CMD:setpassword(playerid, params[])
{
if(pData[playerid][Admin] >= 7)
{
new query[320], name[24], newpass[34],query1[320];
if(sscanf(params, "s[24]s[34]", name, newpass)) return SendClientMessage(playerid, COLOR_YELLOW, "USAGE: /setpassword <PlayerName> <NewPassword>");
if(!AccountExists(name)) return SendClientMessage(playerid, red, "Account does not exists");
mysql_format(mysql, query, sizeof(query),"SELECT `Password` FROM `players` WHERE `Username` = '%e'");
mysql_tquery(mysql,query);
mysql_tquery(mysql, query, "ChangePlayerPassword", "iss", playerid,name,newpass);
format(query1, sizeof(query1), "You have changed %s's password to %s", name, newpass);
SendClientMessage(playerid, COLOR_GREEN, query1);
new IRC[130];
format(IRC, sizeof(IRC), "1,8* Admin %s (ID: %d) changed %s's password.",GetName(playerid), playerid, name);
IRC_GroupSay(groupID, "&#ZoneX", IRC);
IRC_GroupSay(groupID, IRC_aCHANNEL, IRC);
return 1;
}
else return ShowMessage(playerid, COLOR_YELLOW, 1, 7);
}
forward ChangePlayerPassword(admin, cPlayer[], newpassword[]);
public ChangePlayerPassword(admin, cPlayer[], newpassword[])
{
new query[320];
mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET Password=SHA1('%s') WHERE `Username` = '%e'", newpassword, cPlayer);
mysql_tquery(mysql, query);
return true;
}
Let me just circumvent the entire question by saying that this is bad practice. Admins (and other people for that matter) have no business with a player's password. If a player forgets his password you generate a new random password and you mail it to the e-mail address that you have on file. Then the player can login with that temporary password and set a new password himself by conventional means.
Also never broadcast a password in plain text. There's a reason that you see dots or asterisks when typing a password. It's so people reading over your shoulder can't see your password. If you then loudly announce in the chat "you have changed your password to "MyBrotherIsAnIdiot"" then those people will have a nice conversation. |