[TheWay]

I want to make a panel for my server, but I got a problem, my password in mysql is hashed, and if I try to login with my password ex: 1234 dosen't work, if I try to use password from mysql (hased) like "5345435wfrwjefqwjieriwqjerjiwqjriwqerweq" works.

Login.php

PHP код:

<?php  
include 'includes/config.php';
include 'includes/header.php';
if(isset($_POST['username']) && isset($_POST['password'])){
$username = sec($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$check = get_row("SELECT id FROM players WHERE Name='$username' && Password='$password'");
if(isset($check['id'])){
$banned = get_row("SELECT * FROM banuri WHERE Nume='$username'");
if(isset($banned['id'])){
if($banned['BanaP'] == 0){
$err = 'Esti banat permanent';
}else{
$err = 'Esti banat pana la data de '.$banned['BanzP'].'.'.$banned['BanlP'].'.'.$banned['BanaP'].'.'.$banned['BanoP'].':'.$banned['BanmP'];
}
}else{
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
mysql_query("UPDATE players SET rpgon=2 WHERE Name='$username'");
header('location: cont.php');
}
}else{
$err = 'Username sau parola incorecte';
}
}
?>
<form method="POST" action="login.php">
<center><table id="loginstyle">
        <br />
<br />
<tr>
<td id="intxt"><p style="color:#FFFFFF">Utilizator:</p></td></center>
<td><input id="instyle" type="text" name="username" /></td>
</tr>
<tr>
<td id="intxt"><p style="color:#FFFFFF">Parola:</p></td></center>
<td><input  id="instyle" type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" style="color:#FF0000">
       &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input background="images/user.png" id="sbm" type="submit" value="Submit" >
</td>
</tr>
<?php if(isset($err)): ?>
<tr>
<td colspan="2" style="color:#FF0000;font-weight:bold;">
<?=$err?>
</td>
</tr>
<?php endif; ?>
</table>
<center>
<img src="http://www.game-state.eu/188.241.14.22:7777/FFFFFF/FFFFFF/n-560x95.png" alt="www.Game-State.eu" style="border-style: none;" />
</center>
</form>
 
<?php include 'includes/footer.php'; ?>

[Seif-]

Wrong section to post this, but if your password is hashed in MySQL, then you cannot login without hashing the password because they won't match. You need to hash the password that you enter in the field to see if they match. You should also specify what hash you're using.

[TheWay]

How I can see what Hash i use? ?

[Seif-]

Well if you're hashing your passwords, you must know what you're using. Check your script.

[TheWay]

strtoupper(hash

this?

[Seif-]

No, you should post your login/registration part.

[TheWay]

forward MySQLCreateAccount(newplayersname[], newpassword[], playerid);
forward OnPlayerLogin(playerid,password[]);
forward OnPlayerRegister(playerid, password[]);
public MySQLCreateAccount(newplayersname[], newpassword[], playerid)
{
new query[300];
new sqlplyname[64];
//new sqlpassword[64];
new parolacript[129];

mysql_real_escape_string(newplayersname, sqlplyname);
//mysql_real_escape_string(newpassword, sqlpassword);
WP_Hash(parolacript, sizeof(parolacript), newpassword);

[Seif-]

So you're using Whirlpool hashing. In that case, use the PHP function "hash" with whirlpool as the algorithm right before your first query:

PHP код:

$password = hash("whirlpool", $password); 


[TheWay]

To use this in login.php?

[Seif-]

Yes, before the first query.