<?php
//SELECT COUNT(*)
if(!isset($_SESSION["kasutaja"]) && !isset($_POST["name"]))
{
echo '
<form name="input" action="index.php?page=home" method="post">
<h3>Login</h3>';
if(isset($_SESSION["JLO"]))
{
echo '<p><font color="green">You have been logged out!</font></p>';
unset($_SESSION["JLO"]);
}
if($page == "stats")
{
echo "<br />
<ul>
<li><a href='?page=bans'>Bans</a></li>
<li><a href='?page=players'>Players</a></li>
<li><a href='?page=top'>Top Stats</a></li>
</ul>";
}
else
{
echo'
<p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
<p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
<p><input class="login" name="login" type="submit" value="Login" /></p>
</form>';
}
}
else if(isset($_POST["name"]))
{
$kasutaja = $_POST["name"];
$pass = $_POST["pass"];
$querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja'";
$result = mysql_query($querytxt);
$nouser = mysql_num_rows($result);
$row = mysql_fetch_row($result);
if($nouser == 0)
{
if($page == "stats")
{
echo "<br />
<ul>
<li><a href='?page=bans'>Bans</a></li>
<li><a href='?page=players'>Players</a></li>
<li><a href='?page=top'>Top Stats</a></li>
</ul>";
}
else
{
echo '
<form name="input" action="index.php?page=home" method="post">
<h3>Login</h3>
<p><font color="red">User doesnt exist!</font></p>
<p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
<p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
<p><input class="login" name="login" type="submit" value="Login" /></p>
</form>';
}
}
else if($pass != $row[1])
{
if($page == "stats")
{
echo "<br />
<ul>
<li><a href='?page=bans'>Bans</a></li>
<li><a href='?page=players'>Players</a></li>
<li><a href='?page=top'>Top Stats</a></li>
</ul>";
}
else
{
echo '
<form name="input" action="index.php?page=home" method="post">
<h3>Login</h3>
<p><font color="red">Wrong password!</font></p>
<p style="padding: 0 0 9px 0;"><input class="login2" type="text" name="name" placeholder="Username"</p>
<p style="padding: 0 0 9px 0;"><input class="login2" type="password" name="pass" placeholder="Password"</p>
<p><input class="login" name="login" type="submit" value="Login" /></p>
</form>';
}
}
else
{
if($page == "stats")
{
echo "<br />
<ul>
<li><a href='?page=bans'>Bans</a></li>
<li><a href='?page=players'>Players</a></li>
<li><a href='?page=top'>Top Stats</a></li>
</ul>";
}
else
{
echo "<br />
<h5>Welcome, $kasutaja!</h5>
<ul>
<li><a href='?page=ucp'>My Account</a></li>
<li><a href='?page=skin'>Change Skin</a></li>
<li><a href='?page=pass'>Change Password</a></li>
<li><a href='?page=money'>Transfer Money</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>";
}
$_SESSION["kasutaja"] = $kasutaja;
}
}
else if(isset($_SESSION["kasutaja"]))
{
$kasutaja = $_SESSION["kasutaja"];
if($page == "stats")
{
echo "<br />
<h5>Welcome, $kasutaja!</h5>
<ul>
<li><a href='?page=ucp'>My Account</a></li>
<li><a href='?page=bans'>Bans</a></li>
<li><a href='?page=players'>Players</a></li>
<li><a href='?page=top'>Top Stats</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>";
}
else
{
echo "<br />
<h5>Welcome, $kasutaja!</h5>
<ul>
<li><a href='?page=ucp'>My Account</a></li>
<li><a href='?page=skin'>Change Skin</a></li>
<li><a href='?page=pass'>Change Password</a></li>
<li><a href='?page=money'>Transfer Money</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>";
}
}
?>
</div>
</div>
<div id="content">
<?php
if($page == "home")
{
echo "<h1>Antroprox Gaming • Home</h1>
<p>Welcome to Antroprox Roleplay Homepage!
<hr width='100%' color='#35BDF5' size='6' /><br />
This is our homepage and roleplay's server user control panel.<br /> Here you can see your in-game statistics like: Money, Skin, Faction, Bans and a lot more!
<br />You can also change your password, change your skin, transfer money to other players and more!
