[Mark Sir Link]

because you're constantly cycling through all rows.

your query should be something like SELECT * FROM Accounts WHERE Account='"@params[1]@"'";

then if your returned rows array size is greater than one, you know the account exists.

then, if the password is correct, then it is valid.

However, this sort of password authentication on a server is usually pretty pointless since you should inherently trust the login of the player itself from Graal.

If it's to try to add an extra layer of security to staff tools, you can simply verify some additional right like player.hasrightflag("warptoxy") and that will verify that the staff member is logging in from a valid location as determined by their listed IP/PC ranges