MySQL - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Help Archive (https://sampforum.blast.hk/forumdisplay.php?fid=89)
+---- Thread: MySQL (/showthread.php?tid=275093)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Help Archive (https://sampforum.blast.hk/forumdisplay.php?fid=89)
+---- Thread: MySQL (/showthread.php?tid=275093)
MySQL - Markx - 08.08.2011
Hello all, just started a blank gamemode, to try to use MySQL and this is my code:
pawn Код:
//======================9======================================================//
// Includes //
//============================================================================//
#include <a_samp>
#include <zcmd>
#include <sscanf2>
#include <foreach>
#include <streamer>
#include <a_mysql>
//============================================================================//
// Define s //
//============================================================================//
#define SERVER_NAME "Crazy Ass Server"
#define SERVER_VERSION "v5.0"
#define SERVER_TIME "12"
#define SERVER_GRAVITY "0.00800"
#define SQL_HOST "localhost"
#define SQL_USER "root"
#define SQL_PASS ""
#define SQL_DB "sa-mp"
#define mysql_fetch_row(%1) mysql_fetch_row_format(%1,"|")
#define Blue "003DF5"
#define Red "FF0000"
#define Green "66FF00"
#define White "FFFFFF"
#define DIALOG_AUTOLOGIN 100
#define DIALOG_REGISTER 101
#define DIALOG_LOGIN 102
#define DIALOG_LOGGED 103
#define DIALOG_REGGED 104
//============================================================================//
// New's //
//============================================================================//
enum pInfo
{
pLevel,
pVIP,
pKMA,
pRank,
pScore,
pMoney,
pKills,
pDeaths,
pMuted,
pJailed,
pFrozen,
pMutedTimes,
pJailedTimes,
pFrozenTimes,
pBanned,
pBannedBy,
pLoggins,
pPosX,
pPosY,
pPosZ,
pPosA
}
new PlayerInfo[MAX_PLAYERS][pInfo];
//============================================================================//
// Forwards //
//============================================================================//
//============================================================================//
// Main //
//============================================================================//
main()
{
print("\t====================================================");
print("\t\tCrazy Ass Server v5.0");
print("\t====================================================");
}
//============================================================================//
// Publics //
//============================================================================//
public OnGameModeInit()
{
//================================================================//
// MySQL part //
//================================================================//
if(!mysql_connect(SQL_HOST, SQL_USER, SQL_DB, SQL_PASS))
{
print("SQL connection attempt 1 FAILED!");
if(!mysql_connect(SQL_HOST, SQL_USER, SQL_DB, SQL_PASS))
{
print("SQL connection attempt 2 FAILED!");
if(!mysql_connect(SQL_HOST, SQL_USER, SQL_DB, SQL_PASS))
{
print("SQL connection attempt 3 FAILED!");
return 1;
}
}
}
return 1;
}
public OnGameModeExit()
{
return 1;
}
public OnPlayerRequestSpawn(playerid)
{
//================================================================//
// MySQL part //
//================================================================//
if(GetPVarInt(playerid, "Logged") == 0)
{
new Query[200], Pname[24];
GetPlayerName(playerid, Pname, 24);
new escpname[24];
mysql_real_escape_string(Pname, escpname);
format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s'" , escpname);
mysql_query(Query);
mysql_store_result();
