Need help with changepass cmd (mysql,whirlpool)
#1

Hey.

I've been trying to set up a changepass command, but after many attempts I still can't find a way to get it working.
I'm using BlueG's R7 MySQL plugin and Whirlpool hash.

Here's one failed changepass example I've tested;

pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if( isnull( params ) )
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    new query[128];
    mysql_function_query(gHandle, query, true, "ChangePass", "d", playerid);
    return 1;
}

forward ChangePass(playerid);
public ChangePass(playerid)
{
    new query[128];
    format(query, sizeof(query), "UPDATE `users` SET `pass`='%s' WHERE `id`='%d'", gPlayerInfo[playerid][pPass], gPlayerInfo[playerid][pID]);
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
With this code the password doesn't change at all and "You have successfully changed your password." doesn't appear.

Help is appreciated and rep will be given to helpers
Reply
#2

Try this.
pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    new query[128];
    format(query, sizeof (query), "UPDATE `users` SET `pass`='%s' WHERE `id`='%i'", params, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, true, "ChangePass", "d", playerid);
    return 1;
}

forward ChangePass(playerid);
public ChangePass(playerid)
{
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
Reply
#3

unnecessary public

pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    new query[128];
    format(query, sizeof (query), "UPDATE `users` SET `pass`='%s' WHERE `id`='%i'", params, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, true, "ChangePass", "d", playerid);
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
Reply
#4

Quote:
Originally Posted by Cerealguy
Посмотреть сообщение
unnecessary public

pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    new query[128];
    format(query, sizeof (query), "UPDATE `users` SET `pass`='%s' WHERE `id`='%i'", params, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, true, "ChangePass", "d", playerid);
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
Using this will change the password in the database to anything what is typed. So if I type /changepass blabla, the encrypted text in database will change into the written text which is wrong and then I try the new password after relogging it won't work, neither the old pass.

So I tried to change the code a bit so it looks almost same as the registration system, but now the password doesn't change at all.
pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    new query[128];
    new salt[30], hash[129];
    randomString(salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", salt, escape(params));
    WP_Hash(hash, sizeof(hash), hash);
    new pass[129];
    format(query, sizeof(query), "UPDATE `users` SET `pass`='%s' WHERE `id`='%i'", pass, gPlayerInfo[playerid][pID]);
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
I did it like this but seems like I fucked up something once again.


Here's the registration system, it works properly;

pawn Код:
Dialog:Register(playerid, response, listitem, inputtext[])
{
    if(!response) {
        return SendClientMessage(playerid, -1, "SERVER: You have left the server."), Kick(playerid);
    }
    if(isnull(inputtext)) {
        return Dialog_Show(playerid, Register, DIALOG_STYLE_PASSWORD, "{1564F5}Register", "Type in a password below to register an account.", "Okay", "Cancel");
    }
    if(strlen(inputtext) >= MAX_PASS_LENGTH) {
        return SendClientMessage(playerid, -1, "SERVER: Password must not be more than 40 characters"), Dialog_Show(playerid, Register, DIALOG_STYLE_PASSWORD, "{1564F5}Register", "Type in a password below to register an account.", "Okay", "Cancel");
    }

    new Salt[30], hash[129];

    randomString(Salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", Salt, escape(inputtext));

    WP_Hash(hash, sizeof(hash), hash);
    CreateAccount(playerid, Salt, hash);
    return 1;
}

stock CreateAccount(playerid, salt[], pass[129])
{
    new query[240];
    format(query, sizeof(query), "INSERT INTO `users` (name, salt, pass) VALUES (\'%s\', \'%s\', \'%s\')",
        returnName(playerid),
        salt,
        pass
    );

    mysql_function_query(gHandle, query, false, "OnAccountCreate", "d", playerid);
}

forward OnAccountCreate(playerid);
public OnAccountCreate(playerid)
{
    gPlayerInfo[playerid][pID] = mysql_insert_id();
    return 1;
}
Reply
#5

It doesn't change because you're never running the query.
Reply
#6

What's wrong now? Still won't change.

pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    new query[128];
    new salt[30], hash[129];
    randomString(salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", salt, escape(params));
    WP_Hash(hash, sizeof(hash), hash);
    mysql_function_query(gHandle, query, false, "UPDATE `users` SET `pass`='%s' WHERE `id`='%i'", "si", "", "");
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
Reply
#7

You should read about string manipulations.

https://sampwiki.blast.hk/wiki/Format

Also, you're using the incorrect parameters for mysql_function_query.

