Save the player password
#1

Greetings,

I've created a command called /changepass,

This should save the hashed password to the database however, it's not hashing it,
Its saving the raw password, This is not what i want, is there anyone able to help me to fix this issue?

current code :

Код:
CMD:changepass(playerid, params[])
{
	new 
		hash[129],
		oldpass[24], 
		newpass[24],
		c_newpass[24],
		playername[24]
	;

	if(sscanf(params,"s[24]s[24]s[24]", oldpass, newpass, c_newpass)) 
		return SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /changepass [currentpass] [newpass] [newpass]");

	if (strlen(newpass) > MAX_PLAYER_PASSWORD) 
		return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password can maximal be 16 characters.");
	
	if (strlen(newpass) < MIN_PLAYER_PASSWORD) 
		return SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} password needs to be atleast 6 characters.");
	WP_Hash(hash, sizeof (hash), oldpass);
	if ( !strcmp(hash, pData[playerid][Password], false) ) // The NEW hash does match the old (saved) one
	{
		if ( !strcmp(newpass, c_newpass, false) ) // match
		{
			SendClientMessage(playerid, COLOR_WHITE, "{ff0000}[Server]:{ffffff} Password changed!");
			GetPlayerName(playerid, playername, sizeof(playername));
			new query[512];
       		mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d", hash, pData[playerid][ID]);
        	mysql_tquery(mysql, query, "", "");
			strmid(pData[playerid][Password], newpass, 0, strlen(newpass), sizeof(newpass));
			SavePlayerData(playerid);
		}
		else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your new passwords do not match."); 
	}
	else SendClientMessage(playerid, -1, "{ff0000}[Server]:{ffffff} Your current password does not match.");

	return 1;
}
Reply
#2

That's because you never actually hash the new password. You only hash the old password to see if the passwords match. So you were essentially updating the player's password with their old/current password... effectively making no changes.

PHP код:
CMD:changepass(playeridparams[])
{
    new
        
hash[129],
        
oldpass[24],
        
newpass[24],
        
c_newpass[24]
    ;
    if(
sscanf(params,"s[24]s[24]s[24]"oldpassnewpassc_newpass))
        return 
SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /changepass [currentpass] [newpass] [newpass]");
    if (
strlen(newpass) > MAX_PLAYER_PASSWORD)
        return 
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
    if (
strlen(newpass) < MIN_PLAYER_PASSWORD)
        return 
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");
        
    
WP_Hash(hashsizeof (hash), oldpass); // Hashing the OLD password
    
if ( !strcmp(hashpData[playerid][Password], false) ) // The NEW hash does match the old (saved) one
    
{
        if ( 
strlen(c_newpass) && !strcmp(newpassc_newpassfalse) ) // match
        
{
            
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} Password changed!");
            
WP_Hash(hashsizeof(hash), newpass); // Hashing the NEW password
            
new query[512];
            
mysql_format(mysqlquerysizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d"hashpData[playerid][ID]);
            
mysql_tquery(mysqlquery"""");
            
strmid(pData[playerid][Password], hash0strlen(hash), sizeof(hash));
            
SavePlayerData(playerid);
            return 
1;
        }
        else 
SendClientMessage(playerid, -1"{ff0000}[Server]:{ffffff} Your new passwords do not match.");
    }
    else 
SendClientMessage(playerid, -1"{ff0000}[Server]:{ffffff} Your current password does not match.");
    return 
1;

Also, I couldn't find a use for 'playername' so I removed it and fixed a few typos.

Another thing I should mention, 'strcmp' returns 0 if either of the strings are empty. So I had to change this line:
PHP код:
if ( strlen(c_newpass) && !strcmp(newpassc_newpassfalse) ) // match 
Just in case.
https://sampwiki.blast.hk/wiki/Strcmp
Reply
#3

thanks hehe, thats really nice
Reply
#4

Could i also make a command for admins
/setpass [playername] [newpass] [newpass]
using this form?
Reply
#5

Yes, you'd need to remove a few 'if' statements. Are you asking if I can do it for you?
Reply
#6

Not at all i just wanted to know if the same method is useable
Reply
#7

Of course. The following method would only work if the player is online though:

PHP код:
CMD:changepass(playeridparams[])
{
    if(!
IsPlayerAdmin(playerid)) // Add your admin variable checks here
        
return SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} You ain't no admin, fool!");
        
    new
        
targetid,
        
newpass[24],
        
c_newpass[24]
    ;

    if(
sscanf(params,"us[24]s[24]"targetidnewpassc_newpass))
        return 
SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /setpass [user] [newpass] [newpass]");
    if(!
IsPlayerConnected(targetid) || targetid == INVALID_PLAYER_ID// Check if the player is valid
        
return SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} That player is not online.");
    if (
strlen(newpass) > MAX_PLAYER_PASSWORD)
        return 
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
    if (
strlen(newpass) < MIN_PLAYER_PASSWORD)
        return 
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");

    if ( 
strlen(c_newpass) && !strcmp(newpassc_newpassfalse) ) // match
    
{
        new 
query[512];
        
format(querysizeof(query), "{ff0000}[Server]:{ffffff} Your password has been changed to: %s"newpass);
        
SendClientMessage(targetidCOLOR_WHITEquery); // Notifying the player
        
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} Password changed!");
        
GameTextForPlayer(playerid"Password changed!"50005); // Make sure you alert the player that their password is changed.
        
WP_Hash(hashsizeof(hash), newpass); // Hashing the NEW password
        
mysql_format(mysqlquerysizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d"hashpData[targetid][ID]);
        
mysql_tquery(mysqlquery"""");
        
strmid(pData[targetid][Password], hash0strlen(hash), sizeof(hash));
        
SavePlayerData(targetid);
    }
    else 
SendClientMessage(playerid, -1"{ff0000}[Server]:{ffffff} The new passwords do not match.");
    return 
1;

You can easily change it so it works for offline players too, but that shouldn't really even be allowed tbh, because then you're essentially locking someone out of their account without telling them.
Reply
#8

Quote:
Originally Posted by Threshold
Посмотреть сообщение
Of course. The following method would only work if the player is online though:

PHP код:
CMD:changepass(playeridparams[])
{
    if(!
IsPlayerAdmin(playerid)) // Add your admin variable checks here
        
return SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} You ain't no admin, fool!");
        
    new
        
targetid,
        
newpass[24],
        
c_newpass[24]
    ;
    if(
sscanf(params,"us[24]s[24]"targetidnewpassc_newpass))
        return 
SendClientMessage(playerid,COLOR_WHITE,"{ff0000}[Server]:{ffffff} /setpass [user] [newpass] [newpass]");
    if(!
IsPlayerConnected(targetid) || targetid == INVALID_PLAYER_ID// Check if the player is valid
        
return SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} That player is not online.");
    if (
strlen(newpass) > MAX_PLAYER_PASSWORD)
        return 
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} password can be a maximum of 16 characters.");
    if (
strlen(newpass) < MIN_PLAYER_PASSWORD)
        return 
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} password needs to be at least 6 characters.");
    if ( 
strlen(c_newpass) && !strcmp(newpassc_newpassfalse) ) // match
    
{
        new 
query[512];
        
format(querysizeof(query), "{ff0000}[Server]:{ffffff} Your password has been changed to: %s"newpass);
        
SendClientMessage(targetidCOLOR_WHITEquery); // Notifying the player
        
SendClientMessage(playeridCOLOR_WHITE"{ff0000}[Server]:{ffffff} Password changed!");
        
GameTextForPlayer(playerid"Password changed!"50005); // Make sure you alert the player that their password is changed.
        
WP_Hash(hashsizeof(hash), newpass); // Hashing the NEW password
        
mysql_format(mysqlquerysizeof(query), "UPDATE `players` SET `Password`='%s' WHERE `ID`=%d"hashpData[targetid][ID]);
        
mysql_tquery(mysqlquery"""");
        
strmid(pData[targetid][Password], hash0strlen(hash), sizeof(hash));
        
SavePlayerData(targetid);
    }
    else 
SendClientMessage(playerid, -1"{ff0000}[Server]:{ffffff} The new passwords do not match.");
    return 
1;

You can easily change it so it works for offline players too, but that shouldn't really even be allowed tbh, because then you're essentially locking someone out of their account without telling them.
absolutely right, but the only reason i'm making this is because i know alot people will eventually forget their password, and contact me to reset it, so if there locked out of their account, i'd need to be able to edit it while there offline, since i can't build a UCP yet.
Reply
#9

As long as they know their password is gonna be changed you should have no issues. I assume you know how to make that command work for offline usernames?
Reply
#10

I think so yeah, its changing it to string,
removing the check for online players and updating the query to check the playername?
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)