I need help with my UCP
#1

I'm creating a UCP for my RP server. I can insert stuff into my DB but now I'm not sure how can I decrypt or use the hashed pw.
I've tried with md5 and SHA1 but it's not working and now I'm not sure what should I do or how to compare the inputtext with a hashed password.
Reply
#2

You can't decrypt hashes.
Just hash the inputtext and compare them.
Reply
#3

Quote:
Originally Posted by X337
Посмотреть сообщение
You can't decrypt hashes.
Just hash the inputtext and compare them.
That's what I don't know how to do it. And I found nothing on the SAMP wiki

I'm storing a MD5/SHA1 (pInfo[playerid][password]) into my DB, what's next?
Reply
#4

I solved almost anything but I'm having troubles now with the output of the hashed pw.

Ex.:

Original hash: b5021bbda761e7b6cde516f616a09f2e3ea5cb3dc48ccbd37a 8deeda94b56562
Hash generated on the GM: B5021BBDA761E7B6CDE516F616A09F2E3EA5CB3DC48CCBD37A 8DEEDA94B56562

As you can see, the string is the same but different so I can't compare a hash/password.


Solved!
If anyone is interested:

Код:
            new passwordLower[65];
            format(passwordLower, sizeof(passwordLower), "%s", YOURPASSWORDVARIABLE);
            for(new i, len = strlen(passwordLower); i < len; ++i)
			{
			    passwordLower[i] = tolower(passwordLower[i]);
			}


            for(new i, len = strlen(hashed_pass); i < len; ++i)
			{
			    hashed_pass[i] = tolower(hashed_pass[i]);
			}
Original hash: b5021bbda761e7b6cde516f616a09f2e3ea5cb3dc48ccbd37a 8deeda94b56562
Generated hash: b5021bbda761e7b6cde516f616a09f2e3ea5cb3dc48ccbd37a 8deeda94b56562
Reply
#5

http://php.net/manual/en/function.password-verify.php

Have you tried using password_verify? Verifies a password with a hash.
Reply
#6

Don't use SHA1. Its unsecure. See here

Consider using SHA256, or some other variation (Whirlpool).

pawn Код:
mysql_format(connectionHandle, query, sizeof(query), "INSERT INTO `users` (`username`,`password`) VALUES('%e',SHA2('%e',256))", Name, inputtext); //SHA256. You could even use SA:MP's version. I haven't speed-tested it though, so unsure of the speed differences.
For whirlpool see this. To hash the user input on the website,

PHP код:
$password hash('whirlpool'$data_to_be_hashed); 
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)