[seanny]

I am creating a User Control Panel in PHP for use with alongside a SAMP gamemode. The gamemode is fine, but when I try to create the login system on the UCP, the password generated by PHP does not match the salted one generated by SAMP (SHA256_PassHash).

PHP код:

<?php
require_once("config.php");
if($_SERVER["REQUEST_METHOD"] == "POST") 
{
    // username and password sent from form 
    $myusername = mysqli_real_escape_string($conn,$_POST['Username']);
    $mypassword = mysqli_real_escape_string($conn,$_POST['password']); 
    $sql = "SELECT * FROM `users` WHERE `name` = '".$myusername."' LIMIT 1";
    $result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0)
    {
        while($arow = mysqli_fetch_assoc($result)) 
        {
            $salt = $arow["salt"];
            $hash1 = hash('sha256', $mypassword . $salt);
            $hash = strtoupper($hash1);
            $check = "SELECT * FROM users WHERE name='$myusername' && password = '$hash'";
            $result = mysqli_query($conn,$check);
            $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
            $count = mysqli_num_rows($result);
            echo "DEBUG: db pass = ".$arow["password"]."<br>";
            echo "DEBUG: php pass = ".$hash;
            /*if(strcmp($arow["password"],$hash) == 0)
            {
                $_SESSION['username'] = $myusername;
                header("location: index.php");
            }
            else 
            {
                header("location: login.php?error=1&password=$password");
            }*/
        }
    }
}
?>

[Paulice]

Change "&&" to "AND" in your SQL statement.

-----

They do return the same hash:

[seanny]

Quote:

Originally Posted by Paulice Change "&&" to "AND" in your SQL statement. ----- They do return the same hash:

I've changed && to AND.

I dunno why it's returning a different hash on my system then. I'll need to look into it more.

[Banditul18]

When i was trying to do the same, for me php returned a lower case hash but samp was returned a uper case case. So they never match unless. So use strtoupper on the php hash.
This was my problem, i dunno if will work for you....

[Paulice]

Quote:

Originally Posted by Banditul18 When i was trying to do the same, for me php returned a lower case hash but samp was returned a uper case case. So they never match unless. So use strtoupper on the php hash. This was my problem, i dunno if will work for you....

Look at his code...

[dboz]

I got this same problem. Help

[Thomas.]

You should post the code of the gamemode side as well. Since they produce different results, we need to be able to compare what these scripts are doing.