[Jaua10]

Hey guys im new in pawn lenguage and im making a roleplay server from 0, and i want to put in screen when a player is trying to register ask the password, next step, ask player what gender is with 3 bottons Female - Male and Transgender, next step, ask player whats the origin with a list with some countries, and of course save it on the scripfiles player folder. I got this:

PHP код:

public OnPlayerConnect(playerid)
{
    
    IdleTime[playerid] = 0;
    
    new string[128];
    if(fexist(UserPath(playerid)))
    {
        INI_ParseFile(UserPath(playerid), "LoadUser_%s", .bExtra = true, .extra = playerid);
        ShowPlayerDialog(playerid,2,DIALOG_STYLE_PASSWORD,""COL_GTASARP"                                        Login Panel",""COL_WHITE"\nHello and Welcome back to "COL_GTASARP"Grand Theft Auto San Andreas Roleplay !\n\n"COL_WHITE"That nick is registered. Please enter your password below to log in:",""COL_SUCCESS"Login",""COL_FAILED"Quit"); //login
          format(string, sizeof(string), ""COL_WHITE"Welcome back to "COL_GTASARP"Grand Theft Auto San Andreas Roleplay, "COL_WHITE"%s !", GetPlayerFirstName(playerid));
        SendClientMessage(playerid, -1, string);
        SendClientMessage(playerid, COLOR_FAILED, "NOTE: You MUST log in before spawning !");
    }
    else
    {
        ShowPlayerDialog(playerid,1,DIALOG_STYLE_PASSWORD,""COL_GTASARP"                                              Registration Panel",""COL_WHITE"\n                      Hello and Welcome to "COL_GTASARP"Grand Theft Auto San Andreas Roleplay !\n\n"COL_WHITE"You dont have an account. Please register your account by typing the password below:",""COL_SUCCESS"Register",""COL_FAILED"Quit");
          format(string, sizeof(string), ""COL_WHITE"Welcome to "COL_GTASARP"Grand Theft Auto San Andreas Roleplay, "COL_WHITE"%s !", GetPlayerFirstName(playerid));
        SendClientMessage(playerid, -1, string);
        SendClientMessage(playerid, COLOR_FAILED, "NOTE: You MUST register before spawning !");
    }
    if(!IsValidName(playerid) && !IsPlayerNPC(playerid) && PlayerInfo[playerid][pAdmin] < 2)
    {
         format(string, sizeof(string), ""COL_FAILED"Server Alert: %s has been kicked by Name_Checker, Reason: Invalid format name.", GetName(playerid));
        SendClientMessage(playerid, COLOR_FAILED, "You've been kicked by Name_Checker, Reason: Invalid format name. (Firstname_Lastname)");
        Kick(playerid);
    }
    SetPlayerInterior(playerid,0);
    TogglePlayerSpectating(playerid, 1);
    gPlayerLogged[playerid] = 1;
    return 1;
} 


PHP код:

