08.01.2013, 11:12
I tested my new loginscript using dini from DracoBlue with 2 accountfiles.
I registered with:
Hunter
[GF]Hunter
so i got the files
Hunter.ini
[GF]Hunter.ini
As you can see I registered the same name 1 time with Clantag 1 time without.
When I now try to login with "Hunter", i can use the password of "[GF]Hunter" to login too. o.O
And when I use the name [GF]Hunter I can use the passwort of the Hunteraccount to login too. Where is the problem? Does dini have a problem with clantags or with similar names or is something wrong in my code? I get no compiliation errors neighter warnings. Thx for your time.
Here is my code:
I registered with:
Hunter
[GF]Hunter
so i got the files
Hunter.ini
[GF]Hunter.ini
As you can see I registered the same name 1 time with Clantag 1 time without.
When I now try to login with "Hunter", i can use the password of "[GF]Hunter" to login too. o.O
And when I use the name [GF]Hunter I can use the passwort of the Hunteraccount to login too. Where is the problem? Does dini have a problem with clantags or with similar names or is something wrong in my code? I get no compiliation errors neighter warnings. Thx for your time.
Here is my code:
Код:
forward OnPlayerLogin(playerid,autolog,password[]);
public OnPlayerLogin(playerid,autolog,password[])
{
new s1[128],file[128],pname[MAX_PLAYER_NAME],levelstr[128];
GetPlayerName(playerid,pname,sizeof(pname));
GetPlayerIp(playerid,PlayerInfo[playerid][IP],100);
format(file,sizeof(file),"Accounts/%s.ini",pname);
if(PlayerInfo[playerid][logged]==1) { return SendClientMessage(playerid,rot,"[Server]: You are already Logged!"); }
if(dini_Exists(file))
{
if(strcmp(password,dini_Get(file,"password"),true) == 1)
{
LogAttempts[playerid]++;
format(s1,sizeof(s1),"Login Attempts (%d/3)",LogAttempts[playerid]);
ShowPlayerDialog(playerid,DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, ""embhellgrьn"Team-German-Fighters "embgelb"Login-System",s1, "Login", "");
return SendClientMessage(playerid,rot,"[Server]: Wrong Password. Please try it again.");
}
//if password was right do something here......
PlayerInfo[playerid][logged]=1;
}
return 1;
}



. All includes and plugins in the last known version. Its only working to similar names this way. I just dont hope that this will be a security hole and someone with a similar name to an administrator account suddenly will get admin powers.