Saving bankpassword in MySQL - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Saving bankpassword in MySQL (/showthread.php?tid=608930)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Saving bankpassword in MySQL (/showthread.php?tid=608930)
Saving bankpassword in MySQL - Deroxi - 06.06.2016
I tried to make a bank system all by myself. For now I only made the Register dialog, but whenever I try to register it won't save the password in the database
Code:
PHP код:
case BankRegisterDialog:
{
if(Player[playerid][BankLogged] == 1)
{
if(strlen(inputtext) < 5)
{
SendClientMessage(playerid, COLOR_RED, "[ERROR] You password must be longer than 5 characters!");
return ShowPlayerDialog(playerid, BankRegisterDialog, DIALOG_STYLE_PASSWORD, "Bank Password", "Enter your desired password below:", "Register", "Cancel");
}
new query[100], name[24], query2[100];
GetPlayerName(playerid, name, 24);
WP_Hash(Player[playerid][BankPassword], 129, inputtext);
format(query, sizeof(query), "UPDATE 'accounts' SET 'Bankpassword' = '%s' WHERE 'Name' = '%s'", Player[playerid][BankPassword], name);
mysql_query(mysql, query);
}
}
Re: Saving bankpassword in MySQL - Konstantinos - 06.06.2016
The size of the query is 100 an and the output Whirlpool itself is 128 characters.
When a player registers, you need to use INSERT INTO as UPDATE is used for existed rows.
You better use threaded queries (even for INSERT/UPDATE/DELETE) and escape strings in the future.
Here's an example of register/login: https://raw.githubusercontent.com/pB...stem-cache.pwn
It also uses race condition check which not many of the tutorials/released gamemodes have.
Re: Saving bankpassword in MySQL - Deroxi - 06.06.2016
PHP код:
format(query, sizeof(query), "INSERT INTO `accounts` (`Name`, `Bankpassword`) VALUES (`%e`, `%e`)", name, Player[playerid][BankPassword]);
Re: Saving bankpassword in MySQL - JasperM - 06.06.2016
Besides the whole question, here is another quick note:
Just using Whirlpool once to hash a password without any kind of salt is not safe, at all. If your database gets breached, it wont take that long before someone has all bank passwords in plain text format. The easiest thing to change is to give every password a custom salt, which is added to the end of the password and then given to the WP_Hash function. This gives a bit of extra security, since rainbow tables become less useful. Second, use a function which is meant to be slow, like, for example, bcrypt. Googling "SAMP Bcrypt" should show up an include to use bcrypt. This is by far much safer than WP_Hash, because you can set it to be slower. This means that if your database is breached, and it already took your server 0.25 seconds to hash a password, an attacker needs a lot more time to get all the passwords.
TL; DR; 1. Hashing just passwords without a salt is unsafe. 2. Whirlpool is a relatively fast hashing mechanism which can't be set to be slower. Me and a lot of others recommend Bcrypt to solve this issue.
Re: Saving bankpassword in MySQL - Konstantinos - 06.06.2016
Quote:
|
Originally Posted by Deroxi
 PHP код:
|
I also agree with JasperM about adding a salt along with the hash so even if two or more users have the same password, they will have different hashed output. You can find more results on ****** but here's two threads from here:
https://sampforum.blast.hk/showthread.php?tid=350664
https://sampforum.blast.hk/showthread.php?tid=581336
Just to get an idea.
Re: Saving bankpassword in MySQL - Deroxi - 06.06.2016
Quote:
|
Originally Posted by Konstantinos
Read your mysql_log.txt file, it should say more information on why the query failed.
I also agree with JasperM about adding a salt along with the hash so even if two or more users have the same password, they will have different hashed output. |
EDIT:
Mysql_log.txt output:
[12:44:59] [WARNING] CMySQLHandle::Create - connection already exists
[12:45:02] [ERROR] cache_get_field_content_int - invalid datatype
Re: Saving bankpassword in MySQL - Konstantinos - 06.06.2016
About the cache function is that you are trying to retrieve data that is not integer. That also happens if the column is NULL.
For now, you'll need to enable log all so we can take a closer look at what is happening when you register.
before mysql_connect, call:
pawn Код:
mysql_log(LOG_ALL);
Re: Saving bankpassword in MySQL - Deroxi - 06.06.2016
PHP код:
[13:06:31] [DEBUG] mysql_connect - host: "localhost", user: "root", database: "samp", password: "****", port: 3306, autoreconnect: true, pool_size: 2
[13:06:31] [DEBUG] CMySQLHandle::Create - creating new connection..
