Syntrax# Posted December 5, 2015 Share Posted December 5, 2015 Hello, I've started to script my own login panel,wich will use the account data from the forums. But i've encoutered some problems with recieving the Password.It won't give the actual password and the hash keeps failing. Database = dbConnect( "mysql", "dbname=safgrpg;host=127.0.0.1", "root", "") function PlayerLogin(username,password,checksave) if not (username == "") then if not (password == "") then local account = getAccount ( username, password ) if ( account ~= false ) then logIn(source, account, password) triggerClientEvent (source,"hideMain",getRootElement()) setElementData(source,"loggedIn", true) setElementData(source,"username", getAccountName(account)) setElementData(source, "gang", getAccountData(account, "gang")) local realTime = getRealTime() local month = tostring(realTime.month + 1) local monthday = tostring(realTime.monthday) if #month == 1 then month = "0" .. month end if #monthday == 1 then monthday = "0" .. monthday end local timestamp = realTime.year + 1900 .. "-" .. month .. "-" .. monthday setAccountData(account, "lastlogin", timestamp) if checksave == true then triggerClientEvent(source,"saveLoginToXML",getRootElement(),username,password) else triggerClientEvent(source,"resetSaveXML",getRootElement(),username,password) end else --triggerClientEvent(source,"DrawLoginPasswordError",getRootElement()) end else --triggerClientEvent(source,"DrawNoPasswordLoginError",getRootElement())-- Enter Password end else --triggerClientEvent(source,"DrawNoUsenrameLoginError",getRootElement()) -- Enter Username end end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) function lowermd5(val) return string.lower(md5(val)) end salt = "" password = "" username = "user" local hash = "pass" addEventHandler('onResourceStart',resourceRoot,function() local query = dbQuery(Database, "SELECT members_pass_salt,member_login_key,members_pass_hash FROM core_members WHERE name='Syntrax#'") local result = dbPoll(query,-1) if result then for _,row in ipairs(result) do for column, value in pairs ( row ) do outputConsole(column.. " " ..value) if column == "members_pass_salt" then salt = value outputChatBox("Salt Retrived") elseif column == "member_login_key" then password = value elseif column == "members_pass_hash" then mysqlhash = value end end end runHash() else outputChatBox("DB Query Failed") end end) function runHash() outputConsole(lowermd5(salt).." "..lowermd5(password)) outputConsole(lowermd5(lowermd5(salt)..lowermd5(password))) local hash = lowermd5(lowermd5(salt)..lowermd5(password)) outputConsole(hash.." == "..mysqlhash) if hash == mysqlhash then outputChatBox("Hash successful") else outputChatBox("Hash unsuccessful") end end Thank you for reading and maybe feel free to help me,it's kinda urgent Link to comment
sanyisasha Posted December 5, 2015 Share Posted December 5, 2015 Try search for the forum encryption. For example smf i mean use SH256. The secound problem: Don't cross ACL and MySQL. You use addAccount (ACL) and dbConnect(MySQL). Try use Elements. Like: setElementData(player,"username","sasha"). Learn more about this: https://wiki.multitheftauto.com/wiki/Element/Player And: https://wiki.multitheftauto.com/wiki/SetElementData If you need more help, maybe search me on facebook: https://www.facebook.com/SanyiSasha Link to comment
Syntrax# Posted December 5, 2015 Author Share Posted December 5, 2015 Try search for the forum encryption.For example smf i mean use SH256. The secound problem: Don't cross ACL and MySQL. You use addAccount (ACL) and dbConnect(MySQL). Try use Elements. Like: setElementData(player,"username","sasha"). Learn more about this: https://wiki.multitheftauto.com/wiki/Element/Player And: https://wiki.multitheftauto.com/wiki/SetElementData If you need more help, maybe search me on facebook: https://www.facebook.com/SanyiSasha the script aboe the actual MYSQL part is good,it doesn't has to be changed etc,i only need to retrieve the Password from IPB in order to let the player login with their forum account Link to comment
