mysql_fetch_row_format() | Issue
#1

When the login system initates, the player's "Salt" is pulled from the database and then checked with the input text to see if the password matches, however the following variables print "(Null)" into the logs rather than the correct input:

PVar[playerid][psalt]
salt
string

This used to work before switching to linux plugins from windows.

pawn Код:
new Query[256];
                new saltquery[156], salt[38], string[128];
                string = "";
                salt = "";
                format(saltquery, sizeof(saltquery), "SELECT `psalt` FROM `playerinfo` WHERE `username` = '%s'", pName(playerid));
                mysql_query(saltquery);
                mysql_store_result();
                mysql_fetch_row_format(PVar[playerid][psalt]);

                format(salt, sizeof(salt), PVar[playerid][psalt]);
                print(saltquery);
                print(PVar[playerid][psalt]);
                print(salt);
                format(string, sizeof(string), "%s%s", salt, inputtext);
               
                format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `username` = '%s' AND `ppassword` = md5('%s')", pName(playerid), string);
                print(Query);
                mysql_query(Query);
                mysql_store_result();

                string = "";
                salt = "";
Reply
#2

Okay, I've figured that the issue is that it is not receive ANY data from the database but it is connecting to it.
Reply
#3

What's the point in doing two queries?

PHP код:
SELECT FROM `playerinfoWHERE `username` = '%s' AND `ppassword` = md5(concat('%s', `psalt`)) 
Other points of notice: strings are always created empty. You don't have to explicitly empty them. Secondly, ALWAYS escape (mysql_real_escape_string) user input before using it in a query. A user may use the single quote character (') in his password, which will immediately break your query. Moreover, by not escaping you are vulnerable to sql injection.
Reply
#4

Thanks Vince, fixing these now.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)