[PaRking]

Really ,guys its helped me

[Quinncell]

Quote:

Originally Posted by PaRking Really ,guys its helped me

Like I said. No fucks given on my post. Even if it did help, like a lot of tutorials do, you learn the wrong thing, regardless if it worked or not.

[Yaa]

Quote:

Originally Posted by GhostHacker9 Still not fixed login attempts.

what wrrong on it ?

[GhostHacker9]

Quote:

Originally Posted by Yaa what wrrong on it ?

Well you declared login attempts as static so there will be only one copy of that variable in stack. That means if one player fails in login attempt the variable value is 3 and would not be reset for another player so if next player logins by failing in one attempt would kick him by saying you failed login attempts 3 times. The solution is to change the declaration of logattempts to new instead of static.Also take consider of char arrays too instead of plain one (eg arrayname[size char]).

[Lordzy]

Writing a secure user system isn't easy because if it is, chances of security related risks are probably high unless you're either well experienced or if it was simply a copy-paste of a secured version. By saying it's not easy, I'm not implying that it's hard to code. But one who's developing should have a lot of patience and think for chances where such a system can be exploited or bypassed.

I'm suggesting people not to write their own (insecure) user system nor write any tutorials about them to mislead other beginners unless they're familiar with the security risks a user system can face.

Of course it may benefit beginners to learn to create their own user system, but why risk players' personal data with that? By this post I'm never trying to stop anyone from creating. But I'm trying to push others to know more about creating a secure login system.


I can say a lot of drawbacks from this tutorial if I've read it completely. Though, I'm done reading half of your insecure login-register system. Major things I'd note:

- You lack good explanation. I assume it's because you clearly are unsure of half of the things here.
- No array resetting included.
- No salting.

I'm not trying to completely criticize what you're doing here. I suggest you to know more first before proceeding.

[Yaa]

Quote:

Originally Posted by GhostHacker9 Well you declared login attempts as static so there will be only one copy of that variable in stack. That means if one player fails in login attempt the variable value is 3 and would not be reset for another player so if next player logins by failing in one attempt would kick him by saying you failed login attempts 3 times. The solution is to change the declaration of logattempts to new instead of static.Also take consider of char arrays too instead of plain one (eg arrayname[size char]).

Thank you i got it

Quote:

Originally Posted by Lordzy - You lack good explanation. I assume it's because you clearly are unsure of half of the things here. - No array resetting included. - No salting. I'm not trying to completely criticize what you're doing here. I suggest you to know more first before proceeding.

i know salting, and has using SHA256 isn't simple for newbies as title says this is simple register/save

some guys do not even know how to use mysql functions and you wanna show them SHA256 ?

this tuto is simple tuto just with using Whirlpool and for newbies



Tutorial Updated

[Lordzy]

The point is that newbies shouldn't risk writing a user system. About salting - It can be done with any hashing algorithm. I don't use the hash function provided by SAMP because the way it salts it's password is not revealed yet. So it'd be pointless to use it if you're developing any external source, say UCP for example that requires user's password for authentication.

EDIT : I just checked the wiki and it does include the way of how salt is concatenated to the password. But what I said can still be considered if your point of adding salt isn't at the end.

[Yaa]

Quote:

Originally Posted by Lordzy The point is that newbies shouldn't risk writing a user system. About salting - It can be done with any hashing algorithm. I don't use the hash function provided by SAMP because the way it salts it's password is not revealed yet. So it'd be pointless to use it if you're developing any external source, say UCP for example that requires user's password for authentication.

whirlpool hash can be used in php too

http://php.net/manual/en/function.hash.php

SHA256 it's way more advenced and i don't even suggest to an newbie to use it

[Lordzy]

Quote:

Originally Posted by Yaa whirlpool hash can be used in php too http://php.net/manual/en/function.hash.php . SHA256 it's way more advenced and i don't even suggest to an newbie to use it

FYI - I never said not to use Whirlpool and yes, it's widely supported. You mentioned that you wouldn't suggest newbies to use SHA-256. The point of my posts here were that newbies shouldn't consider writing their own user system if they've no idea what all common risks they'll be leading with.

[RyderX]

Thanks Yaa it helped me a lot!

[BiosMarcel]

Quote:

Originally Posted by Yaa whirlpool hash can be used in php too http://php.net/manual/en/function.hash.php SHA256 it's way more advenced and i don't even suggest to an newbie to use it

Worst suggestion ever ^^^

How is SHA advanced??

[Vince]

I'm getting sick and tired of this "for newbies" fallacy. If someone is a newbie then it is suddenly okay to teach them inferior methods?! And it's not just you, Yaa, so don't take it personally. I've seen others using it as well.

[Yaa]

Quote:

Originally Posted by Vince I'm getting sick and tired of this "for newbies" fallacy. If someone is a newbie then it is suddenly okay to teach them inferior methods?! And it's not just you, Yaa, so don't take it personally. I've seen others using it as well.

well im fully agree but some times i think the newbies who joined samp forum (i was one of them) they don't know the pawn bases etc when they see SHA256 and salts and complied things etc i think they will leave it fast (#true_story)

Quote:

Originally Posted by Logic_ Vince... It's stupid to reply to such people, I don't get the reason why you and people like me, Sreyas and Lordzy make posts on these kinds of topics, it's really stupid to make posts, people like Yaa, ParKing, and other retards have came up here. They don't reply, they don't have reasons, they have lame excuses, lame brain and are so lame irl that they come here to troll. I wanted to make this post in a much more better way but, i don't have words to explain this fuck-ery.

i didn't ignore anyone i was playing all the day in iLearner server