PHP + Whirpool istant +REP
#1

Hi i setted up Whirpool and its hashing aswell. The password match when i log in game but not in the UCP.

I tried for over 1 hour to find the problem but with any results.

index.php

PHP код:

<?php
          
//SELECT COUNT(*)
            
if(!isset($_SESSION["kasutaja"]) && !isset($_POST["name"]))
            {
                echo 
'
                <form name="input" action="index.php?page=home" method="post">
                <h3>Login</h3>'
;
                if(isset(
$_SESSION["JLO"]))
                {
                    echo 
'<p><font color="green">You have been logged out!</font></p>';
                    unset(
$_SESSION["JLO"]);
                }
                if(
$page == "stats")
                {
                    echo 
"<br />
                    <ul>
                    <li><a href='?page=bans'>Bans</a></li>
                    <li><a href='?page=players'>Players</a></li>
                    <li><a href='?page=top'>Top Stats</a></li>
                    </ul>"
;
                }
                else
                {
                echo
'
                <p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
                <p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
                <p><input class="login" name="login" type="submit" value="Login" /></p>
                </form>'
;
                }
            }
            else if(isset(
$_POST["name"]))
            {
                
$kasutaja $_POST["name"];
                
$pass $_POST["pass"];
                
$querytxt "SELECT * FROM accounts WHERE Name = '$kasutaja'";
                
$result mysql_query($querytxt);
                
$nouser mysql_num_rows($result);
                
$row mysql_fetch_row($result);
                if(
$nouser == 0)
                {
                    if(
$page == "stats")
                    {
                        echo 
"<br />
                        <ul>
                        <li><a href='?page=bans'>Bans</a></li>
                        <li><a href='?page=players'>Players</a></li>
                        <li><a href='?page=top'>Top Stats</a></li>
                        </ul>"
;
                    }
                    else
                    {
                        echo 
'
                        <form name="input" action="index.php?page=home" method="post">
                        <h3>Login</h3>
                        <p><font color="red">User doesnt exist!</font></p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
                        <p><input class="login" name="login" type="submit" value="Login" /></p>
                        </form>'
;
                    }
                }    
                else if(
$pass != $row[1])
                {
                    if(
$page == "stats")
                    {
                        echo 
"<br />
                        <ul>
                        <li><a href='?page=bans'>Bans</a></li>
                        <li><a href='?page=players'>Players</a></li>
                        <li><a href='?page=top'>Top Stats</a></li>
                        </ul>"
;
                    }
                    else
                    {
                        echo 
'
                        <form name="input" action="index.php?page=home" method="post">
                        <h3>Login</h3>
                        <p><font color="red">Wrong password!</font></p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
                        <p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
                        <p><input class="login" name="login" type="submit" value="Login" /></p>
                        </form>'
;
                    }
                }
                else
                {
                    if(
$page == "stats")
                    {
                        echo 
"<br />
                        <ul>
                        <li><a href='?page=bans'>Bans</a></li>
                        <li><a href='?page=players'>Players</a></li>
                        <li><a href='?page=top'>Top Stats</a></li>
                        </ul>"
;
                    }
                    else
                    {
                    echo 
"<br />
                    <h5>Welcome, 
$kasutaja!</h5>
                    <ul>
                    <li><a href='?page=ucp'>My Account</a></li>
                    <li><a href='?page=skin'>Change Skin</a></li>
                    <li><a href='?page=pass'>Change Password</a></li>
                    <li><a href='?page=money'>Transfer Money</a></li>
                    <li><a href='logout.php'>Logout</a></li>
                    </ul>"
;
                    }
                    
$_SESSION["kasutaja"] = $kasutaja;
                }
            }
            else if(isset(
$_SESSION["kasutaja"]))
            {
                
