everyone can login - Printable Version

everyone can login - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Help Archive (https://sampforum.blast.hk/forumdisplay.php?fid=89)
+---- Thread: everyone can login (/showthread.php?tid=203832)

everyone can login - Saurik - 28.12.2010

why does this let anyone login with any password ?

Код:

format(string, sizeof(string), "SELECT * FROM users WHERE User='%s' AND Password = MD5('%s') LIMIT 1", PlayerName, inputtext);
                new escape[140];
	            mysql_real_escape_string(inputtext,escape);
	            new Success = mysql_fetch_int();
              
	             if (Success = true)
                      {
                    // blah blah , logs in the person.

Re: everyone can login - Retardedwolf - 28.12.2010

You're not querying the formatted string also not storing the result and what is

pawn Код:

if ( Success = true )

supposed to do? Why not just

pawn Код:

if ( mysql_num_rows ( ) )

Re: everyone can login - Saurik - 28.12.2010

the rest of the code is correct ?

Re: everyone can login - XPlatform - 28.12.2010

shouldn't it be double equal signs in an if statement?

pawn Код:

if ( Success == true )

Otherwise I think it's just an assignment statement within and if statement. Though my pawn is rusty, just opened SAMP up again today after a year or so.

Re: everyone can login - Retardedwolf - 28.12.2010

I'd say so and why escaping the string after you formatted the string? ( HINT: Escape it before you format )

Re: everyone can login - Saurik - 28.12.2010

i had == didnt work

if ( mysql_num_rows ( ) )
doesnt work either

Re: everyone can login - Retardedwolf - 28.12.2010

pawn Код:

new escape [ 140 ];
                mysql_real_escape_string ( inputtext, escape );

                format ( string, sizeof ( string ), "SELECT * FROM users WHERE User='%s' AND Password = MD5('%s') LIMIT 1", PlayerName, inputtext);
                mysql_query ( string ); //If you're using BlueG's plugin.
                mysql_store_result ( );
                if ( mysql_store_result )
                {
                    mysql_free_result ( );
                    // blah blah , logs in the person.
                }
                else
                {
                    mysql_free_reuslt ( );
                    // blahblah, tells the person they failatlife.
                }

Re: everyone can login - Saurik - 28.12.2010

still lets any password login

Re: everyone can login - XPlatform - 28.12.2010

I'm not familiar with SQL in samp at all... but try this:

pawn Код:

new escape [ 140 ];
                mysql_real_escape_string ( inputtext, escape );

                format ( string, sizeof ( string ), "SELECT * FROM users WHERE User='%s' AND Password = MD5('%s') LIMIT 1", PlayerName, inputtext);
                mysql_query ( string ); //If you're using BlueG's plugin.
                if (mysql_store_result ( ))
                {
                    mysql_free_result ( );
                    // blah blah , logs in the person.
                }
                else
                {
                    mysql_free_reuslt ( );
                    // blahblah, tells the person they failatlife.
                }

Re: everyone can login - Retardedwolf - 28.12.2010

@XPlatform, no and thanks for using my code.