[RyDeR`]

Introduction

This include is an implementation of the PHP function hash. It provides a function to generate hash a value using HTTP with a simple piece of PHP code which you can see below.

Functions

Let's say, it has only one function (since it's not really a function as it works with different steps to generate the hash value):

pawn Код:

/*
    const e_Algorithms: iAlgorithm  The (name of the) algorithm your want to use
    const iIdx                      The index of the process (perhaps it could be playerid for register/login systems)
    szText[]                        The piece of text/string you want to hash
*/
stock Hash(const e_Algorithms: iAlgorithm, const iIdx, szText[]);

Callback(s):

pawn Код:

forward OnHashUpdate(const iIdx, szHash[]);

Here's a list of e_Algorithms:

pawn Код:

enum e_Algorithms {
    MD2,            MD4,            MD5,
    SHA1,           SHA224,         SHA256,         SHA384,         SHA512,
    RIPEMD128,      RIPEMD160,      RIPEMD256,      RIPEMD320,
    WHIRLPOOL,
    TIGER128_3,     TIGER160_3,     TIGER192_3,
    TIGER128_4,     TIGER160_4,     TIGER192_4,
    SNEFRU,         SNEFRU256,
    GOST,
    ADLER32,
    CRC32,          CRC32B,
    SALSA10,        SALSA20,
    HAVAL128_3,     HAVAL160_3,     HAVAL192_3,     HAVAL224_3,     HAVAL256_3,
    HAVAL128_4,     HAVAL160_4,     HAVAL192_4,     HAVAL224_4,     HAVAL256_4,
    HAVAL128_5,     HAVAL160_5,     HAVAL192_5,     HAVAL224_5,     HAVAL256_5
};

And here are the defines:

pawn Код:

#if !defined MAX_HTTP_SIZE
    #define MAX_HTTP_SIZE (1024)
#endif

#if !defined HASH_SERVER
    #define HASH_SERVER "ryder.com.nu/hash.php"
#endif

If these are set before the include, your settings will be applied.

PHP Code

Currently this include is using my free hosted website so a small delay in retrieving the result is quite possible. I recommend you to use your own server for no delays. If you're planning to do that just save the following code as hash.php, upload it to your FTP and don't forget to change ryder.com.nu/

PHP код:

<?php
    echo(hash($_POST["algo"], $_POST["data"]));
?>

Examples

Here's a quick example usage of Whirlpool and MD5:

pawn Код:

Hash(MD5, 10000,
    "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum."
);
Hash(WHIRLPOOL, 10001,
    "The quick brown fox jumps over the lazy dog"
);

Your hash value be will generated under this callback:

pawn Код:

public OnHashUpdate(const iIdx, szHash[]) {
    switch(iIdx) {
        case 10000: {
            printf("MD5: %s", szHash);
        }
        case 10001: {
            printf("Whirlpool: %s", szHash);
        }
    }
}

will print us:

pawn Код:

MD5: fa5c89f3c88b81bfd5e821b0316569af
Whirlpool: b97de512e91e3828b40d2b0fdce9ceb3c4a71f9bea8d88e75c4fa854df36725fd2b52eb6544edcacd6f8beddfea403cb55ae31f03ad62a5ef54e42ee82c3fb35

This is analog for the rest of the hash algorithms. You can use iIdx as playerid for register/login systems perhaps.

Download

Hash.inc

Register/Login System (Example)

Register/Login System Example using Hash.inc

Changelog

• 19/02/2011:
  • Initial release

• 23/02/2011 (Important update!):
  • Fixes:
    • Security issues regarding hash values in Apache logs (Thanks to Slice!).
    • PHP Code
  • Adds:
    • URL Encoding for string validating so hash values don't get messed up.
  • Notes:
    • Nothing has been changed about the syntax: after update, no need to change anything.

[SuperMarioRol]

Very very great. +rep

[[XST]O_x]

Amazing work mate!

[royal_king]

Amazing dude! Really helpful

[RyDeR`]

Thanks! Let me know if you more examples for other cases, not mentioned in the first post.

[Modrlicc]

Will become very handy! Thanks for this.

[Niko_boy]

This one is awesome now i can use it to hash , so it will be like -1 plugin from my server.cfg [whirlpool]

[Kaperstone]

Another good release by RyDeR

P.S. what is this:"e_Algorithms" ?

[iZN]

Another great release by RyDeR, thank you!

[RyDeR`]

Thanks!

Quote:

Originally Posted by xkirill Another good release by RyDeR P.S. what is this:"e_Algorithms" ?

Just an enumerator containing all algorithm names (better indexes).

[[Nikk]]

Im gonna to be honest, i dont understend wtf is this, but, if comes from Ryder is nice ! good work (?)

[RyDeR`]

Quote:

Originally Posted by [Nikk] Im gonna to be honest, i dont understend wtf is this, but, if comes from Ryder is nice ! good work (?)