$kasutaja $_SESSION["kasutaja"];
                if(
$page == "stats")
                {
                    echo 
"<br />
                    <h5>Welcome, 
$kasutaja!</h5>
                    <ul>
                    <li><a href='?page=ucp'>My Account</a></li>
                    <li><a href='?page=bans'>Bans</a></li>
                    <li><a href='?page=players'>Players</a></li>
                    <li><a href='?page=top'>Top Stats</a></li>
                    <li><a href='logout.php'>Logout</a></li>
                    </ul>"
;
                }
                else
                {
                echo 
"<br />
                    <h5>Welcome, 
$kasutaja!</h5>
                    <ul>
                    <li><a href='?page=ucp'>My Account</a></li>
                    <li><a href='?page=skin'>Change Skin</a></li>
                    <li><a href='?page=pass'>Change Password</a></li>
                    <li><a href='?page=money'>Transfer Money</a></li>
                    <li><a href='logout.php'>Logout</a></li>
                    </ul>"
;
                }
            }
            
?>
        </div>
      </div>
      <div id="content">
      <?php
        
if($page == "home")
        {
            echo 
"<h1>Antroprox Gaming &bull; Home</h1>
            <p>Welcome to Antroprox Roleplay Homepage!
            <hr width='100%' color='#35BDF5' size='6' /><br />
            This is our homepage and roleplay's server user control panel.<br /> Here you can see your in-game statistics like: Money, Skin, Faction, Bans and a lot more!
            <br />You can also change your password, change your skin, transfer money to other players and more!
            <br />Besides that, you can also see latest news, updates and announcements!</p>"
;
        }
        else if(
$page == "pass")
        {
            echo 
'<form name="input" action="?page=changed" method="post"> 
            Current Password: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="currentpassword" /> <br />
            New Password: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="newpass" />
            New Password Confirm: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="newpassconfirm" />            <br />
            <input class="myButton" style="width: 267px;" type="submit" value="Submit" />
            </form>'
;
        }
        else if(
$page == "changed")
        {
            if(!isset(
$_SESSION["kasutaja"]) && !isset($_POST["kasutaja"]))
            {
                echo 
"<p>You are not logged in!</p>";
            }
            else
            {
                
$newpass mysql_escape_string($_POST['newpass']);
                
$newpassconfirm mysql_escape_string($_POST['newpassconfirm']);
                
$password mysql_escape_string($_POST['currentpassword']);
                
$username mysql_escape_string($_SESSION["username"]);
                if(
$newpass != $newpassconfirm)
                {
                    echo 
"Password's aren't identical, please retype them.";
                    echo 
"<meta http-equiv='Refresh' content='5;url=?page=pass' />";
                }
                else 
                {
                    
$kasutaja $_SESSION["kasutaja"];
                    
$querytxt "SELECT Password FROM accounts WHERE Name = '$kasutaja' AND Password = '$password'";
                    
$result mysql_query($querytxt);
                    if(!
mysql_num_rows($result)) 
                    {
                        echo 
"Current password is incorrect.";
                        echo 
"<meta http-equiv='Refresh' content='5;url=?page=pass' />";
                    }
                    else
                    {
                        echo 
"Password changed.";
                        echo 
"<meta http-equiv='Refresh' content='5;url=?page=home' />";
                        
mysql_query("UPDATE accounts SET Password = '$newpass' WHERE Name = '$kasutaja'");
                    }
                }
            }
        }
login.php

PHP код:
<?php
session_start
();
include(
"connect.php");
if(isset(
$_POST["nimi"]))
{
    
$kasutaja $_POST["nimi"];
    
$pass $_POST["parool"];
    
$querytxt "SELECT * FROM accounts WHERE Name = '$kasutaja'";
    
$result mysql_query($querytxt);
    
$nouser mysql_num_rows($result);
    
$row mysql_fetch_row($result);
    if(
$nouser == 0)
    {
        echo 
'<div class="oskar"><font color="red">User doesent Exist!</font><form name="input">
                Username: <input type="text" name="kasutaja" />
                Password: <input type="password" name="parool" />
                <br />
                <input type="button" value="Submit" onClick="get();" />
                </form></div>'
;
    }    
    else if(
$pass != $row[1])
    {
        echo 
'<div class="oskar"><font color="red">Wrong Password!</font><br /><form name="input">
                Username: <input type="text" name="kasutaja" />
                Password: <input type="password" name="parool" />
                <br />
                <input type="button" value="Submit" onClick="get();" />
                </form></div>'
;
    }
    else
    {
        echo 
"<ul class='sb_menu'>
        <li><h3>Welcome, 
$kasutaja!</h3></li>
        <li><a href='?page=ucp'>My Account</a></li>
        <li><a href='logout.php'>Logout</a></li>
        </ul>"
;
        
