[AphexCCFC]

I create a password when registering, but I can log in with any password. Please help :/

pawn Код:

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    if(dialogid == DIALOG_REGISTER)
    {
        if(!response)
        {
            return SendClientMessage(playerid, -1, "SERVER: You have left the server."), Kick(playerid);
        }

        if(isnull(inputtext)) {
            return ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_PASSWORD, "{1564F5}Register", "Type in a password below to register an account.", "Okay", "Cancel");
        }

        if(strlen(inputtext) >= MAX_PASS_LENGTH) {
            return SendClientMessage(playerid, -1, "SERVER: Password must not be more than 40 characters"), ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_PASSWORD, "{1564F5}Register", "Type in a password below to register an account.", "Okay", "Cancel");
        }

        new
            Salt[30],
            hash[129];

        randomString(Salt, 30);
        format(hash, sizeof(hash), "%s%s", Salt, inputtext);

        WP_Hash(hash, sizeof(hash), hash);
        CreateAccount(playerid, Salt, hash);

        format(hash, sizeof(hash), "SERVER: Welcome %s", returnNameEx(playerid));
        SendClientMessage(playerid, -1, hash);

        g_PlayerInfo[playerid][pSkin] = NEWB_SKIN;

        ToggleMainMenu(playerid, 0);
        SetCameraBehindPlayer(playerid);
        SetPlayerPos(playerid, posArr{g_newbSpawn});
        SetPlayerFacingAngle(playerid, g_newbSpawn[3]);
        SetPlayerSkin(playerid, NEWB_SKIN);
        return 1;
    }
    if(dialogid == DIALOG_LOGIN)
    {
        if(!response || !strlen(inputtext)) {
            return ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{1564F5}Login", "Type in your password below to log in.", "Okay", "Cancel");
        }

        new
            hashedinput[129];

        format(hashedinput, sizeof(hashedinput), "%s%s", g_PlayerInfo[playerid][pSalt], inputtext);
        WP_Hash(hashedinput, 129, hashedinput);

        if(strcmp(hashedinput, g_PlayerInfo[playerid][pPass])) {
            g_LogTries[playerid]++;

            if(g_LogTries[playerid] == MAX_LOG_TRIES) {
                return SendClientMessage(playerid, -1, "SERVER: Too many login attempts."), Kick(playerid);
            }

            SendClientMessage(playerid, -1, "SERVER: Invalid password!"),
            ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{1564F5}Login", "Type in your password below to log in.", "Okay", "Cancel");
        }
        else {
            LoadAccount(playerid);
        }
        return 1;
    }
    return 1;
}

[Sascha]

pawn Код:

if(!strcmp(hashedinput, g_PlayerInfo[playerid][pPass])) {
    LoadAccount(playerid)
}
else
{
    g_LogTries[playerid]++;
    if(g_LogTries[playerid] == MAX_LOG_TRIES) {
        return SendClientMessage(playerid, -1, "SERVER: Too many login attempts."), Kick(playerid);
    }
    SendClientMessage(playerid, -1, "SERVER: Invalid password!"),
    ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{1564F5}Login", "Type in your password below to log in.", "Okay", "Cancel");
}

instead of your

pawn Код:

if(strcmp(hashedinput, g_PlayerInfo[playerid][pPass])) {
            g_LogTries[playerid]++;

            if(g_LogTries[playerid] == MAX_LOG_TRIES) {
                return SendClientMessage(playerid, -1, "SERVER: Too many login attempts."), Kick(playerid);
            }

            SendClientMessage(playerid, -1, "SERVER: Invalid password!"),
            ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{1564F5}Login", "Type in your password below to log in.", "Okay", "Cancel");
        }
        else {
            LoadAccount(playerid);
        }

[AphexCCFC]

Nope it's exactly the same.. Just logs me in whatever password I try. I wonder if the PlayerInfo[playerid][pPass] is the problem? Don't think the password saves into it.

[AphexCCFC]

http://pastebin.com/bn1qEQ5A

[AphexCCFC]

Anyone? :/

[awsomedude]

Try this:

Код:

if(dialogid == DIALOG_LOGIN)
{
	if(!response || !strlen(inputtext)) {
		return ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{1564F5}Login", "Type in your password below to log in.", "Okay", "Cancel");
	}

	new
		hashedinput[129];

	format(hashedinput, sizeof(hashedinput), "%s%s", g_PlayerInfo[playerid][pSalt], inputtext);
	WP_Hash(hashedinput, 129, hashedinput);

	if(!strcmp(hashedinput, g_PlayerInfo[playerid][pPass], false)) {
		LoadAccount(playerid);
	}
	else {
		g_LogTries[playerid]++;

		if(g_LogTries[playerid] == MAX_LOG_TRIES) {
			return SendClientMessage(playerid, -1, "SERVER: Too many login attempts."), Kick(playerid);
		}

		SendClientMessage(playerid, -1, "SERVER: Invalid password!"),
		ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{1564F5}Login", "Type in your password below to log in.", "Okay", "Cancel");
	}
	return 1;
}

[Basssiiie]

Well, try to check if the password is actually saved into PlayerInfo[playerid][pPass]. It's called 'debugging'.

[AphexCCFC]

Hmm nope, now it just says 'Invalid password' even for the correct one.

[AphexCCFC]

Tried that Bass, it's blank. Don't understand how to save the password into there and recall it if the password in the database gets hashed and salted.

[Basssiiie]

I guess you have to retrieve the password from the database in order to compare it.

Edit: Quick look through your Pastebin... Are you actually saving the salt and hashed password in the database?