[Kraeror]

Hello guys, I'm learning PHP, because I want to create an UCP for my SA-MP server. I'm encrypting my password in PHP with "md5" function, but It is encrypting it only for the PHP, how can I encrypt it in my server, like when I register in the game the password will be "123456789" encrypted to "desahgf54g45ds6g4dg8tdfhg64ds", but PHP can read it?
I hope you understand me, thank you!!!
+1 REP to HELPERS

[vitespirite]

If you use mysql I advise you to use the MD5 function in your query to insert the table of your account into your database

[Kraeror]

I'm using MySQL database too. How to use this MD5 in my query can you give me just an example?

[Kraeror]

My pice of code:
This is the password inserting in the table:

PHP Code:

mysql_format(zMySQL, query, sizeof(query),"INSERT INTO `users`(`Password`) VALUES ('%e')", ThePassword);
mysql_tquery(zMySQL, query); 


This is for reading the password if it is correct:

PHP Code:

new Password[256];
cache_get_value_name(playerid, "Password", Password); 


[vitespirite]

PHP Code:

mysql_format(zMySQL, query, sizeof(query),"INSERT INTO `users`(`Password`) VALUES (MD5('%e'))", ThePassword); 


[Lucases]

Use SHA_256 instead

[mschnitzer]

MD5 is a hashing algorithm and it's not being used for encryption/decryption. I would really suggest to not use MD5 as it's no longer secure. There are many plugins out there that support more hashing algorithms.

I also built one: https://github.com/mschnitzer/hashlib

I recently implemented support for bcrypt but it's currently only supported on linux. So if you've a linux server running, you can use it if you want: https://github.com/mschnitzer/hashli.../tag/1.2.0-RC1

Just ping me here if you need help with the implementation.

[Misiur]

Salt all your passwords, and choose GPU-unfriendly hash function with a lot of iterations.

[RogueDrifter]

Quote:

Originally Posted by Misiur Salt all your passwords, and choose GPU-unfriendly hash function with a lot of iterations.

This ^ i also recommend salt-hash. if you don't know what salting is read this TOPIC and use any hashing system you can use whirlpool wp_hash but make sure you salt on register mix the pw with the salt, save the salt, load the salt on login, you see the steps is you save the password and load it the exact same way you saved it.

[Kraeror]

Quote:

Originally Posted by RogueDrifter This ^ i also recommend salt-hash. if you don't know what salting is read this TOPIC and use any hashing system you can use whirlpool wp_hash but make sure you salt on register mix the pw with the salt, save the salt, load the salt on login, you see the steps is you save the password and load it the exact same way you saved it.

Is that supports PHP??
Give me an example, using my code.

[Misiur]

pawn Код:

$digest = hash('whirlpool', $salt.$password);

http://php.net/manual/en/function.hash.php

[Kraeror]

Quote:

Originally Posted by Misiur pawn Код: $digest = hash('whirlpool', $salt.$password); http://php.net/manual/en/function.hash.php

How to use it in pawno (the same encryption)?
pls update my pawno code using this encryption
Here is the password reading in PHP: (update it too please )
$password =trim(htmlspecialchars($_POST["password"]));

[Sithis]

Don't use whirlpool. It isn't secure. Use SHA-256 or SHA-512. Make sure to use a unique salt for every player.

[Misiur]

I'd suggest pbkdf2 but don't know if there are implementations for samp. Source for info about whirlpool being unsecure please.

[RogueDrifter]

Quote:

Originally Posted by Sithis Don't use whirlpool. It isn't secure. Use SHA-256 or SHA-512. Make sure to use a unique salt for every player.

How's whirlpool not secure?

Anyhow @OP: if you're going for whirlpool as i said you'd have to download the whirlpool plugin and plug this on top of your script:

PHP код:

native WP_Hash(buffer[], len, const str[]); 


then you salt the password using the tutorial i sent above LINK then you hash it using WP_Hash(outcomestring, sizeof(outcomestring), PasswordString); whereas outcomestring is the string that'll come out hashed and PasswordString is the password you wanna hash AFTER it was salted again i say through the tutorial already sent. For an ex script here's a quick one using the tutorial and whirlpool altogether:

PHP код:

new salt[64], password[128], string[128], outcomestring[129]; //declare some variables
randomString(salt, sizeof(salt)); //generate our 'salt'
//combine salt with password
strcat(string, salt); //your salt
strcat(string, password); //your password
WP_Hash(outcomestring, 129, string); //hashing the outcome using whirlpool
//then you save both outcomestring and salt in the player's file.
//the random string generator:
stock randomString(strDest[], strLen = 10)
{
    while(strLen--)
        strDest[strLen] = random(2) ? (random(26) + (random(2) ? 'a' : 'A')) : (random(10) + '0');
} 


EDIT: i forgot to tell you some notes tho you SHOULD read the tutorial, you need to save the salt for when a player logs in, and you do the same process, you load the salt that was saved from the file, you take the password the player typed, you combine both the password and the salt again, you hash them again, you compare that hashed string with the hash saved in the file if they're the same let him login else = wrong password.

[Kraeror]

RogueDrifter how can I decrypt it in PHP? Like when I register in the server with password: 123asdfg it is encrypting to dsawdsagfds34gh6fd5h4gfs68gtbf1s8g4s6g18s6dfg2s6f8 4s, but when the php read it again, it reads as: 123asdfg
I want to connect my site with my server

Any help ?

[Logic_]

There's a huge difference between hash and encryption. And you don't need to un-hash because that's not possible, hash the password player enters and compare it. What's so difficult??

[Kraeror]

I want my password to be encrypted to MySQL then when I enter it to the site, it is decrypting.
I'm using the same database in the site and the server (Because I'm creating UCP).

[NaS]

Quote:

Originally Posted by Kraeror I want my password to be encrypted to MySQL then when I enter it to the site, it is decrypting. I'm using the same database in the site and the server (Because I'm creating UCP).

You need to find an algorithm that is available in the exact same way to PHP and PAWN (SHA_256 is available in both, without additional plugins).

But you should never actually decrypt it, neither in PHP nor in PAWN. It's actually not even possible.

What you have to do is (on register) generate a salt, add it to the passwort and hash it, then save the hashed string and the salt seperately to MySQL.

On login, you do the exact same thing with the user input in PHP and PAWN - load the salt and the saved hash from the database, add the salt to the user input and hash it. Then compare the hashed user input with the saved password hash.

[Kraeror]

NaS BRO can you tell me how to do it?
Give me an example using this code:
PAWNO:

PHP код:

mysql_format(zMySQL, query, sizeof(query),"INSERT INTO `users`(`Password`) VALUES ('%e')", ThePassword); 
mysql_tquery(zMySQL, query); 


PHP код:

new Password[256]; 
cache_get_value_name(playerid, "Password", Password); 


PHP:

PHP код:

$password =trim(htmlspecialchars($_POST["password"])); 


CAN YOU UPDATE IT WITH THIS ENCRYPTING PLEASE ?

PLEASE HELP ME!!!