[Mike861]

Besides my issue, i got a few questions aswell.
Im looking for a better password hasher and the way to show the real password to player upon registering so he can write it down or see his password just in case.I god udb_hash by DracoBlue which is a bit outdated i'd say.
Can i show the players real password upon registering like this?

Код:

new pass = PlayerInfo[playerid][pPassword];
format(string,sizeof(string),"Your account has been successfully created.Password(%d)",pass); \\When they register it shows random numbers and sometimes only "0".
SendClientMessage(playerid,COLOR_YELLOW,string);

[xMoBi]

No!!!

Do not show them password in plain text in message! Use dialog! because messages are logged.

You can do it like:

PHP код:

RegisterDialog()
{
    new wp_pass[129];
    WP_Hash(inputtext, wp_pass, sizeof wp_pass);
    
    format(string, sizeof string, "Your account has been successfully created. Password is: %s.", inputtext);
    ShowPlayerDialog(playerid, 0, ...);    
} 


And use Whirlpool hash

[Robin96]

It shows a number because the reference you use (%d) represents an integer (number) rather than a string(text). You should use the %s reference.

Fixed code:

PHP код:

new pass = PlayerInfo[playerid][pPassword];
format(string,sizeof(string),"Your account has been successfully created.Password(%s)",pass); \\When they register it shows random numbers and sometimes only "0".
SendClientMessage(playerid,COLOR_YELLOW,string); 


And what do you mean by 'real password'?

[Sew_Sumi]

Quote:

Originally Posted by Robin96 And what do you mean by 'real password'?

So when the player registers, the password is put back to them in plaintext so they can screenshot it or note it down.

[Mike861]

Quote:

Originally Posted by Robin96 It shows a number because the reference you use (%d) represents an integer (number) rather than a string(text). You should use the %s reference. Fixed code: PHP код: new pass = PlayerInfo[playerid][pPassword]; format(string,sizeof(string),"Your account has been successfully created.Password(%s)",pass); \\When they register it shows random numbers and sometimes only "0". SendClientMessage(playerid,COLOR_YELLOW,string);  And what do you mean by 'real password'?

Now the brackets where the password is meant to be are blank.Not even numbers.

[Robin96]

Quote:

Originally Posted by Mike861 Now the brackets where the password is meant to be are blank.Not even numbers.

debugging time

Change the code to:

PHP код:

new pass = PlayerInfo[playerid][pPassword]; 
printf("pass = %s, enum pPassword = %s", pass, PlayerInfo[playerid][pPassword]);
format(string,sizeof(string),"Your account has been successfully created.Password(%s)",pass); \\When they register it shows random numbers and sometimes only "0". 
SendClientMessage(playerid,COLOR_YELLOW,string); 


Run it and tell me what the output is in the console

[Dayrion]

Quote:

Originally Posted by Robin96 debugging time Change the code to: PHP код: new pass = PlayerInfo[playerid][pPassword];  printf("pass = %s, enum pPassword = %s", pass, PlayerInfo[playerid][pPassword]); format(string,sizeof(string),"Your account has been successfully created.Password(%s)",pass); \\When they register it shows random numbers and sometimes only "0".  SendClientMessage(playerid,COLOR_YELLOW,string);  Run it and tell me what the output is in the console

It will be the exact same result, check the line above your printf uh...

[Logic_]

Quote:

Originally Posted by xMoBi PHP код: RegisterDialog() {     new wp_pass[129];     WP_Hash(inputtext, wp_pass, sizeof wp_pass);          format(string, sizeof string, "Your account has been successfully created. Password is: %s.", inputtext);     ShowPlayerDialog(playerid, 0, ...);     }  And use Whirlpool hash

It's right - You will show them their password that they have entered as inputtext. And then hash it and put it in the database. And hashed password will be in the player data array.

[Logic_]

Quote:

Originally Posted by ****** DO NOT show the player their password. There's a reason password input boxes only show stars. DO NOT use SHA256. Yes, it is included with the server, but it is not a good hash. DO NOT use whirlpool. Yes, I released the plugin, but there are better options. Whirlpool and SHA256 are bad for the same reason - they are not a complete solution. Use BCrypt. Don't ever put a password in plaintext, either in a database or on a user's screen. Use BCrypt. BCrypt

Some servers show player their password in the chat box which is logged in your GTA folder - which is my I think it's better to show them in a dialog since they are not logged.

I personally don't have a straight opinion that either you should or shouldn't show the password - But I've never done it ever.

I don't see how SHA256 or Whirlpool can be bad - They do what you'll ever need them for, the only flaw in Whirlpool plugin that I see is for salt, and another flaw I see in SHA256 is that it's adding the salt after the (user's) password - which, if you use a constant one, can be a big problem. Unless if you make a per-user salt, I don't see a problem.

I'd love to know more.

[Ada32]

Quote:

Originally Posted by Logic_ Some servers show player their password in the chat box which is logged in your GTA folder - which is my I think it's better to show them in a dialog since they are not logged.

Never play on those servers.

Quote:

Originally Posted by Logic_ I personally don't have a straight opinion that either you should or shouldn't show the password - But I've never done it ever.

there is no straight opinion. never, ever, show the password.

Quote:

Originally Posted by Logic_ I don't see how SHA256 or Whirlpool can be bad - They do what you'll ever need them for, the only flaw in Whirlpool plugin that I see is for salt, and another flaw I see in SHA256 is that it's adding the salt after the (user's) password - which, if you use a constant one, can be a big problem. Unless if you make a per-user salt, I don't see a problem.

see ******'s post

Quote:

Originally Posted by Logic_ I'd love to know more.

https://yorickpeterse.com/articles/use-bcrypt-fool/