[Camacorn]

Ok, my server has completed its MySql system thanks to someone whos name i wont state because i dont think he would want me to.

The only issue is, when you relog, and try to Login, it says "* Wrong Password" every single time, even if the password is right. It does this for every player.

We use GstyleZzZ MySql Plugin R5 - https://sampforum.blast.hk/showthread.php?tid=56564

Here is the code:
(( Please ignore that it is non-indented on the forum, i dont know why. ))

Код:

    if(dialogid == 1400) // login dialog
    {
       if(response)
       {
            if(!strlen(inputtext))
            {
                //ShowPlayerDialog(playerid, 1400, DIALOG_STYLE_INPUT , "Login", "Insert your password below to log in!", "OK", "Cancel");
                SendClientMessage(playerid, c_red, "* You have to login to be able to play!");
				new str2[152];
				format(str2, sizeof(str2), "Welcome to Battlefield 1943:\n\n{FF0000}%s,\n\n{FFFFFF}That name is registered. Please enter your password below.", plnamed);
				ShowPlayerDialog(playerid, 1400, DIALOG_STYLE_INPUT, "Login",str2,"Login", "Cancel");
            }
            
            new str2[152], query[100];
            new string[128], pname[MAX_PLAYER_NAME];
			GetPlayerName(playerid, pname, sizeof(pname));
			
			format(query, sizeof(query), "SELECT * FROM `users` WHERE name='%s'", pname);
  			mysql_store_result();
  			mysql_fetch_row_format(query, "|");
  			sscanf(query, "e<p<|>{s[32]}i{s[32]}i{i}iiiii>", PlayerInfo[playerid]);

			new pas = udb_hash(inputtext);
            new upas = PlayerInfo[playerid][hashpw];
            if(pas != upas)
			{
              SendClientMessage(playerid, c_red, "* Wrong Password.");
              format(str2, sizeof(str2), "Welcome to Battlefield 1943:\n\n{FF0000}%s,\n\n{FFFFFF}That name is registered. Please enter your password below.", plnamed);
			  ShowPlayerDialog(playerid, 1400, DIALOG_STYLE_INPUT, "Login",str2,"Login", "Cancel");
	  		}
            else
            {
              logged[playerid] = 1;/*
              PlayerInfo[playerid][Admin] = dini_Int(file, "Admin");
              SetPlayerScore(playerid, dini_Int(file, "score"));
              PlayerInfo[playerid][deaths] = dini_Int(file, "deaths");
              PlayerInfo[playerid][EasterEgg] = dini_Int(file, "EasterEgg");
              PlayerInfo[playerid][Warns] = dini_Int(file, "Warns");*/
              SendClientMessage(playerid, c_green, "* You have logged in!");
              format(string,sizeof(string),"* %s has logged in!", pname);
              SendClientMessageToAll(c_green, string);
              SendClientMessage(playerid, c_blue, "* If you don't spawn automatically, click on the 'Spawn' button!");
              UpdateTag(playerid);
              LoginPlayer(playerid);
            }
        }
        else
        {
            new str2[152];
        	format(str2, sizeof(str2), "Welcome to Battlefield 1943:\n\n{FF0000}%s,\n\n{FFFFFF}That name is registered. Please enter your password below.", plnamed);
			ShowPlayerDialog(playerid, 1400, DIALOG_STYLE_INPUT, "Login",str2,"Login", "Cancel");
			SendClientMessage(playerid, c_red, "* You have to login to be able to play!");
        }
    }

And if it helps, heres the player info:

Код:

// Playerinfo
enum pInfo
{
        //Basic
        namevar[32],
        hashpw,
        Admin,
        deaths,
        EasterEgg,
        Warns,
        Premium,
        PremiumChat,
        team,
        class,
        spawn,
        smember,
        sleader,
}
new PlayerInfo[MAX_PLAYERS][pInfo];

Thank you, if you can fix this

[[ProX]BlueFire]

try my script =D
CLICK ON ME!!!!
(pass: 123)

[Camacorn]

Sorry but no, im using MySql, if i wanted something basic, id have made it.

[[ProX]BlueFire]

-.-
y all dont use the normal things....
y all have to be unqiue?
anyway its the same things...

[[NoV]LaZ]

You forgot to use mysql_query( query );

[Camacorn]

tried that, doesnt work.

[Camacorn]

Someone told me to do this:

Quote:

Originally Posted by Sergei You are doing it wrong. 1. Don't extract password in pawn because you don't need it 2. Password is not integer. 3. SELECT .... WHERE name='this' AND password='that' If you get any result password is right, otherwise not.

but i dont understand what to remove or change

[[NoV]LaZ]

pawn Код:

format( query, sizeof (query), "SELECT * FROM `users` WHERE `name` = '%s' AND `password` = '%s' LIMIT 1;", ... );
mysql_query( query );
mysql_store_result( );
if ( mysql_num_rows( ) )
{
    // the player got the password right
}
else
{
    // not...
}

And why are you using dini too ?

[Camacorn]

Quote:

Originally Posted by [NoV]LaZ pawn Код: format( query, sizeof (query), "SELECT * FROM `users` WHERE `name` = '%s' AND `password` = '%s' LIMIT 1;", ... ); mysql_query( query ); mysql_store_result( ); if ( mysql_num_rows( ) ) {     // the player got the password right } else {     // not... }

did not work

[Hal]

Quote:

Originally Posted by Camacorn Someone told me to do this: but i dont understand what to remove or change

Camacorn, I'll look into what Sergi said, because it makes sense. But the password is only an integer because its hashed. It's using the very insecure ubd hash.

Put in [pawn] tags so people see the commenting.