[GamezCEO]

Hello,

Just for my own account in my own server, I wish to have a secret question protection enabled. That is, when my account whose name let's suppose is "John" logs in, it will first login normally with the login password etc whatever it used to register and then after logging in it will display a dialog asking a question whose answer will be defined in the gm. If that answer fails even once, that person will be banned.

That dialog will have 2 options "Answer" "Quit"

Quit will kick the player.

So what needs to be scripted is the dialog after my account connects which will ask a question (the question will be predefined in the gm too). But it must detect my name! This protection is ONLY FOR MY ACCOUNT, no one else!

Can someone help in the making of this simple code?

[FaLLenGirL]

I think.. if you use this function "if( strfind( PlayerName( playerid ) ... etc )" i'm not sure if this will work, but you can play with it and see what happens.

PHP код:

public OnDialogResponse( playerid, dialogid, response, listitem, inputtext[ ] )
{
    switch( dialogid )
    {
        case YOUR_LOGIN_DIALOG:
        {
            if( !response )
                return KickPlayer( playerid ); //or idk what you want to execut when a player don't want to login
            if( strfind( PlayerName( playerid ), "YourNickname" ) == -1 )
            {
                //Show Normal Login Dialog for All without question
            }
            else // means that is your nickname used
            {
                //Show the Login Dialog with Secret Question
            }
        }
    }
    return 0;
} 


#edit:
- Also if you don't know how to make a security question dialog or something like this you can take a look at LuXurion Admin System and you will figure out how to do it: Link: https://sampforum.blast.hk/showthread.php?tid=120724

[dwp12345]

PHP код:

#define DIALOG_SECURITY 14444
#define SECURITY_PASSWORD "asdjkl"
new wrongtimes[MAX_PLAYERS] = 0; 


Put this code when you successfully login

PHP код:

if(strfind("YourName", GetName(playerid), true) != -1)
    {
        ShowPlayerDialog(playerid,DIALOG_SECURITY,DIALOG_STYLE_PASSWORD,"Security Password","Enter the security password if is that you are real","Enter","Quit");
    } 


PHP код:

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    switch(dialogid)
    {
        case DIALOG_SECURITY:
        {
            if(response)
            {
                if(strcmp(SECURITY_PASSWORD, inputtext, false, 10) == 0)
                {
                    SendClientMessage(playerid,-1,"Success Logged in");
                }
                else
                {
                    wrongtimes[playerid] ++;
                    ShowPlayerDialog(playerid,DIALOG_SECURITY,DIALOG_STYLE_PASSWORD,"Security Password","{FF0000}You have enters wrong security password\n{FFFFFF}Enter the security password if is that you are real","Enter","Quit");
                    if(wrongtimes[playerid] >= 3)
                    {
                        SendClientMessage(playerid,-1,"Message Here");
                        // when they wrong enter security password 3times
                    }
                }
            }
            else
            {
                SendClientMessage(playerid,-1,"Message Here");
                // when they didn't enter security password
            }
        }
    }
    return 1;
} 


PHP код:

stock GetName(playerid)
{
    new szName[MAX_PLAYER_NAME];
    GetPlayerName(playerid, szName, sizeof(szName));
    return szName;
} 


[Logic_]

We will need to see some part of your log-in system to know some information about your variable and their naming and how it works. After-all, we're not magicians that can guess your code (Atleast not yet )

So after the wrong password "tries", you'll need to show the dialog where you ask the player to input the secret question's answer, and compare it. Of course, if you compare your answers with-in the script like this...

Код:

strcmp(inputtext, "dreamy gaming best", false)

and if you have other scripters then they are definitely going to know and it's not gonna stay secret anymore (RIP).
So the best thing you can do is, if you use Whirlpool or SHA256 (Supported natively in SA-MP Pawn), hash your password with one of them. You'll have

Код:

strcmp(inputtext, "e7e6000f8d148915d5fc68c3d53a06fe3e620db3383e460e00ba26e3c07ba58a48067347733c684c5e10c270ccca6fad2b771849e1fa62800b893061e21f48d0", false)

Quote:

Side note: "dreamy gaming best" is now hashed into "e7e6000f8d148915d5fc68c3d53a06fe3e620db3383e460e0 0ba26e3c07ba58a48067347733c684c5e10c270ccca6fad2b7 71849e1fa62800b893061e21f48d0"

instead of the fore-mentioned one, which of course hides the answer which was in plain text. You might think how it's safe, right? It's hashed, so it's not decrypt-able and can't be reversed (unless you use MD5 or some other shitty hashing technique).

Now only when some one updates your script can change your hash now. And if you want some more protection, then you can try to save it in your save file or your database (whatever you use). What more you can do is that you can host a free website and fetch the password from your website, which makes your security answer more secure and only change-able by you (good when you don't trust your fellow scripters or owners)

EDIT: You can use websites like this http://www.timestampgenerator.com/to...ool-generator/ for this technique.

Best Regards,

[Sithis]

Why use a secret question which is hardcoded when you can easily setup two-factor authentication using unique one-time tokens?

[Logic_]

Quote:

Originally Posted by Sithis Why use a secret question which is hardcoded when you can easily setup two-factor authentication using unique one-time tokens?

1) He asked for a question. Not against your opinion but...
2) Needs only for himself, along with...
3) Something that doesn't really require other tools.

I had this in my mind but I didn't suggest it.

[GTLS]

Its simple, as others suggested, use strcmp function to check your name OnPlayerConnect. if it returns -1, then show Secret Password box after he is successfully logged in. else, normally spawn the player.

Also, a suggestion, why do you want to ban who tries to login your account? if he fails to provide secret password, just kick him. otherwise people will get you banned again and again...

[GamezCEO]

Thanks for the help guys

Dwp's script is working smoothly.