[Tutorial] How to create a Registration & Login (MySQL)
#1

Hello dear users, today I will explain how to build a Registration & Login simplest way, the database, MySQL database basically it, most programmers think it's difficult, but it is very easy, you will learn to do this in the registration system in the most effective and most have shortened.
Construction
The first thing we should set up variables and defines script.
PHP Code:
enum playerEnum {
    
pName[24],
    
pPassword[18],
    
pLevel,
    
pDeath,
    
pKills,
    
pAdminLevel
}
new
    
pInfo[MAX_PLAYERS][playerEnum] = {-1,...},
    
dbHandle;
#define DIALOG_REGISTER (1)
#define DIALOG_LOGIN    (2)
#define DB_SERVER   "127.0.0.1" // put here your ip of the database.
#define DB_USER     "root" // the username of the database
#define DB_PASS     "" // the pass of the username (root), i do not have a password so i leave this space blank.
#define DB_DB       "samp" 
enum - create the enum.
pName - Actually this variable is intended to "inject" name player this variable.
pPassword - This variable we inject the player sucked password below.
pLevel - Player level, sucked below.
pDeath - Player death, sucked below.
pKills - Player kills, sucked below.
pAdminLevel - Player admin-level, sucked below.

pInfo - This variable is stored in all the details of the enum.
dbHandle - This variable we shall use (compared to the same database connection).

DIALOGֹֹ_REGISTER - define the id of the dialog register.
DIALOG_LOGIN - define the id of the dialog login

DB_SERVER - define the ip of the database (have explain in in the comment[//])
DB_USER - define the username of the database.
DB_PASS - define the pass of the username(root)
DB_DB - define the name of the database.

PHP Code:
public OnGameModeInit()
{
    
dbHandle mysql_connect(DB_SERVER,DB_USER,DB_DB,DB_PASS);
    return 
1;

PHP Code:
dbHandle mysql_connect(DB_SERVER,DB_USER,DB_DB,DB_PASS); 
- Here we compare the variable db Handle, database connection later used.

PHP Code:
public OnPlayerConnect(playerid)
{
    
GetPlayerName(playerid,pInfo[playerid],24);
    static
        
gQuery[128];
    
format(gQuery,128,"SELECT * FROM accounts WHERE username='%s'",pInfo[playerid][pName]);
    
mysql_function_query(dbHandle,gQuery,true,"loadPlayerData","i",playerid);
    return 
1;

PHP Code:
GetPlayerName(playerid,pInfo[playerid],24); 
- Here we inject the name of the player variable pName.
PHP Code:
static
        
gQuery[128]; 
- Here we create the variable for the format.
PHP Code:
format(gQuery,128,"SELECT * FROM accounts WHERE username='%s'",pInfo[playerid][pName]); 
- Here we select all the values ​​that are in the table accounts, where the username is really, really worth to the player.
PHP Code:
mysql_function_query(dbHandle,gQuery,true,"loadPlayerData","i",playerid); 
- Here we call Public loadPlayerData, that the Public actually sucked all the details of the player (below), with the parameter playerid, where you see true, it's really "Enable cache" and I will use here with the cache to draw (version R7).

PHP Code:
forward loadPlayerData(playerid);
public 
loadPlayerData(playerid)
{
    
cache_get_field_content(0,"password",pInfo[playerid][pPassword],dbHandle,18);
    
pInfo[playerid][pLevel] = cache_get_field_content_int(0,"level",dbHandle);
    
pInfo[playerid][pKills] = cache_get_field_content_int(0,"kills",dbHandle);
    
pInfo[playerid][pDeath] = cache_get_field_content_int(0,"death",dbHandle);
    
pInfo[playerid][pAdminLevel] = cache_get_field_content_int(0,"adminlevel",dbHandle);
    new 
rows,fields;
    
cache_get_data(rows,fields,dbHandle);
    if(
rows != 0)
    {
        
ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_PASSWORD,"Login","Please enter your password to login","Login","Logout");
    } else {
        
ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_PASSWORD,"Register","Please enter password to register","Reg","Logout");
    }