They are:
pawn Код:
mysql_function_query( connectionHandle, query[], bool:cache, callback[], format[], {Float,_}:... )
I'd also suggest you upgrade your plugin to the latest version and use the new functions instead.
Reply
#8

Yeh I have the newest plugin already.. just finish the code for me I'm too tired with it D;
Reply
#9

pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    if (strlen(params) > 90)
        return SendClientMessage(playerid, -1, "Password has to be between 1 and 90 characters.");
    new query[300];
    new salt[30], hash[129];
    randomString(salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", salt, escape(params));
    WP_Hash(hash, sizeof(hash), hash);
    format(query, sizeof (query), "UPDATE `users` SET `pass`='%s' WHERE `id`=%i", hash, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, false, query, "si", "", "");
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
Reply
#10

Clearly you didn't look at the code biker122.
He's not running the query correctly.
In the last code, he wasn't formatting it.
Reply
#11

Quote:
Originally Posted by Stinged
Посмотреть сообщение
pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    if(isnull(params))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    if (strlen(params) > 90)
        return SendClientMessage(playerid, -1, "Password has to be between 1 and 90 characters.");
    new query[300];
    new salt[30], hash[129];
    randomString(salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", salt, escape(params));
    WP_Hash(hash, sizeof(hash), hash);
    format(query, sizeof (query), "UPDATE `users` SET `pass`='%s' WHERE `id`=%i", hash, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, false, query, "si", "", "");
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
This does change the password successfully (thanks for that!) - BUT, the server crashes upon changing password with the command! What's wrong now?

Here's something that might help...
http://prntscr.com/52d3nf

and mysql_log

Quote:

[20:47:35] [DEBUG] mysql_escape_string - source: "kikkeli123", connection: 1, max_len: 512
[20:47:35] [DEBUG] mysql_tquery - connection: 1, query: "UPDATE `users` SET `pass`='6A4F20AF1CB7C32568BCFFB30F02972D0AEEE", callback: "UPDATE `users` SET `pass`='6A4F20AF1CB7C32568BCFFB30F02972D0AEEE5DA48 C9FF145F523582141454145E51E79DC794F0E8D3DD7A3A1660 A4EC9CF1E590BA45200658D48EE60492E822' WHERE `id`=2", format: "si"
[20:47:35] [DEBUG] CMySQLQuery::CMySQLQuery() - constructor called
[20:47:35] [DEBUG] mysql_tquery - scheduling query "UPDATE `users` SET `pass`='6A4F20AF1CB7C32568BCFFB30F02972D0AEEE5DA48 C9FF145F523582141454145E51E79DC794F0E8D3DD7A3A1660 A4EC9CF1E590BA45200658D48EE60492E822' WHERE `id`=2"..
[20:47:35] [DEBUG] CMySQLQuery::Execute[UPDATE `users` SET `pass`='6A4F20AF1CB7C32568BCFFB30F02972D0AEEE5DA48 C9FF145F523582141454145E51E79DC794F0E8D3DD7A3A1660 A4EC9CF1E590BA45200658D48EE60492E822' WHERE `id`=2(si)] - starting query execution
[20:47:35] [DEBUG] CMySQLQuery::Execute[UPDATE `users` SET `pass`='6A4F20AF1CB7C32568BCFFB30F02972D0AEEE5DA48 C9FF145F523582141454145E51E79DC794F0E8D3DD7A3A1660 A4EC9CF1E590BA45200658D48EE60492E822' WHERE `id`=2(si)] - query was successful
[20:47:35] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[20:47:35] [DEBUG] CMySQLQuery::Execute[UPDATE `users` SET `pass`='6A4F20AF1CB7C32568BCFFB30F02972D0AEEE5DA48 C9FF145F523582141454145E51E79DC794F0E8D3DD7A3A1660 A4EC9CF1яяяяBA45200658D48EE60492E822' WHERE `id`=2(si)] - data being passed to ProcessCallbacks()
[20:47:35] [DEBUG] Calling callback "UPDATE `users` SET `pass`='6A4F20AF1CB7C32568B20:47:35

