A little php help with login.php
#1

Hi there, I would just use some help with the login.php, I'm pretty sure everything is alright but it won't log me in saying Wrong username or password.

Here's the code of login.php
PHP код:
<?php 
include 'includes/config.php';
if(isset(
$_SESSION['playername']))
{
    echo 
'<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';   
    exit;
}
if(isset(
$_POST['pname']) && isset($_POST['ppass']))
{
    if(!isset(
$_SESSION['playername']))
    {
        
$query $con->prepare("SELECT `name`, `regi_id` from `players` where `name` = ? and `pass` = ?");
        
$query->execute(array($_POST['pname'], strtoupper(hash("whirlpool"$_POST['ppass']))));
        if(
$query->rowCount() > 0)
        {
            
$data $query->fetch();
            
            
$_SESSION['playername'] = $data['name'];
            
$_SESSION['uID'] = $data['reg_id'];
            
            echo 
'<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';   
            exit;
            
            
        }
        else
        {
            
$err 'Wrong username or password';
        }
    }
}
 
include 
'includes/header.php';
?>
   <div class="row">
                <div class="col-lg-12">
                    <div class="panel panel-default">
                        <div class="panel-heading">
                            Login with your in-game account
                        </div>
                        <div class="panel-body">
                            <div class="row">
                                <div class="col-lg-6">
                                    
                                    <form action="login.php" method="POST">
                                        <div class="form-group">
                                            <label>Username</label>
                                            <input type="text" id="pname" name="pname" class="form-control" placeholder="Username">
                                        </div>
                                        <div class="form-group">
                                            <label>Password</label>
                                            <input type="password" id="ppass" name="ppass" class="form-control" placeholder="Password">
                                        </div>
                                        <?php if(isset($err)): ?>
                                        <b class="help-block" style="color: red;"><?=$err?></b>
                                        <?php endif; ?>
                                        
                                        <button type="submit" class="btn btn-default">Login</button>
                                    </form>
                                        
    </div>
    </div>
    </div>
    </div>
    </div>
    </div>
    
<?php
include 'includes/footer.php'
?>
Probably the thing is that the passwords in the MySQL database are hashed. Could I unhash them somehow? And how could I fix this...
Reply
#2

Try echo'ing the password hash that was found in the database for the given user, and the hashed password that is inserted into the MySQL query (in a safe local environment of course). Don't forget to remove the echo function afterwards.
It might be that the SA-MP server saves the hashed password in all uppercase letters, while the hash from php might be all lowercase (or maybe it's exactly the opposite). I've also had an issue like this, printing relevant data here and there really helps with debugging.

If it appears to be the letter case that's the problem, then you have to find a way to change the code from the SQL query in login.php to all uppercase. No worries though, there are functions for that! (strtoupper, strtolower)
Reply
#3

yeah you know I haven't coded a lot php at all and when I did it was just to learn some basics, I've build this .php with some help out of other scripts so could you please just edit the code and post it? that would help a lot!
Reply
#4

If I was sure about what the problem was I'd do it for you, but I don't really know what the problem exactly is, and the code that has to be written depends on the issue we're facing.

I also noticed your code already has the 'strtoupper' function in it. Can you verify which ones of the examples below looks like passwords in the database? (capitalization wise).
Код:
923b9954cd681730f5c16109c339b15860d5743f4d04435f859bf2fb325605800953df75f66223094d4c6f9d97a7740a17dc5eed609accbba27bd65c6606bfaf //lowercase

923B9954CD681730F5C16109C339B15860D5743F4D04435F859BF2FB325605800953DF75F66223094D4C6F9D97A7740A17DC5EED609ACCBBA27BD65C6606BFAF //UPPERCASE
Reply
#5

apparently I'm not using whirlpool but Encrypt.so (cant recall what is this, where i got it from etc) but the passwords are lowercased
Reply
#6

please help me
Reply
#7

Hmm, that's kind of a problem. If we don't know what kind of encryption (or encryption + salt combo) is used for the server passwords, then we can never re-create it anywhere else.
You could switch from that encrypt.so thing to Whirlpool or something like that, but that would mean you'd have to implement a way to convert the password inside your gamemode.
That would be something like a message saying 'hey, you have to verify your password etc etc', when the player types their password ingame, you use the current active encryption system to check if they actually typed the correct password, and then take their input and convert it to Whirlpool (or any other method of your choice), then save that somewhere and slowly phase out the old encryption system.

This would be one way to do it, but it completely depends on how you want to handle it. If your server and script are currently not up and running for the public, I suggest changing your password encryption to something you know and have control over.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)