORD, "Login", "Welcome player!\nYour account has been found in our database. Please fill in your password:", "Login", "Quit");
}
}
case RegDialog:
{
if(!response) return Kick(playerid);
if(strlen(inputtext) < 5)
{
SendClientMessage(playerid, -1, "Your password must at least contain more than 4 characters.");
ShowPlayerDialog(playerid, RegDialog, DIALOG_STYLE_INPUT, "Register", "Welcome player!\nYour account has not been registered yet. Please fill in your desired password:", "Register", "Quit");
}
else
{
new query[512], playerip[16], salt[30], hashpass[129];
GetPlayerIp(playerid, playerip, sizeof(playerip));
randomString(salt, 31);
format(hashpass, sizeof(hashpass), "%s%s", salt, escape(inputtext));
WP_Hash(hashpass, sizeof(hashpass), hashpass);
mysql_format(mysql, query, sizeof(query), "INSERT INTO `accounts` (`Name`, `Password`, `Salt`, `IP`, `Admin`, `VIP`, `Money`, `PosX`, `PosY`, `PosZ`, `PosA`) VALUES ('%e', '%e', '%e', '%e', 0, 0, 0, %f, %f, %f, %f)", PlayerName(playerid), hashpass, salt, playerip, SPAWN_X, SPAWN_Y, SPAWN_Z, SPAWN_A);
mysql_tquery(mysql, query, "OnAccountRegister", "i", playerid);
}
}
}
return 1;
}
/************************
* FUNCTIONS *
*************************/
PlayerName(playerid)
{
new name[MAX_PLAYER_NAME];
GetPlayerName(playerid, name, sizeof(name));
return name;
}
SavePlayerStats(playerid)
{
new query[128], Float:pos[4];
GetPlayerPos(playerid, pos[0], pos[1], pos[2]);
GetPlayerFacingAngle(playerid, pos[3]);
mysql_format(mysql, query, sizeof(query), "UPDATE `accounts` SET `Money` = %d, `PosX` = %f, `PosY` = %f, `PosZ` = %f, `PosA` = %f WHERE `ID` = %d",
GetPlayerMoney(playerid), pos[0], pos[1], pos[2], pos[3], pInfo[playerid][ID]);
mysql_tquery(mysql, query, "", "");
return 1;
}
ResetPlayerStats(playerid)
{
for (new i=0; i< sizeof(pInfo[]); i++)
{
pInfo[playerid][playerInfo:i] = 0;
}
return 1;
}
escape(string[])
{
new esc_string[512];
mysql_real_escape_string(string, esc_string, mysql, sizeof(esc_string));
return esc_string;
}
randomString(strDest[], strLen = 30)
{
while(strLen--)
strDest[strLen] = random(2) ? (random(26) + (random(2) ? 'a' : 'A')) : (random(10) + '0');
}
/************************
* CALLBACKS *
*************************/
public OnAccountCheck(playerid)
{
new rows, fields;
cache_get_data(rows, fields, mysql);
if(rows)
{
cache_get_field_content(0, "Password", pInfo[playerid][Password], mysql, 130);
cache_get_field_content(0, "Salt", pInfo[playerid][Salt], mysql, 31);
pInfo[playerid][ID] = cache_get_field_content_int(0, "ID");
ShowPlayerDialog(playerid, LogDialog, DIALOG_STYLE_PASSWORD, "Login", "Welcome player!\nYour account has been found in our database. Please fill in your password:", "Login", "Quit");
}
else
{
ShowPlayerDialog(playerid, RegDialog, DIALOG_STYLE_INPUT, "Register", "Welcome player!\nYour account has not been registered yet. Please fill in your desired password:", "Register", "Quit");
}
return 1;
}
public OnAccountLoad(playerid)
{
pInfo[playerid][Admin] = cache_get_field_content_int(0, "Admin");
pInfo[playerid][VIP] = cache_get_field_content_int(0, "VIP");
pInfo[playerid][Money] = cache_get_field_content_int(0, "Money");
pInfo[playerid][posX] = cache_get_field_content_float(0, "PosX");
pInfo[playerid][posY] = cache_get_field_content_float(0, "PosY");
pInfo[playerid][posZ] = cache_get_field_content_float(0, "PosZ");
pInfo[playerid][posA] = cache_get_field_content_float(0, "PosA");
TogglePlayerSpectating(playerid, false);
GivePlayerMoney(playerid, pInfo[playerid][Money]);
SetSpawnInfo(playerid, 0, 23, pInfo[playerid][posX], pInfo[playerid][posY], pInfo[playerid][posZ], pInfo[playerid][posA], 0, 0, 0, 0, 0, 0);
SpawnPlayer(playerid);
SendClientMessage(playerid, -1, "You have successfully logged in.");
return 1;
}
public OnAccountRegister(playerid)
{
pInfo[playerid][ID] = cache_insert_id();
printf("[Registration] New account registered. Account ID: [%d]", pInfo[playerid][ID]);
TogglePlayerSpectating(playerid, false);
SetSpawnInfo(playerid, 0, 23, SPAWN_X, SPAWN_Y, SPAWN_Z, SPAWN_A, 0, 0, 0, 0, 0, 0);
SpawnPlayer(playerid);
return 1;
}
ja vivo na franзa a muitos anos [Mas sou PT nao FR!]) nao ficou boa aqui no forum, mas ela esta boa no GM!