Passwords

Started by PsyChO_KiLLeR, Mar 05, 2015, 04:48 AM

Previous topic - Next topic

PsyChO_KiLLeR

Well i am facing big problem as u know in db the real password are not save i go in my server and register there with password is password and when my ip changed then i go and type /login password it say invalid pass what is problem?

.

What's the code/query that you use to save your passwords? Have you checked to see if the password is saved there? Give us something. We cannot help you if we're left here to guess :-\
.

PsyChO_KiLLeR

#2
this is password save in database
password hash removed -stormeus

.

Quote from: PsyChO_KiLLeR on Mar 05, 2015, 04:54 AMthis is password save in database 16e33c64c47c45b217c167ff66e8dc0827f4516ea32be957de749deab1260c5f

What am I supposed to do with that?
.

PsyChO_KiLLeR

this is function register
function Register( player, pass )
{
     try{
    local password = e(pass);
    QuerySQL( db, "REPLACE INTO Account ( Name, IP, Level, Pass, Kills, Deaths, Cash, Bank ) VALUES ( '" + player.Name.tolower() + "', '" + player.IP + "', 1, '" + password + "', 0, 0, 0, 0 )" );
    player.Cash = 2000;
    status[ player.ID ].IsLogged = true;
    status[ player.ID ].IsReg = true;
    ePrivMessage( "You've Registered!", player );
    ePrivMessage( "Nick:[ " + player.Name + " ] Password:[ " + pass + " ]", player );
    Message( ">> " + player.Name + " is a Registered Nick-Name Now!" );
    }
    catch(e) print( "Reg Function Error: " + e );
   
}

.

#5
I doubt this was the issue but here you go:
function Register( player, pass )
{
     try{
        local password = e(pass);
        QuerySQL( db, format(@"INSERT OR REPLACE INTO [Account] (ROWID, Name, IP, Level, Pass, Kills, Deaths, Cash, Bank) VALUES ((SELECT ROWID FROM [Account] WHERE Name = '%s'), '%s', '%s', %d, '%s', %d, %d, %d, %d);", player.Name.tolower(), player.Name.tolower(), player.IP, 1, password, 0, 0, 0, 0));
        player.Cash = 2000;
        status[ player.ID ].IsLogged = true;
        status[ player.ID ].IsReg = true;
        ePrivMessage( "You've Registered!", player );
        ePrivMessage( "Nick:[ " + player.Name + " ] Password:[ " + pass + " ]", player );
        Message( ">> " + player.Name + " is a Registered Nick-Name Now!" );
    }
    catch(e) print( "Reg Function Error: " + e );
}

There's probably something wrong with your log-in function.
.

PsyChO_KiLLeR

function Login( player, pass )
{
          ePrivMessage( "You've Successfully Logged-In!", player );
        ePrivMessage( "Nick:[ " + player.Name + " ] Password:[ " + pass + " ] Level:[ " + status[ player.ID ].Level + " ]", player );
        status[ player.ID ].IsLogged = true;
        EMessage( ">> " + player.Name + " Logged-In." );
}





Login Function

.

You're missing the database query :D You're not retrieving any data from the database.
.

PsyChO_KiLLeR

what i add there ?

.

#9
Quote from: PsyChO_KiLLeR on Mar 05, 2015, 05:31 AMwhat i add there ?

I mean, you have to retrieve the old password from the database and then encrypt the specified database just like you did the first time you added it to the database. Then compare the result of the encryption of the specified password with the encrypted password retrieved from the database. If they match then the password was correct:
function Login( player, pass )
{
        local result = QuerySQL(db, format(@"SELECT Pass FROM [Account] WHERE Name = '%s';", escapeSQLString(player.Name.tolower())));
        if (!result) {
            // Unable to login
            // Failed to read from database
            return false;
        }
        local player_pass = GetSQLColumnData(result, 0);
        FreeSQLQuery(result);
        if (player_pass != e(pass)) {
            // Unable to login
            // Passwords don't match
            return false;
        }
        ePrivMessage( "You've Successfully Logged-In!", player );
        ePrivMessage( "Nick:[ " + player.Name + " ] Password:[ " + pass + " ] Level:[ " + status[ player.ID ].Level + " ]", player );
        status[ player.ID ].IsLogged = true;
        EMessage( ">> " + player.Name + " Logged-In." );
}

I still find it hard to understand the code so I'll stop here because there is no purpose to this.
.

ThunderStorm

#10
@S.L.C he checks whether the pass matches in the command.
So, Check your login command, Psycho_Killer ( maybe condition is wrong )



.

Quote from: ThunderStorm on Mar 05, 2015, 05:56 AMCheck if your login command has e(password)

Actually he doesn't even check the password. He just print's it back to the player. Which simply tells the player "Hey, I'm not even encrypting your password directly.". And then I'm guessing that he expects some magic to happen and the passwords test them self automatically.

Based on this function I'd say this isn't the problem. Manly because he says his error doesn't allow the player to login at all. And this function is an open invitation for any stranger out there.
.

.

Quote from: ThunderStorm on Mar 05, 2015, 05:56 AM@S.L.C he checks whether the pass matches in the command.

So what's the point of that function actually? Just to print some text and set a variable to true? Can't he just do that in the command with the rest of the code :-\
.

Thijn

Also, don't message his plaintext password when he logs in :x

Kratos_


Kills, Deaths, Cash & Bank entities aren't cached during login . They are just sitting in the database since registration . :P
S.L.C's login function will work . If no record is obtained then you can print message like Not Registered . If obtained but pass doesn't matched then you can print Login Failed . You can use his function . Thijn gave a nice idea .
In the middle of chaos , lies opportunity.