[Allura]

Hi! I've been working on a login and register script and when the login dialog pops up after registration, it scans successfully for correct password, but if I quit and try to login, it accepts any password. I think it may be to do with the PlayerInfo[playerid][Password] variable not holding a value until the LoadAccount function - only called after the player enters a correct password.
I've posted my gamemode to pastebin.

Game mode is here

[Stinged]

You should select the player's password in that query when they connect.
And then when you check if the row exists (You've already done that), load it using

Код:

cache_get_field_content(0, "Password", PlayerInfo[playerid][Password], size here);

You can even use field indexes instead (cache_get_row). It's faster than using field names.
But they depend on how you select the password when they connect.

[Allura]

I get these mysql log errors about invalid row index:

Код:

[23:20:50] [DEBUG] mysql_connect - host: "localhost", user: "root", database: "genx", password: "****", port: 3306, autoreconnect: true, pool_size: 2
[23:20:50] [DEBUG] CMySQLHandle::Create - creating new connection..
[23:20:50] [DEBUG] CMySQLHandle::CMySQLHandle - constructor called
[23:20:50] [DEBUG] CMySQLHandle::Create - connection created (id: 1)
[23:20:50] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[23:20:50] [DEBUG] CMySQLConnection::Connect - connection was successful
[23:20:50] [DEBUG] CMySQLConnection::Connect - auto-reconnect has been enabled
[23:20:50] [DEBUG] mysql_errno - connection: 1
[23:20:50] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[23:20:50] [DEBUG] CMySQLConnection::Connect - establishing connection to database...
[23:20:50] [DEBUG] CMySQLConnection::Connect - connection was successful
[23:20:50] [DEBUG] CMySQLConnection::Connect - connection was successful
[23:20:50] [DEBUG] CMySQLConnection::Connect - connection was successful
[23:20:50] [DEBUG] CMySQLConnection::Connect - auto-reconnect has been enabled
[23:21:10] [DEBUG] mysql_format - connection: 1, len: 128, format: "SELECT `ID`, `Name` FROM `players` WHERE `Name` = '%s' LIMIT 1"
[23:21:10] [DEBUG] mysql_tquery - connection: 1, query: "SELECT `ID`, `Name` FROM `players` WHERE `Name` = 'Diego_Javier'", callback: "CheckAccount", format: "i"
[23:21:10] [DEBUG] CMySQLQuery::Execute[CheckAccount] - starting query execution
[23:21:10] [DEBUG] CMySQLQuery::Execute[CheckAccount] - query was successfully executed within 1.55 milliseconds
[23:21:10] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[23:21:10] [DEBUG] Calling callback "CheckAccount"..
[23:21:10] [DEBUG] cache_get_data - connection: 1
[23:21:10] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called
[23:21:14] [DEBUG] mysql_format - connection: 1, len: 300, format: "INSERT INTO `players` (`Name`, `Password`, `Cash`) VALUES ('%s', '%s', %d)"
[23:21:14] [DEBUG] mysql_tquery - connection: 1, query: "INSERT INTO `players` (`Name`, `Password`, `Cash`) VALUES ('Dieg", callback: "RegisterAccount", format: "i"
[23:21:14] [DEBUG] CMySQLQuery::Execute[RegisterAccount] - starting query execution
[23:21:14] [DEBUG] CMySQLQuery::Execute[RegisterAccount] - query was successfully executed within 26.512 milliseconds
[23:21:14] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[23:21:14] [DEBUG] Calling callback "RegisterAccount"..
[23:21:14] [DEBUG] cache_insert_id - connection: 1
[23:21:14] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called
[23:21:18] [DEBUG] mysql_format - connection: 1, len: 50, format: "SELECT * FROM `players` WHERE `Name` = '%e' LIMIT 1"
[23:21:18] [DEBUG] mysql_tquery - connection: 1, query: "SELECT * FROM `players` WHERE `Name` = '' LIMIT 1", callback: "LoadAccount", format: "i"
[23:21:18] [DEBUG] CMySQLQuery::Execute[LoadAccount] - starting query execution
[23:21:18] [DEBUG] CMySQLQuery::Execute[LoadAccount] - query was successfully executed within 5.68 milliseconds
[23:21:18] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[23:21:18] [DEBUG] Calling callback "LoadAccount"..
[23:21:18] [DEBUG] cache_insert_id - connection: 1
[23:21:18] [DEBUG] cache_get_field_content - row: 1, field_name: "Name", connection: 1, max_len: 1
[23:21:18] [ERROR] CMySQLResult::GetRowDataByName() - invalid row index ('1')
[23:21:18] [DEBUG] cache_get_field_content_int - row: 3, field_name: "Cash", connection: 1
[23:21:18] [ERROR] CMySQLResult::GetRowDataByName() - invalid row index ('3')
[23:21:18] [ERROR] cache_get_field_content_int - invalid datatype
[23:21:18] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called
[23:21:23] [DEBUG] mysql_format - connection: 1, len: 126, format: "UPDATE `players` SET `Name`='%s', `Password`='%s', `Cash`=%d"
[23:21:23] [DEBUG] mysql_tquery - connection: 1, query: "UPDATE `players` SET `Name`='', `Password`='', `Cash`=0", callback: "RegisterAccount", format: "i"
[23:21:23] [DEBUG] CMySQLQuery::Execute[RegisterAccount] - starting query execution
[23:21:23] [DEBUG] CMySQLQuery::Execute[RegisterAccount] - query was successfully executed within 14.788 milliseconds
[23:21:23] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[23:21:23] [DEBUG] Calling callback "RegisterAccount"..
[23:21:23] [DEBUG] cache_insert_id - connection: 1
[23:21:23] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called

