Login

logoster · 18.05.2012, 16:45

anyone can login to any account with any password

pawn Код:

stock LoginPlayer(playerid,const password[])
{
    new EscapedText[60];
    new Query[128];
    mysql_real_escape_string(password, EscapedText);
    format(Query,sizeof(Query),"SELECT * FROM `Users` WHERE `Username` = '%s' AND `Password` = md5('%s')",GetName(playerid),EscapedText);
    mysql_query(Query);
    mysql_store_result();
    if(mysql_num_rows() != 0)
    {
        SendClientMessage(playerid,COLOR_LIME,"You have been logged in!");
        LoadStats(playerid);
    }
    else
    {
            SendClientMessage(playerid,COLOR_RED,"Wrong password!");
        Kick(playerid);
    }
    mysql_free_result();
    return 1;
}

ProjectGANTON · 18.05.2012, 16:50

Wrong.
I don't have time to script a login/registration system.
So, here:

https://sampforum.blast.hk/showthread.php?tid=133571

Mandrakke · 18.05.2012, 17:10

the only reason to you can login with any password is mysql_num_rows() returning -1 (this happens when the mysql couldn't connect to the database).

so, verify with OnQueryError callback which errors occurs when these querys are being executed.

Login
Username:
Password:	Lost Password?
	Remember me