[RoboN1X]

Always use single quotes ' ' surrounding a string.

Код:

UPDATE db_players SET Pass = '%q' WHERE Username = '%q'

https://www.sqlite.org/lang_keywords.html


Also some tips:
Instead of checking password length for three times, you can do once:

Код:

new passwordlen = strlen(inputtext); // get length once
if(!passwordlen)
{
	return ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_MSGBOX, "Change password [2/2]", "Type in your new password\nERROR: You must enter a password", "Confirm", "Cancel"); // showing player the dialog to enter his correct and current password
}
if(!IsValidPassword(inputtext))
{
	ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_PASSWORD, "Change password [2/2]", "Type in your new password\nERROR: The password is invalid, Valid characters are: A-Z, a-z, 0-9 ", "Confirm", "Cancel");
	return 1; // you are missing return here, otherwise password will still get updated
}
if(passwordlen < 3 || passwordlen > 24)
{
	ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_PASSWORD, "Change password [2/2]", "Type in your new password.\nERROR: The password is invalid, Its length should be 3-24 characters", "Confirm", "Cancel");
	return 1; // you are missing return here, otherwise password will still get updated
}

(You are also missing return since your password still gets updated when it is invalid, unless if you use else)

Also adjust your Query2 size as much as needed! When you know the maximum output size in the format() (as seen in log screenshot)

_____________________________
Note: This section below is probably invalid as if thread started was just testing SHA256_PassHash when his original code was for Whirpool

SHA256_PassHash always return a fixed length which is 65 (256 bytes = 64 pawn cells +1 pawn cell for null terminator), confirm the size to match your User[playerid][Password] variable.

Quote:

Originally Posted by LewisC Код: SHA256_PassHash(inputtext, User[playerid][Salt], User[playerid][Password], 129);

Quote:

Originally Posted by LewisC Код: strcat(string, "CREATE TABLE IF NOT EXISTS db_players (playerid INTEGER PRIMARY KEY AUTOINCREMENT, Username VARCHAR(24) COLLATE NOCASE, Pass VARCHAR(129) NOT NULL, salt VARCHAR(129), AdminLevel INTEGER DEFAULT 0 NOT NULL, PremiumLevel INTEGER DEFAULT 0 NOT NULL");

You are correct using 129 for size of Whirpool, but size for SHA256 is only 65, also, when you store hashed value in a database, you better use CHAR (fixed length) instead of VARCHAR (variable length) in the table structure since the size is always the same! This is not to worry in SQLite though, since both is always TEXT (the size, is ignored). Just writing here in case you are migrating to another SQL system like MySQL.


This looked like a broken format (look at the parameters, could be a mistake),

Quote:

Originally Posted by LewisC Код: format(Query2, sizeof(Query2), "UPDATE db_players SET Pass = %q WHERE Username = %q", User[playerid][Salt], User[playerid][Password], 129, DB_Escape(Player[playerid][GlobalName]));

should be

Код:

format(Query2, sizeof(Query2), "UPDATE db_players SET Pass = '%q' WHERE Username = '%q'", User[playerid][Password], Player[playerid][GlobalName]);

_____________________________

As of 0.3.7 R2+ server, you do not need DB_Escape anymore when using %q in format()

Quote:

Originally Posted by LewisC if i hash a password doesn't matter what method i use whether it be udb, wp or SHA256 SQL this occurs...

Use BCrypt!!!