PHP Code:
forward loadPlayerData(playerid); 
- create the public.
PHP Code:
cache_get_field_content(0,"password",pInfo[playerid][pPassword],dbHandle,18); 
- Here we derive the password player.
PHP Code:
pInfo[playerid][pLevel] = cache_get_field_content_int(0,"level",dbHandle); 
- Here we derive the number of level of player variable pLevel.
PHP Code:
pInfo[playerid][pKills] = cache_get_field_content_int(0,"kills",dbHandle); 
- Here we derive the number of killings of player variable pKills.
PHP Code:
pInfo[playerid][pDeath] = cache_get_field_content_int(0,"death",dbHandle); 
- Here we derive the number of deaths of player variable pDeath.
PHP Code:
pInfo[playerid][pAdminLevel] = cache_get_field_content_int(0,"adminlevel",dbHandle); 
- Here we derive the number of Admin level of player variable pAdminLevel.
PHP Code:
new rows,fields
- We create a variables.
PHP Code:
cache_get_data(rows,fields,dbHandle); 
- Here we are derive the rows && fields from dbHandle.
PHP Code:
if(rows != 0
- Here we check if the user's player is in a table, then it will show him dialog login, but if its user is found it will show a dialog Register.

PHP Code:
public OnDialogResponse(playerid,dialogid,response,listitem,inputtext[])
{
    if(
dialogid == DIALOG_REGISTER)
    {
        if(!
response) return Kick(playerid);
        if(!
strlen(inputtext)) return ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_PASSWORD,"Register","Please enter password to register!","Reg","Logout");
        static
            
gQurey[128];
        
format(gQuery,128,"INSERT INTO accounts(username,password,kills,death,level,adminlevel) VALUES('%s','%s','0','0','1','0')",pInfo[playerid][pName],inputtext);
        
mysql_function_query(dbHandle,gQuery,false,"","");
        
SendClientMessage(playerid,-1,"you registerd successuflly!");
        
SpawnPlayer(playerid);
        return 
1;
    }
    if(
dialogid == DIALOG_LOGIN)
    {
        if(!
response) return Kick(playerid);
        if(!
strlen(inputtext)) return ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_PASSWORD,"Login","Please enter your password to login!","Login","Logout");
        if(!
strcmp(inputtext,pInfo[playerid][pPassword],true))
        {
            
SendClientMessage(playerid,-1,"You logged successuflly!");
            
SpawnPlayer(playerid);
        } else {
            
ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_PASSWORD,"Login","Invalid password!","Login","Logout");
        }
    }

PHP Code:
if(dialogid == DIALOG_REGISTER
- if the dialogid equal to defined DIALOG_REGISTER(1)
PHP Code:
if(!response) return Kick(playerid); 
- if the player click on the button un-response he been kicked.
PHP Code:
 if(!strlen(inputtext)) return ShowPlayerDialog(playerid,DIALOG_REGISTER,DIALOG_STYLE_PASSWORD,"Register","Please enter password to register!","Reg","Logout"); 
- If the player left the field blank, it will show him again the dialog.
PHP Code:
static
            
gQurey[128]; 
- Here i create a variable.
PHP Code:
format(gQuery,128,"INSERT INTO accounts(username,password,kills,death,level,adminlevel) VALUES('%s','%s','0','0','1','0')",pInfo[playerid][pName],inputtext); 
- Here we create a new row to a table, and choose what values ​​we want to shoot, we injected in the name of the player && password remover player (inputtext).
PHP Code:
mysql_function_query(dbHandle,gQuery,false,"",""); 
- Here we execute the format.
PHP Code:
SendClientMessage(playerid,-1,"you registerd successuflly!");
SpawnPlayer(playerid); 
- Here we are send a mesage and spawn the player.
PHP Code:
if(dialogid == DIALOG_LOGIN
- Here we are check if dialogid equal DIALOG_LOGIN (2)
PHP Code:
if(!response) return Kick(playerid); 
- if the player click on the button un-resonse the player been kicked.
PHP Code:
if(!strlen(inputtext)) return ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_PASSWORD,"Login","Please enter your password to login!","Login","Logout"); 
- If it is left blank it will show him again the dialog.
PHP Code:
if(!strcmp(inputtext,pInfo[playerid][pPassword],true)) 
- If the password is equal to the player tapped his slogan.
PHP Code:
SendClientMessage(playerid,-1,"You logged successuflly!");
SpawnPlayer(playerid); 
- Send a message to the player and spawn the player.
PHP Code:
} else {
            
ShowPlayerDialog(playerid,DIALOG_LOGIN,DIALOG_STYLE_PASSWORD,"Login","Invalid password!","Login","Logout"); 
If the password is correct it will show him again the dialog.