<br />Besides that, you can also see latest news, updates and announcements!</p>";
}
else if($page == "pass")
{
echo '<form name="input" action="?page=changed" method="post">
Current Password: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="currentpassword" /> <br />
New Password: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="newpass" />
New Password Confirm: <br /><input style="width: 267px; padding: 0px 0 10px 0; type="password" name="newpassconfirm" /> <br />
<input class="myButton" style="width: 267px;" type="submit" value="Submit" />
</form>';
}
else if($page == "changed")
{
if(!isset($_SESSION["kasutaja"]) && !isset($_POST["kasutaja"]))
{
echo "<p>You are not logged in!</p>";
}
else
{
$newpass = mysql_escape_string($_POST['newpass']);
$newpassconfirm = mysql_escape_string($_POST['newpassconfirm']);
$password = mysql_escape_string($_POST['currentpassword']);
$username = mysql_escape_string($_SESSION["username"]);
if($newpass != $newpassconfirm)
{
echo "Password's aren't identical, please retype them.";
echo "<meta http-equiv='Refresh' content='5;url=?page=pass' />";
}
else
{
$kasutaja = $_SESSION["kasutaja"];
$querytxt = "SELECT Password FROM accounts WHERE Name = '$kasutaja' AND Password = '$password'";
$result = mysql_query($querytxt);
if(!mysql_num_rows($result))
{
echo "Current password is incorrect.";
echo "<meta http-equiv='Refresh' content='5;url=?page=pass' />";
}
else
{
echo "Password changed.";
echo "<meta http-equiv='Refresh' content='5;url=?page=home' />";
mysql_query("UPDATE accounts SET Password = '$newpass' WHERE Name = '$kasutaja'");
}
}
}
}
<?php
session_start();
include("connect.php");
if(isset($_POST["nimi"]))
{
$kasutaja = $_POST["nimi"];
$pass = $_POST["parool"];
$querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja'";
$result = mysql_query($querytxt);
$nouser = mysql_num_rows($result);
$row = mysql_fetch_row($result);
if($nouser == 0)
{
echo '<div class="oskar"><font color="red">User doesent Exist!</font><form name="input">
Username: <input type="text" name="kasutaja" />
Password: <input type="password" name="parool" />
<br />
<input type="button" value="Submit" onClick="get();" />
</form></div>';
}
else if($pass != $row[1])
{
echo '<div class="oskar"><font color="red">Wrong Password!</font><br /><form name="input">
Username: <input type="text" name="kasutaja" />
Password: <input type="password" name="parool" />
<br />
<input type="button" value="Submit" onClick="get();" />
</form></div>';
}
else
{
echo "<ul class='sb_menu'>
<li><h3>Welcome, $kasutaja!</h3></li>
<li><a href='?page=ucp'>My Account</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>";
$_SESSION["kasutaja"] = $kasutaja;
}
}
?>
$password = hash('whirlpool',$_POST['currentpassword']);
$pass = $_POST["parool"];
$pass = hash('whirlpool', $_POST["parool"]);
$newpass = mysql_escape_string($_POST['newpass']);
$newpassconfirm = mysql_escape_string($_POST['newpassconfirm']);
$password = mysql_escape_string($_POST['currentpassword']);
$pass = hash('whirlpool', $_POST["parool"]);
$querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja' AND password = '$pass'";
$result = mysql_query($querytxt);
$nouser = mysql_num_rows($result);
if($nouser == 0)
{
echo '<div class="oskar"><font color="red">User or password doesnt exist!</font><form name="input">
Username: <input type="text" name="kasutaja" />
Password: <input type="password" name="parool" />
<br />
<input type="button" value="Submit" onClick="get();" />
</form></div>';
}
else
{
echo "<ul class='sb_menu'>
<li><h3>Welcome, $kasutaja!</h3></li>
<li><a href='?page=ucp'>My Account</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>";
$_SESSION["kasutaja"] = $kasutaja;
}
Are you sure the input data is exactly what you think and exactly the same as what is passed to the PAWN version? It is almost never a good idea to use $_POST data directly - you never know what the users are actually sending.
|
........
mysql_real_escape_string(pName, pName);
format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' LIMIT 1", pName);
mysql_query(Query);
mysql_store_result();
mysql_free_result();
WP_Hash(Query, 129, inputtext);
new IP[16];
GetPlayerIp(playerid, IP, 16);
format(Query, sizeof Query, "INSERT INTO `accounts` (Name, Password, IP, Admin, Money, Score, Kills, Deaths, Faction, Rank, HouseKey, Level, Exp, Bank, PlayingHours, Age, Skin, Sex, Job, Drugs, Packages, PhoneNumber, PhoneBook, CarKey, VIP, CarLic, FlyLic, WepLic) VALUES ('%s', '%s', '%s', %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, '5000', %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i, %i)",
pName,
Query,
IP,
GetPVarInt(playerid, "Admin"),
.....
