18.11.2015, 08:57
There is a fatal flaw in your system. Because you use the same salt for everyone*, players with the same password will also have the same hash. Result: you will get into the account of the first player with that password even if it isn't your own. You need to add either name or id to that query so that it will always return only 1 result.
Furthermore, to store a Sha256 hash (in Pawn) you need 65 cells of space: 64 cells for the actual hash and 1 extra cell for the all important null terminator. If the null terminator is omitted or overwritten you will get nasty buffer overflow errors.
Lastly, you're not showing the actual login procedure and password comparison, which is the OnLogin function.
*The salt should be unique for each player and should be stored with the password in the database.
Furthermore, to store a Sha256 hash (in Pawn) you need 65 cells of space: 64 cells for the actual hash and 1 extra cell for the all important null terminator. If the null terminator is omitted or overwritten you will get nasty buffer overflow errors.
Lastly, you're not showing the actual login procedure and password comparison, which is the OnLogin function.
*The salt should be unique for each player and should be stored with the password in the database.