Hmm.
When a player logins:
function performLogin( source, token, isPasswordAuth, ip )
if source and ( isPasswordAuth or not triedTokenAuth[ source ] ) then
triedTokenAuth[ source ] = true
if token then
if #token == 80 then
local info = exports.sql:query_assoc_single( "SELECT userID, username, banned, activationCode, SUBSTRING(LOWER(SHA1(CONCAT(userName,SHA1(CONCAT(password,salt))))),1,30) AS salts, userOptions FROM wcf1_user WHERE CONCAT(SHA1(CONCAT(username, '%s')),SHA1(CONCAT(salt, SHA1(CONCAT('%s',SHA1(CONCAT(salt, SHA1(CONCAT(username, SHA1(password)))))))))) = '%s' LIMIT 1", getPlayerHash( source, ip ), getPlayerHash( source, ip ), token )
p[ source ] = nil
if not info then
if isPasswordAuth then
triggerClientEvent( source, getResourceName( resource ) .. ":loginResult", source, 1 ) -- Wrong username/password
end
return false
You could let them login with PHP, and then takes the SHA1 hash of the password, then compare it to the hash value in the MySQL database.