1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help
  4. Help Archive

Threaded Mode
everyone can login
Saurik
High-roller
*****
Posts: 1,228
Threads: 133
Joined: Oct 2009
Reputation: 0
#1

28.12.2010, 05:03
why does this let anyone login with any password ?

Код:
format(string, sizeof(string), "SELECT * FROM users WHERE User='%s' AND Password = MD5('%s') LIMIT 1", PlayerName, inputtext);
                new escape[140];
	            mysql_real_escape_string(inputtext,escape);
	            new Success = mysql_fetch_int();
              
	             if (Success = true)
                      {
                    // blah blah , logs in the person.
Find
Reply
Retardedwolf
High-roller
*****
Posts: 1,466
Threads: 7
Joined: Jun 2009
Reputation: 0
#2

28.12.2010, 05:08
You're not querying the formatted string also not storing the result and what is
pawn Код:
if ( Success = true )
supposed to do? Why not just
pawn Код:
if ( mysql_num_rows ( ) )
Find
Reply
Saurik
High-roller
*****
Posts: 1,228
Threads: 133
Joined: Oct 2009
Reputation: 0
#3

28.12.2010, 05:10
the rest of the code is correct ?
Find
Reply
XPlatform
Big Clucker
***
Posts: 116
Threads: 16
Joined: May 2008
Reputation: 0
#4

28.12.2010, 05:11
shouldn't it be double equal signs in an if statement?
pawn Код:
if ( Success == true )
Otherwise I think it's just an assignment statement within and if statement. Though my pawn is rusty, just opened SAMP up again today after a year or so.
Find
Reply
Retardedwolf
High-roller
*****
Posts: 1,466
Threads: 7
Joined: Jun 2009
Reputation: 0
#5

28.12.2010, 05:12
I'd say so and why escaping the string after you formatted the string? ( HINT: Escape it before you format )
Find
Reply
Saurik
High-roller
*****
Posts: 1,228
Threads: 133
Joined: Oct 2009
Reputation: 0
#6

28.12.2010, 05:15
i had == didnt work

if ( mysql_num_rows ( ) )
doesnt work either
Find
Reply
Retardedwolf
High-roller
*****
Posts: 1,466
Threads: 7
Joined: Jun 2009
Reputation: 0
#7

28.12.2010, 05:21
pawn Код:
new escape [ 140 ];
                mysql_real_escape_string ( inputtext, escape );

                format ( string, sizeof ( string ), "SELECT * FROM users WHERE User='%s' AND Password = MD5('%s') LIMIT 1", PlayerName, inputtext);
                mysql_query ( string ); //If you're using BlueG's plugin.
                mysql_store_result ( );
                if ( mysql_store_result )
                {
                    mysql_free_result ( );
                    // blah blah , logs in the person.
                }
                else
                {
                    mysql_free_reuslt ( );
                    // blahblah, tells the person they failatlife.
                }
Find
Reply
Saurik
High-roller
*****
Posts: 1,228
Threads: 133
Joined: Oct 2009
Reputation: 0
#8

28.12.2010, 05:32
still lets any password login
Find
Reply
XPlatform
Big Clucker
***
Posts: 116
Threads: 16
Joined: May 2008
Reputation: 0
#9

28.12.2010, 05:45
I'm not familiar with SQL in samp at all... but try this:
pawn Код:
new escape [ 140 ];
                mysql_real_escape_string ( inputtext, escape );

                format ( string, sizeof ( string ), "SELECT * FROM users WHERE User='%s' AND Password = MD5('%s') LIMIT 1", PlayerName, inputtext);
                mysql_query ( string ); //If you're using BlueG's plugin.
                if (mysql_store_result ( ))
                {
                    mysql_free_result ( );
                    // blah blah , logs in the person.
                }
                else
                {
                    mysql_free_reuslt ( );
                    // blahblah, tells the person they failatlife.
                }
Find
Reply
Retardedwolf
High-roller
*****
Posts: 1,466
Threads: 7
Joined: Jun 2009
Reputation: 0
#10

28.12.2010, 05:49
@XPlatform, no and thanks for using my code.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help
  4. Help Archive