1. SA-MP Forums Archive
  2. Other
  3. Everything and Nothing

Threaded Mode
[Help] C# With MySQL(Blowfish Hashing)
Lynn
Gangsta
*****
Posts: 937
Threads: 106
Joined: Jan 2010
Reputation: 0
#1

14.08.2016, 22:43
I'm trying to create a a program that will login using Username and Password from my SQL Database.
The accounts are created using the website, however I want to login using my 3rd party app.
This is the Code I have, using BCrypt.Net
http://pastebin.com/YDppTgst

If I use the actual password(Testing is 021495) It states invalid password, although the console reads it's a match.
But if I type in the hashed password that you see in MySQL, EX: $2$1049583SH5SKDIE etc. It logs in perfectly fine.
I'm apparently missing a key step.
Find
Reply
Gammix
High-roller
*****
Posts: 1,773
Threads: 47
Joined: Jan 2015
Reputation: 0
#2

14.08.2016, 23:04
I guess you are generating a new salt all the time when player logs in and i am assuming that salt is randomly generated or is different all the time even if same password string.

You have to probably get the salt from MySQL if saved in the row Or use a static salt(not recommended).
Find
Reply
Lynn
Gangsta
*****
Posts: 937
Threads: 106
Joined: Jan 2010
Reputation: 0
#3

15.08.2016, 00:21
Quote:
Originally Posted by Gammix
Посмотреть сообщение
I guess you are generating a new salt all the time when player logs in and i am assuming that salt is randomly generated or is different all the time even if same password string.

You have to probably get the salt from MySQL if saved in the row Or use a static salt(not recommended).
I'm using the built in PHP Function PASSWORD_DEFAULT to Hash it.
So the salt isn't the same every time, nor is it stored into the SQL Database.
Find
Reply
BlackBank
Gangsta
****
Posts: 508
Threads: 9
Joined: Dec 2010
Reputation: 0
#4

15.08.2016, 16:40
Are you going to let players log into this application? If so, don't use any MySQL connection in C#. Instead make a webservice that handle those things and communicates with your C# application via HTTP or any other method, because it's now possible to read your username and password from your MySQL server from the memory and/or file.
Find
Reply
Lynn
Gangsta
*****
Posts: 937
Threads: 106
Joined: Jan 2010
Reputation: 0
#5

09.09.2016, 17:06
Quote:
Originally Posted by BlackBank3
Посмотреть сообщение
Are you going to let players log into this application? If so, don't use any MySQL connection in C#. Instead make a webservice that handle those things and communicates with your C# application via HTTP or any other method, because it's now possible to read your username and password from your MySQL server from the memory and/or file.
I'm aware of the SQL Injection security issue when connecting directly to the database within the application.
This is for a personal project I'm working on, the only user with the application is myself.
In-order to view the dashboard, inventory, etc.

However I figured it out, using Crypt.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. Other
  3. Everything and Nothing