.........
new Query[420], pName[MAX_PLAYER_NAME];
GetPlayerName(playerid, pName, MAX_PLAYER_NAME);
mysql_real_escape_string(pName, pName);
format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' LIMIT 1", pName);
mysql_query(Query);
mysql_store_result();
mysql_free_result();
WP_Hash(Query, 129, inputtext);
format(Query, sizeof Query, "SELECT * FROM `accounts` WHERE `Name` = '%s' AND `Password` = '%s' LIMIT 1", pName, Query);
mysql_query(Query);
mysql_store_result();
if(!mysql_num_rows())
{
SetPVarInt(playerid, "LoginWarns", GetPVarInt(playerid, "LoginWarns") + 1);
if(GetPVarInt(playerid, "LoginWarns") == 3)
{
format(Query, sizeof Query, "%s has been kicked for 3 wrong login attempts!", pName);
SendClientMessageToAll(COLOR_ROYALBLUE, Query);
Kick(playerid);
}
else
{
format(Query, sizeof Query, "Wrong password! Attempt %i out of 3.", GetPVarInt(playerid, "LoginWarns"));
SendClientMessage(playerid, COLOR_ORANGE, Query);
ShowPlayerDialog(playerid, DIALOGLOGIN, DIALOG_STYLE_INPUT, "Login", "{FFFFFF}Welcome to {6EF83C}Rockstar Roleplay. {FFFFFF} \nWe see that your registered here already! \nTo login please input your registration password below!", "Login", "Leave");
}
return 1;
}
mysql_fetch_row(Query);
new values[25];
sscanf(Query, "p<|>{s[24]s[129]s[16]}a<i>[25]", values);
SetPVarInt(playerid, "Admin", values[0]);
PlayerInfo[playerid][pMoney] = values[1];
SetPlayerCash(playerid, values[1]);
SetPlayerScore(playerid, values[8]);
SetPVarInt(playerid, "Kills", values[3]);
SetPVarInt(playerid, "Deaths", values[4]);
SetPVarInt(playerid, "Logged", 1);
PlayerInfo[playerid][pFaction] = values[5];
PlayerInfo[playerid][pRank] = values[6];
PlayerInfo[playerid][pHouseKey] = values[7];
PlayerInfo[playerid][pLevel] = values[8];
PlayerInfo[playerid][pExp] = values[9];
PlayerInfo[playerid][pBank] = values[10];
PlayerInfo[playerid][pPlayingHours] = values[11];
PlayerInfo[playerid][pAge] = values[12];
PlayerInfo[playerid][pSkin] = values[13];
PlayerInfo[playerid][pSex] = values[14];
PlayerInfo[playerid][pJob] = values[15];
PlayerInfo[playerid][pDrugs] = values[16];
PlayerInfo[playerid][pPackages] = values[17];
PlayerInfo[playerid][pPhoneNumber] = values[18];
PlayerInfo[playerid][pPhoneBook] = values[19];
PlayerInfo[playerid][pCarKey] = values[20];
PlayerInfo[playerid][pVIP] = values[21];
PlayerInfo[playerid][pCarLic] = values[22];
PlayerInfo[playerid][pFlyLic] = values[23];
PlayerInfo[playerid][pWepLic] = values[24];
SendClientMessage(playerid, COLOR_LIMEGREEN, "Succesfully logged in!");
LoadAchiv(playerid);
GetPlayerIp(playerid, Query, 16);
format(Query, sizeof Query, "UPDATE `accounts` SET `IP` = '%s' WHERE `Name` = '%s' LIMIT 1", Query, pName);
mysql_query(Query);
......
Why don't you try sha1 or md5(i use md5, but some people says sha1 is better...)?
I can give you a little help if you want. |