1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
bCrypt Migration...
SkyFlare
Huge Clucker
***
Posts: 221
Threads: 29
Joined: Apr 2015
Reputation: 0
#1

27.06.2020, 23:52
( Last edited by SkyFlare; 28/06/2020 at 10:02 AM. )
So I moved away from Whirlpool today.... well atleast I am trying to....
#include <bcrypt>

bCrypt is working, sort of... I can create an account but logging back in is the issue, however the hash has stored correctly in db.
PHP Code:
enum E_PLAYERS
{
    Name[MAX_PLAYER_NAME],
    Password[BCRYPT_HASH_LENGTH// bCrypt Hashingis a 61-character-long string (60 + null terminator), which is also defined as constant BCRYPT_HASH_LENGTH.
};
new Player[MAX_PLAYERS][E_PLAYERS]; 
PHP Code:
ONPLAYERCONNECT
    new query[84];
    new pname[MAX_PLAYER_NAME+1];
    GetPlayerName(playeridpnamesizeof(pname));
    mysql_format(g_SQLquerysizeof(query), "SELECT * FROM `players` WHERE `username` = '%e' LIMIT 1"pname);
    mysql_tquery(g_SQLquery"OnPlayerJoin""dd"playeridg_MysqlRaceCheck[playerid]); 
PHP Code:
ONPLAYERJOIN
forward OnPlayerJoin(playeridrace_check);
public OnPlayerJoin(playeridrace_check)
{
    if (race_check != g_MysqlRaceCheck[playerid]) return Kick(playerid);
    new string[256];
    new pname[MAX_PLAYER_NAME+1];
     GetPlayerName(playeridpnamesizeof(pname));
    if(cache_num_rows() > 0)
    {
        cache_get_value(0"password"Player[playerid][Password], 61);
        Player[playerid][Cache_ID] = cache_save();
        format(stringsizeof string"This account (%s) is registered. Please login by entering your password in the field below:"pname);
        ShowPlayerDialog(playeridDIALOG_LOGINDIALOG_STYLE_PASSWORD"Login"string"Login""Abort");
    }
    else
    {
        format(stringsizeof string"Welcome %s, you can register by entering your password in the field below:"pname);
        ShowPlayerDialog(playeridDIALOG_REGISTERDIALOG_STYLE_PASSWORD"Registration"string"Register""Abort");
    }
    return 1;

PHP Code:
ONDIALOGRESPONSE
case DIALOG_LOGIN:
        {
            new query[128], pname[MAX_PLAYER_NAME];
            GetPlayerName(playeridpnamesizeof(pname));
            SetPVarString(playerid"Unhashed_Pass",inputtext);
            
            mysql_format(g_SQLquerysizeof(query), "SELECT password from `players` WHERE username = '%e'"pname);
            mysql_tquery(g_SQLquery"OnPlayerLogin""d"playerid);
        }
        case DIALOG_REGISTER:
        {
            if(response)
            {
                if(strlen(inputtext) <= 5) return ShowPlayerDialog(playeridDIALOG_REGISTERDIALOG_STYLE_PASSWORD"Registration""Your password must be longer than 5 characters!\nPlease enter your password in the field below:""Register""Abort");
                bcrypt_hash(inputtext12"OnPassHash""d"playerid);
            }
        } 
PHP Code:
forward OnPlayerLogin(playerid);
public OnPlayerLogin(playerid)
{
    new pPass[61], unhashed_pass[61];
    GetPVarString(playerid"Unhashed_Pass",unhashed_pass,sizeof(unhashed_pass));
    if(cache_num_rows())
    {
        cache_get_value_name(0"password"Player[playerid][Password], 60);
        bcrypt_check(unhashed_passpPass"OnPassCheck""dd",playeridPlayer[playerid][Password]);
    }
    else printf("ERROR: OnPlayerLogin, cant Cache_Num_Rows!");
    return 1;
}
forward OnPassCheck(playeridDBID);
public OnPassCheck(playeridDBID)
{
    if(bcrypt_is_equal())
    {
        SpawnPlayer(playerid);
        return 1;
    }
    else
    {
        if(Player[playerid][LoginAttempts] >= 3)
        {
            ShowPlayerDialog(playeridDIALOG_UNUSEDDIALOG_STYLE_MSGBOX"Login""You've mistyped your password too often (3 times).""Okay""");
            return 1;
        }
        else  return ShowPlayerDialog(playeridDIALOG_LOGINDIALOG_STYLE_PASSWORD"Login""Wrong password!\nPlease enter your password in the field below:""Login""Abort");
    }
}
forward OnPassHash(playerid);
public OnPassHash(playerid)
{
    new pass[BCRYPT_HASH_LENGTH], query[512], pname[MAX_PLAYER_NAME];
    GetPlayerName(playeridpnamesizeof(pname));
    bcrypt_get_hash(pass);
    mysql_format(g_SQLquerysizeof(query), "INSERT INTO `players`(`username`, `password`) VALUES('%e', '%s')"pnamepass);
    mysql_tquery(g_SQLquery"OnPlayerRegister""d"playerid);
    return 1;
}
forward OnPlayerRegister(playerid);
public OnPlayerRegister(playerid)
{
    return 1;