.:HyPeX:. Posted December 5, 2015 Share Posted December 5, 2015 IPB Hashes the passwords for security reasons. This function checks if the player's input username & password are correct in the forum and logs the player into the same-name server account, changing it its password to the forum's one or creating it if necessary. You should check for the forum database if the fields are the same, since they tend to change depending on the IPB version. Up to line 35 its all the password process if you want to only look for that. function PlayerLogin(username,password,checksave) if not (username == "") then username = string.lower(username) if not (password == "") then local query = dbQuery(function(qh,source,username,password) local result, num_affected_rows, last_insert_id = dbPoll(qh,0) if result then local salt,mysqlhash = "","","" local Nsalt,Nhash = nil,nil for _,row in ipairs(result) do for column, value in pairs ( row ) do if column == "members_pass_salt" then salt = value Nsalt = true elseif column == "members_pass_hash" then mysqlhash = value Nhash = true elseif column == "member_id" then member_id = value end end end if not Nsalt or not Nhash then triggerClientEvent(source,"LoginR",resourceRoot,"Login","user") return end if salt and mysqlhash and password then local hash = lowermd5(lowermd5(salt)..lowermd5(password)) if hash == mysqlhash then if getAccount(username) then local acc = getAccount ( username, password ) if ( account ~= false ) then triggerClientEvent(source,"LoginR",resourceRoot,"Login","success") local account = getAccount ( username,password) if ( account ~= false) and (account ~= nil) then logIn(source, account, password) setCameraTarget(source, source) Logged(source,member_id) else setAccountPassword(getAccount(username), password) local account = getAccount(username,password) logIn(source, account, password) Logged(source,member_id) setCameraTarget(source, source) end else setAccountPassword(getAccount(username), password) triggerClientEvent(source,"LoginR",resourceRoot,"Login","success") local account = getAccount ( username,password) logIn(source, account, password) Logged(source,member_id) setCameraTarget(source, source) end else addAccount(username,password) triggerClientEvent(source,"LoginR",resourceRoot,"Login","success") local account = getAccount ( username,password) logIn(source, account, password) Logged(source,member_id) setCameraTarget(source, source) end else triggerClientEvent(source,"LoginR",resourceRoot,"Login","pass") end end else local error_code,error_msg = num_affected_rows,last_insert_id end end,{source,username,password},Database, "SELECT members_pass_salt,members_pass_hash,member_id FROM members WHERE name='"..username.."'") else triggerClientEvent(source,"LoginR",resourceRoot,"Login","pass") end else triggerClientEvent(source,"LoginR",resourceRoot,"Login","user") end end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) EDIT: lowermd5 usefull function: function lowermd5(val) return string.lower(md5(val)) end Link to comment
Syntrax# Posted December 22, 2015 Author Share Posted December 22, 2015 IPB Hashes the passwords for security reasons.This function checks if the player's input username & password are correct in the forum and logs the player into the same-name server account, changing it its password to the forum's one or creating it if necessary. You should check for the forum database if the fields are the same, since they tend to change depending on the IPB version. Up to line 35 its all the password process if you want to only look for that. function PlayerLogin(username,password,checksave) if not (username == "") then username = string.lower(username) if not (password == "") then local query = dbQuery(function(qh,source,username,password) local result, num_affected_rows, last_insert_id = dbPoll(qh,0) if result then local salt,mysqlhash = "","","" local Nsalt,Nhash = nil,nil for _,row in ipairs(result) do for column, value in pairs ( row ) do if column == "members_pass_salt" then salt = value Nsalt = true elseif column == "members_pass_hash" then mysqlhash = value Nhash = true elseif column == "member_id" then member_id = value end end end if not Nsalt or not Nhash then triggerClientEvent(source,"LoginR",resourceRoot,"Login","user") return end if salt and mysqlhash and password then local hash = lowermd5(lowermd5(salt)..lowermd5(password)) if hash == mysqlhash then if getAccount(username) then local acc = getAccount ( username, password ) if ( account ~= false ) then triggerClientEvent(source,"LoginR",resourceRoot,"Login","success") local account = getAccount ( username,password) if ( account ~= false) and (account ~= nil) then logIn(source, account, password) setCameraTarget(source, source) Logged(source,member_id) else setAccountPassword(getAccount(username), password) local account = getAccount(username,password) logIn(source, account, password) Logged(source,member_id) setCameraTarget(source, source) end else setAccountPassword(getAccount(username), password) triggerClientEvent(source,"LoginR",resourceRoot,"Login","success") local account = getAccount ( username,password) logIn(source, account, password) Logged(source,member_id) setCameraTarget(source, source) end else addAccount(username,password) triggerClientEvent(source,"LoginR",resourceRoot,"Login","success") local account = getAccount ( username,password) logIn(source, account, password) Logged(source,member_id) setCameraTarget(source, source) end else triggerClientEvent(source,"LoginR",resourceRoot,"Login","pass") end end else local error_code,error_msg = num_affected_rows,last_insert_id end end,{source,username,password},Database, "SELECT members_pass_salt,members_pass_hash,member_id FROM members WHERE name='"..username.."'") else triggerClientEvent(source,"LoginR",resourceRoot,"Login","pass") end else triggerClientEvent(source,"LoginR",resourceRoot,"Login","user") end end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) EDIT: lowermd5 usefull function: function lowermd5(val) return string.lower(md5(val)) end What Does qh means because i'm getting this error: Bad Argument @ 'dbQuery' [Expected db-connection at argument 3, got nil] Link to comment
.:HyPeX:. Posted December 23, 2015 Share Posted December 23, 2015 You're missing the DB connection at the top of the script. qh is the return you get from the dbQuery. I.e. Database = dbConnect("mysql","dbname=d69588_forumm;host=127.0.0.1", "root","4rpL=VY&D7k#qcu") You might get lost due to how it is arranged; it is a function and the end of the dbQuery its at the bottom, look at example 4 from dbQuery Link to comment
DBY Posted December 23, 2015 Share Posted December 23, 2015 https://www.invisionpower.com/support/g ... board-r130 Try this: function lowermd5(val) return string.lower(md5(val)) end -- HOST, DATABASE, USER, PASSWORD, PORT local mysqlForumInfo = {"localhost", "testforo", "root", "root", 3306} --Here you should put your MYSQL connection data. function PlayerLogin(username, password) local host, database, user, pass, port = unpack(mysqlForumInfo) local db = dbConnect( "mysql", "host=" .. host .. ";port=" .. port .. ";dbname=" .. database, user, pass, "share=1", "autoreconnect=1" ) if db then local query = dbQuery(db, "SELECT members_pass_hash, members_pass_salt FROM boardmembers WHERE name = '" .. username .. "' ") local query = dbPoll(query, -1) if #query ~= 0 then local data = query[1] local hash = lowermd5(lowermd5(data.members_pass_salt) .. lowermd5(password)) if hash == data.members_pass_hash then outputDebugString("Correct") else outputDebugString("Incorrect") end else outputDebugString("User not found") end end destroyElement(db) end Link to comment
Syntrax# Posted December 24, 2015 Author Share Posted December 24, 2015 https://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130Try this: function lowermd5(val) return string.lower(md5(val)) end -- HOST, DATABASE, USER, PASSWORD, PORT local mysqlForumInfo = {"localhost", "testforo", "root", "root", 3306} --Here you should put your MYSQL connection data. function PlayerLogin(username, password) local host, database, user, pass, port = unpack(mysqlForumInfo) local db = dbConnect( "mysql", "host=" .. host .. ";port=" .. port .. ";dbname=" .. database, user, pass, "share=1", "autoreconnect=1" ) if db then local query = dbQuery(db, "SELECT members_pass_hash, members_pass_salt FROM boardmembers WHERE name = '" .. username .. "' ") local query = dbPoll(query, -1) if #query ~= 0 then local data = query[1] local hash = lowermd5(lowermd5(data.members_pass_salt) .. lowermd5(password)) if hash == data.members_pass_hash then outputDebugString("Correct") else outputDebugString("Incorrect") end else outputDebugString("User not found") end end destroyElement(db) end Still getting the Debug error Incorrect,means the Hash isn't equal to the data.members_pass_salt, i'm using IPB 4.1.5.1 and not the older version if that is kinda important since they update their security Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now