[BiosMarcel]

Hello,

I am making a password recovery system, by simply clicking a link the user password will be set to 'RANDOMGENERATEDSTRING' + Salt from database. The random generated string will be sent to the users email account.

SO, this is how the new password + old salt is used to create and set the new password

PHP код:

$newPasswordUnhashed = generateRandomString();
$result = mysqli_query($connection, "SELECT Salt FROM users WHERE Name='" . $name . "'");
$row = mysqli_fetch_assoc($result);
$salt = $row['Salt'];
if($salt == null)
{
    exit("Couldn't receive salt.");
}
$newPassword = hash('sha256', $newPasswordUnhashed . $salt);
if(!mysqli_query($connection, "UPDATE users SET Password='" . $newPassword ."' WHERE Name='" . $name . "'")) {
    exit("Unable to set new temporary password.");
} 


and this is my samp login:

PHP код:

forward loginPlayer(playerid, enteredPassword[]);
public loginPlayer(playerid, enteredPassword[])
{
    new password[65];
    new salt[11];
    cache_get_value_name(0, "Password", password);
    cache_get_value_name(0, "Salt", salt);
    new passwordToCheck[65];
    SHA256_PassHash(enteredPassword, salt, passwordToCheck, sizeof(passwordToCheck));
    if(!strcmp(password, passwordToCheck, false, strlen(password)))
    {
        loadProfile(playerid);
        return true;
    }
    
    ShowPlayerDialog(playerid, LOGIN_DIALOG, DIALOG_STYLE_PASSWORD, "Log into your account", "Please enter your password to log into your account.", "Login", "Exit");
    return false;
} 


Both hash functions seem to reutnr something else, i have no clue why, can anyone help me?

greetings Marcel

[Vince]

If you generate a new password you should also generate a new salt. I don't think that's the root cause of the problem, though. Can you set case insensitivity to true? It's a string of hex characters so case shouldn't matter. SA-MP may output it in upper case while PHP doesn't, or the other way around.

[BiosMarcel]

Sure, i'll try

EDIT: you were right

But, isn't that kind of the wrong way?