05.04.2017, 20:55
Got few questions, if anyone knows C#...
Any C# programmer?
06.04.2017, 05:32
Well, I want to make a launcher where people will use the same account as in game to log in.
The problem is that I hash and salt the password in game, to use it to log in on the launcher do I have to remove the encryption or something like that?
The problem is that I hash and salt the password in game, to use it to log in on the launcher do I have to remove the encryption or something like that?
06.04.2017, 05:55
No, you can also use the hashing methods you use in PAWN (for example SHA_256) in C# too
For example:
Player enters usename in the launcher ->
The launcher retrieves the hashed password and salt.
The launcher asks for password.
Player enters his password ->
The launcher hashes the password with the salt retrieved earlier from the DB.
Compares it with the hashed password which was retrieved from the DB.
If matches, continue logging in and retrieving data and stuff, if not, display the login window again or something.
Sorry if I wasn't clear.
For example:
Player enters usename in the launcher ->
The launcher retrieves the hashed password and salt.
The launcher asks for password.
Player enters his password ->
The launcher hashes the password with the salt retrieved earlier from the DB.
Compares it with the hashed password which was retrieved from the DB.
If matches, continue logging in and retrieving data and stuff, if not, display the login window again or something.
Sorry if I wasn't clear.
06.04.2017, 06:18
You will need something like an api on your website, because you cant just hardcode your db login info into your app. Hackers could reverse engineer it to get your db login and do shit.
For example, create a php script check.php, that will accept 2 post params - login and hash. When player enters his login, hash the password with the same hash as you use in pawn, and send a post request to your website/check.php
This script can reply with an error message like wrong password, or send all account details that you need if it was right, etc. Just parse the data and display them in your launcher.
This is the proper and secure way to do it
For example, create a php script check.php, that will accept 2 post params - login and hash. When player enters his login, hash the password with the same hash as you use in pawn, and send a post request to your website/check.php
This script can reply with an error message like wrong password, or send all account details that you need if it was right, etc. Just parse the data and display them in your launcher.
This is the proper and secure way to do it
06.04.2017, 06:33
You can login from the launcher using the same algorithm that you use in game, but the problem is that there is no way that you can pass info between launcher and ingame DIRECTLY so when players enters game there is no way to check if player logged in successfully from launcher.
However if you think you can actually pass info from launcher to ingame, here is the methods that I thought:
However as iKarim mentioned the app can be reverse-engineered so the DB part should be done on server side using a suitable backend language like php, asp.net, nodejs etc.
However if you think you can actually pass info from launcher to ingame, here is the methods that I thought:
- Create a mysql table name say "launcherLogin" and then create columns say (timestamp, ip, playerName/playerAccID).
- On successful login from launcher insert info into db.
- When players comes in game retrieve info from the same DB using ip and playerName/playerAccID and check the difference between current timestamp and timestamp in DB.
- If difference isn't more than say 25secs then allow login and delete that row, else he didnt login from launcher.
However as iKarim mentioned the app can be reverse-engineered so the DB part should be done on server side using a suitable backend language like php, asp.net, nodejs etc.
06.04.2017, 13:18
Quote:
|
Originally Posted by BroZeus
 You can login from the launcher using the same algorithm that you use in game, but the problem is that there is no way that you can pass info between launcher and ingame DIRECTLY so when players enters game there is no way to check if player logged in successfully from launcher.
However if you think you can actually pass info from launcher to ingame, here is the methods that I thought:
However as iKarim mentioned the app can be reverse-engineered so the DB part should be done on server side using a suitable backend language like php, asp.net, nodejs etc. |
I want the same login on the launcher because there will be the UCP too.
06.04.2017, 13:39
Quote:
|
Originally Posted by AndreiWow
I understand the login part now, but it is first time when I hear about reverse-engineering and I didn't really understand how to make it with php, do any of you know any good tutorial for this?
I want the same login on the launcher because there will be the UCP too. |
https://sampforum.blast.hk/showthread.php?tid=333934
I've posted an app video which was using the same method and logins to server by user name and pass but sadly I don't know for what samp beta testers got it removed. if you want I can show you its source / video on private pm.
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)