SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Scripting Help

Reply
 
Thread Tools Display Modes
Old 27/06/2020, 11:52 PM   #1
SkyFlare
Huge Clucker
 
SkyFlare's Avatar
 
Join Date: Apr 2015
Location: NZ
Posts: 221
Reputation: 43
Default bCrypt Migration...

So I moved away from Whirlpool today.... well atleast I am trying to....
#include <bcrypt>

bCrypt is working, sort of... I can create an account but logging back in is the issue, however the hash has stored correctly in db.
PHP Code:
enum E_PLAYERS
{
    
Name[MAX_PLAYER_NAME],
    
Password[BCRYPT_HASH_LENGTH// bCrypt Hashingis a 61-character-long string (60 + null terminator), which is also defined as constant BCRYPT_HASH_LENGTH.
};
new 
Player[MAX_PLAYERS][E_PLAYERS]; 
PHP Code:
ONPLAYERCONNECT
    
new query[84];
    new 
pname[MAX_PLAYER_NAME+1];
    
GetPlayerName(playeridpnamesizeof(pname));
    
mysql_format(g_SQLquerysizeof(query), "SELECT * FROM `players` WHERE `username` = '%e' LIMIT 1"pname);
    
mysql_tquery(g_SQLquery"OnPlayerJoin""dd"playeridg_MysqlRaceCheck[playerid]); 
PHP Code:
ONPLAYERJOIN
forward OnPlayerJoin
(playeridrace_check);
public 
OnPlayerJoin(playeridrace_check)
{
    if (
race_check != g_MysqlRaceCheck[playerid]) return Kick(playerid);
    new 
string[256];
    new 
pname[MAX_PLAYER_NAME+1];
     
GetPlayerName(playeridpnamesizeof(pname));
    if(
cache_num_rows() > 0)
    {
        
cache_get_value(0"password"Player[playerid][Password], 61);
        
Player[playerid][Cache_ID] = cache_save();
        
format(stringsizeof string"This account (%s) is registered. Please login by entering your password in the field below:"pname);
        
ShowPlayerDialog(playeridDIALOG_LOGINDIALOG_STYLE_PASSWORD"Login"string"Login""Abort");
    }
    else
    {
        
format(stringsizeof string"Welcome %s, you can register by entering your password in the field below:"pname);
        
ShowPlayerDialog(playeridDIALOG_REGISTERDIALOG_STYLE_PASSWORD"Registration"string"Register""Abort");
    }
    return 
1;

PHP Code:
ONDIALOGRESPONSE
case DIALOG_LOGIN:
        {
            new 
query[128], pname[MAX_PLAYER_NAME];
            
GetPlayerName(playeridpnamesizeof(pname));
            
SetPVarString(playerid"Unhashed_Pass",inputtext);
            
            
mysql_format(g_SQLquerysizeof(query), "SELECT password from `players` WHERE username = '%e'"pname);
            
mysql_tquery(g_SQLquery"OnPlayerLogin""d"playerid);
        }
        case 
DIALOG_REGISTER:
        {
            if(
response)
            {
                if(
strlen(inputtext) <= 5) return ShowPlayerDialog(playeridDIALOG_REGISTERDIALOG_STYLE_PASSWORD"Registration""Your password must be longer than 5 characters!\nPlease enter your password in the field below:""Register""Abort");
                
bcrypt_hash(inputtext12"OnPassHash""d"playerid);
            }
        } 

PHP Code:
forward OnPlayerLogin(playerid);
public 
OnPlayerLogin(playerid)
{
    new 
pPass[61], unhashed_pass[61];
    
GetPVarString(playerid"Unhashed_Pass",unhashed_pass,sizeof(unhashed_pass));
    if(
cache_num_rows())
    {
        
cache_get_value_name(0"password"Player[playerid][Password], 60);
        
bcrypt_check(unhashed_passpPass"OnPassCheck""dd",playeridPlayer[playerid][Password]);
    }
    else 
printf("ERROR: OnPlayerLogin, cant Cache_Num_Rows!");
    return 
1;
}

forward OnPassCheck(playeridDBID);
public 
OnPassCheck(playeridDBID)
{
    if(
bcrypt_is_equal())
    {
        
SpawnPlayer(playerid);
        return 
1;
    }
    else
    {
        if(
Player[playerid][LoginAttempts] >= 3)
        {
            
ShowPlayerDialog(playeridDIALOG_UNUSEDDIALOG_STYLE_MSGBOX"Login""You've mistyped your password too often (3 times).""Okay""");
            return 
1;
        }
        else  return 
ShowPlayerDialog(playeridDIALOG_LOGINDIALOG_STYLE_PASSWORD"Login""Wrong password!\nPlease enter your password in the field below:""Login""Abort");
    }
}

forward OnPassHash(playerid);
public 
OnPassHash(playerid)
{
    new 
pass[BCRYPT_HASH_LENGTH], query[512], pname[MAX_PLAYER_NAME];
    