PHP Code:
public OnPlayerDisconnect(playerid,reason)
{
    new 
rows,fields;
    
cache_get_data(rows,fields,dbHandle);
    if(
rows != 0)
    {
        static
            
gQuery[128];
        
format(gQuery,128,"UPDATE accounts SET kills='%d',death='%d',level='%d',adminlevel='%d'",pInfo[playerid][pKills],pInfo[playerid][pDeath],pInfo[playerid][pLevel],pInfo[playerid][pAdminLevel]);
        
mysql_function_query(dbHandle,gQuery,false,"","");
    }

PHP Code:
new rows,fields
- Create a variables.
PHP Code:
cache_get_data(rows,fields,dbHandle); 
derive the data of the table (accounts).
PHP Code:
if(rows != 0
- if the player found.
PHP Code:
static
            
gQuery[128];
        
format(gQuery,128,"UPDATE accounts SET kills='%d',death='%d',level='%d',adminlevel='%d'",pInfo[playerid][pKills],pInfo[playerid][pDeath],pInfo[playerid][pLevel],pInfo[playerid][pAdminLevel]);
        
mysql_function_query(dbHandle,gQuery,false,"",""); 
- Here we are update all the values and save them.

--- Done ---

Hope you understand, any help private message successfully.
Reply
#2

Helpful thank you man
Reply
#3

Good job
Reply
#4

Bad, WTF? you're a ''' BBBBIOCH ''
Reply
#5

Quote:
Originally Posted by iRaiDeN
View Post
(version R7)
Quote:
Originally Posted by Y_Less
View Post
  • Dating
If you know you're not using the most up-to-date way of doing something WHY POST? Either explain the better way, regardless of whether or not you use it, or just don't post in the first place!
https://sampforum.blast.hk/showthread.php?tid=65567


Right.
  • You're using an outdated plugin
  • You're not using any password hashing at all. HUGE FLAW!
  • You're not escaping user input. HUGE FLAW! Vulnerable to SQL injection!
  • I wouldn't advise using the *_content functions. You know in what order the fields will be returned. Use the index, it's faster.
Reply
#6

Quote:
Originally Posted by Vince
View Post
https://sampforum.blast.hk/showthread.php?tid=65567


Right.
  • You're using an outdated plugin
  • You're not using any password hashing at all. HUGE FLAW!
  • You're not escaping user input. HUGE FLAW! Vulnerable to SQL injection!
  • I wouldn't advise using the *_content functions. You know in what order the fields will be returned. Use the index, it's faster.
Okay sorry, but this tutorial is only to beginners programmers.
For injection, that's not true, it works best as possible.
Reply
#7

nice gang full support
Reply
#8

Quote:
Originally Posted by iRaiDeN
View Post
Okay sorry, but this tutorial is only to beginners programmers.
Beginners should be taught the correct ways to do things from the start so that they don't have to change their style later
Reply
#9

Quote:

pInfo[MAX_PLAYERS][playerEnum] = {-1,...},

It should be:
pawn Code:
public OnPlayerConnect(playerid) {
    new zeromem[playerEnum];
    pInfo[playerid]=zeromem;
    return 1;
}
Otherwise your stats will mess-up.
Reply
#10

Hello everybody, please do not ever use this script. It contains bad practices and multiple security flaws. Look elsewhere.
Reply
#11

Quote:
Originally Posted by iRaiDeN
View Post
For injection, that's not true, it works best as possible.
Why don't you accept your faults? Just don't write tutorials or stupid includes related to MySQL if you don't know what you are even trying to do.
Reply
#12

Quote:
Originally Posted by iZN
View Post
Why don't you accept your faults? Just don't write tutorials or stupid includes related to MySQL if you don't know what you are even trying to do.
Look I worked great, I built this DM mode two weeks ago.
http://sa-mp.co.il/showthread.php?t=80460
http://pastebin.com/JLJJEXQu
Reply
#13

They don't told you your work is bad, just bad optimized and hugely unsafe.

• No hashing => A bad head admin would get the user passwords and check them on other servers then using user's account
• *_content functions => Works good but slower than the index's function
• No escaping, vulnerable to SQL Injections => They mean a bad user could try to sql inject your database by inputting a special character. I don't know more about those except that either mysql_escape_string or mysql_format with the %e specifier add a \ before special characters like the single quote '. Read more about this in the MySQL wiki
• Old plugin => Works also, but if more recent versions were released it's for a reason you don't think ?

It's from a good goal but it looks like you don't know enough for trying to teach it to others.
Reply
#14

Very bad work it's not optimized at all and you are using an oldless plugin
Reply
#15

Quote:
Originally Posted by Lacamora
View Post
Very bad work it's not optimized at all and you are using an oldless plugin
Suddenly this newest version.
Reply
#16

Really Helpful!

Thank you men!

I appreciate this!
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)