[sim_sima]

Hello guys.
I'm making a /changepass <oldpass> <newpass> command for my user system.
I am using djson for data saving and sscanf with zcmd for multi parameter commands.
I dont have much experience with sscanf.

I did like this:

pawn Код:

COMMAND:changepass(playerid, params[])
{
    new name[MAX_PLAYER_NAME], file[128], tmp, oldpass, newpass;
    GetPlayerName(playerid, name, sizeof(name));
    format(file, sizeof(file), UserFile, name);
    if(sscanf(params, "ss", oldpass, newpass)) return SendClientMessage(playerid, COLOR_SYSTEMRED, "USAGE: /changepass <oldpass> <newpass>");
    tmp = djInt(file, "Password");
    if(udb_hash(tmp) == oldpass)
    {
        djSetInt(file, "Password", udb_hash(newpass));
        SendClientMessage(playerid, COLOR_GREEN, "( ! ) Password change successful");
    }
    else SendClientMessage(playerid, COLOR_SYSTEMRED, "( ! ) The old password you entered is incorrect");
    return 1;
}

Note: I'm using dudb to hash the password (udb_hash())

Hope you can help me. Thank you.

[langricr]

First of all, specific to your inquiry about sscanf, you should specify the length of each string by encapsulating the maximum size in square brackets. For example, if the maximum length of each string is 24 characters, you would use

Код:

if(sscanf(params, "s[24]s[24]", oldpass, newpass))

instead of

Код:

if(sscanf(params, "ss", oldpass, newpass))

that aside, you are initializing oldpass and newpass as single cells, not cell arrays. If the maximum length of the password would be 24 characters, you should change:

Код:

new name[MAX_PLAYER_NAME], file[128], tmp, oldpass, newpass;

into

Код:

new name[MAX_PLAYER_NAME], file[128], tmp, oldpass[24], newpass[24];

Finally, you are trying to rehash the stored password.

Edit:
In conclusion, changing

Код:

COMMAND:changepass(playerid, params[])
{
    new name[MAX_PLAYER_NAME], file[128], tmp, oldpass, newpass;
    GetPlayerName(playerid, name, sizeof(name));
    format(file, sizeof(file), UserFile, name);
    if(sscanf(params, "ss", oldpass, newpass)) return SendClientMessage(playerid, COLOR_SYSTEMRED, "USAGE: /changepass <oldpass> <newpass>");
    tmp = djInt(file, "Password");
    if(udb_hash(tmp) == oldpass)
    {
        djSetInt(file, "Password", udb_hash(newpass));
        SendClientMessage(playerid, COLOR_GREEN, "( ! ) Password change successful");
    }
    else SendClientMessage(playerid, COLOR_SYSTEMRED, "( ! ) The old password you entered is incorrect");
    return 1;
}

to

Код:

COMMAND:changepass(playerid, params[])
{
    new name[ MAX_PLAYER_NAME ], file[ 128 ], tmp, oldpass[ 24 ], newpass[ 24 ];
    GetPlayerName( playerid, name, MAX_PLAYER_NAME );
    format( file, sizeof(file), UserFile, name );

    if( sscanf(params, "s[24]s[24]", oldpass, newpass ) )
        return SendClientMessage( playerid, COLOR_SYSTEMRED, "USAGE: /changepass <oldpass> <newpass>" );
   
    tmp = djInt( file, "Password" );
    if( tmp == udb_hash( oldpass ) )
    {
        djSetInt( file, "Password", udb_hash( newpass ) );
        SendClientMessage( playerid, COLOR_GREEN, "( ! ) Password change successful" );
    }
    else
        SendClientMessage( playerid, COLOR_SYSTEMRED, "( ! ) The old password you entered is incorrect" );
    
return 1;
}

[sim_sima]

Quote:

