Save the player password - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Save the player password (/showthread.php?tid=613183)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Save the player password (/showthread.php?tid=613183)
Save the player password - yvoms - 25.07.2016
Greetings,
I've created a command called /changepass,
This should save the hashed password to the database however, it's not hashing it,
Its saving the raw password, This is not what i want, is there anyone able to help me to fix this issue?
current code :
Код:
CMD:changepass(playerid, params[])
{
new
hash[129],
oldpass[24],
newpass[24],
c_newpass[24],
playername[24]
;
if(sscanf(params,"s[24]s[24]s[24]", oldpass, newpass, c_newpass))
return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /changepass [currentpass] [newpass] [newpass]");
if (strlen(newpass) > MAX_PLAYER_PASSWORD)
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can maximal be 16 characters.");
if (strlen(newpass) < MIN_PLAYER_PASSWORD)
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be atleast 6 characters.");
WP_Hash(hash, sizeof (hash), oldpass);
if ( !strcmp(hash, pData[playerid][Password], false) ) // The NEW hash does match the old (saved) one
{
if ( !strcmp(newpass, c_newpass, false) ) // match
{
SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
GetPlayerName(playerid, playername, sizeof(playername));
new query[512];
mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[playerid][ID]);
mysql_tquery(mysql, query, "", "");
strmid(pData[playerid][Password], newpass, 0, strlen(newpass), sizeof(newpass));
SavePlayerData(playerid);
}
else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your new passwords do not match.");
}
else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your current password does not match.");
return 1;
}
Re: Save the player password - Threshold - 25.07.2016
That's because you never actually hash the new password. You only hash the old password to see if the passwords match. So you were essentially updating the player's password with their old/current password... effectively making no changes.
PHP код:
CMD:changepass(playerid, params[])
{
new
hash[129],
oldpass[24],
newpass[24],
c_newpass[24]
;
if(sscanf(params,"s[24]s[24]s[24]", oldpass, newpass, c_newpass))
return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /changepass [currentpass] [newpass] [newpass]");
if (strlen(newpass) > MAX_PLAYER_PASSWORD)
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
if (strlen(newpass) < MIN_PLAYER_PASSWORD)
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");
WP_Hash(hash, sizeof (hash), oldpass); // Hashing the OLD password
if ( !strcmp(hash, pData[playerid][Password], false) ) // The NEW hash does match the old (saved) one
{
if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match
{
SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
WP_Hash(hash, sizeof(hash), newpass); // Hashing the NEW password
new query[512];
mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[playerid][ID]);
mysql_tquery(mysql, query, "", "");
strmid(pData[playerid][Password], hash, 0, strlen(hash), sizeof(hash));
SavePlayerData(playerid);
return 1;
}
else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your new passwords do not match.");
}
else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your current password does not match.");
return 1;
}
Another thing I should mention, 'strcmp' returns 0 if either of the strings are empty. So I had to change this line:
PHP код:
if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match
https://sampwiki.blast.hk/wiki/Strcmp
Re: Save the player password - yvoms - 25.07.2016
thanks hehe, thats really nice
Re: Save the player password - yvoms - 25.07.2016
Could i also make a command for admins
/setpass [playername] [newpass] [newpass]
using this form?
Re: Save the player password - Threshold - 25.07.2016
Yes, you'd need to remove a few 'if' statements. Are you asking if I can do it for you?
Re: Save the player password - yvoms - 25.07.2016
Not at all i just wanted to know if the same method is useable
Re: Save the player password - Threshold - 25.07.2016
Of course. The following method would only work if the player is online though:
PHP код:
CMD:changepass(playerid, params[])
{
if(!IsPlayerAdmin(playerid)) // Add your admin variable checks here
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} You ain't no admin, fool!");
new
targetid,
newpass[24],
c_newpass[24]
;
if(sscanf(params,"us[24]s[24]", targetid, newpass, c_newpass))
return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /setpass [user] [newpass] [newpass]");
if(!IsPlayerConnected(targetid) || targetid == INVALID_PLAYER_ID) // Check if the player is valid
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} That player is not online.");
if (strlen(newpass) > MAX_PLAYER_PASSWORD)
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
if (strlen(newpass) < MIN_PLAYER_PASSWORD)
return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");
if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match
{
new query[512];
format(query, sizeof(query), "{ff0000}[Server]:{ffffff} Your password has been changed to: %s", newpass);
SendClientMessage(targetid, COLOR_WHITE, query); // Notifying the player
SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
GameTextForPlayer(playerid, "Password changed!", 5000, 5); // Make sure you alert the player that their password is changed.
WP_Hash(hash, sizeof(hash), newpass); // Hashing the NEW password
mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[targetid][ID]);
mysql_tquery(mysql, query, "", "");
strmid(pData[targetid][Password], hash, 0, strlen(hash), sizeof(hash));
SavePlayerData(targetid);
}
else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} The new passwords do not match.");
return 1;
}
Re: Save the player password - yvoms - 25.07.2016
Quote:
|
Originally Posted by Threshold
 Of course. The following method would only work if the player is online though:
PHP код:
|
Re: Save the player password - Threshold - 26.07.2016
As long as they know their password is gonna be changed you should have no issues. I assume you know how to make that command work for offline usernames?
Re: Save the player password - yvoms - 26.07.2016
I think so yeah, its changing it to string,
removing the check for online players and updating the query to check the playername?