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    new tmp2[256];
    if(IsPlayerConnected(playerid))
    {
        if(dialogid == 1)
        {
            if (!response) return Kick(playerid);
             if(response)
              {
                   if(!strlen(inputtext)) return ShowPlayerDialog(playerid,1,DIALOG_STYLE_PASSWORD,"You MUST register before spawning!","Welcome to Grand Theft Auto San Andreas Roleplay\n\nPlease register your account by typing the password below.","Register","Quit");
                new INI:File = INI_Open(UserPath(playerid));
                INI_SetTag(File,"data");
                 INI_WriteInt(File,"Password",udb_hash(inputtext));
                 INI_WriteInt(File,"Cash",0);
                 INI_WriteInt(File,"Skin",0);
                 INI_WriteInt(File,"Level",0);
                 INI_WriteInt(File,"Int",0);
                 INI_WriteInt(File,"VW",0);
                 INI_WriteInt(File,"Admin",0);
                 INI_WriteInt(File,"SecKey",0);
                 INI_WriteInt(File,"Kills",0);
                 INI_WriteInt(File,"Deaths",0);
                   INI_WriteFloat(File,"FacingAngle",0);
                INI_WriteFloat(File,"Health",0);
                INI_WriteFloat(File,"Armour",0);
                INI_WriteFloat(File,"LastX",0);
                INI_WriteFloat(File,"LastY",0);
                INI_WriteFloat(File,"LastZ",0);
                INI_WriteInt(File,"Faction",0);
                INI_WriteInt(File,"Facrank",0);
                INI_WriteInt(File,"Facleader",0);
                 INI_Close(File);
                SetSpawnInfo(playerid, 0, 299, 982.1890, -1624.2583, 14.9526, 90, 0, 0, 0, 0, 0, 0);
                   SpawnPlayer(playerid);
                ResetPlayerWeapons(playerid);
                SetPlayerInterior(playerid,0);
                SetPlayerVirtualWorld(playerid, 0);
                SetPlayerScore(playerid, 1);
                GivePlayerMoney(playerid, 1000);
                SetCameraBehindPlayer(playerid);
                PlayerInfo[playerid][pSkin] = 299;
                PlayerInfo[playerid][pInt] = 0;
                PlayerInfo[playerid][pVW] = 0;
                PlayerInfo[playerid][pLevel] = 1;
                SendClientMessage(playerid, COLOR_YELLOW, "Account registered, you have been logged in automatically.");
                   format(tmp2, sizeof(tmp2), "~w~Welcome ~n~~b~~h~   %s", GetName(playerid));
                GameTextForPlayer(playerid, tmp2, 5000, 1);
                TogglePlayerSpectating(playerid, 0);
            }
           }
        if(dialogid == 2)
           {
            if ( !response ) return Kick ( playerid );
               if( response )
            {
                if(udb_hash(inputtext) == PlayerInfo[playerid][pPass])
                 {
                      INI_ParseFile(UserPath(playerid), "LoadUser_%s", .bExtra = true, .extra = playerid);
                      SetSpawnInfo(playerid, 0, PlayerInfo[playerid][pSkin], PlayerInfo[playerid][pLastX], PlayerInfo[playerid][pLastY], PlayerInfo[playerid][pLastZ], PlayerInfo[playerid][pFacingAngle], 0, 0, 0, 0, 0, 0);
                    SpawnPlayer(playerid);
                      GivePlayerMoney(playerid, PlayerInfo[playerid][pCash]);
                      SetPlayerSkin(playerid, PlayerInfo[playerid][pSkin]);
                      SetPlayerScore(playerid, PlayerInfo[playerid][pLevel]);
                    SetPlayerHealth(playerid, PlayerInfo[playerid][pHealth]);
                    SetPlayerArmour(playerid, PlayerInfo[playerid][pArmour]);
                    SetPlayerInterior(playerid, PlayerInfo[playerid][pInt]);
                    SetPlayerVirtualWorld(playerid, PlayerInfo[playerid][pVW]);
                       format(tmp2, sizeof(tmp2), "~w~Welcome ~n~~b~~h~   %s", GetName(playerid));
                    GameTextForPlayer(playerid, tmp2, 5000, 1);
                    TogglePlayerSpectating(playerid, 0);
                    if(PlayerInfo[playerid][pAdmin] >= 1)
                    {
                        format(tmp2, sizeof(tmp2), "SERVER: You are logged in as a Level %d Admin.",PlayerInfo[playerid][pAdmin]);
                        SendClientMessage(playerid, COLOR_SUCCESS,tmp2);
                        ShowPlayerDialog(playerid, 3,DIALOG_STYLE_INPUT,"                                        "COL_GTASARP"Admin Login Panel",""COL_WHITE"\nProvide your assigned security code for your admin account to be authorized.\n\n               Please enter your security code by typing the password below:",""COL_SUCCESS"Login",""COL_FAILED"Quit"); //admin authorization
                    }
                 }
                   else
                   {
                       ShowPlayerDialog(playerid,2,DIALOG_STYLE_PASSWORD,"Login","Welcome back to Grand Theft Auto Roleplay\n\nThat name is registered. Please enter your password below.","Login","Quit");
                   }
                   return 1;
            }
        }
        if(dialogid == 3)
        {
            if(gAdminAuthorized[playerid] == 1)
            {
                SendClientMessage(playerid, COLOR_SUCCESS, "SERVER: Your admin account has already been authorized.");
                return 1;
            }
            if(response)
            {
                if(!strlen(inputtext))
                {
                       ShowPlayerDialog(playerid,3,DIALOG_STYLE_INPUT,"Admin Login","Please provide your security code for your admin account to be authorized.\n\nPlease enter your security code below.","Login","Quit"); //admin authorization
                    SendClientMessage(playerid, COLOR_WHITE, "SERVER: You must enter your security code.");
                    return 1;
                }
                if(strlen(inputtext) >= 50)
                {
                    ShowPlayerDialog(playerid,3,DIALOG_STYLE_INPUT,"Admin Login","Please provide your security code for your admin account to be authorized.\n\nPlease enter your security code below.","Login","Quit"); //admin authorization
                    SendClientMessage(playerid, COLOR_FAILED, "SERVER: Security code is too long.");
                    return 0;
                }
                if(fexist(UserPath(playerid)))
                {
                    new tmp;
                    new seckey = strval(inputtext);
                    tmp = PlayerInfo[playerid][pSecKey];
                    if(tmp == 0)
                    {
                        SendClientMessage(playerid, COLOR_FAILED, "SERVER: You do not have a valid Security Key.");
                        Kick(playerid);
                        return 1;
                    }
                    if(seckey != tmp)
                      {
                        SendClientMessage(playerid, COLOR_FAILED, "SERVER: Security Key does not match. You have been kicked as a result.");
                        Kick(playerid);
                        return 1;
                    }
                    else
                    {
                        gAdminAuthorized[playerid] = 1;
                        SendClientMessage(playerid, COLOR_SUCCESS, "SERVER: Your admin account has successfully been authorized.");
                         format(tmp2, sizeof(tmp2), "~w~Welcome ~n~~b~~h~   %s", GetName(playerid));
                        GameTextForPlayer(playerid, tmp2, 5000, 1);
                        TogglePlayerSpectating(playerid, 0);
                        return 1;
                    }
    }
            }
            else
            {
                Kick(playerid);
            }
        }
    }
    return 1;
} 


