1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
Hash
Sanady
High-roller
*****
Posts: 1,174
Threads: 251
Joined: May 2012
Reputation: 0
#1

02.09.2012, 10:18
Hello today I read tutorial about hashing MySQL password by "FireCat".But now.When I hash Register input I need to do same thing on login system??
Find
Reply
leonardo1434
High-roller
*****
Posts: 1,670
Threads: 15
Joined: Mar 2012
Reputation: 0
#2

02.09.2012, 10:23
Hash it again, and compare both by using strcmp.
Find
Reply
Sanady
High-roller
*****
Posts: 1,174
Threads: 251
Joined: May 2012
Reputation: 0
#3

02.09.2012, 10:25
I did like this:
pawn Код:
new string[128];
    format(string, sizeof(string), "SELECT * FROM Users WHERE Name = '%s' AND Password = sha1('%s')", UserStats[playerid][Name], password);
    mysql_query(string);
This is my part of login when he checking Password is this right?
Find
Reply
Mauzen
High-roller
*****
Posts: 4,878
Threads: 85
Joined: Jun 2007
Reputation: 0
#4

02.09.2012, 10:27
Thats okay, but the password would still be visible in the query, which can be leaked in some special cases. Best thing would be hashing it with a plugin, but this way will also be absolutely fine for 99,9%.
Find
Reply
Sanady
High-roller
*****
Posts: 1,174
Threads: 251
Joined: May 2012
Reputation: 0
#5

02.09.2012, 10:29
Quote:
Originally Posted by Mauzen
Посмотреть сообщение
Thats okay, but the password would still be visible in the query, which can be leaked in some special cases. Best thing would be hashing it with a plugin, but this way will also be absolutely fine for 99,9%.
Aha.Thanks for solutions
Find
Reply
Sanady
High-roller
*****
Posts: 1,174
Threads: 251
Joined: May 2012
Reputation: 0
#6

02.09.2012, 10:32
Sorry for double posting but I found something...

I saw this in login system I didn`t saw this...
pawn Код:
format(UserStats[playerid][Password], 32, "%s", field[1]);
What about this??
Find
Reply
Sanady
High-roller
*****
Posts: 1,174
Threads: 251
Joined: May 2012
Reputation: 0
#7

02.09.2012, 11:04
Sorry for triple post but It`s not working (((

here is RegisterPlayer and LoginPlayer

pawn Код:
RegisterPlayer(playerid, password[])
{
    if(strlen(password) < 3 || strlen(password) >= 32)
    {
        new str[278];
        SendClientMessage(playerid, -1, ""embed_sw"[ACCOUNT] "embed_white"Your password is too short or too long!");
        format(str,sizeof(str),"{FFFFFF}Welcome,this account ("COL_RED"%s"embed_white")is "COL_RED"not{FFFFFF} registered{FFFFFF}\n"embed_white"Please enter your desired password for this account.\n\n"embed_grey"Once you are registered,do not share your passowrd with anyone besides your self.", UserStats[playerid][Name], playerid);
        ShowPlayerDialog(playerid, 15000, DIALOG_STYLE_INPUT, "Register",str,"Register","Cancel");
    }
    CheckMySQL();

    new string[128];
    format(string, sizeof(string), "INSERT INTO Users (Name,Password) VALUES ('%s',sha1('%s')))", UserStats[playerid][Name], password);
    mysql_query(string);

    AccountExists[playerid] = 1;
    SendClientMessage(playerid, -1, ""embed_sw"[ACCOUNT] "embed_white"Your account has been created, please login now!");

    LoginPlayer(playerid, password);
    return 1;
}

LoginPlayer(playerid, password[])
{
    if(strlen(password) < 3 || strlen(password) >= 32)
    {
        new str[178];
        SendClientMessage(playerid, -1, ""embed_sw"[ACCOUNT] "embed_white" Your password is too short or too long!");
        format(str,sizeof(str),"{FFFFFF}Welcome,this account ("COL_BLUE"%s"embed_white") is already registred!\n"embed_white"Please enter the password to login\n\n"embed_grey"If you are not owner of this account leave and rejoin a different nickname.", UserStats[playerid][Name], playerid);
        ShowPlayerDialog(playerid,15500,DIALOG_STYLE_PASSWORD,"Login",str,"Login","");
    }
    CheckMySQL();

