Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Web MapleBit login script with HeavenMS

LightRyuzaki

LightRyuzaki

Experienced Elementalist
Joined
Sep 2, 2008
Messages
271
Reaction score
4
Would someone be able to assist me in converting this Login script to use Bcrypt for reading the password instead of sha512/sha1?
Code: 
<?php
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
	$is_ajax = $_REQUEST['is_ajax'];
	if(isset($is_ajax) && $is_ajax) {
		if(isset($_COOKIE["block"])) {
			$cookie = json_decode($_COOKIE['block']);
			$time = $cookie->expiry - time();
			echo "wait%" . $time;
			return;
		}
		else {
			if(!isset($_SESSION['attempts'])) {
				$_SESSION['attempts'] = 1;
			}
			else {
				if($_SESSION['attempts'] >= 3) {
					$expiry = time() + 60;
					$cookieData = array("data" => 1, "expiry" => $expiry);
					setcookie("block", json_encode($cookieData), $expiry);
					$_SESSION['attempts'] = 1;
					$time = $expiry - time();
					echo "wait%" . $time;
					return;
				}
				else {
					$_SESSION['attempts']++;
				}
			}
		}
		$u = $mysqli->real_escape_string($_REQUEST['username']);
		$p = $_REQUEST['password'];
		$s = $mysqli->query("SELECT * FROM `accounts` WHERE `name`='".$u."'") or die();
		$i = $s->fetch_assoc();
		if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']) {
			#echo "SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'";
			$userz = $mysqli->query("SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'") or die();
			$auser = $userz->fetch_assoc();
			$checkpname = $mysqli->query("SELECT * FROM ".$prefix."profile WHERE accountid=".$auser['id']."");
			$countcheckpname = $checkpname->num_rows;
			$checkprofile = $checkpname->fetch_assoc();
			$_SESSION['id'] = $auser['id'];
			$_SESSION['name'] = $auser['name'];
			$_SESSION['mute'] = $auser['mute'];
			$_SESSION['email'] = $auser['email'];
			if($countcheckpname == 1) {
				$_SESSION['pname'] =  $checkprofile['name'];
			}
			else {$_SESSION['pname'] = "checkpname";}
			if($auser['webadmin'] == "1") {
				$_SESSION['admin'] = $auser['webadmin'];
			}
			if(isset($auser['gm']) && $auser['gm'] >= $gmlevel) { // Make sure that the gm column exists. If it does, check if gmLevel is above
				$_SESSION['gm'] = $auser['gm'];
			}
			echo "success";
		}
		else {
			// echo "bad password";
		}
	}
	else {
		// echo "not ajax";
	}
}

I have been looking into it but each time i've not been able fix it. Any help would be greatly appreciated.
 
Sort by date Sort by votes
The Best DDoS Protected Servers
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
170
Guests online
2,686
Total visitors
2,856
Totals may include hidden visitors.

Forum statistics

Threads
428,894
Messages
4,589,244
Members
279,639
Latest member
Bigtrosifer
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top