Register System Logs User In Even With WRONG Password

Register System Logs User In Even With WRONG Password - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Register System Logs User In Even With WRONG Password (/showthread.php?tid=539647)

Register System Logs User In Even With WRONG Password - CommanderDEATH - 29.09.2014

So I have completed my whole Game Mode, so HAPPY!

And I have a register system and everything. Once they have registered it saves the users data in Script-files into an INI file with their user name one it, like it suppose to (that I know of). When the user comes BACK to the server and tries to logon, it come up with the DIALOG_LOGIN to join the server, but if they get the password wrong like for eg. Their password = MyPassword123 and they ACTUALLY type = hi it STILL logs them in?

So this means if anyone can login without even using a registered password saved in my server files, this registry system renders pretty useless to me at the moment (I DON'T WANT THAT). PLEASE HELP, I AM SOOO CLOSE TO FINISHING, THANK YOU. By the way the servers name is SA-MP SA Free Roam/RP if you want to try it out (I need some player and moderator/helpers)
Here is the OnPlayerConnect part of the registry system in my gamemode:

Код:

public OnPlayerConnect(playerid)
{
    if(fexist(UserPath(playerid)))
    {
        INI_ParseFile(UserPath(playerid), "LoadUser_%s", .bExtra = true, .extra = playerid);
        ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT,""COL_WHITE"Login",""COL_WHITE"Type your password below to login please:","Login","Quit");
    }
    else
    {
        ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT,""COL_WHITE"Registering an new account...",""COL_WHITE"Type your password below to register a new account.","Register","Quit");
    }
    return 1;
}

Here is the OnDialogResponse part of the registry system in my gamemode:

Код:

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    if(dialogid == DIALOG_REGISTER) //If dialog id is a register dialog
    {//then
        if(!response) return Kick(playerid); //If they clicked the second button "Quit", we will kick them.
        if(response) //if they clicked the first button "Register"
        {//then
            if(!strlen(inputtext)) //If they didn't enter any password
            {// then we will tell to them to enter the password to register
                ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_INPUT,"Register","Welcome! This account is not registered.\nEnter your own password to create a new account.\nPlease enter the password!","Register","Quit");
                return 1;
            }
            //If they have entered a correct password for his/her account...
            new hashpass[129]; //Now we will create a new variable to hash his/her password
            WP_Hash(hashpass,sizeof(hashpass),inputtext);//We will use whirlpool to hash their inputted text
            new INI:file = INI_Open(UserPath(playerid)); // we will open a new file for them to save their account inside of Scriptfiles/Users folder
            INI_SetTag(file,"Player's Data");//We will set a tag inside of user's account called "Player's Data"
            INI_WriteString(file,"Password",hashpass);//This will write a hashed password into user's account
            INI_WriteInt(file,"AdminLevel",0); //Write an integer inside of user's account called "AdminLevel". We will set his level to 0 after he registered.
            INI_WriteInt(file,"Money",0);//Write an integer inside of user's account called "Money". We will set their money to 0 after he registered
            INI_WriteInt(file,"Kills",0);//As explained above
            INI_WriteInt(file,"Deaths",0);//As explained above
            INI_Close(file);//Now after we've done saving their data, we now need to close the file
            SendClientMessage(playerid,-1,"You have been successfully registered");//Tell to them that they have successfully registered a new account
            return 1;
        }
    }
    if(dialogid == DIALOG_LOGIN) //If dialog id is a login dialog
    {//then
if(!response) return Kick (playerid);
if(response)
{
if(udb_hash(inputtext) == PlayerInfo[playerid][pPass])
            {//then
                INI_ParseFile(UserPath(playerid),"loadaccount_%s",.bExtra = true, .extra = playerid);//We will load his account's data from user's path
				GivePlayerMoney(playerid, PlayerInfo[playerid][pCash]);
            }
            else //If they've entered an incorrect password
            {//then
                ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_INPUT,"Login","Incorrect password! \nInsert your CORRECT password to login to your account.\nINSERT PASSWORD:","Login","Quit");//We will tell to them that they've entered an incorrect password
                return 1;
            }
            {
                ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_INPUT,"Login","Incorrect password. Last chance!! \nInsert your CORRECT password to login to your account.\nINSERT PASSWORD:","Login","Quit");
                return 1;
            }
			{
			    ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_INPUT,"Bye Bye","Wrong password twice, make sure you know your password.\n You WILL be kicked.","Quit","");
			    if(!response) return Kick (playerid);
			}
        }
    }
return 1;
}

p.s No errors come up when I compile.

