UCP and mysql password hashing
#1

I am using a vortex 2 script and I am wondering how I would recive hashed passwords from my data, this is what I have so far with checking login details.

PHP код:
<?php
ob_start
();
$host="localhost"// Host name 
$username="root"// Mysql username 
$password=""// Mysql password 
$db_name="samp"// Database name 
$tbl_name="playeraccounts"// Table name
// Connect to server and select databse.
mysql_connect("$host""$username""$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
// To protect MySQL injection (more detail about MySQL injection)
$Username stripslashes($username);
$Password stripslashes($password);
$Username mysql_real_escape_string($Username);
$Password mysql_real_escape_string($Password);
$sql="SELECT * FROM $tbl_name WHERE playerName='$Username' and playerPassword='"hash('whirlpool'$Password) ."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_register("Username");
session_register("Password"); 
header("location:Dashboard.php");
}
else {
echo 
"Wrong Username or Password";
}
ob_end_flush();
?>
Reply
#2

You cannot receive the password itself. All you can receive is the hash of it.

A few notes though; session_register is removed in new PHP versions and you don't need quotes around the variables in mysql_connect or mysql_select_db. I highly recommend that you use mysqli though.
Reply
#3

Quote:
Originally Posted by 3ventic
Посмотреть сообщение
You cannot receive the password itself. All you can receive is the hash of it.

A few notes though; session_register is removed in new PHP versions and you don't need quotes around the variables in mysql_connect or mysql_select_db. I highly recommend that you use mysqli though.
So how would I do it, like how would I get their password from the database to login.
Reply
#4

You don't. What isn't working, exactly? 'Cause this is exactly how it's done.
Reply
#5

http://www.w3schools.com/html/html_forms.asp
http://www.w3schools.com/php/php_forms.asp

Read those to get started. After that take a look at your existing code. It's a good start.
Reply
#6

Quote:
Originally Posted by Vince
Посмотреть сообщение
You don't. What isn't working, exactly? 'Cause this is exactly how it's done.
It says the password is wrong when it is not.
Reply
#7

I have now fixed the issue, thanks anyway guys.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)