#1

If player forgot his password and i wanted to reset it for him and system saves password in hash [Whirlpool] how can i convert it to a normal password to help the player??
Reply
#2

You shouldn't... If they need password reset, reset it.

Recovering passwords is a very bad move as many people use the same password elsewhere, and if you are fooled by a player giving someones password out, then you're compromising your players security which contravenes the SA-MP license agreement.
Reply
#3

Quote:
Originally Posted by Sew_Sumi
Посмотреть сообщение
You shouldn't... If they need password reset, reset it.

Recovering passwords is a very bad move as many people use the same password elsewhere, and if you are fooled by a player giving someones password out, then you're compromising your players security which contravenes the SA-MP license agreement.
I have a command to set the password of an offline player that help me in that but its not working it doesn't set the player password correctly

PHP код:
CMD:setpassword(playeridparams[])
{
    if(
pData[playerid][Admin] >= 7)
    {
        new 
query[320], name[24], newpass[34], hash1[34];
        if(
sscanf(params"s[24]s[34]"namenewpass)) return SendClientMessage(playeridCOLOR_YELLOW"USAGE: /setpassword <PlayerName> <NewPassword>");
        if(!
AccountExists(name)) return SendClientMessage(playeridred"Account does not exists");
        
WP_Hash(hash1129newpass);
        
mysql_format(mysqlquerysizeof(query), "UPDATE `players` SET `Password` = '%e' WHERE `Username` = '%e'"hash1name);
        
mysql_tquery(mysqlquery);
        
format(querysizeof(query), "You have changed %s's password to %s"namenewpass);
        
SendClientMessage(playeridCOLOR_GREENquery);
        new 
IRC[130];
        
format(IRCsizeof(IRC), "1,8* Admin %s (ID: %d) changed %s's password to %s .",GetName(playerid), playeridnamenewpass);
        
IRC_GroupSay(groupID"&#ZoneX"IRC);
        
IRC_GroupSay(groupIDIRC_aCHANNELIRC);
        return 
1;
    }
    else return 
ShowMessage(playeridCOLOR_YELLOW17);

Reply
#4

If it was possible to convert it that easily then that defies the entire purpose of hashing. You should set this player a random password, then give him the ability to change their password to something that even you don't know.
Reply
#5

Quote:
Originally Posted by Loinal
Посмотреть сообщение
I have a command to set the password of an offline player that help me in that but its not working it doesn't set the player password correctly

PHP код:
CMD:setpassword(playeridparams[])
{
    if(
pData[playerid][Admin] >= 7)
    {
        new 
query[320], name[24], newpass[34], hash1[34];
        if(
sscanf(params"s[24]s[34]"namenewpass)) return SendClientMessage(playeridCOLOR_YELLOW"USAGE: /setpassword <PlayerName> <NewPassword>");
        if(!
AccountExists(name)) return SendClientMessage(playeridred"Account does not exists");
        
WP_Hash(hash1129newpass);
        
mysql_format(mysqlquerysizeof(query), "UPDATE `players` SET `Password` = '%e' WHERE `Username` = '%e'"hash1name);
        
mysql_tquery(mysqlquery);
        
format(querysizeof(query), "You have changed %s's password to %s"namenewpass);
        
SendClientMessage(playeridCOLOR_GREENquery);
        new 
IRC[130];
        
format(IRCsizeof(IRC), "1,8* Admin %s (ID: %d) changed %s's password to %s .",GetName(playerid), playeridnamenewpass);
        
IRC_GroupSay(groupID"&#ZoneX"IRC);
        
IRC_GroupSay(groupIDIRC_aCHANNELIRC);
        return 
1;
    }
    else return 
ShowMessage(playeridCOLOR_YELLOW17);

Why are you even broadcasting this to the IRC channel? This is definitely dangerous.
Reply
#6

Try this

PHP код:
CMD:setpassword(playeridparams[]) 

    if(
pData[playerid][Admin] >= 7
    { 
        new 
query[320], name[24], newpass[34], hash1[34]; 
        if(
sscanf(params"s[24]s[34]"namenewpass)) return SendClientMessage(playeridCOLOR_YELLOW"USAGE: /setpassword <PlayerName> <NewPassword>"); 
        if(!
AccountExists(name)) return SendClientMessage(playeridred"Account does not exists"); 
        
mysql_format(mysqlquerysizeof(query), "UPDATE `players` SET `Password` =WP_Hash('%s') WHERE `Username` = '%s'"newpassname); 
        
mysql_tquery(mysqlquery); 
        
format(querysizeof(query), "You have changed %s's password to %s"namenewpass); 
        
SendClientMessage(playeridCOLOR_GREENquery); 
        new 
IRC[130]; 
        
format(IRCsizeof(IRC), "1,8* Admin %s (ID: %d) changed %s's password to %s .",GetName(playerid), playeridnamenewpass); 
        
IRC_GroupSay(groupID"&#ZoneX"IRC); 
        
IRC_GroupSay(groupIDIRC_aCHANNELIRC); 
        return 
1
    } 
    else return 
ShowMessage(playeridCOLOR_YELLOW17); 

Reply
#7

Quote:
Originally Posted by Sew_Sumi
Посмотреть сообщение
Why are you even broadcasting this to the IRC channel? This is definitely dangerous.
OK i will remove that but problem now is its not changing the password
Reply
#8

The length of a whirlpool hash is 128 plus you need a null terminator so change the size of hash1 to 129. You also don't need to escape the hashed password.
Reply
#9

Quote:
Originally Posted by GoldenLion
Посмотреть сообщение
The length of a whirlpool hash is 128 plus you need a null terminator so change the size of hash1 to 129. You also don't need to escape the hashed password.
Ok but what do you mean by escape hash
Reply
#10

Quote:
Originally Posted by Loinal
Посмотреть сообщение
Ok but what do you mean by escape hash
https://en.wikipedia.org/wiki/SQL_injection#Escaping
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)