if(!mysql_num_rows()) ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT , ""Red"User registration", ""White"Welcome to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" register!\n"Blue"Please insert a password below:", "Okay", "Leave");
else ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT , ""Red"User Loggin", ""White"Welcome back to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" login!\n"Blue"Please insert your password below:", "Okay", "Leave");
return 0;
}
return 1;
}
public OnPlayerSpawn(playerid)
{
SetPVarInt(playerid, "MoneyGiven", 0);
return 1;
}
public OnPlayerConnect(playerid)
{
RemoveUnderScore(playerid);
//================================================================//
// MySQL part //
//================================================================//
new Query[200], Pname[24], escpname[24];
GetPlayerName(playerid, Pname, 24);
mysql_real_escape_string(Pname, escpname);
format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s'", escpname);
mysql_query(Query);
mysql_store_result();
if(mysql_num_rows() != 0)
{
new PIP[56];
GetPlayerIp(playerid, PIP, 56);
format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s' AND `IP` = '%s'", escpname, PIP);
mysql_query(Query);
mysql_store_result();
if(mysql_num_rows() != 0)
{
new line[750];
SetPVarInt(playerid, "Logged", 1);
ShowPlayerDialog(playerid, DIALOG_AUTOLOGIN, DIALOG_STYLE_MSGBOX, ""Red"You have been auto-logged in!",""White"You have been sucessfully auto logged in!", "Okay", "");
if(mysql_fetch_row(line))
{
sscanf(line, "p|ddddddddddddddddsffff",
PlayerInfo[playerid][pLevel],
PlayerInfo[playerid][pVIP],
PlayerInfo[playerid][pKMA],
PlayerInfo[playerid][pRank],
PlayerInfo[playerid][pScore],
PlayerInfo[playerid][pMoney],
PlayerInfo[playerid][pKills],
PlayerInfo[playerid][pDeaths],
PlayerInfo[playerid][pMuted],
PlayerInfo[playerid][pJailed],
PlayerInfo[playerid][pFrozen],
PlayerInfo[playerid][pMutedTimes],
PlayerInfo[playerid][pJailedTimes],
PlayerInfo[playerid][pFrozenTimes],
PlayerInfo[playerid][pBanned],
PlayerInfo[playerid][pLoggins],
PlayerInfo[playerid][pBannedBy],
PlayerInfo[playerid][pPosX],
PlayerInfo[playerid][pPosY],
PlayerInfo[playerid][pPosZ],
PlayerInfo[playerid][pPosA]);
SetPlayerScore(playerid, PlayerInfo[playerid][pScore]);
GivePlayerMoney(playerid, PlayerInfo[playerid][pMoney]);
mysql_free_result();
}
}
if(!mysql_num_rows())
{
ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT , ""Red"User Loggin", ""White"Welcome back to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" login!\n"Blue"Please insert your password below:", "Okay", "Leave");
}
}
else
{
ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT , ""Red"User registration", ""White"Welcome to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" register!\n"Blue"Please insert a password below:", "Okay", "Leave");
}
mysql_free_result();
return 1;
}
public OnPlayerDisconnect(playerid, reason)
{
//================================================================//
// MySQL part //
//================================================================//
if(GetPVarInt(playerid, "Logged") == 1)
{
new query[300];
new Pname[24];
GetPlayerName(playerid, Pname, 24);
new escpname[24];
mysql_real_escape_string(Pname, escpname);
format(query, sizeof(query), "UPDATE `playerinfo` SET `Level` = '%d',, `VIP` = '%d', `KMA` = '%d', `Rank` = '%d', `Score` = '%d', `Money` = '%d', `Kills` = '%d', `Deaths` = '%d', `Muted` = '%d', `Jailed` = '%d', `Frozen` = '%d', `Times Muted` = '%d', `Times Jailed` = '%d', `Times Frozen` = '%d', `Loggins` = '%d', `PossitionX` = '%f', `PossitionY` = '%f', `PossitionZ` = '%f', `PossitionA` = '%f', `Banned by` = '%s' WHERE `user` = '%s'",
