Unhashing Passwords for UCP
#1

........
Reply
#2

Just hash the password written in the UCP login and check if it equals the hashed password in your SQL.
Reply
#3

How are you hashing passwords? Some hashes can actually be used in PHP (such as whirlpool). Unless it's a custom hash which I doubt, there is most likely no chance of decryption for the passwords, otherwise what would be the point of encryption in the first place.

Anyway, if I can know what encryption method you're using, I can tell you if you can check the hashes via PHP (I assume you're using PHP).
Reply
#4

You don't need to unhash the passwords, and you shouldn't.
http://php.net/manual/en/function.hash.php

I guess this would also be the wrong section.
Reply
#5

........
Reply
#6

Quote:
Originally Posted by NickD
Посмотреть сообщение
We are using PHP, and the encryption with the server passwords is from the ysi wp hash encryption.
wp_hash, is this compatible with PHP?
Should be! I'd assume it'd be used like the following, it's how I used it in one of my previous projects.

PHP код:
hash('whirlpool'$their_password); 
Reply
#7

Quote:
Originally Posted by DanLore
Посмотреть сообщение
Should be! I'd assume it'd be used like the following, it's how I used it in one of my previous projects.

PHP код:
hash('whirlpool'$their_password); 
I'm working with Nick on this project (I was the one who asked him to create a topic seeing as I am on my phone) Where exactly would the script provided go?
Reply
#8

You would hash the password the user tried using at the UCP:

PHP код:
$hashed_password hash("whirlpool"$_POST["password"]); 
And, after hashing the password they tried using, you would compare it to the value you have in your SQL database.

PHP код:
if($hashed_password == $sql_result["password"])
{
    
// They're a match.

Reply
#9

It does not seem to be working, I have the following code:
PHP код:
<?php 
include("config.php");
session_start();
error_reporting(0);
$submit $_POST['submit'];
$username $_POST['username'];
$password hash('whirlpool'$_POST['password']);  
if(
$submit)
{     
    if(
$username && $password)
    {   
        
$query mysql_query("SELECT playerName, playerPassword FROM playeraccounts WHERE playerName = '$username'");
        if(
mysql_num_rows($query) == 1)
        { 
            while(
$row mysql_fetch_assoc($query))
            { 
                
$dbusername $row['playerName']; 
                
$dbpassword $row['playerPassword'];
            } 
            if(
$username == $dbusername && $password == $dbpassword)
            { 
                
$_SESSION['username'] = $dbusername;
                echo 
header('location: profile.php'); //redirecting user to his profile page (profile.php) 
            

            else 
            {
                
header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php 
                
echo '.$password';
            }
        } 
        else 
        {
        
header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php  
        
echo '.$password';
        }
    } 
    else 
    {
        
header('location: ucp.html'); //if user isn't loged in it will redirect him on login.php  
        
echo '.$password';
    }

mysql_close();
flush();
?>
Is says that the password is invalid each time. :/
Reply
#10

Are the hashes the same? (Hash a random word on both your server and website and see if its the same)
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)