Nothing appears in server_log.
Reply
#12

It seems that it's just appending the old password onto the new string. Make sure all strings are cleared before trying to update again. I'm not sure why this is happening (if it's still an issue I'll take an in depth look later).

Also, you need to save the salt in the database somewhere. You cant just salt the hash and then assume that the server will know the salt for next time.

Good luck.
Reply
#13

I've tried a few different methods, but still failing. This is where I am currently;
pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    new inputtext[128];
    if(sscanf(params, "s[128]", inputtext))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    if (strlen(params) > 90)
        return SendClientMessage(playerid, -1, "Password has to be between 1 and 90 characters.");
    new hash[129], Salt[30];
    randomString(Salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", Salt, escape(inputtext));
    WP_Hash(hash, sizeof(hash), hash);
    ChangePass(playerid, hash, Salt);
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
stock ChangePass(playerid, pass[129], salt[])
{
    new query[240];
    format(query, sizeof (query), "UPDATE `users` SET `pass` = '%s', `salt` = '%s' WHERE `id` = '%i'", pass, salt, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, false, "", "ssi");
    return 1;
}
So the server doesn't crash, but password and salt won't change. This is what happens;
Quote:

[22:32:16] [DEBUG] mysql_escape_string - source: "perkele", connection: 1, max_len: 512
[22:32:16] [DEBUG] mysql_tquery - connection: 1, query: "UPDATE `users` SET `pass` = 'AA5D3A8A33863DA55B957DD04370248BBE1", callback: "(null)", format: "ssi"
[22:32:16] [ERROR] mysql_tquery - callback parameter count does not match format specifier length

I've tried some other formats in mysql_function_query but always error.
Reply
#14

Quote:
Originally Posted by Capua
Посмотреть сообщение
I've tried a few different methods, but still failing. This is where I am currently;
pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    new inputtext[128];
    if(sscanf(params, "s[128]", inputtext))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    if (strlen(params) > 90)
        return SendClientMessage(playerid, -1, "Password has to be between 1 and 90 characters.");
    new hash[129], Salt[30];
    randomString(Salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", Salt, escape(inputtext));
    WP_Hash(hash, sizeof(hash), hash);
    ChangePass(playerid, hash, Salt);
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    return 1;
}
stock ChangePass(playerid, pass[129], salt[])
{
    new query[240];
    format(query, sizeof (query), "UPDATE `users` SET `pass` = '%s', `salt` = '%s' WHERE `id` = '%i'", pass, salt, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, false, "", "ssi");
    return 1;
}
So the server doesn't crash, but password and salt won't change. This is what happens;


I've tried some other formats in mysql_function_query but always error.
You're doing it wrong.

Try this:
Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    new inputtext[128];
    if(sscanf(params, "s[128]", inputtext))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    if (strlen(params) > 90)
        return SendClientMessage(playerid, -1, "Password has to be between 1 and 90 characters.");
    new hash[129], Salt[30];
    randomString(Salt, SALT_LENGTH);
    format(hash, sizeof(hash), "%s%s", Salt, escape(inputtext));
    WP_Hash(hash, 129, inputtext);
    new query[240];
    format(query, sizeof (query), "UPDATE `users` SET `pass` = '%s', `salt` = '%s' WHERE `id` = '%i'", hash, Salt, gPlayerInfo[playerid][pID]);
	mysql_function_query(gHandle, query, false, "", "", "");
	SendClientMessage(playerid, -1, "You have successfully changed your password.");
	return 1;
}
Reply
#15

