md5() hash keys?

[cokacola]

Hello, I am currently rewriting my login system to work with a current database of users, but I have run into a problem.

Users must sign up on the website, but when they sign up, PHP encrypts the password with the format md5(password,key);

I tried doing that in MTA, but md5(password) and md5(password,key) appeared to return the exact same output.

Is this intentional, or a bug?

Anyway, is there someway around this? because if not, it may become a problem for me.

Thanks, if you can help

P.S. When I saw the new site and forum theme, I loved it. Also, its nice to see MTA up there in the 15 modders thing, with garry himself(love playing Garry's Mod)

EDIT:

One more thing, does MTA use the Gamespy protocol or something similar(I am trying to config a game panel script, but it has not custom config for MTA)

EDIT2:

Wow, I am blind.

There they are in the config for the script: "Multi Theft Auto", "Multi Theft Auto: San Andreas" and "Multi Theft Auto: Vice City".

How did I miss that...

So, never mind the protocol thing.

[Gamesnert]

The md5 in MTA only has one parameter: The string to hash.

[dzek (varez)]

Users must sign up on the website, but when they sign up, PHP encrypts the password with the format md5(password,key);

I tried doing that in MTA, but md5(password) and md5(password,key) appeared to return the exact same output.

i dont understand you..

https://wiki.multitheftauto.com/wiki/Md5

http://php.net/manual/en/function.md5.php

what is that "key"?

if you will do md5(some_string, whatever) it will count md5 hash from some_string and ignore the rest ... ? becouse it have only one argument..

[cokacola]

The PHP MD5 says it only has 1 argument, but if you add 2, it seems to hash them togeather or something, but MTA's MD5 returns the same string.

I know, as I use the PHP's MD5 all the time.

EDIT:

I might try and add the password and the key togeather with .. to see if it returns the same as PHP would with pass,key.

[dzek (varez)]

joining strings in php looks like:

$string1.$string2

if you use comma, it's 2nd argument. php uses 2 arguments for md5! read manual.

http://php.net/manual/en/function.md5.php

MTA's Lua uses 1 argument, everything else is ignored~

[cokacola]

Yea, thats what I thought.

I tried the 2, actually, in php I done md5("lol","25");

and got an overly hashed password, and in MTA I tried md5("lol".."25"); and the 2 returned completely different results.

Also, MD5 in MTA returns uppercase, where PHP returns lowercase.

I may need to use that PHP sdk and send the request to PHP...

[dzek (varez)]

you still dont know what im talking about:

if you do in lua

md5("lol".."25")

on php it's:

md5("lol"."25")

NOT

md5("lol", "25") // THIS IS BAD!

for joining strings in php theres " . " not " , " !

[cokacola]

Yea, I am aware of that.

A comma is for seperating arguments, but a Dot is for concatenating things.

I have used PHP for a while(years), but the last time I coded anything in MTA's Lua was ages ago.

[dzek (varez)]

tell me what are you trying to do

i'm working with php and lua every day

[cokacola]

I am simply trying to encrypt a password to work with a password in a mysql database, but the password in the database was encrypted using PHP, and a very long hash key(WHY do I keep mixing encrypt and hash up? ^.^), but the password generated with PHP was done like this:

include("acckey.php");
md5($password,$acckey);

Of course, that sure isn't the entire registration script.

So, I am currently looking up the PHP SDK script in the wiki, for MTA, so I can have PHP encrypt it the same way it does when someone registers.

Also, I am not so great with PHP's file functions, so if you are, do you mind if I PM you a question about something?

[dzek (varez)]

databases have own md5 functions too

use it?

like

"SELECT * FROM users WHERE login='"..my_login.."' MD5(pass)='"..my_pass.."' LIMIT 1"

[cokacola]

Never knew that, but does the SQL version of MD5 work like PHP, and take 2 parameters?

[dzek (varez)]

please.. forget the 2nd parametr in php..

you dont need it!

one parametr

[cokacola]

Well, if I simply "forget" it, then all the members will need to regenerate their passwords, which is why I haven't done that.

[dzek (varez)]

dude, you just need to know how it's working

please explain what you are trying to do, and i can help you

[Jason_Gregory]

md5 is nice but if you use a SQL Database for example phpmyAdmin MySQL you should swap

to sha1 and sha2. It´s even more secure than md5 hash, im using it myself to save our Accounts.

.

[dzek (varez)]

md5 is nice but if you use a SQL Database for example phpmyAdmin MySQL you should swap

to sha1 and sha2. It´s even more secure than md5 hash, im using it myself to save our Accounts.

.

http://www.golubev.com/hashgpu.htm

dont use md5 and sha1 if you care about security..

but..

its game..

nobody will hack the server, to gain access to database, then get md5 hashes to recover original passwords, and then... i dont know what.. steal virtual money from one rpg server and give all to one player?

ban & database backup restore

[cokacola]

In this case, I would not worry about hacking, because the server is local, and not on the internet.

The only person here who might have a chance of hacking it is me, and I don't really need to do that, because I already have the database password ^.^

[Jason_Gregory]

steal virtual money from one rpg server and give all to one player?

yep i would do that.

The point is many Player/Administrators uses the same passwords for the Board / Forum / Email Account

and Mta Server. It´s just for preventing problems

And you can also use sha1 + sha2 Hash´s + other Hash´s = unbreakable.

[dzek (varez)]

everything is breakable