SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Scripting Help

Reply
 
Thread Tools Display Modes
Old 18/12/2019, 08:45 PM   #1
EmilLykke
Huge Clucker
 
EmilLykke's Avatar
 
Join Date: Aug 2013
Posts: 210
Reputation: 30
Default bcrypt / php problem

Today I began to build a UCP, consisting of a login and register.
The gamemode currently works with a master account system, allowing the accounts registered to function as a UCP account. Upon a registration in-game, the gamemode uses bcrypt hashing the passwords.

Code:
$options = [ 
    'cost' => 12, 
]; 

$password = password_hash($_POST['password'], PASSWORD_BCRYPT, $options);
My request here is, can somebody help me figuring out, how I input my current settings of accounts into a functioning UCP?

The PHP page will output something similar to the gamemode, but it's not quite the same... Does anybody have a solution?

The bcrypt cost is currently set to 12.

pawn Code:
// on dialog response, register
bcrypt_hash(inputtext, BCRYPT_COST, "OnAccountPasswordHash", "d", playerid);

public OnAccountPasswordChange(playerid) {
    new msg[128];
    new hash[BCRYPT_HASH_LENGTH];
    bcrypt_get_hash(hash);
    mysql_format(sqlHandle, msg, sizeof(msg), "UPDATE `users` SET `password` = '%e' WHERE `id` = '%d'", hash, GetPVarInt(playerid, "AccountID"));
    mysql_function_query(sqlHandle, msg, false, "", "");
    SendClientMessage(playerid, COLOR_LIGHTRED, "* Your password has been changed.");
    format(msg, sizeof(msg), "%s changed %s password.", PlayerInfo[playerid][pName], HisHer(playerid));
    return 1;
}
__________________

Last edited by EmilLykke; 18/12/2019 at 10:06 PM.
EmilLykke is offline   Reply With Quote
Old 18/12/2019, 10:12 PM   #2
Kaliber
High-roller
 
Kaliber's Avatar
 
Join Date: Jun 2012
Location: Localhost
Posts: 1,092
Reputation: 156
Default Re: bcrypt / php problem

You just have to use:

PHP Code:
if (password_verify($pw$hash)) {
    echo 
'Password is valid!';
} else {
    echo 
'Invalid password.';

Where

$pw = The password from the user

and

$hash = The hash from the database / samp-server
__________________
Kaliber is offline   Reply With Quote
Old 18/12/2019, 10:59 PM   #3
EmilLykke
Huge Clucker
 
EmilLykke's Avatar
 
Join Date: Aug 2013
Posts: 210
Reputation: 30
Default Re: bcrypt / php problem

Can you tell me how exactly I do that, when the file looks like this:
Code:
<?php
session_start();
require_once('config.php');

$options = [ 
    'cost' == 12, 
]; 
$username = $_POST['username'];
$password = password_verify($_POST['password'], PASSWORD_BCRYPT, $options);

echo $password;


$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1";
$stmtselect  = $db->prepare($sql);
$result = $stmtselect->execute([$username, $password]);

if($result){
	$user = $stmtselect->fetch(PDO::FETCH_ASSOC);
	if($stmtselect->rowCount() > 0)
	{
		$_SESSION['userlogin'] = $user;
		echo '1';
	}
	else
	{
		echo 'There no user for that combo';		
	}
}
else
{
	echo 'There were errors while connecting to database.';
}
__________________
EmilLykke is offline   Reply With Quote
Old 19/12/2019, 12:11 AM   #4
CXdur
Big Clucker
 
CXdur's Avatar
 
Join Date: Jun 2014
Location: Norway
Posts: 57
Reputation: 6
Default Re: bcrypt / php problem

Quote:
Originally Posted by EmilLykke View Post
Can you tell me how exactly I do that, when the file looks like this:
Code:
<?php
session_start();
require_once('config.php');

$options = [ 
    'cost' == 12, 
]; 
$username = $_POST['username'];
$password = password_verify($_POST['password'], PASSWORD_BCRYPT, $options);

echo $password;


$sql = "SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1";
$stmtselect  = $db->prepare($sql);
$result = $stmtselect->execute([$username, $password]);

if($result){
	$user = $stmtselect->fetch(PDO::FETCH_ASSOC);
	if($stmtselect->rowCount() > 0)
	{
		$_SESSION['userlogin'] = $user;
		echo '1';
	}
	else
	{
		echo 'There no user for that combo';		
	}
}
else
{
	echo 'There were errors while connecting to database.';
}
A password hash generated with bcrypt will not be the same every time. Also, the password_verify method takes just two arguments. The password you want to test, and the current password hash.

Code:
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';

if (password_verify('rasmuslerdorf', $hash)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}
Since the password is not the same every time, you should not use the hash as a part of the select query.
CXdur is offline   Reply With Quote
Old 19/12/2019, 09:31 PM   #5
Danbo7
Little Clucker
 
Join Date: Nov 2019
Posts: 21
Reputation: 0
Default Re: bcrypt / php problem

Add my discord Danbo#3250
Danbo7 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Plugin] Bcrypt Johnson_boy Plugin Development 44 29/05/2020 08:20 PM
bcrypt version check failed feheristi97 Scripting Help 4 17/08/2019 09:05 PM
BCrypt plugin issue solstice_ Scripting Help 1 28/03/2019 11:17 PM
Bcrypt server crash GloomY Scripting Help 1 02/12/2018 10:35 AM


All times are GMT. The time now is 12:18 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.