We're close! It would've worked (possibly) but it yells about a syntax error..
Quote:

[23:12:37] [DEBUG] mysql_escape_string - source: "testpass", connection: 1, max_len: 512
[23:12:37] [DEBUG] mysql_tquery - connection: 1, query: "UPDATE `users` SET `pass` = 'C61BCBFE58AF1B47F0586A0F3A54F0A8EE1", callback: "(null)", format: "(null)"
[23:12:37] [DEBUG] CMySQLQuery::CMySQLQuery() - constructor called
[23:12:37] [DEBUG] mysql_tquery - scheduling query "UPDATE `users` SET `pass` = 'C61BCBFE58AF1B47F0586A0F3A54F0A8EE1CD8E599DFE111F EBEFCAF08CD6CE164DC7E356495E598ACDF92BD0241770D7CC 96986CC78B5F01E5631E2FBA28C14', `salt` = '525Y83kh5n4H6i14NU75j14NIv4EraC61BCBFE58AF1B47F05 86A0F3A54F0A8EE1CD8E"..
[23:12:37] [DEBUG] CMySQLQuery::Execute[()] - starting query execution
[23:12:37] [ERROR] CMySQLQuery::Execute[()] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''525Y83kh5n4H6i14NU75j14NIv4EraC61BCBFE58AF1B47F0 586A0F3A54F0A8EE1CD8E' at line 1

Reply
#16

A whirlpool hash is 128 characters long, the salt is 30 characters long. The hash variable is of the size 129.

128+30 != 129.

Just saying
Reply
#17

I still can't get forward with this matter. Always the same error:

Код:
[17:46:44] [DEBUG] mysql_tquery - connection: 1, query: "UPDATE `users` SET `pass`='D5FBADCC1D96C6A3B676186562457AE055C03", callback: "query", format: "(null)"
[17:46:44] [DEBUG] CMySQLQuery::CMySQLQuery() - constructor called
[17:46:44] [DEBUG] mysql_tquery - scheduling query "UPDATE `users` SET `pass`='D5FBADCC1D96C6A3B676186562457AE055C03568CDCA527459E6C42C9A89D93E1269D2B09E9E0AE9335B7FC8F234CDBC542DDDFA936BFFD781FA53E8B7CD1A93', `salt`='2249ylqI1902MW91auv9EhT9590AF8D5FBADCC1D96C6A3B676186562457AE055C03568CDC"..
[17:46:44] [DEBUG] CMySQLQuery::Execute[query()] - starting query execution
[17:46:44] [ERROR] CMySQLQuery::Execute[query()] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''2249ylqI1902MW91auv9EhT9590AF8D5FBADCC1D96C6A3B676186562457AE055C03568CDC' at line 1
My code looks like this now:
pawn Код:
CMD:changepass(playerid, params[])
{
    if (gPlayerInfo[playerid][pLogged] == 0)
        return SendClientMessage( playerid, -1, "You need to be logged in to use this. " );
    new newpass[129];
    if(sscanf(params, "s[128]", newpass))
        return SendClientMessage( playerid, -1, "USAGE: /changepass [New password]. " );
    if (strlen(params) > 90)
        return SendClientMessage(playerid, -1, "Password has to be between 1 and 90 characters.");
    new Salt[30];
    randomString(Salt, SALT_LENGTH);
    WP_Hash(newpass, 129, newpass);
    format(newpass, sizeof(newpass), "%s", (newpass));
    new query[240];
    format(query, sizeof(query), "UPDATE `users` SET `pass`='%s', `salt`='%s' WHERE `id`='%i'", newpass, Salt, gPlayerInfo[playerid][pID]);
    mysql_function_query(gHandle, query, false, "query", "", "", "");
    SendClientMessage(playerid, -1, "You have successfully changed your password.");
    SendClientMessage(playerid, -1, "Password changed.");
    return 1;
}
Help please
Reply
#18

Alrighty I got it solved! I made a changepass dialog similiar to this register system: https://sampforum.blast.hk/showthread.php?tid=390428
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)