Graal Forums

Graal Forums (https://forums.graalonline.com/forums/index.php)
-   NPC Scripting (https://forums.graalonline.com/forums/forumdisplay.php?f=8)
-   -   SQL Problem (https://forums.graalonline.com/forums/showthread.php?t=134264789)

Gunderak 10-13-2011 07:18 AM
SQL Problem
 
I am probably doing this horribly wrong, but I am really new to SQL and would appreciate ANY advice given.
Basically my aim is to make a login box.
I have made it, it works. BUT It only allows you to login to the LAST created Account and Password Row, it seems all others are ignored.
Here is the GUI I am using to login.

PHP Code:
findplayer("Graal780374").addweapon(name);
function onActionServerSide(){
if(params[0] == "Login"){
temp.req requestsql("SELECT * FROM Accounts"true);
for (temp.rowtemp.req.rows)
if(params[1] == temp.row.Account && params[2] == temp.row.Password){
player.chat "Sucessful Username Entered!";
}else{
player.chat "Failed Login!";
}
}
}
//#CLIENTSIDE
function onCreated() {
  new GuiWindowCtrl("Login_Window") {
    profile GuiBlueWindowProfile;
    clientrelative true;
    clientextent "154,124";

    canclose false;
    canmaximize false;
    canminimize false;
    canmove false;
    canresize true;
    closequery false;
    destroyonhide false;
    = (screenwidth/2) - (width/2);
    = (screenheight/2) - (height/2);
    alpha 1;

    new GuiTextCtrl("Login_Text") {
      profile GuiBlueTextProfile;
      height 20;
      text "Login";
      width 32;
      58;
      5;
    }
    new GuiTextCtrl("Account_Text") {
      profile GuiBlueTextProfile;
      height 20;
      text "Account";
      width 48;
      6;
      35;
    }
    new GuiTextCtrl("Password_Text") {
      profile GuiBlueTextProfile;
      height 20;
      text "Password";
      width 57;
      6;
      60;
    }
    new GuiTextEditCtrl("Account_TextEdit") {
      profile GuiBlueTextEditProfile;
      height 20;
      width 80;
      69;
      36;
      text "";
    }
    new GuiTextEditCtrl("Password_TextEdit") {
      profile GuiBlueTextEditProfile;
      height 20;
      width 80;
      69;
      61;
      text "";
    }
    new GuiButtonCtrl("Login_Button") {
      profile GuiBlueButtonProfile;
      text "Login";
      width 55;
      height 25;
      100;
      100;
    }
    new GuiButtonCtrl("Register_Button") {
      profile GuiBlueButtonProfile;
      text "Register";
      width 55;
      height 25;
      100;
      = -1;
    }
  }
}

function Login_Button.onAction() {
triggerserver("weapon"this.name"Login"Account_TextEdit.textPassword_TextEdit.text);
And here is what i am doing to create the tables, which DOES work.

PHP Code:
requestsql("CREATE TABLE Accounts (Account varchar not null default '' primary key, Password int not null default 1)"false);

requestsql("INSERT INTO Accounts VALUES ('Account', 'Password')"false);
requestsql("INSERT INTO Accounts VALUES ('Account2', 'Password2')"false);

temp.req requestsql("SELECT * FROM Accounts"true);
if (!temp.req.completed)
  waitfor(temp.req,"onReceiveData",60);
  
echo("Accounts in database: " temp.req.rows.size());
for (temp.rowtemp.req.rows)
echo("SQL:   "@temp.row.Account@"   "@temp.row.Password); 
As I stated i am probably doing it extremely wrong.

Mark Sir Link 10-13-2011 08:22 AM
because you're constantly cycling through all rows.

your query should be something like SELECT * FROM Accounts WHERE Account='"@params[1]@"'";

then if your returned rows array size is greater than one, you know the account exists.

then, if the password is correct, then it is valid.

However, this sort of password authentication on a server is usually pretty pointless since you should inherently trust the login of the player itself from Graal.

If it's to try to add an extra layer of security to staff tools, you can simply verify some additional right like player.hasrightflag("warptoxy") and that will verify that the staff member is logging in from a valid location as determined by their listed IP/PC ranges

Gunderak 10-13-2011 08:49 AM
Since I posted this i have been Googling away madly and have found out a little bit more :D so WHERE Account= would select the row that contains the account entered?
And I am mainly doing this as practise with SQL i plan to make a WHOLE system using it like Guns with ammo stored in SQL and pretty much everything.
Thanks for your help :)


All times are GMT +2. The time now is 03:37 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.