$_SESSION["kasutaja"] = $kasutaja;
    }
}
?>
Reply
#2

Add $password = hash('whirlpool',$password);
Reply
#3

@1337connor doesn't work.

Edit:
I also tried to do
PHP код:
$password hash('whirlpool',$_POST['currentpassword']); 
and it doesn't work, any good suggestions?
Reply
#4

1. Make sure that the passwords are both the same case, this matters.
2. On the login.php that you posted, you're not even using whirlpool. Instead of
PHP код:
$pass $_POST["parool"]; 
use
PHP код:
$pass hash('whirlpool'$_POST["parool"]); 
And do the same for
PHP код:
$newpass mysql_escape_string($_POST['newpass']); 
$newpassconfirm mysql_escape_string($_POST['newpassconfirm']); 
$password mysql_escape_string($_POST['currentpassword']); 
3. A better way to do the login would probably be the following:
PHP код:
$pass hash('whirlpool'$_POST["parool"]);
$querytxt "SELECT * FROM accounts WHERE Name = '$kasutaja' AND password = '$pass'"
$result mysql_query($querytxt); 
$nouser mysql_num_rows($result); 
if(
$nouser == 0)
{
    echo 
'<div class="oskar"><font color="red">User or password doesnt exist!</font><form name="input"> 
                Username: <input type="text" name="kasutaja" /> 
                Password: <input type="password" name="parool" /> 
                <br /> 
                <input type="button" value="Submit" onClick="get();" /> 
                </form></div>'

}
else
{
        echo 
"<ul class='sb_menu'> 
        <li><h3>Welcome, 
$kasutaja!</h3></li> 
        <li><a href='?page=ucp'>My Account</a></li> 
        <li><a href='logout.php'>Logout</a></li> 
        </ul>"

        
$_SESSION["kasutaja"] = $kasutaja

The above makes it so you don't need to fetch the whole line from the MySQL database.
Reply
#5

Still not working :/
Reply
#6

Quote:
Originally Posted by ******
Посмотреть сообщение
Are you sure the input data is exactly what you think and exactly the same as what is passed to the PAWN version? It is almost never a good idea to use $_POST data directly - you never know what the users are actually sending.
Since i worked hours and hours to fix this problem i'll put the whole PHP files. http://www.solidfiles.com/d/7d8483595d/

PAWN code where i hash

[pawn]

pawn Код:
........
mysql_real_escape_string(pName, pName);
            format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' LIMIT 1", pName);
            mysql_query(Query);
            mysql_store_result();
            mysql_free_result();
            WP_Hash(Query, 129, inputtext);
            new IP[16];
            GetPlayerIp(playerid, IP, 16);
            format(Query, sizeof Query, "INSERT INTO `accounts` (Name, Password, IP, Admin, Money, Score, Kills, Deaths, Faction, Rank, HouseKey, Level, Exp, Bank, PlayingHours, Age, Skin, Sex, Job, Drugs, Packages, PhoneNumber, PhoneBook, CarKey, VIP, CarLic, FlyLic, WepLic) VALUES ('%s', '%s', '%s', %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, '5000', %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i)",
                pName,
                Query,
                IP,
                GetPVarInt(playerid, "Admin"),

