SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Scripting Help > Tutorials

Reply
 
Thread Tools Display Modes
Old 25/01/2017, 03:53 PM   #31
GhostHacker9
Big Clucker
 
GhostHacker9's Avatar
 
Join Date: Jan 2017
Location: New Zealand
Posts: 105
Reputation: 109
Default Re: Creating a simple register/save system using R41-2

Quote:
Originally Posted by Yaa View Post
what wrrong on it ?
Well you declared login attempts as static so there will be only one copy of that variable in stack. That means if one player fails in login attempt the variable value is 3 and would not be reset for another player so if next player logins by failing in one attempt would kick him by saying you failed login attempts 3 times. The solution is to change the declaration of logattempts to new instead of static.Also take consider of char arrays too instead of plain one (eg arrayname[size char]).
GhostHacker9 is offline   Reply With Quote
Old 25/01/2017, 04:10 PM   #32
Lordzy
High-roller
 
Lordzy's Avatar
 
Join Date: Mar 2012
Location: NetherRealm
Posts: 2,702
Reputation: 1176
Default Re: Creating a simple register/save system using R41-2

Writing a secure user system isn't easy because if it is, chances of security related risks are probably high unless you're either well experienced or if it was simply a copy-paste of a secured version. By saying it's not easy, I'm not implying that it's hard to code. But one who's developing should have a lot of patience and think for chances where such a system can be exploited or bypassed.

I'm suggesting people not to write their own (insecure) user system nor write any tutorials about them to mislead other beginners unless they're familiar with the security risks a user system can face.

Of course it may benefit beginners to learn to create their own user system, but why risk players' personal data with that? By this post I'm never trying to stop anyone from creating. But I'm trying to push others to know more about creating a secure login system.


I can say a lot of drawbacks from this tutorial if I've read it completely. Though, I'm done reading half of your insecure login-register system. Major things I'd note:

- You lack good explanation. I assume it's because you clearly are unsure of half of the things here.
- No array resetting included.
- No salting.

I'm not trying to completely criticize what you're doing here. I suggest you to know more first before proceeding.
__________________
Currently inactive - I don't play at any SA-MP servers nor work on anything in PAWN for now. The projects that I've done so far in PAWN, which requires updates will be taking some time.
Lordzy is offline   Reply With Quote
Old 25/01/2017, 04:14 PM   #33
Yaa
Banned
 
Join Date: May 2016
Location: = GetPlayerHouse("Yaa", 0.2);
Posts: 598
Reputation: 42
Default Re: Creating a simple register/save system using R41-2

Quote:
Originally Posted by GhostHacker9 View Post
Well you declared login attempts as static so there will be only one copy of that variable in stack. That means if one player fails in login attempt the variable value is 3 and would not be reset for another player so if next player logins by failing in one attempt would kick him by saying you failed login attempts 3 times. The solution is to change the declaration of logattempts to new instead of static.Also take consider of char arrays too instead of plain one (eg arrayname[size char]).
Thank you i got it

Quote:
Originally Posted by Lordzy View Post
- You lack good explanation. I assume it's because you clearly are unsure of half of the things here.
- No array resetting included.
- No salting.

I'm not trying to completely criticize what you're doing here. I suggest you to know more first before proceeding.
i know salting, and has using SHA256 isn't simple for newbies as title says this is simple register/save

some guys do not even know how to use mysql functions and you wanna show them SHA256 ?

this tuto is simple tuto just with using Whirlpool and for newbies



Tutorial Updated
Yaa is offline   Reply With Quote
Old 25/01/2017, 04:30 PM   #34
Lordzy
High-roller
 
Lordzy's Avatar
 
Join Date: Mar 2012
Location: NetherRealm
Posts: 2,702
Reputation: 1176
Default Re: Creating a simple register/save system using R41-2

The point is that newbies shouldn't risk writing a user system. About salting - It can be done with any hashing algorithm. I don't use the hash function provided by SAMP because the way it salts it's password is not revealed yet. So it'd be pointless to use it if you're developing any external source, say UCP for example that requires user's password for authentication.

