[LewisC]

okay this is driving me up the wall. i've tried everything before coming here so I hope you can help me i have wasted too much time on this already...

if i hash a password doesn't matter what method i use whether it be udb, wp or SHA256 SQL this occurs...

http://prntscr.com/mnxwvd

and this is only with password. everything else updates with no problems.
also it doesn't matter where i call the update query, the same thing occurs..


Table:

pawn Код:

new string[1024];
        strcat(string, "CREATE TABLE IF NOT EXISTS db_players (playerid INTEGER PRIMARY KEY AUTOINCREMENT, Username VARCHAR(24) COLLATE NOCASE, Pass VARCHAR(129) NOT NULL, salt VARCHAR(129), AdminLevel INTEGER DEFAULT 0 NOT NULL, PremiumLevel INTEGER DEFAULT 0 NOT NULL");
        strcat(string, ", Experience INTEGER DEFAULT 0 NOT NULL, Level INTEGER DEFAULT 0 NOT NULL, Weapon_0 INTEGER DEFAULT 0 NOT NULL, Weapon_1 INTEGER DEFAULT 0 NOT NULL, Weapon_2 INTEGER DEFAULT 0 NOT NULL, Weapon_3 INTEGER DEFAULT 0 NOT NULL, Weapon_4 INTEGER DEFAULT 0 NOT NULL");
        strcat(string, ", Kills INTEGER DEFAULT 0 NOT NULL, Deaths INTEGER DEFAULT 0 NOT NULL, DeagleKills INTEGER DEFAULT 0 NOT NULL, ShotgunKills INTEGER DEFAULT 0 NOT NULL, SniperKills INTEGER DEFAULT 0 NOT NULL, RifleKills INTEGER DEFAULT 0 NOT NULL, DuelsWon INTEGER DEFAULT 0 NOT NULL, DuelsLost INTEGER DEFAULT 0 NOT NULL)");
        db_query(PlayersDB, string);

Hash & Update query

pawn Код:

if(dialogid == D_CHANGEPASS2)
    {
        if(response)
        {

                if(!strlen(inputtext))
                {
                    return ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_MSGBOX, "Change password [2/2]", "Type in your new password\nERROR: You must enter a password", "Confirm", "Cancel"); // showing player the dialog to enter his correct and current password
                }
                if(!IsValidPassword(inputtext))
                {

                   ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_PASSWORD, "Change password [2/2]", "Type in your new password\nERROR: The password is invalid, Valid characters are: A-Z, a-z, 0-9 ", "Confirm", "Cancel");

                }
                if(strlen(inputtext) < 3 || strlen(inputtext) > 24)
                {
                   ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_PASSWORD, "Change password [2/2]", "Type in your new password.\nERROR: The password is invalid, Its length should be 3-24 characters", "Confirm", "Cancel");

                }
                
                SHA256_PassHash(inputtext, User[playerid][Salt], User[playerid][Password], 129);

                new Query2[1024];
                new string[128];
                

                format(Query2, sizeof(Query2), "UPDATE db_players SET Pass = %q WHERE Username = %q", User[playerid][Salt], User[playerid][Password], 129, DB_Escape(Player[playerid][GlobalName]));
                db_query(PlayersDB, Query2);


                format(string, sizeof(string), "Your new password is: %s", inputtext);
                ShowPlayerDialog(playerid, D_INFO, DIALOG_STYLE_MSGBOX, "Password changed!", string, "Confirm", "Cancel");


                return 1;


        }


    }

if you need more code just say so

[RoboN1X]

Always use single quotes ' ' surrounding a string.

Код:

UPDATE db_players SET Pass = '%q' WHERE Username = '%q'

https://www.sqlite.org/lang_keywords.html


Also some tips:
Instead of checking password length for three times, you can do once:

Код:

new passwordlen = strlen(inputtext); // get length once
if(!passwordlen)
{
	return ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_MSGBOX, "Change password [2/2]", "Type in your new password\nERROR: You must enter a password", "Confirm", "Cancel"); // showing player the dialog to enter his correct and current password
}
if(!IsValidPassword(inputtext))
{
	ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_PASSWORD, "Change password [2/2]", "Type in your new password\nERROR: The password is invalid, Valid characters are: A-Z, a-z, 0-9 ", "Confirm", "Cancel");
	return 1; // you are missing return here, otherwise password will still get updated
}
if(passwordlen < 3 || passwordlen > 24)
{
	ShowPlayerDialog(playerid, D_CHANGEPASS, DIALOG_STYLE_PASSWORD, "Change password [2/2]", "Type in your new password.\nERROR: The password is invalid, Its length should be 3-24 characters", "Confirm", "Cancel");
	return 1; // you are missing return here, otherwise password will still get updated
}

(You are also missing return since your password still gets updated when it is invalid, unless if you use else)

Also adjust your Query2 size as much as needed! When you know the maximum output size in the format() (as seen in log screenshot)

_____________________________
Note: This section below is probably invalid as if thread started was just testing SHA256_PassHash when his original code was for Whirpool

SHA256_PassHash always return a fixed length which is 65 (256 bytes = 64 pawn cells +1 pawn cell for null terminator), confirm the size to match your User[playerid][Password] variable.

Quote:

Originally Posted by LewisC Код: SHA256_PassHash(inputtext, User[playerid][Salt], User[playerid][Password], 129);

Quote:

Originally Posted by LewisC Код: strcat(string, "CREATE TABLE IF NOT EXISTS db_players (playerid INTEGER PRIMARY KEY AUTOINCREMENT, Username VARCHAR(24) COLLATE NOCASE, Pass VARCHAR(129) NOT NULL, salt VARCHAR(129), AdminLevel INTEGER DEFAULT 0 NOT NULL, PremiumLevel INTEGER DEFAULT 0 NOT NULL");

You are correct using 129 for size of Whirpool, but size for SHA256 is only 65, also, when you store hashed value in a database, you better use CHAR (fixed length) instead of VARCHAR (variable length) in the table structure since the size is always the same! This is not to worry in SQLite though, since both is always TEXT (the size, is ignored). Just writing here in case you are migrating to another SQL system like MySQL.


This looked like a broken format (look at the parameters, could be a mistake),

Quote:

Originally Posted by LewisC Код: format(Query2, sizeof(Query2), "UPDATE db_players SET Pass = %q WHERE Username = %q", User[playerid][Salt], User[playerid][Password], 129, DB_Escape(Player[playerid][GlobalName]));

should be

Код:

format(Query2, sizeof(Query2), "UPDATE db_players SET Pass = '%q' WHERE Username = '%q'", User[playerid][Password], Player[playerid][GlobalName]);

_____________________________

As of 0.3.7 R2+ server, you do not need DB_Escape anymore when using %q in format()

Quote:

Originally Posted by LewisC if i hash a password doesn't matter what method i use whether it be udb, wp or SHA256 SQL this occurs...

Use BCrypt!!!

[LewisC]

Many thanks bud, All works well now! And I have migrated to bcrypt. I hope it was worth it.

[solstice_]

Quote:

Originally Posted by LewisC Many thanks bud, All works well now! And I have migrated to bcrypt. I hope it was worth it.

It is.