.....
That's for registration

This is the login

pawn Код:
.........
new Query[420], pName[MAX_PLAYER_NAME];
            GetPlayerName(playerid, pName, MAX_PLAYER_NAME);
            mysql_real_escape_string(pName, pName);
            format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' LIMIT 1", pName);
            mysql_query(Query);
            mysql_store_result();
            mysql_free_result();
            WP_Hash(Query, 129, inputtext);
            format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' AND `Password` = '%s' LIMIT 1", pName, Query);
            mysql_query(Query);
            mysql_store_result();
            if(!mysql_num_rows())
            {
                SetPVarInt(playerid, "LoginWarns", GetPVarInt(playerid, "LoginWarns") + 1);
                if(GetPVarInt(playerid, "LoginWarns") == 3)
                {
                    format(Query, sizeof Query, "%s has been kicked for 3 wrong login attempts!", pName);
                    SendClientMessageToAll(COLOR_ROYALBLUE, Query);
                    Kick(playerid);
                }
                else
                {
                    format(Query, sizeof Query, "Wrong password! Attempt %i out of 3.", GetPVarInt(playerid, "LoginWarns"));
                    SendClientMessage(playerid, COLOR_ORANGE, Query);
                    ShowPlayerDialog(playerid, DIALOGLOGIN, DIALOG_STYLE_INPUT, "Login", "{FFFFFF}Welcome to {6EF83C}Rockstar Roleplay. {FFFFFF} \nWe see that your registered here already! \nTo login please input your registration password below!", "Login", "Leave");
                }
                return 1;
            }
            mysql_fetch_row(Query);
            new values[25];
            sscanf(Query, "p<|>{s[24]s[129]s[16]}a<i>[25]", values);
            SetPVarInt(playerid, "Admin", values[0]);
            PlayerInfo[playerid][pMoney] = values[1];
            SetPlayerCash(playerid, values[1]);
            SetPlayerScore(playerid, values[8]);
            SetPVarInt(playerid, "Kills", values[3]);
            SetPVarInt(playerid, "Deaths", values[4]);
            SetPVarInt(playerid, "Logged", 1);
            PlayerInfo[playerid][pFaction] = values[5];
            PlayerInfo[playerid][pRank] = values[6];
            PlayerInfo[playerid][pHouseKey] = values[7];
            PlayerInfo[playerid][pLevel] = values[8];
            PlayerInfo[playerid][pExp] = values[9];
            PlayerInfo[playerid][pBank] = values[10];
            PlayerInfo[playerid][pPlayingHours] = values[11];
            PlayerInfo[playerid][pAge] = values[12];
            PlayerInfo[playerid][pSkin] = values[13];
            PlayerInfo[playerid][pSex] = values[14];
            PlayerInfo[playerid][pJob] = values[15];
            PlayerInfo[playerid][pDrugs] = values[16];
            PlayerInfo[playerid][pPackages] = values[17];
            PlayerInfo[playerid][pPhoneNumber] = values[18];
            PlayerInfo[playerid][pPhoneBook] = values[19];
            PlayerInfo[playerid][pCarKey] = values[20];
            PlayerInfo[playerid][pVIP] = values[21];
            PlayerInfo[playerid][pCarLic] = values[22];
            PlayerInfo[playerid][pFlyLic] = values[23];
            PlayerInfo[playerid][pWepLic] = values[24];
            SendClientMessage(playerid, COLOR_LIMEGREEN, "Succesfully logged in!");
            LoadAchiv(playerid);
            GetPlayerIp(playerid, Query, 16);
            format(Query, sizeof Query, "UPDATE `accounts` SET `IP` = '%s' WHERE `Name` = '%s' LIMIT 1", Query, pName);
            mysql_query(Query);
......
Reply
#7

Why don't you try sha1 or md5(i use md5, but some people says sha1 is better...)?
I can give you a little help if you want.
Reply
#8

Quote:
Originally Posted by (A)rray
Посмотреть сообщение
Why don't you try sha1 or md5(i use md5, but some people says sha1 is better...)?
I can give you a little help if you want.
Beacause Whirpool is more secure than the others. My GM is using Whirpool as hashing and i can't put md5 or sha1 on PHP beacause the strings don't match.
Reply
#9

Btw, i can help you with the login system if you want to (:
Reply
#10

Quote:
Originally Posted by ******
Посмотреть сообщение
That didn't actually answer my question at all...
LOL my bad i just meant i worked hours without any results...so still not working :S
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)