smart setinfo _pw pass reset (unauthorized access)

mercury · **Author**

ok, i have an idea about smart reset setinfo _pw on users machines.
you know setinfo _pw "pass" sits in users config.cfg until you clear it manually. so that you can fall a victim of unauthorized access, especially when you are not the only person using your computer.

i'm new to amxx so my code doesn't work. included just to show examples.

i suggest the following:
1. on connect right after client_authorized() we should save all users passwords in array.
2. then clear them from users configs:

Code:

public client_authorized(id) {
    if (!is_user_bot(id)) {
        //save pass
        user_pwds[id] = "his_setinfo_pass"
        //clear setinfo
        client_cmd(id,"setinfo _pw ^"^"")
    }
    return PLUGIN_CONTINUE
}

3. right after timelimit has run out we should set those setinfos back:

Code:

new players[32], num
get_players(players, num)
for (new i=0; i<num; i++)
{
    client_cmd(i,"setinfo _pww ^"%s^"", user_pwds[i])
}

it's all ok in theory but i have no such a knowledges to build this one from the beginning up to the final end. so any advices would be much appreciated. ty.

p.s.: on the whole i think this functionality should be included in amxx by default (maybe as an optional cvar) since it brings in useful security improvement.

Cheap_Suit · 07-21-2006 , 02:42 Re: smart setinfo _pw pass reset (unauthorized access)

Code:

new players[32], num
get_players(players, num)
for (new i=0; i<num; i++)
{
    client_cmd(players[i],"setinfo _pww ^"%s^"", user_pwds[players[i]])
}

oops edited

Smokey485 · 07-21-2006 , 14:07 Re: smart setinfo _pw pass reset (unauthorized access)

set_user_info, use this instead.

Flashhh! · *Last edited by Flashhh!; 11-01-2006 at 11:34.*

Well please we need urgently a plugin similar to this because some servers logs all connections of players on port 27015 and they are stolen the passwords of the admins of our servers and then enter and ban all the people.
I sugest a plugin that an admin need to type a second password to acces to his flags rights but "in game", something like this amx_mypassword xxxxxx.
This second password must not be in cfg or must not be read if someone logs player connection.
If he type in game that password the plugin should activate his flags rights. So if the admin connect to other servers and they stole the setinfo information they will need the second password to active the admin flags right.
I need urgent this plugin, Its a big problem and bug of HL games.

Flashhh! · 11-01-2006 , 16:25 Re: smart setinfo _pw pass reset (unauthorized access)

no answers?

kurian · 08-07-2007 , 05:06 Re: smart setinfo _pw pass reset (unauthorized access)

Quote:

Originally Posted by Cheap_Suit

Code:

new players[32], num
get_players(players, num)
for (new i=0; i<num; i++)
{
    client_cmd(players[i],"setinfo _pww ^"%s^"", user_pwds[players[i]])
}

oops edited

u have any idea how many other ppl it will give you password to if you quit ?
EDIT:
ok nvm it wont.. old value will be overwritten when new person joins.