[SomebodyAndMe]

I am using whirlpool to hash my passwords, but in some reasons it doesnt work properly, it doesn't hash.

It just updates it without anything in.



My code:

pawn Код:

/* this is where it registers, i've commented the has line since I putted it somewhere else */
stock MySQL_Register(playerid, passwordstring[])
{
    new query[200], pname[24], IP[16], HashPW[129], FinalPassword[132];
    GetPlayerName(playerid, pname, MAX_PLAYER_NAME);
    GetPlayerIp(playerid, IP, 16);
    //mysql_real_escape_string(passwordstring, HashPW);
    //WP_Hash(passwordstring, sizeof(passwordstring), FinalPassword);
    format(query, sizeof(query), "INSERT INTO PlayerData (Name, Password, Ip, PlayerLevel,Score,OFWarns) VALUES('%s', '%s','%s',0, 0, 0)", pname, passwordstring, IP);
    mysql_query(query);
    SendClientMessage(playerid, -1, "You have been registered on this server!");
    return 1;
}

/* here is the register dialog */
Dialog_Register(playerid, response, inputtext[])
{
    new file[100], Name[MAX_PLAYER_NAME]; // Setup local variables
    GetPlayerName(playerid, Name, sizeof(Name)); // Get the playername
    format(file, sizeof(file), PlayerFile, Name); // Construct the complete filename for this player's account

    switch (response) // Check which button was clicked
    {
        case 1: // Player clicked "Register"
        {
            // Check if the player entered a password
            if(strlen(inputtext)>0)
            {
                // Store the password
                format(APlayerData[playerid][PlayerPassword], 50, "%s", inputtext);

                // Create the file and save default data to it, then reload it (so all data is put into the correct place
                new escpass[129], FinalPassword[132], passwordstring[132];
                    WP_Hash(passwordstring, sizeof(passwordstring), FinalPassword);
                mysql_real_escape_string(FinalPassword, escpass);
                MySQL_Register(playerid, escpass);

                // Send a message to the client to inform him that his account has been registered
                SendClientMessage(playerid, 0xFFFFFFFF, TXT_AccountRegistered);
                APlayerData[playerid][LoggedIn] = true; // The player has logged in properly
            }
            else
            {
                SendClientMessage(playerid, 0xFFFFFFFF, TXT_WrongPassword);
                Kick(playerid);
            }
        }
            
        case 0: // Player clicked "Cancel"
        {
            // Show a message that the player must be registered to play on this server
            SendClientMessage(playerid, 0xFFFFFFFF, TXT_PlayerMustRegister);
            // Kick the player
            Kick(playerid);
        }
    }

    return 1;
}

Can someone help me out of this?

[SomebodyAndMe]

Anyone?

[SomebodyAndMe]

bump. I need it.

[Avi57]

Add this code below your previous stock function.

Код:

stock udb_hash(buf[]) {
    new length=strlen(buf);
    new s1 = 1;
    new s2 = 0;
    new n;
    for (n=0; n<length; n++)
    {
       s1 = (s1 + buf[n]) % 65521;
       s2 = (s2 + s1)     % 65521;
    }
    return (s2 << 16) + s1;
}

[Hiddos]

It's because you're mixing up the 1st and the 3rd parameter of WP_Hash, if I compared your usage of WP_Hash to the release topic's correctly.

pawn Код:

WP_Hash(hashedstring, sizeof hashedstring, string_to_be_hashed);

@Above: Doesn't solve anything, actually makes the problem even worse as UDB can easily be cracked (Whirlpool cannot (yet))

[ReneG]

Quote:

Originally Posted by Avi57 Add this code below your previous stock function. Код: stock udb_hash(buf[]) { new length=strlen(buf); new s1 = 1; new s2 = 0; new n; for (n=0; n<length; n++) { s1 = (s1 + buf[n]) % 65521; s2 = (s2 + s1) % 65521; } return (s2 << 16) + s1; }

Get out.


Look at the size of your query. It's 200. Now look at the query below.

Код:

INSERT INTO PlayerData (Name, Password, Ip, PlayerLevel,Score,OFWarns) VALUES('%s', '%s','%s',0, 0, 0)

That query alone is 102 characters, a whirlpool password will always be 128, so now it's 230 characters. You're inputting a name too, so now it's 254, add that along with other variables you're inputting and you can see your query isn't long enough. Use common sense, use a string counter, print your queries next time.

pawn Код:

stock MySQL_Register(playerid, passwordstring[])
{
    new query[300], pname[24], IP[16];
    GetPlayerName(playerid, pname, MAX_PLAYER_NAME);
    GetPlayerIp(playerid, IP, 16);

    format(query, sizeof(query), "INSERT INTO PlayerData (Name, Password, Ip, PlayerLevel,Score,OFWarns) VALUES('%s', '%s','%s',0, 0, 0)", pname, passwordstring, IP);
    mysql_query(query);
    SendClientMessage(playerid, -1, "You have been registered on this server!");
    return 1;
}

[pyrodave]

Ok there is a few problems with what you've got going.

pawn Код:

new escpass[129], FinalPassword[132], passwordstring[132];
WP_Hash(passwordstring, sizeof(passwordstring), FinalPassword);

You're declaring the two arrays and then whirlpool hashing them, you should be using something like:

pawn Код:

new FinalPassword[132];
WP_Hash(FinalPassword, sizeof(FinalPassword),inputtext);

That way you're hashing the inputtext and putting the result into FinalPassword. There is also no need to escape the string after you have hashed the password because the whirlpool algorithm will not use those special characters.

So really all you need to do is change this:

pawn Код:

new escpass[129], FinalPassword[132], passwordstring[132];
WP_Hash(passwordstring, sizeof(passwordstring), FinalPassword);
mysql_real_escape_string(FinalPassword, escpass);
MySQL_Register(playerid, escpass);

To this:

pawn Код:

new FinalPassword[132];
WP_Hash(FinalPassword, sizeof(FinalPassword), inputtext);
MySQL_Register(playerid,FinalPassword);

There are still a few unexplained things, such as this:

pawn Код:

format(APlayerData[playerid][PlayerPassword], 50, "%s", inputtext);

No idea why you're storing it, unless you're using it for use later on, however that (as I am sure you know) will store the players unhashed password so you probably want to be careful what you do with that.

You can also condense down your MySQL register function now too, but if you wanted you could move the whirlpool hashing into the function instead of before calling it. Its all personal preference. (Although moving it back into the function may be a good idea as you're always going to need to hash the passwords).

pawn Код:

stock MySQL_Register(playerid, const passwordstring[])
{
    new query[350], pname[24], IP[16];
    GetPlayerName(playerid, pname, MAX_PLAYER_NAME);
    GetPlayerIp(playerid, IP, 16);
    format(query, sizeof(query), "INSERT INTO PlayerData (Name, Password, Ip, PlayerLevel,Score,OFWarns) VALUES('%s', '%s','%s',0, 0, 0)", pname, passwordstring, IP);
    mysql_query(query);
    SendClientMessage(playerid, -1, "You have been registered on this server!");
    return 1;
}

That's the cleaned up code but not including the hashing in there.

As the user above also pointed out correctly, you need to change the size of the query string to be able to fit everything in there, I have changed it for you but its a fairly arbitrary value (I'm not going to count the cells even though I have little better to do).

[SomebodyAndMe]

EDIT:

Thanks man, it worked.
I'll keep this topic in mind if I get in problems again with the hash. thanks once again!