SQLlite - Jaspers Pin Code Script - Additional security. -
jasperschellekens - 17.02.2018
Jaspers Pin Code Script V1.0
This script requires all users to create a pincode.
If there is no pincode registered to the player, the player will automatic have to create a pincode after login.
This script is compatible with most registration systems because the pincode login/creation will be called once when the player spawns. This could be considered an additional login system.
If the player presses ESC or clicks on the X, the player will be kicked if they didn't pass it
Why would this be useful?
This script uses textdraws and is therefore useful if the user may have been infected with a key logger.
The user does not have to insert anything but will pass trough the pad by clicking on numbers.
License
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. You may edit, but not re-upload without my permission. Exceptions can be made by contacting me simply by PM on this forum.
Commands
In this script, only 1 command is used.
To use this command, you have to be logged in to the rcon. eg /rcon login
USAGE: /deletepincode [PlayerName]
With this command you are able to delete a players pincode.
Requirements
- zcmd -
https://sampforum.blast.hk/showthread.php?tid=91354
- sscanf -
https://sampforum.blast.hk/showthread.php?tid=570927
Installation- Download the database and script in this topic.
- Open the script and change the following settings to your liking.
Code:
#define SERVER_NAME "Server Name" // Enter the name of your server here.
#define DIALOG_NONE 7279 // Make sure this number does not interfere with other dialogs in your scripts/gamemode.
#define MAX_LOGIN_ATTEMPTS 5 // How many tries for logging in does the player have before the server kicks the player?
// WARNING: Only set MAX_LOGIN_ATTEMPTS higher then 5 if you have knowledge of editing the following function: CheckAttempt(playerid)
- Compile the script and place the JaspersPinCodeScript.amx file in your /filterscripts/ folder.
- Put the database pspincodes.db in your /scriptfiles/ folder.
- Add JaspersPinCodeScript to filterscripts in server.cfg
Download
Script:
https://pastebin.com/pRyqG86N
Database:
https://ufile.io/8ha9w - mirror 1
Database:
https://files.fm/u/g4anhd7r - mirror 2
Bugs
None known at the moment. Please post in this topic if you find any or have suggestions.
Support
I provide full support on this script so if you need any, feel free to post in this topic.
Re: SQLlite - Jaspers Pin Code Script - Additional security. -
jasperschellekens - 17.02.2018
Quote:
Originally Posted by Mohamed39
Good Job Thank you for release
|
Thank you too! I hope you can use it.
Re: SQLlite - Jaspers Pin Code Script - Additional security. -
Logic_ - 17.02.2018
I similarly use a pin code which is randomly generated for administrators
+3 Rep for you.
EDIT: This release could have been better. Since I'm in a slightly good mood today, I'll point out your mistakes in the most appropriate way!
- Use dialog id 0 as the DIALOG_NONE because that's how it should be used.
- Read about SQL Injections here: https://www.acunetix.com/websitesecurity/sql-injection/ and use '%q' instead of '%s' to escape the text; 0.3.7 Added this specifier to remove the use of slower DB_Escape!
- Instead of doing this...
PHP Code:
new Text:Textdraw0;
new Text:Textdraw1;
new Text:Textdraw2;
new Text:Textdraw3;
new Text:Textdraw4;
do this...
PHP Code:
new Text: Textdraw[33];
Use array based variables to make your code shorter and easier to write and read.
- Could've also used an enumerator and a single variable for all these variables:
PHP Code:
new PinCode[MAX_PLAYERS];
new PinIn[MAX_PLAYERS];
new InputChars[MAX_PLAYERS];
new inputchar[MAX_PLAYERS];
new InputAttempt[MAX_PLAYERS];
new IsPlayerCreatingCode[MAX_PLAYERS];
new IsPlayerInsertingCode[MAX_PLAYERS];
new Pin1[MAX_PLAYERS];
new Pin2[MAX_PLAYERS];
new Pin3[MAX_PLAYERS];
new Pin4[MAX_PLAYERS];
new LoadPin1[MAX_PLAYERS];
new LoadPin2[MAX_PLAYERS];
new LoadPin3[MAX_PLAYERS];
new LoadPin4[MAX_PLAYERS];
- I think you don't know that per-player textdraws exist!
PHP Code:
new Text:Textdraw32[MAX_PLAYERS];
- Uhh, bad naming convection;
PHP Code:
new DBResult:SPAWN_RESULT;
new szQuery[128];
format(szQuery, sizeof(szQuery), "select * from `PINCODES` where `PlayerName` = '%s'", DB_Escape(GetName(playerid)));
SPAWN_RESULT = db_query(PIN_DATABASE, szQuery);
You could've made it:
PHP Code:
new DBResult: result, szQuery[50 + MAX_PLAYER_NAME + 1];
The szQuery isn't even 100 chars. long! You better should move towards Sublime or Notepad++ and make use of accurate string sizes to reduce maximum cell (memory) waste.
- The textdraw click callback could have been:
PHP Code:
if(clickedid == Textdraw19)
{
inputchar[playerid] = 0;
UpdateCharCount(playerid);
InsertCharacter(playerid);
TextDrawShowForPlayer(playerid, Textdraw32[playerid]);
PlayerPlaySound(playerid,1057,0.0,0.0,0.0);
return 1;
}
if(clickedid == Textdraw20)
{
inputchar[playerid] = 1;
UpdateCharCount(playerid);
InsertCharacter(playerid);
TextDrawShowForPlayer(playerid, Textdraw32[playerid]);
PlayerPlaySound(playerid,1057,0.0,0.0,0.0);
return 1;
}
PHP Code:
for(new textid = 19; textid < 28; textid ++)
{
if(clickedid == Textdraw[textid])
{
inputchar[playerid] = (textid - 18);
UpdateCharCount(playerid);
InsertCharacter(playerid);
TextDrawShowForPlayer(playerid, Textdraw32[playerid]);
PlayerPlaySound(playerid,1057,0.0,0.0,0.0);
break;
}
}
( Ignore the indentation. )
- Maybe allow server owner to choose how long they want the PIN to be? 4, 6 or 8?
- Your script could have been smaller, this is 1k+ line coding without any optimization.
Re: SQLlite - Jaspers Pin Code Script - Additional security. -
DonaldDuck - 18.02.2018
Keep it up mate
Repped
Re: SQLlite - Jaspers Pin Code Script - Additional security. -
solstice_ - 18.02.2018
Interesting, good job!
Re: SQLlite - Jaspers Pin Code Script - Additional security. -
jasperschellekens - 19.02.2018
Quote:
Originally Posted by Logic_
I similarly use a pin code which is randomly generated for administrators +3 Rep for you.
|
Thank you very much for this detailed explanation. I will take these optimization techniques into V1.1
Quote:
Originally Posted by DonaldDuck
Keep it up mate Repped
|
Thank you Donald
Quote:
Originally Posted by willbedie
Interesting, good job!
|
Thanks will