Originally Posted by langricr First of all, specific to your inquiry about sscanf, you should specify the length of each string by encapsulating the maximum size in square brackets. For example, if the maximum length of each string is 24 characters, you would use Код: if(sscanf(params, "s[24]s[24]", oldpass, newpass)) instead of Код: if(sscanf(params, "ss", oldpass, newpass)) that aside, you are initializing oldpass and newpass as single cells, not cell arrays. If the maximum length of the password would be 24 characters, you should change: Код: new name[MAX_PLAYER_NAME], file[128], tmp, oldpass, newpass; into Код: new name[MAX_PLAYER_NAME], file[128], tmp, oldpass[24], newpass[24]; Edit: In conclusion, changing Код: COMMAND:changepass(playerid, params[]) { new name[MAX_PLAYER_NAME], file[128], tmp, oldpass, newpass; GetPlayerName(playerid, name, sizeof(name)); format(file, sizeof(file), UserFile, name); if(sscanf(params, "ss", oldpass, newpass)) return SendClientMessage(playerid, COLOR_SYSTEMRED, "USAGE: /changepass <oldpass> <newpass>"); tmp = djInt(file, "Password"); if(udb_hash(tmp) == oldpass) { djSetInt(file, "Password", udb_hash(newpass)); SendClientMessage(playerid, COLOR_GREEN, "( ! ) Password change successful"); } else SendClientMessage(playerid, COLOR_SYSTEMRED, "( ! ) The old password you entered is incorrect"); return 1; } to Код: COMMAND:changepass(playerid, params[]) { new name[ MAX_PLAYER_NAME ], file[ 128 ], tmp, oldpass[ 24 ], newpass[ 24 ]; GetPlayerName( playerid, name, MAX_PLAYER_NAME ); format( file, sizeof(file), UserFile, name ); if( sscanf(params, "s[24]s[24]", oldpass, newpass ) ) return SendClientMessage( playerid, COLOR_SYSTEMRED, "USAGE: /changepass <oldpass> <newpass>" ); tmp = djInt( file, "Password" ); if( udb_hash( tmp ) == udb_hash( oldpass ) ) { djSetInt( file, "Password", udb_hash( newpass ) ); SendClientMessage( playerid, COLOR_GREEN, "( ! ) Password change successful" ); } else SendClientMessage( playerid, COLOR_SYSTEMRED, "( ! ) The old password you entered is incorrect" ); return 1; }

Wow. Thats what i call helping
Thank you very much

[langricr]

Quote:

Originally Posted by sim_sima Wow. Thats what i call helping Thank you very much

I had just edited it, I didn't notice it first but you are comparing a hashed version of the hashed password ( a hashed-hash ) to the old password, change

Код:

if( udb_hash( tmp ) == udb_hash( oldpass ) )

to

Код:

if( tmp == udb_hash( oldpass ) )

[sim_sima]

Quote:

Originally Posted by langricr I had just edited it, I didn't notice it first but you are comparing a hashed version of the hashed password ( a hashed-hash ) to the old password, change Код: if( udb_hash( tmp ) == udb_hash( oldpass ) ) to Код: if( tmp == udb_hash( oldpass ) )

Ok. But the new password must be between 5-15 characters, so I added:

pawn Код:

if(newpass < 5 || newpass > 15) return SendClientMessage(playerid, COLOR_SYSTEMRED, "( ! ) Password must be between 5-15 characters");

but "newpass" has an array, so it gives me an error. Dont know how to fix that

[sim_sima]

Quote:

Originally Posted by ****** Take an example from your original code - how did you write the login system? And don't use udb_encode, it's very insecure, that's what things like whirlpool exist for.

I dont use udb_encode, but udb_hash.

But in the registration part, I did like this:

pawn Код:

if(strlen(inputtext) > 15 || strlen(inputtext) < 5)
            {
                ShowPlayerDialog(playerid, 1, DIALOG_STYLE_INPUT, "{FFFF00}Hopes Hills RPG Account", "{AF0000}Password must be between 5-15 characters\n{FFFFFF}Enter a Password", "Login", "Quit");
            }

But in the command it works in a different way.

[playbox12]

pawn Код:

if(strlen(newpass ) < 5 || strlen(newpass ) > 15) return SendClientMessage(playerid, COLOR_SYSTEMRED, "( ! ) Password must be between 5-15 characters");

Because its a string you cannot compare like you do with an integer, thats why they made the function strlen which litterly is StringLength. Enjoy. (and as Y Less said, whirlpool is far more secure).

[sim_sima]

Ok, thank you everyone. Ill take a look at whirlpool