GetPlayerName(playeridpnamesizeof(pname));
    
bcrypt_get_hash(pass);
    
mysql_format(g_SQLquerysizeof(query), "INSERT INTO `players`(`username`, `password`) VALUES('%e', '%s')"pnamepass);
    
mysql_tquery(g_SQLquery"OnPlayerRegister""d"playerid);
    return 
1;
}

forward OnPlayerRegister(playerid);
public 
OnPlayerRegister(playerid)
{
    return 
1;

I bet the issue is something stupid, thanks in advance.
__________________
Purchasable Scripting Services Available, Inbox me with your Requests.
My Project Progress Tracker
My Work
Link
Information
S-Store System V2 LinkIngame Store in Dialogs

Last edited by SkyFlare; 28/06/2020 at 10:02 AM.
SkyFlare is offline   Reply With Quote
Old 28/06/2020, 12:05 AM   #2
Kwarde
High-roller
 
Kwarde's Avatar
 
Join Date: Nov 2009
Location: The Netherlands
Posts: 2,749
Reputation: 1686
Default Re: bCrypt Migration...

I never used bcrypt so I probably can't help you (didn't look at the code yet though), but wondering, why not use SHA256_PassHash() (included in SAMP since 0.3.7 R1)
https://wiki.sa-mp.com/wiki/SHA256_PassHash
__________________
When the opportunity presents itself to flip-a da table, uh, you flip-a da table.

Discord: Kwarde#8009
Kwarde is offline   Reply With Quote
Old 28/06/2020, 12:09 AM   #3
SkyFlare
Huge Clucker
 
SkyFlare's Avatar
 
Join Date: Apr 2015
Location: NZ
Posts: 221
Reputation: 43
Default Re: bCrypt Migration...

Quote:
Originally Posted by Kwarde View Post
I never used bcrypt so I probably can't help you (didn't look at the code yet though), but wondering, why not use SHA256_PassHash() (included in SAMP since 0.3.7 R1)
https://wiki.sa-mp.com/wiki/SHA256_PassHash
Wanted to see what bCrypt was like, really wanna give it a fair run for its usage, apparently it's harder to crack, if I can't manage to sort it out I will probably give passhash a go.
__________________
Purchasable Scripting Services Available, Inbox me with your Requests.
My Project Progress Tracker
My Work
Link
Information
S-Store System V2 LinkIngame Store in Dialogs
SkyFlare is offline   Reply With Quote
Old 28/06/2020, 09:11 AM   #4
GameOvr
Huge Clucker
 
GameOvr's Avatar
 
Join Date: Jun 2018
Posts: 296
Reputation: 9
Default Re: bCrypt Migration...

bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

I didnt look much at the code just cought this, if it's not the one which cause the problem.. post "lol, its not the problem". I'll analyze then .

You are right. bcrypt is very secure almost like impossible to crack but also horribly slow.. which gives a bad sense for players about the server.
__________________
GameOvr is offline   Reply With Quote
Old 28/06/2020, 09:44 AM   #5
SkyFlare
Huge Clucker
 
SkyFlare's Avatar
 
Join Date: Apr 2015
Location: NZ
Posts: 221
Reputation: 43
Default Re: bCrypt Migration...

Fixed it... and yes it was something stupid, I got me a coffee :P wake up SkyFlare lol
Incase anyone else seems to have a issue with bCrypt this was the issue.

PHP Code:
bcrypt_check(unhashed_passpPass"OnPassCheck""dd",playeridPlayer[playerid][Password]); 
Changed to now execute like this.

PHP Code:
bcrypt_check(unhashed_passPlayer[playerid][Password], "OnPassCheck""d"playerid); 
The way bcrypt_check works is it checks your unhashed password (inputtext)
and then gets the hash(from MySQL or Enumerator)
then you get the result, however I was checking Unhashed password, for a empty string "pPass", not the Hashed Password.



EDIT: Just seen your Response now GameOvr.

Quote:
Originally Posted by GameOvr View Post
bcrypt_check(unhashed_pass, pPass, "OnPassCheck", "dd",playerid, Player[playerid][Password]);

I didnt look much at the code just cought this, if it's not the one which cause the problem.. post "lol, its not the problem". I'll analyze then .

You are right. bcrypt is very secure almost like impossible to crack but also horribly slow.. which gives a bad sense for players about the server.
yeah it was the issue lol, I do see some slowness there, however I believe you can lower its strength to begin with, and also rehash without players ever knowing, so you can slowly increase its hash and rehash passwords over time, they will get used to the login speed lmao although new players will think its crap
__________________
Purchasable Scripting Services Available, Inbox me with your Requests.
My Project Progress Tracker
My Work
Link
Information
S-Store System V2 LinkIngame Store in Dialogs
SkyFlare is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Plugin] Bcrypt Johnson_boy Plugin Development 44 29/05/2020 08:20 PM
MD5 to Bcrypt - changes hopeonxanny Scripting Help 2 05/05/2020 06:04 PM
BCrypt problem shaneadev Scripting Help 1 31/03/2020 11:31 AM
MySQL and Server migration. Kebab- Scripting Help 4 22/07/2014 04:51 PM
Migration of dudb into MySQL donB Help Archive 6 29/01/2011 07:26 PM


All times are GMT. The time now is 05:37 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.