SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Filterscripts

Reply
 
Thread Tools Display Modes
Old 17/02/2018, 04:53 PM   #1
jasperschellekens
Gangsta
 
jasperschellekens's Avatar
 
Join Date: Dec 2016
Location: Gehenna
Posts: 682
Reputation: 43
Default SQLlite - Jaspers Pin Code Script - Additional security.

Jaspers Pin Code Script V1.0
This script requires all users to create a pincode.
If there is no pincode registered to the player, the player will automatic have to create a pincode after login.

This script is compatible with most registration systems because the pincode login/creation will be called once when the player spawns. This could be considered an additional login system.

If the player presses ESC or clicks on the X, the player will be kicked if they didn't pass it

Why would this be useful?
This script uses textdraws and is therefore useful if the user may have been infected with a key logger.
The user does not have to insert anything but will pass trough the pad by clicking on numbers.

License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. You may edit, but not re-upload without my permission. Exceptions can be made by contacting me simply by PM on this forum.

Commands
In this script, only 1 command is used.
To use this command, you have to be logged in to the rcon. eg /rcon login
USAGE: /deletepincode [PlayerName]
With this command you are able to delete a players pincode.

Requirements
- zcmd - http://forum.sa-mp.com/showthread.php?t=91354
- sscanf - http://forum.sa-mp.com/showthread.php?t=570927

Installation
  1. Download the database and script in this topic.
  2. Open the script and change the following settings to your liking.
    Code:
    #define		SERVER_NAME 				"Server Name" // Enter the name of your server here.
    #define 	DIALOG_NONE     			7279 // Make sure this number does not interfere with other dialogs in your scripts/gamemode.
    #define     MAX_LOGIN_ATTEMPTS          5 // How many tries for logging in does the player have before the server kicks the player?
    // WARNING: Only set MAX_LOGIN_ATTEMPTS higher then 5 if you have knowledge of editing the following function: CheckAttempt(playerid)
  3. Compile the script and place the JaspersPinCodeScript.amx file in your /filterscripts/ folder.
  4. Put the database pspincodes.db in your /scriptfiles/ folder.
  5. Add JaspersPinCodeScript to filterscripts in server.cfg

Download
Script: https://pastebin.com/pRyqG86N
Database: https://ufile.io/8ha9w - mirror 1
Database: https://files.fm/u/g4anhd7r - mirror 2

Bugs
None known at the moment. Please post in this topic if you find any or have suggestions.

Support
I provide full support on this script so if you need any, feel free to post in this topic.
Attached Files
File Type: pwn JaspersPinCodeScript.pwn (56.4 KB, 3 views)
jasperschellekens is offline   Reply With Quote
Old 17/02/2018, 05:00 PM   #2
jasperschellekens
Gangsta
 
jasperschellekens's Avatar
 
Join Date: Dec 2016
Location: Gehenna
Posts: 682
Reputation: 43
Default Re: SQLlite - Jaspers Pin Code Script - Additional security.

Quote:
Originally Posted by Mohamed39 View Post
Good Job Thank you for release
Thank you too! I hope you can use it.
jasperschellekens is offline   Reply With Quote
Old 17/02/2018, 05:40 PM   #3
Logic_
High-roller
 
Logic_'s Avatar
 
Join Date: Jun 2015
Location: 666
Posts: 1,492
Reputation: 267
Default Re: SQLlite - Jaspers Pin Code Script - Additional security.

I similarly use a pin code which is randomly generated for administrators +3 Rep for you.

EDIT: This release could have been better. Since I'm in a slightly good mood today, I'll point out your mistakes in the most appropriate way!
  1. Use dialog id 0 as the DIALOG_NONE because that's how it should be used.
  2. Read about SQL Injections here: https://www.acunetix.com/websitesecurity/sql-injection/ and use '%q' instead of '%s' to escape the text; 0.3.7 Added this specifier to remove the use of slower DB_Escape!
  3. Instead of doing this...
    PHP Code:
    new Text:Textdraw0;
    new 
    Text:Textdraw1;
    new 
    Text:Textdraw2;
    new 
    Text:Textdraw3;
    new 
    Text:Textdraw4
    do this...
    PHP Code:
    new TextTextdraw[33]; 
    Use array based variables to make your code shorter and easier to write and read.
  4. Could've also used an enumerator and a single variable for all these variables:
    PHP Code:
    new PinCode[MAX_PLAYERS];
    new 
    PinIn[MAX_PLAYERS];
    new 
    InputChars[MAX_PLAYERS];
    new 
    inputchar[MAX_PLAYERS];
    new 
    InputAttempt[MAX_PLAYERS];
    new 
    IsPlayerCreatingCode[MAX_PLAYERS];
    new 
    IsPlayerInsertingCode[MAX_PLAYERS];
    new 
    Pin1[MAX_PLAYERS];
    new 
    Pin2[MAX_PLAYERS];
    new 
    Pin3[MAX_PLAYERS];
    new 
    Pin4[MAX_PLAYERS];
    new 
    LoadPin1[MAX_PLAYERS];
    new 
    LoadPin2[MAX_PLAYERS];
    new 
    LoadPin3[MAX_PLAYERS];
    new 
    LoadPin4[MAX_PLAYERS]; 
  5. I think you don't know that per-player textdraws exist!
    PHP Code:
    new Text:Textdraw32[MAX_PLAYERS]; 
  6. Uhh, bad naming convection;
    PHP Code:
    new DBResult:SPAWN_RESULT;
            new 
    szQuery[128];
            
