WriteIniString Returns an error

Mötley · Mar 07, 2016, 10:57 PM

^^^^^ GUID is also a Terrible ban as even I know how to change GUID in 2 sec's
I have always liked this module for Mine-craft Not sure if it is possible to work with VC:MP
http://dev.bukkit.org/bukkit-plugins/maxbans/

I had thought about this before. If you could find a way to force a player to link his/her Account to a website maybe
vc-mp.org then it's possible you could do web banning to the players account. cookies/flag there linked account etc. alow the player 5 logins before locking them out of an account. This can be useful as the site can show ip changes etc. but what do I know...

\/\/\/\/
now

I need to Write Float values. Example

WriteIniFloat

But tried even though it is not a VC:MP function still didn't work.

I have tried the rest of the ini functions on Rage "LOL" but all returned errors. I also tried other methods.

This is the only way that makes any sense

Example;

Code Select

  local pos = player.Pos;
  WriteIniFloat( Path + "Data/"+player.Name+".ini", "Account", "X", pos.x);
  WriteIniFloat( Path + "Data/"+player.Name+".ini", "Account", "Y", pos.y);
  WriteIniFloat( Path + "Data/"+player.Name+".ini", "Account", "Z", pos.z);

But unless there is a way to remove the spawn screen on Death, Then send to the nearest Scripted Pos[ efforts are pointless on a position database ],

If i could write these Pos :D It would be even more nice to disable Ctrl to spawn from spawn screen, if registered and logged returns false,
And a Function on login

Code Select

if (!player.IsSpawned) player.IsSpawn();
Anything possible? If not, I will just add

Code Select

// and figure something out in a later time..

Also MD5 and WHIRLPOOL make a Password read as incorrect. :/

I tested by removing both where they dont encrypt, The login system is just fine [So not the login system{was my First Thought} just possible more scripting needed?] Re added and attempting other ways

Mötley · Mar 08, 2016, 04:47 PM

^ Well of course.. I already added support for that in my base script. But in general anyone can bypass any ban does not matter what ban it is.
Easier to ban say a Facebook id then anything(if account is forced to be linked{legit accounts} )
______________________________________________________________________________________________________

But I still need help as this topic has crashed its course, I Basically need a function from the wiki like

MessagePlayer( "Your current Password is "+GetPasswordAC, Player );

To use to read encrypted passwords as i cant get My accounting System to Read the real password(wants the encrypted one instead)
I prefer to find a fix, If not I will build from scratch a Query Password system, If password is correct

Code Select

LoadAccount(player); My ini accounts.

But i want to store everything in the players account as it is more cleaner.

Only Thing i fear with needing to encrypt passwords is "I believe some one could just use packet sniffers to view network traffic, and possible use Cain and Able to get the players passwords as they login to there accounts"

So it is possible to have security Flaws. But of course i am 99.9% possible false as I am no hacker( I just like scripting )

ysc3839 · Mar 08, 2016, 05:35 PM

Don't use ini. If you use Windows OS, maybe I can make your server bugged by using some reserved file name as player name. As I know this method can make SA:MP server crash.

Mötley · Mar 08, 2016, 05:44 PM

Quote from: ysc3839 on Mar 08, 2016, 05:35 PMDon't use ini. If you use Windows OS, maybe I can make your server bugged by using some reserved file name as player name. As I know this method can make SA:MP server crash.

I am already at 3679 script lines(just on account system), Maybe you could Help me with bug maintenance

or something?

Maybe with something like

Code Select

  if ( player.Name == "[File Names etc]" )
  {
       MessagePlayer ( "File Hacks! Please Quit and Use a Proper name", player );  
       KickPlayer( player );
       return 0;  
  }

^Possible run this check on scriptload

Mötley · Mar 08, 2016, 06:45 PM

Quote from: vito on Mar 08, 2016, 06:36 PM
Quote from: Mr_Motley on Mar 08, 2016, 04:47 PMOnly Thing i fear with needing to encrypt passwords is "I believe some one could just use packet sniffers to view network traffic, and possible use Cain and Able to get the players passwords as they login to there accounts"
Hashing of passwords is on server-side, so it will not help with sniffers. Hashing of passwords is needed for case if your server will be hacked and database will be stolen. Mainly it is needed for save emails of users who have same password for everything. Specific salt for each account is needed btw to keep hard way for hacker.

Thanks for that Info. Some of these Methods are Majorly built in LU so it is different for me to manually script them( Very Interesting experience to learn ) I was just thinking someone can view the text as it is entered of after with packet sniffers and the aid of cain and able..

I still can not find a way to check the real password on login( the real password not the encrypted text) I have attempted many locals, strings, etc. Can not find anything , I prefer to fix this instead of using a Query Password system then load account data "ini's"

Nothing on VC wiki tells how to read encrypted text. only Query Passwords..

Stormeus · Mar 08, 2016, 06:50 PM

Once text is hashed, it is generally unrecoverable without brute force attacks. If someone tries to log in, you wouldn't try to "decrypt" their password, you'd hash the text they give you and see if the "encrypted" texts match.

Mötley · Mar 08, 2016, 07:42 PM

Quote from: Stormeus on Mar 08, 2016, 06:50 PMOnce text is hashed, it is generally unrecoverable without brute force attacks. If someone tries to log in, you wouldn't try to "decrypt" their password, you'd hash the text they give you and see if the "encrypted" texts match.

Thank you! I am Mind F'd Truly yet badly. Can not find examples/snipets/or anything in the script help either, as well as in the wiki,

How would I Hash the text they give( not on register, I am referring to get the password)?,as in Is this on CMD login?, Not on the function ReadIniInteger(loadaccount)? I like WHIRLPOOL, I guess i should use another method.

I will have to Think Clearly a little more clearly on this.. Or receive another Great response as you gave me Stormeus.,

Once again Thank you!!
If there is no examples of any type, if i can be told where this is located that will do the job, i will script it in.

Mötley · Mar 08, 2016, 10:13 PM

LOL Fixed Topic Locked I think Writing now 3679++ lines in two days running checks etc messed up my brain Really bad, something so simple

xD LOL!!