[yvoms]

hello guys,
I'm currently working on a small project.
and i want players to be able to change their password ingame if there logged in.
I'm using whirlpool to hash the passwords but i have no idea on how to do this.

would something like..

Код:

CMD:changepass(playerid, params[])
{
	new oldpass[24], newpass[24];
	if(sscanf(params,"ss",oldpass, newpass)) return SendClientMessage(playerid,-1,"{ff0000}[Server]:{ffffff} /Changepass [currentpass] [newpass] [newpass2]");
		oldpass = cache_get_field_content(0, "Password", pData[playerid][Password], mysql, 129); //how would i dehash it?
	if(newpass > MAX_PLAYER_PASSWORD) return SendClientMessage(playerid, -1, "password can maximal be 16 characters");
	if(newpass < MIN_PLAYER_PASSWORD) return SendClientMessage(playerid, -1, "password needs to be atleast 3 characters");
	//and here update it with the hashed new password?
	return 1;
}

work or?
also, do i need to dehash the password in order to change it ingame?
since the player has to input his current password, in order to change it.
/changepass currentpass newpass newpass2

Also how would i get it to match newpass and newpass2, like..
Make sure he knows what he's changing his password to for confirmation.

also, i see alot about Salt, what is it?
i take it its not that stuff u cook with?

[Prokill911]

That won't work.
1,

Код:

 if(sscanf(params,"ss",oldpass, newpass))

you're asking for 2 peramaters
But if someone types /changepass oldpass newpass newpass
They'll get

Код:

 /Changepass [currentpass] [newpass] [newpass2]

Код:

new oldpass[24], newpass[24], repeatpass[24];
if(sscanf(params,"sss",oldpass, newpass, repeatpass)) return SendClientMessage(playerid,-1,"{ff0000}[Server]:{ffffff} /Changepass [currentpass] [newpass] [newpass2]");

The above is fixed.
now we add a quick check to make sure the password was typed correctly

Код:

if(newpass != repeatpass) {
SendClientMessage(playerid, COLOR, "New Password Does not match!");
return 0;
}

But...
You're not checking the Oldpassword either.. I imagien you store the password in a pvar or enum..

Код:

case ChangePass: {
	if(!response) {
		return 0;
	}
	query[0] = 0;
	new pass[64];
	mysql_real_escape_string(inputtext,pass);
	format(query, sizeof(query), "SELECT 1 FROM `accounts` WHERE `password` = md5(\"%s\") AND `id` = %d",pass,GetPVarInt(playerid, "AccountID"));
	mysql_function_query(g_mysql_handle, query, true, "OnChangePassChecked", "d",playerid);
	return 0;
}
forward OnChangePassChecked(playerid);
public OnChangePassChecked(playerid) {
	new rows, fields;
	cache_get_data(rows, fields);
	if(rows > 0) {
		ShowPlayerDialog(playerid, ChangePass_Step2, DIALOG_STYLE_PASSWORD, "Confirm Password", "Enter your new password","Ok","Cancel");
	} else {
		SendClientMessage(playerid, X11_TOMATO_2, "Incorrect Password!");
	}
}

examples above

[yvoms]

I see, i wrote it whilst being on the forum not in sublime hehe,

[yvoms]

password is stored in mysql database, in pData[playerid][password],
Its hashed with Whirlpool is that MD5?

[yvoms]

the above code seems right, however how would i save the new pass to the database?
Also is there an admin form of /setpass?

[Prokill911]

My code would have worked perfectly fine you just needed to fill in the gaps with the case statements..

How should you save the new pass?

Код:

 UPDATE 'accounts' SET 'password' = md5("%s") WHERE accountid = %d

Again fill in the params

As for your "Is there an admin setpass"
You realize this is HELP section
not "do it for me" section.

[yvoms]

I know that prokill911,
However the seccond code is more famulair with me, i understand how it works.
Your coding style is not common for me so i did not quite understand it.

[yvoms]

Yes, sorry, i had to write a query.
It works thank you very much, i appreciate your input both.
I'll be sure to use it all in my coding future.

However it is very unclear to me on how to make a command out of this,
Lets say /setpass [playername] [newpass] [newpass] <-- not the playerid from ingame but in the database, so i can set it if the player is offline, but it does have to be an exact match.
so if i want to change yvOms12 while that account is offline, it searches the Database, Case sensitive etc
and update the password. i have no clue on how to do this, if i would i would not have come here.
I'm hoping someone can give me advice or whatever, im not asking for you to make the code but on how i can do this, theory, maybe a small example so i actually learn from it.