[Allura]

Anyone have an idea? I have been trying all day today. Thanks in anticipation.

[Shinja]

PHP код:

forward LoadAccount(playerid);
public LoadAccount(playerid)
{
    PlayerInfo[playerid][ID] = cache_insert_id();
    cache_get_field_content(0, "Name", PlayerInfo[playerid][Name]);
    cache_get_field_content(0, "Password", PlayerInfo[playerid][Password]);
    PlayerInfo[playerid][Cash] = cache_get_field_content_int(0, "Cash");
   
    SetSpawnInfo( playerid, 0, 0, 1958.33, 1343.12, 15.36, 269.15, 0, 0, 0, 0, 0, 0 );
    SpawnPlayer(playerid);
    return 1;
} 


[Threshold]

Remember, 'strcmp' returns 0 if either of the strings is empty. So if 'PlayerInfo[playerid][Password]' is empty, or if the input text is empty, then strcmp is going to tell you that they match regardless.

Best way to avoid this is to check whether the variable or the input are null (isnull or strlen).

[AndySedeyn]

1) Use the %e specifier instead of the %s specifier to escape database inputs. Not using it will leave it vulnerable to SQL attacks. Note: works only with mysql_format.

2) To add to Stinged's reply, you have to specify your database's connection ID before specifying the size when the destination variable is an enum-array:

PHP код:

cache_get_field_content(row, const field_name[], destination[], connectionHandle, max_len); 


3) You're getting the "invalid row index" error because rows start counting at 0 instead of 1 as you thought.

@Shinja, cache_insert_id() retrieves the generated ID from the sent query. You don't generate an A_I ID from a SELECT query. You have to retrieve it like you would retrieve any other integer value:

PHP код:

variable = cache_get_field_content_int(row, const field_name[]); 


I haven't tried using cache_insert_id() after a SELECT query, but it sounds logical.

[Shinja]

Quote:

Originally Posted by Shinja PHP код: forward LoadAccount(playerid); public LoadAccount(playerid) {     PlayerInfo[playerid][ID] = cache_insert_id();     cache_get_field_content(0, "Name", PlayerInfo[playerid][Name]);     cache_get_field_content(0, "Password", PlayerInfo[playerid][Password]);     PlayerInfo[playerid][Cash] = cache_get_field_content_int(0, "Cash");         SetSpawnInfo( playerid, 0, 0, 1958.33, 1343.12, 15.36, 269.15, 0, 0, 0, 0, 0, 0 );     SpawnPlayer(playerid);     return 1; }

Actually he was doing

PHP код:

cache_get_field_content(1, "Name", PlayerInfo[playerid][Name]);
    cache_get_field_content(2, "Password", PlayerInfo[playerid][Password]);
    PlayerInfo[playerid][Cash] = cache_get_field_content_int(3, "Cash"); 


He think its field number, no its row so must be 0, hmm thanks for your advice about insert id