    new string[128];
    format(string, sizeof(string), "SELECT * FROM Users WHERE Name = '%s' AND Password = sha1('%s')", UserStats[playerid][Name], password);
    mysql_query(string);
    mysql_store_result();

    if(!mysql_num_rows())
        return SendClientMessage(playerid, -1, ""embed_sw"[ACCOUNT] "embed_white"Incorrect password!"),ShowPlayerDialog(playerid,15500,DIALOG_STYLE_PASSWORD,"Login",""embed_white"You putted "embed_red"wrong password"embed_white".Please input right password!","Login","");

    new row[128]; // The length of 1 'row' total.
    new field[11][32]; // [4] = Amount of fields, [24] = Max length of the bigest field.

    mysql_fetch_row_format(row, "|");
    explode(row, field, "|");
    mysql_free_result();

    // The field starts here with 1, because the field 'Name' = 0, and we already have the name in a variable.
    format(UserStats[playerid][Password], 32, "%s", field[1]);
    UserStats[playerid][Admin] = strval(field[2]);
    UserStats[playerid][Money] = strval(field[3]);
    UserStats[playerid][Score] = strval(field[4]);
    UserStats[playerid][Exp] = strval(field[5]);
    UserStats[playerid][Kills] = strval(field[6]);
    UserStats[playerid][Deaths] = strval(field[7]);
    UserStats[playerid][Material] = strval(field[8]);
    UserStats[playerid][KeysBob] = strval(field[9]);
    UserStats[playerid][KeysYosi] = strval(field[10]);

    GivePlayerMoney(playerid, UserStats[playerid][Money]);
    SetPlayerScore(playerid, UserStats[playerid][Score]);


    format(string, sizeof(string), ""embed_sw"[ACCOUNT] "embed_white"Welcome "COL_BLUE"%s"embed_white", you are now logged in! Stay ready for war!", UserStats[playerid][Name]);
    SendClientMessage(playerid, -1, string);

    PlayerLogged[playerid] = 1;
    return 1;
}
SavePlayer(playerid)
{
    new string[170];

    UserStats[playerid][Score] = GetPlayerScore(playerid);
    UserStats[playerid][Money] = GetPlayerMoney(playerid);

    format(string, sizeof(string), "UPDATE `Users` SET `Password` = sha1('%s') WHERE `Name` = '%s'", UserStats[playerid][Password], UserStats[playerid][Name]);
    mysql_query(string);

    format(string, sizeof(string), "UPDATE `Users` SET `Exp` = %i WHERE `Name` = '%s'", UserStats[playerid][Exp], UserStats[playerid][Name]);
    mysql_query(string);

    format(string, sizeof(string), "UPDATE `Users` SET `Score` = %i WHERE `Name` = '%s'", UserStats[playerid][Score], UserStats[playerid][Name]);
    mysql_query(string);

    format(string, sizeof(string), "UPDATE `Users` SET `Money` = %i WHERE `Name` = '%s'", UserStats[playerid][Money], UserStats[playerid][Name]);
    mysql_query(string);
    
    format(string, sizeof(string), "UPDATE `Users` SET `Kills` = %i WHERE `Name` = '%s'", UserStats[playerid][Kills], UserStats[playerid][Name]);
    mysql_query(string);
    
    format(string, sizeof(string), "UPDATE `Users` SET `Deaths` = %i WHERE `Name` = '%s'", UserStats[playerid][Deaths], UserStats[playerid][Name]);
    mysql_query(string);
    
    format(string, sizeof(string), "UPDATE `Users` SET `Material` = %i WHERE `Name` = '%s'", UserStats[playerid][Material], UserStats[playerid][Name]);
    mysql_query(string);
    
    format(string, sizeof(string), "UPDATE `Users` SET `KeysBob` = %i WHERE `Name` = '%s'", UserStats[playerid][KeysBob], UserStats[playerid][Name]);
    mysql_query(string);
    
    format(string, sizeof(string), "UPDATE `Users` SET `KeysYosi` = %i WHERE `Name` = '%s'", UserStats[playerid][KeysYosi], UserStats[playerid][Name]);
    mysql_query(string);
    return 1;
}
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help