[tsonn1]

Hi guys!
I've got a problem with my login script. I learned the MySQL stuff from ->https://sampforum.blast.hk/showthread.php?tid=305994 but there's a little bug in the login part.
About the bug. When you type in a wrong password or a right password, the script just logs u in.
When you type a wrong password, the script should say, that you've entered a wrong password, but it doesnt.

The code:

pawn Код:

stock LogMeIn(playerid,const password[])
{
    new EscapedText[60], Query[80], pName[24];
    GetPlayerName(playerid,pName,24);
    mysql_real_escape_string(password, EscapedText);
    format(Query,sizeof(Query),"SELECT * FROM `users` WHERE `name` = '%s' AND `pass` = '%s'",pName,EscapedText);
    mysql_query(Query);
    mysql_store_result();
    if(mysql_num_rows() != 0)
    {
        SendClientMessage(playerid,yello2,"U've just log'd in!");
        LoadStats(playerid);
    }
    else
    {
        ShowPlayerDialog(playerid, Valepass, DIALOG_STYLE_PASSWORD, "Wrong password!", "Wrong password!", "Login", "Leave");
    }
    mysql_free_result();
    return 1;
}

(I translated the code quickly, so u might find some mistakes. )

[Djole1337]

Quote:

Originally Posted by ****** Why are you not using one of the existing user systems?

^^
Also, you don't even hash password ?

[Bakr]

Quote:

Originally Posted by ****** Why are you not using one of the existing user systems?

It is always nice to learn on your own. Also, a lot of the code on these forums is outdated, uses bad habits, or simply doesn't work.

Your Query variable only holds a maximum of 80 characters - the total for the query if someone came with a full set name and only a 2 char password would overdraw that limit. I'm not sure if that is your problem, but try increasing the Query size to ~128. You should also be using the newer functions from the latest release (r7 I believe) of the MySQL plugin. I would recommend AndreT's tutorial to learn.

[Bakr]

Quote:

Originally Posted by ****** That's not actually an answer. You don't need to learn how to write every piece of code you use, especially not security code.

You don't HAVE to, but it is nice to always be ABLE to. Being able to write a registration system on your own can help you in a multitude of different ways. In this case, it can help him understand the use of MySQL (in this case in an outdated and insecure way, but still), arrays, custom functions, variable manipulation, etc.

Lets also say he wanted to write similar security code for another system, which he wouldn't be able to necessarily copy and paste from the system he was using yet had no idea how it worked in the first place. He would be helpless and would need to learn how to write such code later on anyway.

Maybe he's not even writing it to learn necessarily how to do this, but how the system works. I'm sure you as a professional programmer (at least that is what I've been told and can conclude from your work and blog) understand how important it is to understand the code that you use that others have written.

[tsonn1]

Thanks for help, everyone. I won't be able to test the modified script, cuz I've got some issues with my MySQL DB.
******, for hashing, the best plugin is Whirlpool? Am I right?

[Bakr]

Quote:

Originally Posted by ****** Yes, I also understand how important it is to USE the code that other people have written to avoid spending forever re-implementing what already exists in a probably worse way. Your argument actually contradicts itself - you are claiming that it's better to learn things now incase they need them later, surely it's better to learn them if and when they're needed? If you do need it, then you learn it and don't loose anything; if you don't need it, then you didn't waste the time learning it in the first place. Understanding how something works, and doing it yourself are also not the same thing. If you want to learn how something works, read the code that does it - you'll learn something and won't have to waste weeks debugging things. I know there's also the argument that you learn from your mistakes, but when you are trying to release a server not everything needs to be a learning exercise. Learn from coding the interesting and unique features of your server, don't learn from re-implementing the things that already exist on every server out there and which have 10 different open-source implementations. That's just a waste of time for most people's needs, and that's why libraries exist in the first place.

I never discouraged using other code, simply that learning how it works can save you in the long run. Regardless of whether or not you PLAN on using it later on, you should always get a general understanding for what you're using. You may see it as a waste of time, but I personally find it a great learning opportunity. Why restrict yourself of knowledge simply because you don't need it at that time? I'm sure you didn't start programming because you needed to create your own program, did you? I know this is one hell of a stretch, and isn't a very practical example, I'm just trying to relate here.

As for your second paragraph, I was coming in two different angles, I never meant to have anyone think knowing how something works and doing it yourself are the same thing. I was just using that as an example here (him writing it himself) for the other argument that it could help him learn if he ever need or want to re-implement it. Also, why not learn from doing something like this? What if you want to create stand-alone code that doesn't rely on everyone elses work? That is ignorant in a lot of cases, for example trying to re-create ZCMD, but something like a registration system can be VERY flexible. There are many different variables involved in how it is created and how it should perform. What information should be stored, how should it be stored, where should it be stored, what messages should be sent upon in error/success, what color the messages, should there be dialogs or text, etc. A very good implementation of a registration system would include all of those options, I'm just yet to see one, which supports my argument for why you should learn this trait on your own.

Hope that answers all your points and addresses the ones I wished to. I'm terrible at writing these long paragraphs.

[Bakr]

Quote:

Originally Posted by ****** https://sampforum.blast.hk/showthread.php?tid=321092 https://sampforum.blast.hk/showthread.php?tid=294919

That is funny, I was actually going to include "except YSI" in that post. I just have other reasons for not personally learning the whole YSI system, which I will tell you through PM instead, if you prefer.