[Speaker]

Hello Guys i am using SHA256_PassHash to hash the password if a player registers on the server..
i am also working on UCP but there's a problem in Checking the hashed password plzz help me fixing it here's the code below.i am having problem in De-Hashing The Password On The Website For UCP

Код:

<?php
session_start();
include 'dbh.inc.php';

if(isset($_POST['name'], $_POST['password'])) {

	$name = $_POST['name'];
	$password = $_POST['password'];
	$sql = "SELECT * FROM users WHERE Name='$name'";
    $result = $conn->query($sql);
    if (empty($name && $password)) {
    	header("Location: ../page1.php?invalid=empty");
    	exit();
    } else {
        if($result->num_rows < 1) {
		header("Location: ../page1.php?invalid=login");
		exit();
    } else {
    	$row = mysqli_fetch_assoc($result);
		//De-hashing the password
		$salt = "786t!t>D<QW*@!)#$>C)_Agdh";
		$hash1 = hash('sha256', $password . $salt);
		$hash = strtoupper($hash1);
		if ($row['Password'] == $hash) {
			header("Location: ../page1.php?login=success");
			$_SESSION['user-name']= $name;
			$_SESSION['user-password']=$password;
			exit();
		} else { 
			header("Location: ../page1.php?invalid=login");
			exit();
		}
		}
	}
}
?>

[Chocopie]

Why not hash these password and compare them with database?

[Speaker]

Quote:

Originally Posted by Chocopie Why not hash these password and compare them with database?

What u mean can u show me how, well i have already done it i think

PHP код:

        //De-hashing the password
        $salt = "786t!t>D<QW*@!)#$>C)_Agdh";
        $hash1 = hash('sha256', $password . $salt);
        $hash = strtoupper($hash1);
        if ($row['Password'] == $hash) {
            header("Location: ../page1.php?login=success");
            $_SESSION['user-name']= $name;
            $_SESSION['user-password']=$password;
            exit();
        } else { 
            header("Location: ../page1.php?invalid=login");
            exit();
        } 


[Logic_]

There's no such thing as "de-hashing", anything that is hashed can't be reversed back.

You save the player password hashed. Hash the entered password and compare as said above.

[Speaker]

Ok got it but how to hash the input so that they are same.i know i have to go through the same aalgoritham but how to do it in PHP. I am using sha256_passwordhash. Please tell me

[rfr]

PHP код:

$hashedpw = hash('sha256', $_SESSION['user-password']); //+ what ever your salt is
//compare hashedpw to the one in the database
//may not be valid code
$getuserpw = $connection->prepare('SELECT `password` FROM `users` WHERE `username` = "$user-name");
if (password_verify($getuserpw , $hashedpw)) //or $row['password'] i don't know
{
//do whatever
}
else
{
//do whatever
} 


this code will not work but it is an example of what you're trying to do so don't copy and paste it
https://stackoverflow.com/questions/...sunderstanding
http://php.net/manual/en/function.password-verify.php

[Speaker]

Quote:

Originally Posted by rfr PHP код: $hashedpw = hash('sha256', $_SESSION['user-password']); //compare hashedpw to the one in the database  http://php.net/manual/en/function.password-verify.php

Ok what the use of PasswordSalt then which i used in script of gm

Код:

 #define PASSWORDSALT "any a
Salt here"
When password entered 
SHA256_PassHash(inputtext, PASSWORD_SALT, password, 64);

What is the use of it then in pHp

[kingmk]

I think the problem it's on your gamemode samp server, when u hashing the password, NOT in your UCP "De-Hashing". I had this problem some time ago, and the problem was that, the hashing SHA256 on my server didn't return the same hashed string like the PHP version. I suggest you to post the method that you hashing the password on your gamemode, so we can figure out what's wrong.

[Speaker]

Quote:

Originally Posted by kingmk I think the problem it's on your gamemode samp server, when u hashing the password, NOT in your UCP "De-Hashing". I had this problem some time ago, and the problem was that, the hashing SHA256 on my server didn't return the same hashed string like the PHP version. I suggest you to post the method that you hashing the password on your gamemode, so we can figure out what's wrong.

I think u r right because i just make a code where i entered my password and try to see the hashed output and i saw that they are just not the same..
here is the code

PHP код:

<?php
$password = "21dec2001";
$crypted = hash('sha256',$password);
echo $crypted;
?>

[kingmk]

Quote:

Originally Posted by Speaker I think u r right because i just make a code where i entered my password and try to see the hashed output and i saw that they are just not the same.. here is the code PHP код: <?php $password = "21dec2001"; $crypted = hash('sha256',$password); echo $crypted; ?>

# You can use a_https.inc to hashing your password on samp server via internet.

Some others tips:

1) Don't make a script who De-hashing... You just need to hash the entered password and compare it with the hashed password stored in your DB.
2) Read this to make what I'v said on (#) -> https://sampforum.blast.hk/showthread.php?tid=319574
3) Hashing a password in your samp server, will eat a lot of resources, so it may lagging when some players will requesting the hashing on same time. (I recomand use a_https.inc)
4) Also, i recommand you to create a GET on your PHP hashing, that will store a uniq CODE, like a password, to avoid spam. (You will use something like this "password=%s&algo=%s&data=%s", when u request the hashing )

Disadvantages -> Your login system will not work if the web server it's down.

Hope u understood.