I bet the issue is something stupid, thanks in advance.
Find
Reply
Kwarde
High-roller
*****
Posts: 2,863
Threads: 99
Joined: Nov 2009
Reputation: 0
#2

28.06.2020, 00:05
I never used bcrypt so I probably can't help you (didn't look at the code yet though), but wondering, why not use SHA256_PassHash() (included in SAMP since 0.3.7 R1)
https://sampwiki.blast.hk/wiki/SHA256_PassHash
Find
Reply
SkyFlare
Huge Clucker
***
Posts: 221
Threads: 29
Joined: Apr 2015
Reputation: 0
#3

28.06.2020, 00:09
Quote:
Originally Posted by Kwarde
View Post
I never used bcrypt so I probably can't help you (didn't look at the code yet though), but wondering, why not use SHA256_PassHash() (included in SAMP since 0.3.7 R1)
https://sampwiki.blast.hk/wiki/SHA256_PassHash
Wanted to see what bCrypt was like, really wanna give it a fair run for its usage, apparently it's harder to crack, if I can't manage to sort it out I will probably give passhash a go.
Find
Reply
GameOvr
Huge Clucker
****
Posts: 296
Threads: 32
Joined: Jun 2018
Reputation: 0
#4

28.06.2020, 09:11
bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

I didnt look much at the code just cought this, if it's not the one which cause the problem.. post "lol, its not the problem". I'll analyze then .

You are right. bcrypt is very secure almost like impossible to crack but also horribly slow.. which gives a bad sense for players about the server.
Find
Reply
SkyFlare
Huge Clucker
***
Posts: 221
Threads: 29
Joined: Apr 2015
Reputation: 0
#5

28.06.2020, 09:44
Fixed it... and yes it was something stupid, I got me a coffee :P wake up SkyFlare lol
Incase anyone else seems to have a issue with bCrypt this was the issue.

PHP Code:
bcrypt_check(unhashed_passpPass"OnPassCheck""dd",playeridPlayer[playerid][Password]); 
Changed to now execute like this.

PHP Code:
bcrypt_check(unhashed_passPlayer[playerid][Password], "OnPassCheck""d"playerid); 
The way bcrypt_check works is it checks your unhashed password (inputtext)
and then gets the hash(from MySQL or Enumerator)
then you get the result, however I was checking Unhashed password, for a empty string "pPass", not the Hashed Password.



EDIT: Just seen your Response now GameOvr.

Quote:
Originally Posted by GameOvr
View Post
bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

I didnt look much at the code just cought this, if it's not the one which cause the problem.. post "lol, its not the problem". I'll analyze then .

You are right. bcrypt is very secure almost like impossible to crack but also horribly slow.. which gives a bad sense for players about the server.
yeah it was the issue lol, I do see some slowness there, however I believe you can lower its strength to begin with, and also rehash without players ever knowing, so you can slowly increase its hash and rehash passwords over time, they will get used to the login speed lmao although new players will think its crap
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help