Home/ Questions/Q 8127489
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T07:32:55+00:00

Ive recently get IPBoard board software for my gaming community, I converted it from

  • 0

Ive recently get IPBoard board software for my gaming community, I converted it from SMF.

When I used smf, I used a system to authorize players to register in my game servers, this script called a php script wich made a hash (sha1) of the password the player inputted in the game and sended it back to the script running in the game. Then I checked if the player was registered or not in the forum before letting him play. Well, IPBoard uses a different hash:

$hash = md5( md5( $salt ) . md5( $password ) );

Where:

$hash is the value stored in the database column members_pass_hash.
$salt is the value stored in the database column members_pass_salt.
$password is the plaintext password.

What I am trying is to make a php script that will return to the script in the game the correct hash, and I will compare it later from the game into the database. This is my code:

    <?php

include("mta_sdk.php");
$input = mta::getInput();

 // Configuración de la aplicación

$DB_SERVIDOR = 'localhost:3306';

$DB_USUARIO = 'root';

$DB_CLAVE = 'xxx';

$DB_BASEDATOS = 'ipboard';

$conexion = mysql_connect($DB_SERVIDOR, $DB_USUARIO, $DB_CLAVE);

mysql_select_db($DB_BASEDATOS, $conexion);

mysql_query("SET NAMES 'utf8'");


$sql = "SELECT members_pass_salt FROM ipb_members WHERE name = '".$input[2]."'";

$Res = mysql_query($sql, $conexion);

$rowRes = mysql_fetch_assoc($Res);


$salt = $rowRes['members_pass_salt']
$hash = md5( md5( $salt ) . md5( $input[3] ) );
//$hash = $salt;
// Return encrypted string using MD5
mta::doReturn($hash,$input[1],$input[2],$input[3],$input[4]);

?>

$input variable returns information given by the user who is attemping to play in the game. It is an array like the following:

$input[2] - the username; 
$input[3] - the password (plain text)

the other values are stuff that the game is using, not needed for this.

I succesfully call the php script from the game, and php is sending the information back, but the hash it returns is: “ERROR”

I tried many different ways of doing it but always get the same ERROR message instead the hash.

Some extra information that may be interesting to know:

The game i am talking about is Multi Theft Auto, a multiplayer modification for GTA:SA (maybe someone knows it) and it uses LUA for scripts.

The mta_sdk.php file is the sdk for php developed for this game (to be able to send and recieve information from the game using external php scripts.

Maybe this is not a convencional question. I tried to explain this as better as I can because I know you wont be used to this game and how it works.

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m a little confused – why are you storing passwords as plaintext, and then converting them to md5 using a salt? Forgive me if I’m wrong, but that doesn’t seem like a very sensible approach.

    Try echo’ing back some data to a webpage, or storing it in a debug text file; an easy way to do this is set up a text file on your server, chmod it to 777, and include this code to write out to it;

    $debug_txt = fopen('debug.txt', 'w');
fwrite($debug_tx, $error_here);
fclose($debug_tx);

    To grab the $error_here, the easiest way to do this would be just to throw in a few if statements. i.e:

    if (mysql_select_db($DB_BASEDATOS, $conexion))    
{    
$sql = "SELECT members_pass_salt FROM ipb_members WHERE name = '".$input[2]."'";    
$Res = mysql_query($sql, $conexion); 
// Write out the results to the debugger
// Use a foreach loop with mysql_fetch_assoc if there might be more than one entry.
}
else
{
$error_here = mysql_error();
}

    etc etc.

    With the above, you should at least be able to see what exactly the error is, and be able to combat it.

    • 0