    format(szQuerysizeof(szQuery), "select * from `PINCODES` where `PlayerName` = '%s'"DB_Escape(GetName(playerid)));
            
    SPAWN_RESULT db_query(PIN_DATABASEszQuery); 
    You could've made it:
    PHP Code:
    new DBResultresultszQuery[50 MAX_PLAYER_NAME 1]; 
    The szQuery isn't even 100 chars. long! You better should move towards Sublime or Notepad++ and make use of accurate string sizes to reduce maximum cell (memory) waste.
  7. The textdraw click callback could have been:
    PHP Code:
    if(clickedid == Textdraw19)
        {
            
    inputchar[playerid] = 0;
            
    UpdateCharCount(playerid);
           
            
    InsertCharacter(playerid);
           
            
    TextDrawShowForPlayer(playeridTextdraw32[playerid]);
            
    PlayerPlaySound(playerid,1057,0.0,0.0,0.0);
            return 
    1;
        }
        if(
    clickedid == Textdraw20)
        {
            
    inputchar[playerid] = 1;
            
    UpdateCharCount(playerid);
           
            
    InsertCharacter(playerid);
           
            
    TextDrawShowForPlayer(playeridTextdraw32[playerid]);
            
    PlayerPlaySound(playerid,1057,0.0,0.0,0.0);
            return 
    1;
        } 
    PHP Code:
    for(new textid 19textid 28textid ++)
    {
       if(
    clickedid == Textdraw[textid])
       {
          
    inputchar[playerid] = (textid 18);

            
    UpdateCharCount(playerid);
           
            
    InsertCharacter(playerid);
    TextDrawShowForPlayer(playeridTextdraw32[playerid]);
            
    PlayerPlaySound(playerid,1057,0.0,0.0,0.0);
            break;
       }

    ( Ignore the indentation. )
  8. Maybe allow server owner to choose how long they want the PIN to be? 4, 6 or 8?
  9. Your script could have been smaller, this is 1k+ line coding without any optimization.
__________________
Premium quality and reasonable pricing game Server hosting
Logic_ is offline   Reply With Quote
Old 18/02/2018, 05:23 PM   #4
DonaldDuck
Banned
 
Join Date: Jun 2017
Location: Phillipines
Posts: 361
Reputation: 91
Default Re: SQLlite - Jaspers Pin Code Script - Additional security.

Keep it up mate Repped
DonaldDuck is offline   Reply With Quote
Old 18/02/2018, 07:50 PM   #5
willbedie
Huge Clucker
 
willbedie's Avatar
 
Join Date: Feb 2016
Location: Albania
Posts: 416
Reputation: 26
Default Re: SQLlite - Jaspers Pin Code Script - Additional security.

Interesting, good job!
__________________

Our Website

My work

ReleaseUsage
[FilterScript] willbedie's Laptop SystemA simple useful laptop system
[FilterScript] [MySQL R41-4] Ban / Unban SystemMySQL Ban/Unban System with the last version of the plugin
[FilterScript] WAdmin V1.0 [0.3.DL]Admin System with new features
willbedie is online now   Reply With Quote
Old 19/02/2018, 04:05 PM   #6
jasperschellekens
Gangsta
 
jasperschellekens's Avatar
 
Join Date: Dec 2016
Location: Gehenna
Posts: 682
Reputation: 43
Default Re: SQLlite - Jaspers Pin Code Script - Additional security.

Quote:
Originally Posted by Logic_ View Post
I similarly use a pin code which is randomly generated for administrators +3 Rep for you.
Thank you very much for this detailed explanation. I will take these optimization techniques into V1.1

Quote:
Originally Posted by DonaldDuck View Post
Keep it up mate Repped
Thank you Donald

Quote:
Originally Posted by willbedie View Post
Interesting, good job!
Thanks will
jasperschellekens is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[++Rep] SQLlite code question Hessu Scripting Help 6 03/10/2015 05:00 AM
Text draw won't show after adding an additional color code... Scenario Scripting Help 4 13/08/2013 09:33 PM
Script security Misiur Scripting Help 5 17/07/2012 11:32 PM
Script for IP Security Join7 Scripting Help 8 09/02/2012 04:08 PM


All times are GMT. The time now is 01:58 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.