23.08.2009, 20:56
I make a register system in mysql, now i need create the /login command but i dont know how to take the "password" from the mysql for use in the pwn
Get information for mysql
23.08.2009, 21:00
You can do it in the query.
pawn Code:
format(query,sizeof(query),"SELECT Whatever FROM `table` WHERE Username = "%s" AND Password = "%s",name,params);
mysql_query(query);
mysql_store_result();
if(mysql_num_rows() > 0)
{
//Login success
}
else
{
//Login failed
}
23.08.2009, 21:00
JaTochNietDan answered already.
By the way JaTochNietDan are you sure it's possible to do in a mysql query "table"?
By the way JaTochNietDan are you sure it's possible to do in a mysql query "table"?
23.08.2009, 21:11
Shouldn't it be "SELECT * FROM mytable WHERE ..." ? I've made my own MySQL login system before and I think that doing "SELECT Whatever" would select a column called 'Whatever' whereas the '*' is all columns. You could also do "SELECT Username,Password FROM mytable ..." and that would get you the columns you're looking for anyway.
23.08.2009, 21:11
I use that code thx but every time y try to login said "incorrect password" i cant login here is my code
pawn Code:
if(!strcmp(cmdtext, "/login", true, 3)) // 3 is the length of /me
{
if(cmdtext[9] == 0) {
SendClientMessage(playerid, COLOR_GREY, "Utiliza: /login [password]");
return 1;
}
else
{
if(logueado == 1)
{
SendClientMessage(playerid, COLOR_YELLOW, "Ya estas logueado");
}
else
{
new name[128];
new query[128];
new password = cmdtext[7];
GetPlayerName(playerid, name, sizeof(name));
format(query, sizeof(query), "SELECT id FROM `players` WHERE Nombre = '%s' AND Password = '%s'" , name, password);
samp_mysql_query(query);
samp_mysql_store_result();
if(samp_mysql_num_rows() > 0)
{
logueado = 1;
SendClientMessage(playerid, COLOR_GREEN, "Login Correcto. Bienvenido");
}
else
{
if(intentos == 3)
{
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Limites de intentos por contraseсa. Has sido Kickeado.");
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
Kick(playerid);
}
else
{
intentos = intentos +1;
SendClientMessage(playerid, COLOR_GREEN, "_________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Contraseсa incorrecta.");
SendClientMessage(playerid, COLOR_GREEN, "_________________________________________");
}
}
}
}
return 1;
}
23.08.2009, 21:32
Quote:
|
Originally Posted by Joe Staff
Shouldn't it be "SELECT * FROM mytable WHERE ..." ? I've made my own MySQL login system before and I think that doing "SELECT Whatever" would select a column called 'Whatever' whereas the '*' is all columns. You could also do "SELECT Username,Password FROM mytable ..." and that would get you the columns you're looking for anyway.
|
Zafire are you using any type of encryption on the passwords?
EDIT: I just noticed this..
pawn Code:
if(!strcmp(cmdtext, "/login", true, 3)) // 3 is the length of /me
23.08.2009, 21:45
Quote:
|
Originally Posted by JaTochNietDan
Quote:
Zafire are you using any type of encryption on the passwords? EDIT: I just noticed this.. pawn Code:
|
I dont use encriptation of password
23.08.2009, 21:50
The example I gave you will check if the password = the string used in /login.
EDIT: if you don't use any encryption then I don't see whats wrong other than your params aren't specified properly
EDIT: if you don't use any encryption then I don't see whats wrong other than your params aren't specified properly
23.08.2009, 21:51
Quote:
|
Originally Posted by JaTochNietDan
The example I gave you will check if the password = the string used in /login.
|
23.08.2009, 22:04
now when i use /login my server crash after 5 secs :S
Here is my code
Here is my code
pawn Код:
if(!strcmp(cmdtext, "/login", true, 6))
{
if(cmdtext[9] == 0)
{
SendClientMessage(playerid, COLOR_GREY, "Utiliza: /login [password]");
return 1;
}
else
{
if(logueado == 1)
{
SendClientMessage(playerid, COLOR_YELLOW, "Ya estas logueado");
}
else
{
new name[128];
new query[128];
new pass = cmdtext[7];
GetPlayerName(playerid, name, sizeof(name));
format(query, sizeof(query),"SELECT Whatever FROM `table` WHERE Username = '%s' AND Password = '%s'", name, pass);
samp_mysql_query(query);
samp_mysql_store_result();
if(samp_mysql_num_rows() > 0)
{
logueado = 1;
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Has sido logueado correctamente.");
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
}
else
{
if(intentos == 3)
{
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Limites de intentos por contraseсa. Has sido Kickeado.");
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
Kick(playerid);
}
else
{
intentos = intentos +1;
SendClientMessage(playerid, COLOR_GREEN, "_________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Contraseсa incorrecta.");
SendClientMessage(playerid, COLOR_GREEN, "_________________________________________");
}
}
}
}
return 1;
}
23.08.2009, 22:04
Quote:
|
Originally Posted by JaTochNietDan
Quote:
Zafire are you using any type of encryption on the passwords? EDIT: I just noticed this.. pawn Код:
|
SELECT * FROM means to select everything 1 after 1, a whole row. So there's no need to that.
