MySQL <> login with any password - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: MySQL <> login with any password (/showthread.php?tid=377016)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: MySQL <> login with any password (/showthread.php?tid=377016)
MySQL <> login with any password - s3rserii - 12.09.2012
Hey,
i have a mysql code problem. If i try to connect on my server and type my password for my account, and if i type any password like "1" or "dfnjese" (not my password) it will be work. What is flae in my code?
i use md5 to secure my passwords.
Код:
case DIALOG_LOGIN:
{
if(response)
{
if(strlen(inputtext) == 0)
{
ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{FF0000}Bloodz {FFFFFF}n {00FF00}Cripz {FFFFFF}- {FFFF00}Login", "{FFFFFF}Es freut uns dich wieder auf unserem Server zu sehen!\nBitte gebe dein {00FF00}Passwort {FFFFFF}ein um dich in deinem Account einzuloggen", "Einloggen", "Abbrechen");
return 1;
}
else
{
new SpielerName[MAX_PLAYER_NAME];
GetPlayerName(playerid, SpielerName, MAX_PLAYER_NAME);
if(!strcmp(MD5_Hash(inputtext), mysql_ReturnPasswort(SpielerName), true))
{
SetPVarInt(playerid,"Eingeloggt",1);
LoadPlayer(playerid);
SendClientMessage(playerid, lightgreen, "{FFFF00}[SERVER] {FFFFFF}Du bist nun eingeloggt. Viel spaЯ auf dem Server.");
SendClientMessage(playerid, lightgreen, "{FFFF00}[SERVER] {FFFFFF}Bitte wдhle eine Gang aus.");
return 1;
}
else
{
ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{FF0000}Bloodz {FFFFFF}n {00FF00}Cripz {FFFFFF}- {FFFF00}Login", "{00FF00}Password flasch!\n{FFFFFF}Bitte gebe dein {00FF00}Passwort {FFFFFF}ein um dich in deinem Account einzuloggen", "Einloggen", "Abbrechen");
return 1;
}
}
}
else
{
SendClientMessage(playerid, lightgreen, "{FFFF00}[SERVER] {FFFFFF}Du brauchst leider ein Account um auf dem Server spielen zu kцnnen.");
Kick(playerid);
}
}
Код:
stock mysql_ReturnPasswort(Name[])
{
new query[130], Get[130];
mysql_real_escape_string(Name, Name);
format(query, 128, "SELECT md5(`Password`) FROM `Accounts` WHERE `Name` = '%s'", Name);
mysql_query(query);
mysql_store_result();
mysql_fetch_row(Get);
mysql_free_result();
return Get;
}
Код:
stock CreateAccount(playerid, pass[])
{
new query[256],Name[MAX_PLAYER_NAME];
GetPlayerName(playerid, Name, MAX_PLAYER_NAME);
mysql_real_escape_string(Name,Name);
mysql_real_escape_string(pass,pass);
format(query, sizeof(query), "INSERT INTO `Accounts` (`Name`, `Password`) VALUES ('%s', md5('%s'))", Name, pass);
mysql_query(query);
return true;
}
AW: MySQL <> login with any password - s3rserii - 12.09.2012
any idea?
Re: MySQL <> login with any password - [MG]Dimi - 12.09.2012
what is md5? I'm using MySQl for a long time and never seen something like that.
AW: Re: MySQL <> login with any password - s3rserii - 12.09.2012
Quote:
|
Originally Posted by [MG]Dimi
 what is md5? I'm using MySQl for a long time and never seen something like that.
|
md5 is one of the most used encoding system for passwords
Re: MySQL <> login with any password - [HiC]TheKiller - 13.09.2012
pawn Код:
format(query, 128, "SELECT md5(`Password`) FROM `Accounts` WHERE `Name` = '%s'", Name);
pawn Код:
format(query, 128, "SELECT Password FROM `Accounts` WHERE `Name` = '%s'", Name);
pawn Код:
stock mysql_ReturnPasswort(Name[], password[]) //Put inputtext as password
{
new query[130];
mysql_real_escape_string(Name, Name);
format(query, 128, "SELECT Password FROM `Accounts` WHERE `Name` = '%s' AND Password = MD5('%s')", Name, password);
mysql_query(query);
mysql_store_result();
new return = mysql_num_rows();
mysql_free_result();
if(return != 0) return 1;
return 0;
}
AW: MySQL <> login with any password - s3rserii - 13.09.2012
hey,
thx, it now works right without the md5 tag. It was dump to doublemd5 the password xD
Yeah but if i use a salt fo my md5 than its safer right? ^^
If i will use your code:
Код:
stock mysql_ReturnPasswort(Name[], password[]) //Put inputtext as password
{
new query[130];
mysql_real_escape_string(Name, Name);
format(query, 128, "SELECT Password FROM `Accounts` WHERE `Name` = '%s' AND Password = MD5('%s')", Name, password);
mysql_query(query);
mysql_store_result();
new return = mysql_num_rows();
mysql_free_result();
if(return != 0) return 1;
return 0;
}
can u give me a simple way
Re: AW: MySQL <> login with any password - [HiC]TheKiller - 13.09.2012
Quote:
|
Originally Posted by s3rserii
hey,
thx, it now works right without the md5 tag. It was dump to doublemd5 the password xD Yeah but if i use a salt fo my md5 than its safer right? ^^ If i will use your code: Код:
stock mysql_ReturnPasswort(Name[], password[]) //Put inputtext as password
{
new query[130];
mysql_real_escape_string(Name, Name);
format(query, 128, "SELECT Password FROM `Accounts` WHERE `Name` = '%s' AND Password = MD5('%s')", Name, password);
mysql_query(query);
mysql_store_result();
new return = mysql_num_rows();
mysql_free_result();
if(return != 0) return 1;
return 0;
}
can u give me a simple way |
pawn Код:
if(!mysql_ReturnPasswort(SpielerName, inputtext)) //If the person typed the wrong password
AW: MySQL <> login with any password - s3rserii - 13.09.2012
ok, i will look to secure with whirlpool,
code error
Код:
error 001: expected token: "-identifier-", but found "return"
Re: MySQL <> login with any password - [HiC]TheKiller - 13.09.2012
pawn Код:
stock mysql_ReturnPasswort(Name[], password[]) //Put inputtext as password
{
new query[130];
mysql_real_escape_string(Name, Name);
format(query, 128, "SELECT Password FROM `Accounts` WHERE `Name` = '%s' AND Password = MD5('%s')", Name, password);
mysql_query(query);
mysql_store_result();
new return_v = mysql_num_rows();
mysql_free_result();
if(return_v != 0) return 1;
return 0;
}
AW: MySQL <> login with any password - s3rserii - 13.09.2012
thx now it works fine