I require of a simple logic.

[Master_11]

Hello, I have been working on a login panel, and I need to know, how can one make a functioning "Remember Credentials" checkbox which will then auto write username in the username text box and password in the password text box. What user have to do next is just click the login button instead of typing all the stuff again.

 

Now... How?

[salh]

-- server
addEvent("onGetSave",true)
addEventHandler("onGetSave",root,
	function ()
		local serial = getPlayerSerial(source)
		if isPlayerSave(serial) then
			local user,pass = getUserAndPass(serial)
			triggerClientEvent(source,"onPutSave",source,user,pass)
		end
	end
)


-- Client

triggerServerEvent("onGetSave",localPlayer)


addEvent("onPutSave",true)
addEventHandler("onPutSave",root,
	function (puser,ppass)
		guiSetText(user,edit user)
		guiSetText(pass,edit pass)
	end
)

use this functions

Edited June 9, 2019 by salh

[Lpsd]

@salh This code doesn't do anything. You haven't defined the `getUserAndPass` function. Furthermore, you wouldn't be saving the actual password, you'd be using a token based system.

 

@Master_11 Please see this tutorial which includes a "remember me" functionality 

 

[salh]

i say use it

 

i use this code with login panel its work

[Lpsd]

No, copying that code would not work because you have 2 undefined functions.

Furthermore, as stated, this is a bad way to create a remember me functionality because you appear to be storing the password in plaintext (which is illegal if you're accepting European traffic by the way - and just bad practice in general). Instead, you should be using a token system as explained in the linked tutorial

Edited June 9, 2019 by LopSided_

[Master_11]

Salh, your help is really appreciated but I guess, LopSided is right, the username and password are stored in the plain text. I'll check the tutorial provided by LopSided_, looks safer.

 

Thank-you both.

 

 

[salh]

executeSQLQuery("CREATE TABLE IF NOT EXISTS players_save( serial TEXT, user TEXT, pass TEXT)")

function AddPlayer(serial,user,pass)
	executeSQLQuery("INSERT INTO players_save(serial,user,pass) VALUES(?,?,?)",serial,user,pass)
end

function isPlayerSave(serial)
	local sel = executeSQLQuery("SELECT serial FROM players_save WHERE serial=?",serial)
	if sel == 0 then
		return false
	else
		return true
	end
end

function getUserAndPass(serial)
	local user,pass = "",""
	if isPlayerSave(serial) then
		local sel = executeSQLQuery("SELECT * FROM players_save WHERE serial=?",serial)
		for i,player in ipairs(sel) do
			if i == 1 then
				user = player.user
				pass = player.pass
			end
		end
		return user,pass
	end
	return false
end

addEvent("onGetSave",true)
addEventHandler("onGetSave",root,
	function ()
		local serial = getPlayerSerial(source)
		if isPlayerSave(serial) then
			local user,pass = getUserAndPass(serial)
			triggerClientEvent(source,"onPutSave",source,user,pass)
		end
	end
)

 

this the all code i use (:

[Lpsd]

@salh You are storing the password in plain text. This is NOT recommended in any circumstances! (you are breaking European law)

I would advise you to remove this code from your server immediately and replace it with a secure login system. Please see the tutorial topic that I sent above.

[Master_11]

Hey, @LopSided_ I read the tutorial, did some changes in my code, but I am pretty much confused, I might need some help in person, is it okay if I PM you?

[Soapbosnia]

Why not store the credentials in a XML file on the client's PC? Using db stuff for this doesn't make sense. Oh, and remember to use https://wiki.multitheftauto.com/wiki/PasswordHash for the password.

[NanoBob]

That would also be rather insecure Soapbosnia, as you would be storing it in recoverable form on the client. (Aka plaintext or encrypted).

So all someone would need to do is access the file in order to gain access to the password.

When using a token even if that token is compromised the actual password is still secure. Plus you can add a serial restriction on it (save serial per token). That way the token can't be stolen and used from a different device.