[Loinal]

PHP код:

CMD:setpassword(playerid, params[])
{
    if(pData[playerid][Admin] >= 7)
    {
        new query[320], name[24], newpass[34],query1[320];
        if(sscanf(params, "s[24]s[34]", name, newpass)) return SendClientMessage(playerid, COLOR_YELLOW, "USAGE: /setpassword <PlayerName> <NewPassword>");
        if(!AccountExists(name)) return SendClientMessage(playerid, red, "Account does not exists");
        mysql_format(mysql, query, sizeof(query),"SELECT `Password` FROM `players` WHERE `Username` = '%e'");
        mysql_tquery(mysql,query);
        
        mysql_tquery(mysql, query, "ChangePlayerPassword", "iss", playerid,name,newpass);
        format(query1, sizeof(query1), "You have changed %s's password to %s", name, newpass);
        SendClientMessage(playerid, COLOR_GREEN, query1);
        new IRC[130];
        format(IRC, sizeof(IRC), "1,8* Admin %s (ID: %d) changed %s's password.",GetName(playerid), playerid, name);
        IRC_GroupSay(groupID, "&#ZoneX", IRC);
        IRC_GroupSay(groupID, IRC_aCHANNEL, IRC);
        return 1;
    }
    else return ShowMessage(playerid, COLOR_YELLOW, 1, 7);
}
forward ChangePlayerPassword(admin, cPlayer[], newpassword[]);
public ChangePlayerPassword(admin, cPlayer[], newpassword[])
{
    new query[320];
    mysql_format(mysql, query, sizeof(query), "UPDATE `players` SET Password=SHA1('%s') WHERE `Username` = '%e'", newpassword, cPlayer);
    mysql_tquery(mysql, query);
    return true;
} 


That command doesn't change the password why?

[DobbysGamertag]

Why are you using SHA1 firstly?, it's no longer secure (source).

Aren't tquery's supposed to be threaded? IE: Called outside of the function.

[Vince]

Let me just circumvent the entire question by saying that this is bad practice. Admins (and other people for that matter) have no business with a player's password. If a player forgets his password you generate a new random password and you mail it to the e-mail address that you have on file. Then the player can login with that temporary password and set a new password himself by conventional means.

Also never broadcast a password in plain text. There's a reason that you see dots or asterisks when typing a password. It's so people reading over your shoulder can't see your password. If you then loudly announce in the chat "you have changed your password to "MyBrotherIsAnIdiot"" then those people will have a nice conversation.

[Loinal]

Quote:

Originally Posted by Vince Let me just circumvent the entire question by saying that this is bad practice. Admins (and other people for that matter) have no business with a player's password. If a player forgets his password you generate a new random password and you mail it to the e-mail address that you have on file. Then the player can login with that temporary password and set a new password himself by conventional means. Also never broadcast a password in plain text. There's a reason that you see dots or asterisks when typing a password. It's so people reading over your shoulder can't see your password. If you then loudly announce in the chat "you have changed your password to "MyBrotherIsAnIdiot"" then those people will have a nice conversation.

ok ty for informations but now that problem is same changing password is not working even if i will make it only for players to change their passwords