• Announcements

    • jhxp

      Forums are online again after a maintenance.   18/03/17

      MTA Forums maintenance is completed, although some automatic time-heavy tasks are still in process and will be finished eventually in background. Expect some features such as Forum Search to not display all results until all processes are finished. Please let us know if you spot a forum feature that worked correctly before the maintenance but does not work anymore now. Thanks. --MTA Team

3aGl3

Members
  • Content count

    63
  • Joined

  • Last visited

Community Reputation

8 Neutral

1 Follower

About 3aGl3

  • Rank
    Snitch

Details

  • Gang
    Groove
  1. You should check the username only. It would also be possible to simply flag the username column as unique and not check it at all. In that case the query will simply fail and just telling the user that it didn't work is sufficient enough.
  2. Given that I have no experience and/or interest in cracking hashes etc. and that I really don't want to argue this out I'll just say this: Whatever. Have it your way. That doesn't change the fact that md5 should be considered insecure and that choosing md5 for encrypting passwords is like choosing a lower quality product because of habit instead of a better one that would have the same price...
  3. Mods aren't exactly 'physically' made, however at some point someone creates a model and a texture. In case of a ported car (eg. GTA V, NFS, ...) usually a game studio like Rockstar made the car model and textures. The modder takes those and adjusts them to GTASA/MTASA. In other cases the modder might create the model himself, probably from images of the real vehicle. Last but not least technology advanced so far in the last years that you can take a bunch of photos of an object and the computer will use those to calculate the model and textures for you, however models made that way aren't usually 'game ready', meaning they are of poor quality. To get a better idea of models and textures you can probably just look those terms up and if you want to get specifically into making car mods for GTASA you can google that or search on gtagarage.com. Also most tools for modding GTASA are free
  4. Since gui and dxDrawing are in no relation to each other I think this would be difficult. I think that using a render target and dxDrawImageSection should work best, combined with the scroll values. Depending on what exactly you want to do it might be easier to just use guiCreateStaticImage.
  5. Looks like you're missing an end in your script after the setObjectScale function.
  6. No, no, no, no md5 is insecure, period! MTA offers sha256 and you should use it. I don't want to get to lengthy about it but you can read this if you want to get more info on password security. Or just google "how to password security" or something...just don't think it's a joke. User data is sensitive data, even more so if you save something like players mail addresses as well.
  7. Sure, I posted you a fully working login function as well as pointing out numerous things that could simplify your script. If that doesn't help you maybe consider to let scripting go. Also...my mobile phone can crack md5 within seconds, it's unsafe too.
  8. You have to check if the menu is currently visible. Just create a variable for that and check it in the onClientClick events.
  9. The event is named onClientGUIComboBoxAccepted
  10. The wiki states that the engineLoadDFF function also accepts strings of text instead of a filepath. So reading the file, then coding it and calling engineLoadDFF with that data would also work.
  11. I keep track of the element that has focus on a variable declared at the top of the document. I created a few functions that create elements so I have a reference for every object, in the onClientRender function I get the mouse position on screen and before drawing the element I check if the mouse is on top of it, if so I save that element in the variable. I also trigger custom events when the mouse enters or leaves an element and with onClientClick and onClientDoubleClick you can also check if the player tries to click the currently focused element.
  12. So, your login function looks super wrong to me, first of all the variables handed to the function are local variables, so local username = arg1 etc. is totally unnecessary. Secondly, when handling sensitive data like a usernames and passwords you should always take proper security measures. At this point I'm afraid of creating an account on any MTA server with a password other than 12345...it seems noone takes security serious. Saving usernames and passwords is no joke, if your database is hacked the hacker has all the players usernames and passwords as clear text. Many people use one password for pretty much everything, while that isn't something you can change you can at least try to put a little effort into securing your players data. A proper way to do this looks something like this: --[[ - Attempts to log the player into the given account - - @param <string> username: Username for the account - @param <string> password: Password for the account ]] function requestPlayerLogin( username, password ) if not username or not password or username == "" or password == "" then outputDebugString( "Function requestPlayerLogin called without an username or password.", 2 ) return end -- get the account from the database local result = databaseQuery( "account", "SELECT `account_id`, `name`, `password`, `online` FROM `accounts` WHERE `name`=?", username ) if result then -- grab the account data from the query result local account = result[1] -- get the salt from the password field and hash the password send by the client local salt = string.sub( account.password, 65 ) password = sha256( salt..password ) -- check if the hash and the database hash match if password == string.sub( account.password, 1, 64 ) then -- check the online state of the account if account.online == 1 then -- let the player know that his account is already logged in outputChatBox( string.format( loc(client, "your_account_is_already_logged_in"), get("website") ), client, 255, 128, 128 ) return else -- set the accounts online flag result = databaseQuery( "account", "UPDATE `accounts` SET `online`=1, `last_online`=CURRENT_TIMESTAMP WHERE (`account_id`='?')", account.account_id ) if result then outputDebugString( "Successfully logged player ".. getPlayerName(client) .." in." ) -- save the players account id playerAccount[client] = account.account_id playerAccountName[client] = account.name -- trigger the server and client login event triggerEvent( "onPlayerSQLLogin", resourceRoot, client, account_id ) triggerClientEvent( client, "onClientPlayerLogin", resourceRoot ) -- log a successfull login databaseQuery( "account", "INSERT INTO `accountlogins` (`account`, `address`, `serial`, `success`) VALUES (?,?,?,?)", account.account_id, getPlayerIP(client), getPlayerSerial(client), 1 ) return end end end -- log a failed login attempt databaseQuery( "account", "INSERT INTO `accountlogins` (`account`, `address`, `serial`, `success`) VALUES (?,?,?,?)", account.account_id, getPlayerIP(client), getPlayerSerial(client), 0 ) end -- if we reach this the login request failed -- NOTE -- We stick to a generic error message, even though this isn't super user friendly -- this prevents a hacker from finding out valid usernames by trying to log into them. outputChatBox( loc(client, "invalid_username_or_password"), client, 255, 128, 128 ) end --[[ requestPlayerLogin ]] Note that I'm saving passwords as a salted hash and also log any attempt to log into an account. The databaseQuery function is pretty much just a dbQuery and dbPoll packed together with some other small things.
  13. A link to where you got the gamemode is probably what he wants so he can check it out to better help you.
  14. I looks pretty ok to me, however you should use triggerLatentClientEvent( client,] "recriveRss", 50000, false, resourceRoot, ss ) And probably triggerLatentServerEvent for requesting the entire process. On the other hand I have no idea what you are trying to achieve with this, you could just show the image directly, without sending it to the server...
  15. I don't think setting all sync intervals that low is a good idea if you are expecting more than a few players. It might not be notable with 2 players but it sure will be with more... Not to mention that 10 seems a little low, even the player sync is only 100 by default.