[Crystallize]

Hello everyone , I decided to make a filterscript that will boost your users security.
Basically this filterscript randomizes a 6 char+digit code and inserts into mysql for later use.
I implemented this on my gamemode with the login system , so if the user had the generated code it would ask to insert it too or kick to prevent account hackings.
Picture explaining:

Download:
v1

v2
Command:
/securemyaccount
Instructions:
Create a structure named "codes" , then create 2 tables with "user" and "code", will edit this later explaining further.

[Private200]

Showing this every time a player logs in would be pretty boring. I suggest you to use gpci and IP detection.

[Crystallize]

Quote:

Originally Posted by Private200 Showing this every time a player logs in would be pretty boring. I suggest you to use gpci and IP detection.

GPCI is not accurate and IP detection could be done in next version, this script generates the password only once then if you want to change the provided code you can use the command.
For e.g I used this for my admins , after they've logged in with their password it would show them the dialog to enter the code or kick.I'm kinda new to mysql so this is not like the best code you'll ever see but it still does what's supposed to.

[DarkLored]

It's a good system but I do agree with the IP detection being added it would be annoying to consistently have to type it in over and over again, good job though.

[Private200]

Quote:

Originally Posted by Wizzard2H GPCI is not accurate and IP detection could be done in next version, this script generates the password only once then if you want to change the provided code you can use the command. For e.g I used this for my admins , after they've logged in with their password it would show them the dialog to enter the code or kick.I'm kinda new to mysql so this is not like the best code you'll ever see but it still does what's supposed to.

Yes, GPCI is not accurate. However, you might wanna go for IP + GPCI + IP Range detection (the first two parts of the IP XX.XXX). That's the best accurate way I can think of to lower the struggle a bit.

[Infinity]

Correct me if I'm wrong, but you don't seem to escape your queries. If this is the case, your statement ("no more hacked accounts") will not hold up.

[thesuperuser]

looks useful, good work.

[Crystallize]

Quote:

Originally Posted by Infinity Correct me if I'm wrong, but you don't seem to escape your queries. If this is the case, your statement ("no more hacked accounts") will not hold up.

What do you mean with escaping the queries?

Код:

 mysql_query(bquery);
	mysql_free_result();

Correct me if im wrong too I'm kinda new to mysql.

[biker122]

pawn Код:

mysql_real_escape_string(const source [], destination [], connectionHandle = 1)

It's a good start in MySQL. If you use MySQL R33 (+), AND such latest systems - you could escape the string in the query itself with "%e". Good job anyway.

[iSpy]

Helpful, nice release!