Thank you in advance!

Re: Register System Logs User In Even With WRONG Password - MasonSFW - 29.09.2014

Remove Whirlpool plugin
and use this code

pawn Код:

if(dialogid == DIALOG_REGISTER) //If dialog id is a register dialog
    {//then
        if(!response) return Kick(playerid); //If they clicked the second button "Quit", we will kick them.
        if(response) //if they clicked the first button "Register"
        {//then
            if(!strlen(inputtext)) //If they didn't enter any password
            {// then we will tell to them to enter the password to register
                ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_INPUT,"Register","Welcome! This account is not registered.\nEnter your own password to create a new account.\nPlease enter the password!","Register","Quit");
                return 1;
            }
            new INI:file = INI_Open(UserPath(playerid)); // we will open a new file for them to save their account inside of Scriptfiles/Users folder
            INI_SetTag(file,"Player's Data");//We will set a tag inside of user's account called "Player's Data"
            INI_WriteString(file,"Password", udb_hash(inputtext));//This will write a hashed password into user's account
            INI_WriteInt(file,"AdminLevel",0); //Write an integer inside of user's account called "AdminLevel". We will set his level to 0 after he registered.
            INI_WriteInt(file,"Money",0);//Write an integer inside of user's account called "Money". We will set their money to 0 after he registered
            INI_WriteInt(file,"Kills",0);//As explained above
            INI_WriteInt(file,"Deaths",0);//As explained above
            INI_Close(file);//Now after we've done saving their data, we now need to close the file
            SendClientMessage(playerid,-1,"You have been successfully registered");//Tell to them that they have successfully registered a new account
            return 1;
        }
    }

Re: Register System Logs User In Even With WRONG Password - dusk - 29.09.2014

@MasonSFW, why would he do that?

To answer the question.

pawn Код:

if(udb_hash(inputtext) == PlayerInfo[playerid][pPass])

This code has two problems. First when a player registers you hash his password with "Whirlpool" so it should be used here aswell.

Second, you musn't compare string this way, strcmp is used for that.

Try something like this

pawn Код:

new LoginTries[MAX_PLAYERS]; // a global variable. 

public OnPlayerConnect(playerid)
{
    LoginTries[playerid] = 0;
}

if(dialogid == DIALOG_LOGIN) //If dialog id is a login dialog
{
        if(!response) return Kick (playerid);
        new hash[129];
        WP_Hash(hash,sizeof(hash),inputtext);
        if(!strcmp(hash,inputtext))
        {
            INI_ParseFile(UserPath(playerid),"loadaccount_%s",.bExtra = true, .extra = playerid);//We will load his account's data from user's path
            GivePlayerMoney(playerid, PlayerInfo[playerid][pCash]);
        }
        else //If they've entered an incorrect password
        {
            LoginTries[playerid]++;
            switch(LoginTries[playerid])
            {
                case 1: ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_INPUT,"Login","Incorrect password! \nInsert your CORRECT password to login to your account.\nINSERT PASSWORD:","Login","Quit");
                case 2: ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_INPUT,"Login","Incorrect password. Last chance!! \nInsert your CORRECT password to login to your account.\nINSERT PASSWORD:","Login","Quit");
                case 3:  ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_INPUT,"Bye Bye","Wrong password twice, make sure you know your password.\n You WILL be kicked.","Quit","");
                case 4: 
                {
                    Kick(playerid);
                    LoginTries[playerid] = 0;
                }
            }
    }

Re: Register System Logs User In Even With WRONG Password - CommanderDEATH - 30.09.2014

Thanks for you helps guys, but when I try bucks code it comes up with 8 new errors! With respect I'll say again all that is wrong is that the server doesn't save the users data but everything else works. Still accepting answers...
Why does it seem like with pawno that 1 error always leads to 16 more! Literally ripping my hair out now, so please DON'T stop helping.