Well, I explained in the first post. It's just an include that communicates with a small PHP code using HTTP to get the hash value. Most important hash algorithms are included. If you need any more examples feel free to ask.

[shitbird]

Nice! I have a few questions though.
How exactly would you create a registration filterscript with this? - and would it not be a bit inefficient?

The only possible way I see, is that you hash the given password, from let's say a dialog, using Hash(MD5, x,inputtext). And then, you assign a variable to the playerid, who just submitted the text.

Next, you want to loop through all the players online, to find out who exactly submitted the code, and after that, amend the hashed password to his file/file-on-database.

Furthermore, how do you read the password with this include?
Wouldn't you be forced to use MySQL's ability to read hashes?

If so, wouldn't it be a lot easier to simply use the MD5 hasher that comes with MySQL. Or ******'s whirlpool plugin?

Regards,
shitbird.

[RyDeR`]

Quote:

Originally Posted by shitbird and would it not be a bit inefficient?

No. Depends on what you actually mean by "inefficient". This will be even more "efficient" for your server as the hash does get generated by my free hosted website. If you mean the time it takes to get the result, it won't even take more than half a second in most cases to get the value generated in your preferred algorithm.

Quote:

Originally Posted by shitbird The only possible way I see, is that you hash the given password, from let's say a dialog, using Hash(MD5, x,inputtext). And then, you assign a variable to the playerid, who just submitted the text. Next, you want to loop through all the players online, to find out who exactly submitted the code, and after that, amend the hashed password to his file/file-on-database.

No need for that. As I mentioned in the first post, you can use playerid as index in the second parameter of Hash.

Quote:

Originally Posted by shitbird Furthermore, how do you read the password with this include?

Same as how you register the player (see example below).

Quote:

Originally Posted by shitbird Wouldn't you be forced to use MySQL's ability to read hashes?

I'm sorry, didn't quite understand that one.

Quote:

Originally Posted by shitbird If so, wouldn't it be a lot easier to simply use the MD5 hasher that comes with MySQL. Or ******'s whirlpool plugin?

Well, if you need MD5 and you're using MySQL, it's better to use the MD5 hash functionality of MySQL. For all other hashes (SHA, Whirlpool, ...) I still recommend this. You will probably agree after seeing the example.

I quickly created a register/login system using MySQL with Whirlpool hasing using my include.
http://pastebin.com/V1vsNBcZ

I just tested it and it works as expected without any problems nor delays. Here's the table (players.sql) if you'd like to test it either:

pawn Код:

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

CREATE TABLE IF NOT EXISTS `players` (
  `Name` varchar(24) NOT NULL,
  `Password` varchar(129) NOT NULL,
  `Score` int(11) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

INSERT INTO `players` (`Name`, `Password`, `Score`) VALUES
('RyDeR', 'cce08bba3f2e3c029cd257104b06d4b075772d5f514cf1b7789506f9a69d53c51464881d2c18445ab290553b302f67a24b1c69e3e737a46215deaf43517e4960', 999999);

As you can see, my (Whirlpool) password "12345" is generated correctly into my table.

[DRIFT_HUNTER]

Only downside of these is its speed....its slow...

[RyDeR`]

Quote:

Originally Posted by DRIFT_HUNTER Only downside of these is its speed....its slow...

Yes, but believe me, if you have a fairly fast server, just put in there and it won't be even noticeable. If you have not, there's always a solution like sending a message to the player like: "Please wait, connecting to the server...". But as I said, the difference is in most cases not even more than half a second with my free hosted website.

[[Nikk]]

Quote:

Originally Posted by RyDeR` Well, I explained in the first post. It's just an include that communicates with a small PHP code using HTTP to get the hash value. Most important hash algorithms are included. If you need any more examples feel free to ask.

Yes, i read some parts, but is difficult for me. but would be the most important thing you could do with this? Can you give an simple example or tell me the most important thing what you could do with this ?, thanks .

[shitbird]

Quote:

Originally Posted by RyDeR` I'm sorry, didn't quite understand that one.

I was referring to the md5 hash functionality in MySQL, whether or not it was a must, as by the time I posted this, I did not understand that the include could also "unhash/decode" the hash. More or less, I thought it was a one way communication, making the registration process rather awkward.
Thank you for clearing this up for me. I'll take a look at the script immediately.

[RyDeR`]

Quote:

Originally Posted by [Nikk] Yes, i read some parts, but is difficult for me. but would be the most important thing you could do with this? Can you give an simple example or tell me the most important thing what you could do with this ?, thanks .

Well, I don't know what I can say more about this. Take a look again at the first post please.

Quote:

Originally Posted by shitbird I was referring to the md5 hash functionality in MySQL, whether or not it was a must, as by the time I posted this, I did not understand that the include could also "unhash/decode" the hash. More or less, I thought it was a one way communication, making the registration process rather awkward. Thank you for clearing this up for me. I'll take a look at the script immediately.

Sure, glad I could help!

[Modrlicc]

I was also wondering how to create a user system with this, but thanks for the example. I will definitely use this.