EDIT : I just checked the wiki and it does include the way of how salt is concatenated to the password. But what I said can still be considered if your point of adding salt isn't at the end.
__________________
Currently inactive - I don't play at any SA-MP servers nor work on anything in PAWN for now. The projects that I've done so far in PAWN, which requires updates will be taking some time.
Lordzy is offline   Reply With Quote
Old 25/01/2017, 04:34 PM   #35
Yaa
Banned
 
Join Date: May 2016
Location: = GetPlayerHouse("Yaa", 0.2);
Posts: 598
Reputation: 42
Default Re: Creating a simple register/save system using R41-2

Quote:
Originally Posted by Lordzy View Post
The point is that newbies shouldn't risk writing a user system. About salting - It can be done with any hashing algorithm. I don't use the hash function provided by SAMP because the way it salts it's password is not revealed yet. So it'd be pointless to use it if you're developing any external source, say UCP for example that requires user's password for authentication.
whirlpool hash can be used in php too

http://php.net/manual/en/function.hash.php

SHA256 it's way more advenced and i don't even suggest to an newbie to use it
Yaa is offline   Reply With Quote
Old 25/01/2017, 04:37 PM   #36
Lordzy
High-roller
 
Lordzy's Avatar
 
Join Date: Mar 2012
Location: NetherRealm
Posts: 2,702
Reputation: 1176
Default Re: Creating a simple register/save system using R41-2

Quote:
Originally Posted by Yaa View Post
whirlpool hash can be used in php too

http://php.net/manual/en/function.hash.php
.
SHA256 it's way more advenced and i don't even suggest to an newbie to use it
FYI - I never said not to use Whirlpool and yes, it's widely supported. You mentioned that you wouldn't suggest newbies to use SHA-256. The point of my posts here were that newbies shouldn't consider writing their own user system if they've no idea what all common risks they'll be leading with.
__________________
Currently inactive - I don't play at any SA-MP servers nor work on anything in PAWN for now. The projects that I've done so far in PAWN, which requires updates will be taking some time.

Last edited by Lordzy; 27/01/2017 at 02:13 PM.
Lordzy is offline   Reply With Quote
Old 27/01/2017, 01:21 PM   #37
RyderX
Banned
 
Join Date: Oct 2016
Location: Lebanon,Beirut Rank: SA-MP Scripter
Posts: 564
Reputation: 53
Default Re: Creating a simple register/save system using R41-2

Thanks Yaa it helped me a lot!
RyderX is offline   Reply With Quote
Old 27/01/2017, 02:12 PM   #38
BiosMarcel
Banned
 
Join Date: Jul 2012
Location: Germany
Posts: 1,224
Reputation: 234
Default Re: Creating a simple register/save system using R41-2

Quote:
Originally Posted by Yaa View Post
whirlpool hash can be used in php too

http://php.net/manual/en/function.hash.php

SHA256 it's way more advenced and i don't even suggest to an newbie to use it
Worst suggestion ever ^^^

How is SHA advanced??
BiosMarcel is offline   Reply With Quote
Old 27/01/2017, 02:49 PM   #39
Vince
Spam Machine
 
Vince's Avatar
 
Join Date: Sep 2007
Location: Belgium
Posts: 10,079
Reputation: 2655
Default Re: Creating a simple register/save system using R41-2

I'm getting sick and tired of this "for newbies" fallacy. If someone is a newbie then it is suddenly okay to teach them inferior methods?! And it's not just you, Yaa, so don't take it personally. I've seen others using it as well.
__________________
Vince is offline   Reply With Quote
Old 27/01/2017, 07:34 PM   #40
Yaa
Banned
 
Join Date: May 2016
Location: = GetPlayerHouse("Yaa", 0.2);
Posts: 598
Reputation: 42
Default Re: Creating a simple register/save system using R41-2

Quote:
Originally Posted by Vince View Post
I'm getting sick and tired of this "for newbies" fallacy. If someone is a newbie then it is suddenly okay to teach them inferior methods?! And it's not just you, Yaa, so don't take it personally. I've seen others using it as well.
well im fully agree but some times i think the newbies who joined samp forum (i was one of them) they don't know the pawn bases etc when they see SHA256 and salts and complied things etc i think they will leave it fast (#true_story)


Quote:
Originally Posted by Logic_ View Post
Vince...

It's stupid to reply to such people, I don't get the reason why you and people like me, Sreyas and Lordzy make posts on these kinds of topics, it's really stupid to make posts, people like Yaa, ParKing, and other retards have came up here. They don't reply, they don't have reasons, they have lame excuses, lame brain and are so lame irl that they come here to troll.

I wanted to make this post in a much more better way but, i don't have words to explain this fuck-ery.
i didn't ignore anyone i was playing all the day in iLearner server
Yaa is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Tutorial] [TUT] Creating a Register System using Dini Eazy_Efolife Tutorials 192 20/08/2014 03:26 PM
Register System not creating file. rangerxxll Scripting Help 4 05/03/2013 08:09 PM
[Tutorial] Creating a dialog register/login system using Dini [NWA]Hannes Tutorials 3 17/06/2012 04:35 PM
Y_ini Register System Not Creating Files LeetModz Scripting Help 10 02/05/2012 08:04 PM
[Tutorial] Creating a simple register and login system. AcId n RaPiD Help Archive 0 21/11/2009 01:23 PM


All times are GMT. The time now is 07:13 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.