• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

Web MapleBit login script with HeavenMS

LightRyuzaki

LightRyuzaki

Experienced Elementalist
Joined
Sep 2, 2008
Messages
271
Reaction score
4
Would someone be able to assist me in converting this Login script to use Bcrypt for reading the password instead of sha512/sha1?
Code: 
<?php
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
	$is_ajax = $_REQUEST['is_ajax'];
	if(isset($is_ajax) && $is_ajax) {
		if(isset($_COOKIE["block"])) {
			$cookie = json_decode($_COOKIE['block']);
			$time = $cookie->expiry - time();
			echo "wait%" . $time;
			return;
		}
		else {
			if(!isset($_SESSION['attempts'])) {
				$_SESSION['attempts'] = 1;
			}
			else {
				if($_SESSION['attempts'] >= 3) {
					$expiry = time() + 60;
					$cookieData = array("data" => 1, "expiry" => $expiry);
					setcookie("block", json_encode($cookieData), $expiry);
					$_SESSION['attempts'] = 1;
					$time = $expiry - time();
					echo "wait%" . $time;
					return;
				}
				else {
					$_SESSION['attempts']++;
				}
			}
		}
		$u = $mysqli->real_escape_string($_REQUEST['username']);
		$p = $_REQUEST['password'];
		$s = $mysqli->query("SELECT * FROM `accounts` WHERE `name`='".$u."'") or die();
		$i = $s->fetch_assoc();
		if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']) {
			#echo "SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'";
			$userz = $mysqli->query("SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'") or die();
			$auser = $userz->fetch_assoc();
			$checkpname = $mysqli->query("SELECT * FROM ".$prefix."profile WHERE accountid=".$auser['id']."");
			$countcheckpname = $checkpname->num_rows;
			$checkprofile = $checkpname->fetch_assoc();
			$_SESSION['id'] = $auser['id'];
			$_SESSION['name'] = $auser['name'];
			$_SESSION['mute'] = $auser['mute'];
			$_SESSION['email'] = $auser['email'];
			if($countcheckpname == 1) {
				$_SESSION['pname'] =  $checkprofile['name'];
			}
			else {$_SESSION['pname'] = "checkpname";}
			if($auser['webadmin'] == "1") {
				$_SESSION['admin'] = $auser['webadmin'];
			}
			if(isset($auser['gm']) && $auser['gm'] >= $gmlevel) { // Make sure that the gm column exists. If it does, check if gmLevel is above
				$_SESSION['gm'] = $auser['gm'];
			}
			echo "success";
		}
		else {
			// echo "bad password";
		}
	}
	else {
		// echo "not ajax";
	}
}

I have been looking into it but each time i've not been able fix it. Any help would be greatly appreciated.
 
Sort by date Sort by votes
The Best DDoS Protected Servers
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
163
Guests online
11,639
Total visitors
11,802
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,912
Members
281,304
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top