[yvoms]

Greetings,

I've created a command called /changepass,

This should save the hashed password to the database however, it's not hashing it,
Its saving the raw password, This is not what i want, is there anyone able to help me to fix this issue?

current code :

Код:

CMD:changepass(playerid, params[])
{
	new 
		hash[129],
		oldpass[24], 
		newpass[24],
		c_newpass[24],
		playername[24]
	;

	if(sscanf(params,"s[24]s[24]s[24]", oldpass, newpass, c_newpass)) 
		return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /changepass [currentpass] [newpass] [newpass]");

	if (strlen(newpass) > MAX_PLAYER_PASSWORD) 
		return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can maximal be 16 characters.");
	
	if (strlen(newpass) < MIN_PLAYER_PASSWORD) 
		return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be atleast 6 characters.");
	WP_Hash(hash, sizeof (hash), oldpass);
	if ( !strcmp(hash, pData[playerid][Password], false) ) // The NEW hash does match the old (saved) one
	{
		if ( !strcmp(newpass, c_newpass, false) ) // match
		{
			SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
			GetPlayerName(playerid, playername, sizeof(playername));
			new query[512];
       		mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[playerid][ID]);
        	mysql_tquery(mysql, query, "", "");
			strmid(pData[playerid][Password], newpass, 0, strlen(newpass), sizeof(newpass));
			SavePlayerData(playerid);
		}
		else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your new passwords do not match."); 
	}
	else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your current password does not match.");

	return 1;
}

[Threshold]

That's because you never actually hash the new password. You only hash the old password to see if the passwords match. So you were essentially updating the player's password with their old/current password... effectively making no changes.

PHP код:

CMD:changepass(playerid, params[])
{
    new
        hash[129],
        oldpass[24],
        newpass[24],
        c_newpass[24]
    ;
    if(sscanf(params,"s[24]s[24]s[24]", oldpass, newpass, c_newpass))
        return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /changepass [currentpass] [newpass] [newpass]");
    if (strlen(newpass) > MAX_PLAYER_PASSWORD)
        return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
    if (strlen(newpass) < MIN_PLAYER_PASSWORD)
        return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");
        
    WP_Hash(hash, sizeof (hash), oldpass); // Hashing the OLD password
    if ( !strcmp(hash, pData[playerid][Password], false) ) // The NEW hash does match the old (saved) one
    {
        if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match
        {
            SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
            WP_Hash(hash, sizeof(hash), newpass); // Hashing the NEW password
            new query[512];
            mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[playerid][ID]);
            mysql_tquery(mysql, query, "", "");
            strmid(pData[playerid][Password], hash, 0, strlen(hash), sizeof(hash));
            SavePlayerData(playerid);
            return 1;
        }
        else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your new passwords do not match.");
    }
    else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your current password does not match.");
    return 1;
} 


Also, I couldn't find a use for 'playername' so I removed it and fixed a few typos.

Another thing I should mention, 'strcmp' returns 0 if either of the strings are empty. So I had to change this line:

PHP код:

if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match 


Just in case.
https://sampwiki.blast.hk/wiki/Strcmp

[yvoms]

thanks hehe, thats really nice

[yvoms]

Could i also make a command for admins
/setpass [playername] [newpass] [newpass]
using this form?

[Threshold]

Yes, you'd need to remove a few 'if' statements. Are you asking if I can do it for you?

[yvoms]

Not at all i just wanted to know if the same method is useable

[Threshold]

Of course. The following method would only work if the player is online though:

PHP код:

CMD:changepass(playerid, params[])
{
    if(!IsPlayerAdmin(playerid)) // Add your admin variable checks here
        return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} You ain't no admin, fool!");
        
    new
        targetid,
        newpass[24],
        c_newpass[24]
    ;

    if(sscanf(params,"us[24]s[24]", targetid, newpass, c_newpass))
        return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /setpass [user] [newpass] [newpass]");
    if(!IsPlayerConnected(targetid) || targetid == INVALID_PLAYER_ID) // Check if the player is valid
        return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} That player is not online.");
    if (strlen(newpass) > MAX_PLAYER_PASSWORD)
        return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
    if (strlen(newpass) < MIN_PLAYER_PASSWORD)
        return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");

    if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match
    {
        new query[512];
        format(query, sizeof(query), "{ff0000}[Server]:{ffffff} Your password has been changed to: %s", newpass);
        SendClientMessage(targetid, COLOR_WHITE, query); // Notifying the player
        SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
        GameTextForPlayer(playerid, "Password changed!", 5000, 5); // Make sure you alert the player that their password is changed.
        WP_Hash(hash, sizeof(hash), newpass); // Hashing the NEW password
        mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[targetid][ID]);
        mysql_tquery(mysql, query, "", "");
        strmid(pData[targetid][Password], hash, 0, strlen(hash), sizeof(hash));
        SavePlayerData(targetid);
    }
    else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} The new passwords do not match.");
    return 1;
} 


You can easily change it so it works for offline players too, but that shouldn't really even be allowed tbh, because then you're essentially locking someone out of their account without telling them.

[yvoms]

Quote:

Originally Posted by Threshold Of course. The following method would only work if the player is online though: PHP код: CMD:changepass(playerid, params[]) {     if(!IsPlayerAdmin(playerid)) // Add your admin variable checks here         return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} You ain't no admin, fool!");              new         targetid,         newpass[24],         c_newpass[24]     ;     if(sscanf(params,"us[24]s[24]", targetid, newpass, c_newpass))         return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /setpass [user] [newpass] [newpass]");     if(!IsPlayerConnected(targetid) || targetid == INVALID_PLAYER_ID) // Check if the player is valid         return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} That player is not online.");     if (strlen(newpass) > MAX_PLAYER_PASSWORD)         return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");     if (strlen(newpass) < MIN_PLAYER_PASSWORD)         return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");     if ( strlen(c_newpass) && !strcmp(newpass, c_newpass, false) ) // match     {         new query[512];         format(query, sizeof(query), "{ff0000}[Server]:{ffffff} Your password has been changed to: %s", newpass);         SendClientMessage(targetid, COLOR_WHITE, query); // Notifying the player         SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");         GameTextForPlayer(playerid, "Password changed!", 5000, 5); // Make sure you alert the player that their password is changed.         WP_Hash(hash, sizeof(hash), newpass); // Hashing the NEW password         mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[targetid][ID]);         mysql_tquery(mysql, query, "", "");         strmid(pData[targetid][Password], hash, 0, strlen(hash), sizeof(hash));         SavePlayerData(targetid);     }     else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} The new passwords do not match.");     return 1; }  You can easily change it so it works for offline players too, but that shouldn't really even be allowed tbh, because then you're essentially locking someone out of their account without telling them.

absolutely right, but the only reason i'm making this is because i know alot people will eventually forget their password, and contact me to reset it, so if there locked out of their account, i'd need to be able to edit it while there offline, since i can't build a UCP yet.

[Threshold]

As long as they know their password is gonna be changed you should have no issues. I assume you know how to make that command work for offline usernames?

[yvoms]

I think so yeah, its changing it to string,
removing the check for online players and updating the query to check the playername?