bcrypt / php problem
#1

Today I began to build a UCP, consisting of a login and register.
The gamemode currently works with a master account system, allowing the accounts registered to function as a UCP account. Upon a registration in-game, the gamemode uses bcrypt hashing the passwords.

Code:
$options = [ 
    'cost' => 12, 
]; 

$password = password_hash($_POST['password'], PASSWORD_BCRYPT, $options);
My request here is, can somebody help me figuring out, how I input my current settings of accounts into a functioning UCP?

The PHP page will output something similar to the gamemode, but it's not quite the same... Does anybody have a solution?

The bcrypt cost is currently set to 12.

pawn Code:
// on dialog response, register
bcrypt_hash(inputtext, BCRYPT_COST, "OnAccountPasswordHash", "d", playerid);

public OnAccountPasswordChange(playerid) {
    new msg[128];
    new hash[BCRYPT_HASH_LENGTH];
    bcrypt_get_hash(hash);
    mysql_format(sqlHandle, msg, sizeof(msg), "UPDATE `users` SET `password` = '%e' WHERE `id` = '%d'", hash, GetPVarInt(playerid, "AccountID"));
    mysql_function_query(sqlHandle, msg, false, "", "");
    SendClientMessage(playerid, COLOR_LIGHTRED, "* Your password has been changed.");
    format(msg, sizeof(msg), "%s changed %s password.", PlayerInfo[playerid][pName], HisHer(playerid));
    return 1;
}
Reply
#2

You just have to use:

PHP Code:
if (password_verify($pw$hash)) {
    echo 
'Password is valid!';
} else {
    echo 
'Invalid password.';

Where

$pw = The password from the user

and

$hash = The hash from the database / samp-server
Reply
#3

Can you tell me how exactly I do that, when the file looks like this:
Code:
<?php
session_start();
require_once('config.php');

$options = [ 
    'cost' == 12, 
]; 
$username = $_POST['username'];
$password = password_verify($_POST['password'], PASSWORD_BCRYPT, $options);

echo $password;


$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1";
$stmtselect  = $db->prepare($sql);
$result = $stmtselect->execute([$username, $password]);

if($result){
	$user = $stmtselect->fetch(PDO::FETCH_ASSOC);
	if($stmtselect->rowCount() > 0)
	{
		$_SESSION['userlogin'] = $user;
		echo '1';
	}
	else
	{
		echo 'There no user for that combo';		
	}
}
else
{
	echo 'There were errors while connecting to database.';
}
Reply
#4

Quote:
Originally Posted by EmilLykke
View Post
Can you tell me how exactly I do that, when the file looks like this:
Code:
<?php
session_start();
require_once('config.php');

$options = [ 
    'cost' == 12, 
]; 
$username = $_POST['username'];
$password = password_verify($_POST['password'], PASSWORD_BCRYPT, $options);

echo $password;


$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1";
$stmtselect  = $db->prepare($sql);
$result = $stmtselect->execute([$username, $password]);

if($result){
	$user = $stmtselect->fetch(PDO::FETCH_ASSOC);
	if($stmtselect->rowCount() > 0)
	{
		$_SESSION['userlogin'] = $user;
		echo '1';
	}
	else
	{
		echo 'There no user for that combo';		
	}
}
else
{
	echo 'There were errors while connecting to database.';
}
A password hash generated with bcrypt will not be the same every time. Also, the password_verify method takes just two arguments. The password you want to test, and the current password hash.

Code:
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}
Since the password is not the same every time, you should not use the hash as a part of the select query.
Reply
#5

Add my discord Danbo#3250
Reply


Forum Jump:


Users browsing this thread: