UCP De-hashing Help
#1

Hello Guys i am using SHA256_PassHash to hash the password if a player registers on the server..
i am also working on UCP but there's a problem in Checking the hashed password plzz help me fixing it here's the code below.i am having problem in De-Hashing The Password On The Website For UCP

Код:
<?php
session_start();
include 'dbh.inc.php';

if(isset($_POST['name'], $_POST['password'])) {

	$name = $_POST['name'];
	$password = $_POST['password'];
	$sql = "SELECT * FROM users WHERE Name='$name'";
    $result = $conn->query($sql);
    if (empty($name && $password)) {
    	header("Location: ../page1.php?invalid=empty");
    	exit();
    } else {
        if($result->num_rows < 1) {
		header("Location: ../page1.php?invalid=login");
		exit();
    } else {
    	$row = mysqli_fetch_assoc($result);
		//De-hashing the password
		$salt = "786t!t>D<QW*@!)#$>C)_Agdh";
		$hash1 = hash('sha256', $password . $salt);
		$hash = strtoupper($hash1);
		if ($row['Password'] == $hash) {
			header("Location: ../page1.php?login=success");
			$_SESSION['user-name']= $name;
			$_SESSION['user-password']=$password;
			exit();
		} else { 
			header("Location: ../page1.php?invalid=login");
			exit();
		}
		}
	}
}
?>
Reply
#2

Why not hash these password and compare them with database?
Reply
#3

Quote:
Originally Posted by Chocopie
Посмотреть сообщение
Why not hash these password and compare them with database?
What u mean can u show me how, well i have already done it i think
PHP код:
        //De-hashing the password
        
$salt "786t!t>D<QW*@!)#$>C)_Agdh";
        
$hash1 hash('sha256'$password $salt);
        
$hash strtoupper($hash1);
        if (
$row['Password'] == $hash) {
            
header("Location: ../page1.php?login=success");
            
$_SESSION['user-name']= $name;
            
$_SESSION['user-password']=$password;
            exit();
        } else { 
            
header("Location: ../page1.php?invalid=login");
            exit();
        } 
Reply
#4

There's no such thing as "de-hashing", anything that is hashed can't be reversed back.

You save the player password hashed. Hash the entered password and compare as said above.
Reply
#5

Ok got it but how to hash the input so that they are same.i know i have to go through the same aalgoritham but how to do it in PHP. I am using sha256_passwordhash. Please tell me
Reply
#6

PHP код:
$hashedpw hash('sha256'$_SESSION['user-password']); //+ what ever your salt is
//compare hashedpw to the one in the database
//may not be valid code
$getuserpw $connection->prepare('SELECT `password` FROM `users` WHERE `username` = "$user-name");
if (password_verify($getuserpw , $hashedpw)) //or $row['
password'] i don't know
{
//do whatever
}
else
{
//do whatever

this code will not work but it is an example of what you're trying to do so don't copy and paste it
https://stackoverflow.com/questions/...sunderstanding
http://php.net/manual/en/function.password-verify.php
Reply
#7

Quote:
Originally Posted by rfr
Посмотреть сообщение
PHP код:
$hashedpw hash('sha256'$_SESSION['user-password']);
//compare hashedpw to the one in the database 
http://php.net/manual/en/function.password-verify.php
Ok what the use of PasswordSalt then which i used in script of gm
Код:
 #define PASSWORDSALT "any a
Salt here"
When password entered 
SHA256_PassHash(inputtext, PASSWORD_SALT, password, 64);
What is the use of it then in pHp
Reply
#8

I think the problem it's on your gamemode samp server, when u hashing the password, NOT in your UCP "De-Hashing". I had this problem some time ago, and the problem was that, the hashing SHA256 on my server didn't return the same hashed string like the PHP version. I suggest you to post the method that you hashing the password on your gamemode, so we can figure out what's wrong.
Reply
#9

Quote:
Originally Posted by kingmk
Посмотреть сообщение
I think the problem it's on your gamemode samp server, when u hashing the password, NOT in your UCP "De-Hashing". I had this problem some time ago, and the problem was that, the hashing SHA256 on my server didn't return the same hashed string like the PHP version. I suggest you to post the method that you hashing the password on your gamemode, so we can figure out what's wrong.
I think u r right because i just make a code where i entered my password and try to see the hashed output and i saw that they are just not the same..
here is the code
PHP код:
<?php
$password 
"21dec2001";
$crypted hash('sha256',$password);
echo 
$crypted;
?>
Reply
#10

Quote:
Originally Posted by Speaker
Посмотреть сообщение
I think u r right because i just make a code where i entered my password and try to see the hashed output and i saw that they are just not the same..
here is the code
PHP код:
<?php
$password 
"21dec2001";
$crypted hash('sha256',$password);
echo 
$crypted;
?>
# You can use a_https.inc to hashing your password on samp server via internet.

Some others tips:

1) Don't make a script who De-hashing... You just need to hash the entered password and compare it with the hashed password stored in your DB.
2) Read this to make what I'v said on (#) -> https://sampforum.blast.hk/showthread.php?tid=319574
3) Hashing a password in your samp server, will eat a lot of resources, so it may lagging when some players will requesting the hashing on same time. (I recomand use a_https.inc)
4) Also, i recommand you to create a GET on your PHP hashing, that will store a uniq CODE, like a password, to avoid spam. (You will use something like this "password=%s&algo=%s&data=%s", when u request the hashing )

Disadvantages -> Your login system will not work if the web server it's down.

Hope u understood.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)