FlyingSpoon Posted January 2, 2016 Share Posted January 2, 2016 (edited) I am trying to connect my Login Panel to my IPS Forum Board. I am really confused at this point at what to do, I read through this topic and saw the code. I have connected my server side script to my Forum Database but the problem now is that I think the password hash is incorrect like you know, blowfish. Any ideas how I can connect my login panel to the forum? Here's my current server sided code - local hostname = "0.0.0.0" local database = "*****" local user = "*****" local pass = "*****" function PlayerLogin(username, password) local db = dbConnect("mysql", "dbname="..database..";host="..hostname, user, pass) if db then local query = dbQuery(db, "SELECT members_pass_hash, members_pass_salt FROM mvp_core_members WHERE name = '" .. username .. "' ") local query = dbPoll(query, -1) if #query ~= 0 then local data = query[1] local hash = lowermd5(lowermd5(data.members_pass_salt) .. lowermd5(password)) if hash == data.members_pass_hash then outputDebugString("Correct") else outputDebugString("Incorrect") end else outputDebugString("User not found") end end destroyElement(db) end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) Edited January 3, 2016 by Guest Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 There are two ways - edit system/member/member.php in IPS (it might get overridden when updating IPS later though) and edit authentication (change to MD5 hash) - you'll also have to reset your password. The other way is to callRemote PHP that would do all database and password verification and report back to the server Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 Okay, if I was to use callRemote how would I go about doing this? Where do I start? I put the PHP SDK (mta_sdk.php) on my forums then? Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 // PHP include 'mta_sdk.php'; // Correct path if you use a different one $servername = "127.0.0.1"; // Change these details $username = "dbuser"; // Change these details $password = "dbuserpassword"; // Change these details $dbname = "dbschema"; // Change these details $table = "core_members"; $accountColumn = "members_seo_name"; // change to "email" if you prefer logging in through email $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { mta::doReturn(false, "Connection failed: " . mysqli_connect_error()); // Account not found #die("Connection failed: " . mysqli_connect_error()); } $input = mta::getInput(); if (isset($input[0]) && isset($input[1]) && isset($input[2]) && $input[0] == "verifyPasswords" ) { $sql = "SELECT `members_pass_salt`, `members_pass_hash` FROM `".$table."` WHERE `".$accountColumn."`='".strtolower($input[1])."' LIMIT 1"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if (crypt($input[2], '$2a$13$' . $row['members_pass_salt']) == $row['members_pass_hash']) { mta::doReturn(true, 0); // Password correct } else { mta::doReturn(false, 1); // Passwords don't match } } else { mta::doReturn(false, 2); // Account not found } } // Author: MrTasty -- Lua local username, password = "johnsmith", "password123" callRemote("URL to .php file", function(response, extra) if response == true then -- password correct else if extra == 1 then -- password incorrect elseif extra == 2 then -- account not found end end end, "verifyPasswords", username, password) Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 function PlayerLogin(username, password) callRemote("[Link]", function(response, extra) if response == true then outputDebugString("Right Pass.") else if extra == 1 then outputDebugString("Wrong Pass.") elseif extra == 2 then outputDebugString("Not found.") end end end, "verifyPasswords", username, password) end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) Doesn't work, or output anything Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 It works for me (tested through runcode and outputServerLog). Have you prefixed your PHP with <?php If not, you need to do that. Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 Yes, I just added them, but same thing. Nothing still outputted. function PlayerLogin(username, password) callRemote("[Link]", function(response, extra) if response == true then outputDebugString("Right Pass.") else if extra == 1 then outputDebugString("Wrong Pass.") elseif extra == 2 then outputDebugString("Not found.") end end end, "verifyPasswords", username, password) end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 Try using the following as callback […] function(...) outputDebugString(toJSON({...})) end […] Also, try checking the error log on your HTTP server. There might be an error in the PHP file itself, especially if the above code outputs something like [ [ "Error", "500" ] ] in the debug Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 function PlayerLogin(username, password) callRemote("[link]", function(response, extra) if response == true then outputDebugString(toJSON({"Right Password!"})) else if extra == 1 then outputDebugString(toJSON({"Wrong Password!"})) elseif extra == 2 then outputDebugString(toJSON({"User doesnt exist!"})) end end end, "verifyPasswords", username, password) end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) Did I do it wrong? Because nothing is outputted still. Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 <?php // PHP include 'mta_sdk.php'; // Correct path if you use a different one $servername = "*******"; // Change these details $username = "*******; // Change these details $password = "*******"; // Change these details $dbname = "********"; // Change these details $table = "mvp_core_members"; $accountColumn = "name"; // change to "email" if you prefer logging in through email $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { mta::doReturn(false, "Connection failed: " . mysqli_connect_error()); // Account not found #die("Connection failed: " . mysqli_connect_error()); } $input = mta::getInput(); if (isset($input[0]) && isset($input[1]) && isset($input[2]) && $input[0] == "verifyPasswords" ) { $sql = "SELECT `members_pass_salt`, `members_pass_hash` FROM `".$table."` WHERE `".$accountColumn."`='".strtolower($input[1])."' LIMIT 1"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if (crypt($input[2], '$2a$13$' . $row['members_pass_salt']) == $row['members_pass_hash']) { mta::doReturn(true, 0); // Password correct } else { mta::doReturn(false, 1); // Passwords don't match } } else { mta::doReturn(false, 2); // Account not found } } // Author: MrTasty ?> Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 The above is my PHP File and the other is my code. Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 I meant like callRemote("[link]", function(...) outputDebugString(toJSON({...})) end, "verifyPasswords", username, password) Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 callRemote("[link]", function(response, extra) outputDebugString(toJSON({"Success!"})) end, "verifyPasswords", username, password) Like this? Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 No no, don't replace the ellipsis, it's part of Lua syntax Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 Ohh...sorry my bad. Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 It outputs Error 500 Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 (edited) That is indeed an internal error (within the PHP). Going to look at the PHP code. Update: At line 6, in the disguised $username, you're missing an ending double-quote-mark — is that just a mistake when censoring details or is that in the actual PHP as-well? Edited January 2, 2016 by Guest Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 function PlayerLogin(username, password) callRemote("[LINK]", function(...) outputDebugString(toJSON({...})) end, "verifyPasswords", username, password) if response == true then outputDebugString(toJSON({"Right Password!"})) elseif extra == 1 then outputDebugString(toJSON({"Wrong Password!"})) elseif extra == 2 then outputDebugString(toJSON({"User doesnt exist!"})) end end addEvent("onRequestLogin",true) addEventHandler("onRequestLogin",getRootElement(),PlayerLogin) This is my LUA Sided Script just in-case! Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 There's a double quoted mark, it's just on MTA Forums, I accidentally removed it. But on the original script, there is a double-ended quoted mark. Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 <?php // PHP include 'mta_sdk.php'; // Correct path if you use a different one $servername = "localhost"; // Change these details $username = "forum"; // Change these details $password = "******"; // Change these details $dbname = "forum"; // Change these details $table = "mvp_core_members"; $accountColumn = "name"; // change to "email" if you prefer logging in through email $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { mta::doReturn(false, "Connection failed: " . mysqli_connect_error()); // Account not found #die("Connection failed: " . mysqli_connect_error()); } $input = mta::getInput(); if (isset($input[0]) && isset($input[1]) && isset($input[2]) && $input[0] == "verifyPasswords" ) { $sql = "SELECT `members_pass_salt`, `members_pass_hash` FROM `".$table."` WHERE `".$accountColumn."`='".strtolower($input[1])."' LIMIT 1"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); if (crypt($input[2], '$2a$13$' . $row['members_pass_salt']) == $row['members_pass_hash']) { mta::doReturn(true, 0); // Password correct } else { mta::doReturn(false, 1); // Passwords don't match } } else { mta::doReturn(false, 2); // Account not found } } // Author: MrTasty ?> Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 Is mta_sdk.php in the same directory as my php file? Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 Yes, it's in the same directory. Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 Got it to work! I accidentally used the wrong mta_sdk.php (MACOSX) Which was the wrong one. Link to comment
FlyingSpoon Posted January 2, 2016 Author Share Posted January 2, 2016 Thank you so much, this helped a lot. One last question how can I fetch data like, say if I want to save money, because I see this is all done via callRemote, say if I was to save money in the database, how would I get that type of data? Link to comment
Addlibs Posted January 2, 2016 Share Posted January 2, 2016 (edited) Change the SQL query to select all columns (SELECT *) and then in the logon successful mta::doReturn add more arguments in the format $row['columnName'] add another argument, $row. They will be sent over as additional parameters to the callback function in Lua. Also, nota bene that column 'name' (which you're using) stores a case-sensitive username, and my PHP transforms the input into lowercase. Either use 'members_seo_name' or remove strtolower() // don't remove what's between the brackets from the query in the WHEN part of the statement. Edited January 2, 2016 by Guest Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now