19.04.2017, 10:31
Hey guys, I am trying to allow the user to connect using the same account as in game, I use SHA256 and a salt in game so this is what I tried to do:
But even if the password is right in game, it still sends the user to the msg=failed, so I assume that this SHA256 does another hash on the password instead of the one that has been done in game.
PHP код:
if(isset($_POST) && array_key_exists('sendit',$_POST))
{
$userAccountInput = mysqli_real_escape_string($db,$_POST['username']);
$userPasswordInput = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT `ID`, `PASSWORD`, `SALT` FROM `USERS` WHERE `USERNAME` = '$userAccountInput'";
$result = mysqli_query($db,$sql);
if (!$result) {
printf("Error: %s\n", mysqli_error($db));
exit();
}
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
$saltFromDatabase = $row["SALT"];
$hashFromDatabase = $row["PASSWORD"];
function testPassword($fPassword, $fSaltFromDatabase, $fHashFromDatabase){
if (hash_hmac("sha256", $fPassword, $fSaltFromDatabase) === $fHashFromDatabase){
return(true);
}else{
return(false);
}
}
PHP код:
if(testPassword($userPasswordInput, $saltFromDatabase, $hashFromDatabase)){
session_register("userAccountInput");
$_SESSION['login_user'] = $userAccountInput;
$_SESSION['user_ID'] = $row[0];
header("location: ../index.php");
}else{
header("location:login.php?msg=failed");
}