Eh checked your code again..
Quote:
|
format(query, sizeof(query),"SELECT Whatever FROM `table` WHERE Username = '%s' AND Password = '%s'", name, pass); samp_mysql_query(query); samp_mysql_store_result(); |
23.08.2009, 22:12
Zafire you need to specify your own columns and table, I made an example...I don't have access to your script
23.08.2009, 22:13
Thx i the problem was there in "whatever" and "table" and "username" XD!! but now the problem is i use the correct password in /login but keep "incorrect password = contraseсa incorrecta" that :S:S
My NEW code
My database is "NFS" my table is "PLAYERS" and my rows are "nombre for NAME" and "password for pass"...
My NEW code
pawn Код:
if(!strcmp(cmdtext, "/login", true, 6))
{
if(cmdtext[9] == 0)
{
SendClientMessage(playerid, COLOR_GREY, "Utiliza: /login [password]");
return 1;
}
else
{
if(logueado == 1)
{
SendClientMessage(playerid, COLOR_YELLOW, "Ya estas logueado");
}
else
{
new name[128];
new query[128];
new pass = cmdtext[7];
GetPlayerName(playerid, name, sizeof(name));
format(query, sizeof(query),"SELECT id FROM players WHERE Nombre = '%s' AND Password = '%s'", name, pass);
samp_mysql_query(query);
samp_mysql_store_result();
if(samp_mysql_num_rows() > 0)
{
logueado = 1;
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Has sido logueado correctamente.");
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
}
else
{
if(intentos == 3)
{
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Limites de intentos por contraseсa. Has sido Kickeado.");
SendClientMessage(playerid, COLOR_GREEN, "________________________________________________________");
Kick(playerid);
}
else
{
intentos = intentos +1;
SendClientMessage(playerid, COLOR_GREEN, "_________________________________________");
SendClientMessage(playerid, COLOR_YELLOW, "Contraseсa incorrecta.");
SendClientMessage(playerid, COLOR_GREEN, "_________________________________________");
}
}
}
}
return 1;
}
23.08.2009, 22:15
Use
Then look at what it prints in your server_log or console window, just to make sure its getting the correct parameters.
pawn Код:
print(pass);
23.08.2009, 22:17
Quote:
|
Originally Posted by JaTochNietDan
Use
pawn Код:
|
23.08.2009, 22:20
Ok fail? Alex just pointed out to me that you're "pass" is not a string...
It should be new pass[20] = cmdtext[7];
Anyway since that's a guarenteed fix, you also need to use mysql_escape_string(pass,pass); before setting the query string, so that you escape any injection vulnerabilities.
It should be new pass[20] = cmdtext[7];
Anyway since that's a guarenteed fix, you also need to use mysql_escape_string(pass,pass); before setting the query string, so that you escape any injection vulnerabilities.
23.08.2009, 22:22
print dont works for vars! i use
The problem is there
only print "L" the pass i type wass "lehnaop141"
pawn Код:
format(pass2, sizeof(pass2),"%s", pass);
SendClientMessage(playerid, COLOR_YELLOW, pass2);
only print "L" the pass i type wass "lehnaop141"
23.08.2009, 22:25
Quote:
|
Originally Posted by JaTochNietDan
Ok fail? Alex just pointed out to me that you're "pass" is not a string...
It should be new pass[20] = cmdtext[7]; Anyway since that's a guarenteed fix, you also need to use mysql_escape_string(pass,pass); before setting the query string, so that you escape any injection vulnerabilities. |
Код:
C:\Documents and Settings\Administrador\Mis documentos\Samp Server\gamemodes\nfs.pwn(475) : error 008: must be a constant expression; assumed zero
23.08.2009, 22:26
Quote:
|
Originally Posted by ssǝן‾ʎ
When you get your code working DO NOT type this, you'll loose the database:
Код:
/login '; DROP TABLE players; |
By the way, you could use samp_mysql_get_field to get it simply instead of doing the query.
pawn Код:
samp_mysql_get_field("The_password_in_your_language",pass);
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)