[13:06:31] [WARNING] CMySQLHandle::Create - connection already exists
[13:06:31] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[13:06:31] [DEBUG] CMySQLConnection::Connect - connection was successful
[13:06:31] [DEBUG] CMySQLConnection::Connect - auto-reconnect has been enabled
[13:06:31] [DEBUG] mysql_errno - connection: 1
[13:06:31] [DEBUG] mysql_format - connection: 1, len: 128, format: "SELECT `Password`, `ID` FROM `accounts` WHERE `Name` = '%e' LIMIT 1"
[13:06:31] [DEBUG] mysql_tquery - connection: 1, query: "SELECT `Password`, `ID` FROM `accounts` WHERE `Name` = 'sorenkai", callback: "OnAccountCheck", format: "i"
[13:06:31] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[13:06:31] [DEBUG] CMySQLConnection::Connect - connection was successful
[13:06:31] [DEBUG] CMySQLConnection::Connect - auto-reconnect has been enabled
[13:06:31] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[13:06:31] [DEBUG] CMySQLConnection::Connect - connection was successful
[13:06:31] [DEBUG] CMySQLConnection::Connect - auto-reconnect has been enabled
[13:06:31] [DEBUG] CMySQLQuery::Execute[OnAccountCheck] - starting query execution
[13:06:31] [DEBUG] CMySQLQuery::Execute[OnAccountCheck] - query was successfully executed within 0.227 milliseconds
[13:06:31] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[13:06:31] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[13:06:31] [DEBUG] CMySQLConnection::Connect - connection was successful
[13:06:31] [DEBUG] CMySQLConnection::Connect - auto-reconnect has been enabled
[13:06:31] [DEBUG] Calling callback "OnAccountCheck"..
[13:06:31] [DEBUG] cache_get_data - connection: 1
[13:06:31] [DEBUG] cache_get_field_content - row: 0, field_name: "Password", connection: 1, max_len: 129
[13:06:31] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Password", data: "****"
[13:06:31] [DEBUG] cache_get_field_content_int - row: 0, field_name: "ID", connection: 1
[13:06:31] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "ID", data: "3"
[13:06:31] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called
[13:06:36] [DEBUG] mysql_format - connection: 1, len: 100, format: "SELECT * FROM `accounts` WHERE `Name` = '%e' LIMIT 1"
[13:06:36] [DEBUG] mysql_tquery - connection: 1, query: "SELECT * FROM `accounts` WHERE `Name` = 'sorenkai' LIMIT 1", callback: "OnAccountLoad", format: "i"
[13:06:36] [DEBUG] CMySQLQuery::Execute[OnAccountLoad] - starting query execution
[13:06:36] [DEBUG] CMySQLQuery::Execute[OnAccountLoad] - query was successfully executed within 0.235 milliseconds
[13:06:36] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[13:06:36] [DEBUG] Calling callback "OnAccountLoad"..
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "Score", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Score", data: "104"
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "Admin", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Admin", data: "6"
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "VIP", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "VIP", data: "0"
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "Money", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Money", data: "150229"
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "Bankpassword", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Bankpassword", data: "0"
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "Bankmoney", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Bankmoney", data: ""
[13:06:36] [ERROR] cache_get_field_content_int - invalid datatype
[13:06:36] [DEBUG] cache_get_field_content_int - row: 0, field_name: "Banklogged", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "Banklogged", data: "2"
[13:06:36] [DEBUG] cache_get_field_content_float - row: 0, field_name: "PosX", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "PosX", data: "2316.29"
[13:06:36] [DEBUG] cache_get_field_content_float - row: 0, field_name: "PosY", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "PosY", data: "-11.52"
[13:06:36] [DEBUG] cache_get_field_content_float - row: 0, field_name: "PosZ", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "PosZ", data: "26.742"
[13:06:36] [DEBUG] cache_get_field_content_float - row: 0, field_name: "PosA", connection: 1
[13:06:36] [DEBUG] CMySQLResult::GetRowDataByName - row: '0', field: "PosA", data: "182.048"
[13:06:36] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called
Re: Saving bankpassword in MySQL - Konstantinos - 06.06.2016
That's the loading part and it seems to work (at least that's what it shows, loading correct values).
The problem is with registering an account, isn't it? If so, you will have to connect with a name that does not exist to database so it forces you to register.
Re: Saving bankpassword in MySQL - Deroxi - 06.06.2016
I'm not sure if you got this: I have made a login/register system (tutorial :3). And now I tried to make a Bank account system where you have to register/login with a password to access your bank account.