How to get Players account password

[Hero192]

Hey guys, i know it's possible alot of servers get player accounts password so how to do this?

[Rudy]

Hi,

I don't know how you save the passwords, but I think don't get account's password and don't write it on the screen. Never. And store the passwords encrypted. Use for encrypt MD5, SHA, or anything else. If you want to compare passwords in login, encrypt the requested password and compare it with the stored password.

If you don't listen to me and you use MTA Accounts, I think use MD5 or SHA encrypt, too. If you already use this, you can't get passwords never. You can get only the passwords' encrypted version. I you don't use encrypt, use it. Otherwise I don't know, where saved the passwords - I couldn't found it on the [Wiki.

I hope I helped for you,

Rudy

[JR10]

They manually store the passwords.

[Hero192]

I won't store players password i just i want to get them or see them by an cmd,

I want to make command for admins and when i type the command like /player[Name] pass

it will output text like that

outputChatBox (.. accountPassword.. " is the password of the account name" ..accountName,player)

it's just an example i have to define them but i don't know what's the function to get players password

Another example:

Simply , like if someone his account password is "123456" , if (Admin) typed the cmd ,the password of this guy will output in the chat only him who can see it

[JR10]

There's no way to get the account's password, you have to store the password manually.

[Hero192]

There's no way to get the account's password, you have to store the password manually.

How to store it? what's the ways to do that, i have no idea about storing password and how to get the password after storing it

im sure it's possible because in other servers if someone lost his account pass he tell you ,your password

[Markeloff]

There's no way to get the account's password, you have to store the password manually.

How to store it? what's the ways to do that, i have no idea about storing password and how to get the password after storing it

im sure it's possible because in other servers if someone lost his account pass he tell you ,your password

You can store it when the client creates a new account using XML or SQL or setAccountData.

If they are using /register to register an account, you can't store it. You need a custom login/register system.

[Hero192]

yes im not using /register, im using custom login system, how to store it and get it? by XML as you said

[Rudy]

I understand, what you want to achieve. But if you don't store the passwords "manually" with an external method without encrypt, you can't get the passwords. If you will sotre it, you will be able to get the passwords. But I continue to recommend to encrypt the passwords, and don't write down those for the admins, and don't for you, too.

What to use the password writer function? If you write down, maybe we can help for you and we can figure out an another solution. If you want to give the forgotten password to the player, write a password reminder system. Or simply overwrite the player's password with an encrypted string, what you know, what password's encrypted version. Give this password to the player, and write a password changer system after the login, and the player will be able to give his/her new password.

[Hero192]

I understand, what you want to achieve. But if you don't store the passwords "manually" with an external method without encrypt, you can't get the passwords. If you will sotre it, you will be able to get the passwords. But I continue to recommend to encrypt the passwords, and don't write down those for the admins, and don't for you, too.

What to use the password writer function? If you write down, maybe we can help for you and we can figure out an another solution. If you want to give the forgotten password to the player, write a password reminder system. Or simply overwrite the player's password with an encrypted string, what you know, what password's encrypted version. Give this password to the player, and write a password changer system after the login, and the player will be able to give his/her new password.

Thanks you and thanks all who tried to help me

Please i need example i really im out of ideas about storing password / get them ,i need example to start working and get idea from it i hope you can help me

[Rudy]

I won't write you a full example, sorry, but I try help for you. In my case the registration is gone on the website, but the registration is same as in the server. You will make a GUI with a button and some inputs to username, password, e-mail address, or for these check (if somebody mistypes his/her password, for example). If the player clicks the button and everything is OK, you will encrypt the password and secures the strings. After you will send e.g. a MySQL Query

"INSET INTO users ('username', 'password', 'email') VALUES ('Mr. Example', 'YM7Dkm38Mdu9K2q6DNk4p', '[email protected]')" 

With a command, or with a GUI panel you will make a login system, encrypt the password and secures the strings what are the player given. If the player clicks to the login button, you will get the stored password (E.g.: "YM7Dkm38Mdu9K2q6DNk4p") and compare with the given password. To do this, use if, or in MySQL use e.g.: a MySQL Query too, like this:

"SELECT null FROM uses WHERE username = 'Mr. Example' AND password = 'YM7Dkm38Mdu9K2q6DNk4p'" 

If the query returns with one row, the username and password is corrent, and the player will sign in.

If you will use MySQL, you can encrypt easily, like this:

"SELECT null FROM uses WHERE username = 'Mr. Example' AND password = MD5('YM7Dkm38Mdu9K2q6DNk4p')" 

If you don't want to encrypt the passwords, simply don't encrypt it. With the SELECT syntax - in MySQL - you can get the players' passwords at every time - or you can save it when the player is login.

But the encrypt's miss and the password's query are still very serious vulnerability entails.

[JR10]

setAccountData(account, 'password', password) 

The password should be encrypted. You can also use SQL.