I dont know if i made unnecessary things, since I also have an error, that when I log in with a new account to register, and I press the "escape" key while textdraw asks me what password I'm going to put on it, it ejects me from the server but the account is registered without a password.how can i solve it. sorry for my bad english. thanks in advance

[Jaua10]

What am I supposed to do? Steal one?..........

[Jaua10]

i'll try to do it by myself but thanks anyways buddy

[KinderClans]

Quote:

Originally Posted by ****** No, download one.

Download one? In that way he will feel more insecure with learning the basics! People should learn by creating things from scratch, not by downloading a pre-made script.

Saying "Don't write your own registration system." doesn't help him. He asked for help, not something else.

@OP: I do not understand a single word of what you're asking. Please be more specific.

[GRiMMREAPER]

Quote:

Originally Posted by KinderClans Download one? In that way he will feel more insecure with learning the basics! People should learn by creating things from scratch, not by downloading a pre-made script. Saying "Don't write your own registration system." doesn't help him. He asked for help, not something else.

You shouldn't try to re-invent the wheel. What Y said makes perfect sense: you can look at the guy's code and pinpoint security flaws (right off the bat: using udb_hash instead of the recommended, used-worlwide bcrypt).

When it comes to security, you should take a look at what more experienced people have done and learn from them. People re-use passwords and there's a good chance that beginners who try to create their own authentication systems compromise user data.

[KinderClans]

Yes, that's because the guy's code is poor i said to learn by making things from scratch!

I don't want to re-invent anything. What Y said doesn't make ANY sense. Stop defending the indefinable.

People should learn from their mistakes.

[Rufio]

Quote:

Originally Posted by KinderClans Yes, that's because the guy's code is poor i said to learn by making things from scratch! I don't want to re-invent anything. What Y said doesn't make ANY sense. Stop defending the indefinable. People should learn from their mistakes.

Yes and no. People should learn from their mistakes but registration system is the only system you HAVE TO get right. Or you'll experience;
a) security flaws that can and will let people login as admins
b) cause password leaks
c) sql injection
d) security flaws causing people's accounts to be hijacked

And your reputation will be ruined, furthermore, your users will be under great danger. What's even worse is YOU will be the cause of it. Unless you are confident in what you're doing, never EVER do your own registration system. Trust me, I tried. Doesn't end well. You will of course learn from your mistakes but you CAN NOT afford a mistake in your registration.

[GTLS]

He can learn how the encryption and everything works even from a downloaded code.

[Jaua10]

Alright thanks alot for all for your suggestion i really appreciate it, any of you can suggest me a registration and login system with the thing am i looking?

[KinderClans]

Yes. It is a serious problem, but people should learn from their mistakes. I learned by scripting from scratch (and i yet have a lot to learn), not by just downloading a piece of code.

If you build a car and the engine stops working, you know how to fix it.

If you buy a car from a dealer and engine stops working, you don't know how to fix because the car hasn't been made by you.

So, in short words. If you want to learn, learn by scripting from 0.