PlayerInfo[playerid][pLevel],
PlayerInfo[playerid][pVIP],
PlayerInfo[playerid][pKMA],
PlayerInfo[playerid][pRank],
GetPlayerScore(playerid),
GetPlayerMoney(playerid),
PlayerInfo[playerid][pKills],
PlayerInfo[playerid][pDeaths],
PlayerInfo[playerid][pMuted],
PlayerInfo[playerid][pJailed],
PlayerInfo[playerid][pFrozen],
PlayerInfo[playerid][pMutedTimes],
PlayerInfo[playerid][pJailedTimes],
PlayerInfo[playerid][pFrozenTimes],
PlayerInfo[playerid][pBanned],
PlayerInfo[playerid][pLoggins],
PlayerInfo[playerid][pBannedBy],
PlayerInfo[playerid][pPosX],
PlayerInfo[playerid][pPosY],
PlayerInfo[playerid][pPosZ],
PlayerInfo[playerid][pPosA],
escpname);
mysql_query(query);
mysql_free_result();
}
return 1;
}
public OnPlayerDeath(playerid, killerid, reason)
{
return 1;
}
public OnVehicleSpawn(vehicleid)
{
return 1;
}
public OnVehicleDeath(vehicleid, killerid)
{
return 1;
}
public OnPlayerText(playerid, text[])
{
return 1;
}
public OnPlayerEnterVehicle(playerid, vehicleid, ispassenger)
{
return 1;
}
public OnPlayerExitVehicle(playerid, vehicleid)
{
return 1;
}
public OnPlayerStateChange(playerid, newstate, oldstate)
{
return 1;
}
public OnPlayerEnterCheckpoint(playerid)
{
return 1;
}
public OnPlayerLeaveCheckpoint(playerid)
{
return 1;
}
public OnPlayerEnterRaceCheckpoint(playerid)
{
return 1;
}
public OnPlayerLeaveRaceCheckpoint(playerid)
{
return 1;
}
public OnRconCommand(cmd[])
{
return 1;
}
public OnObjectMoved(objectid)
{
return 1;
}
public OnPlayerObjectMoved(playerid, objectid)
{
return 1;
}
public OnPlayerPickUpPickup(playerid, pickupid)
{
return 1;
}
public OnVehicleMod(playerid, vehicleid, componentid)
{
return 1;
}
public OnVehiclePaintjob(playerid, vehicleid, paintjobid)
{
return 1;
}
public OnVehicleRespray(playerid, vehicleid, color1, color2)
{
return 1;
}
public OnPlayerSelectedMenuRow(playerid, row)
{
return 1;
}
public OnPlayerExitedMenu(playerid)
{
return 1;
}
public OnPlayerInteriorChange(playerid, newinteriorid, oldinteriorid)
{
return 1;
}
public OnPlayerKeyStateChange(playerid, newkeys, oldkeys)
{
return 1;
}
public OnRconLoginAttempt(ip[], password[], success)
{
return 1;
}
public OnPlayerUpdate(playerid)
{
return 1;
}
public OnPlayerStreamIn(playerid, forplayerid)
{
return 1;
}
public OnPlayerStreamOut(playerid, forplayerid)
{
return 1;
}
public OnVehicleStreamIn(vehicleid, forplayerid)
{
return 1;
}
public OnVehicleStreamOut(vehicleid, forplayerid)
{
return 1;
}
public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
//================================================================//
// MySQL part //
//================================================================//
if(dialogid == DIALOG_REGISTER)
{
if(response)
{
if(!strlen(inputtext))
{
ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT , ""Red"User registration", ""White"Welcome to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" register!\n"White"Please insert a password below:", "Okay", "Leave");
SendClientMessage(playerid, 0xF60000AA, ""Blue"[System] "White"You "Red"have"White" to enter a password in order to start playing!");
}
new PIP[50];
new Query[200], Pname[24];
new str[28];
format(str, sizeof str, "Not banned");
GetPlayerName(playerid, Pname, 24);
new escpname[24], escpass[100];
mysql_real_escape_string(inputtext, escpass);
mysql_real_escape_string(Pname, escpname);
GetPlayerIp(playerid, PIP, 50);
format(Query, sizeof(Query), "INSERT INTO `playerinfo` (`user`, `password`, `Level`, `VIP`, `KMA`, `Rank`, `Score`, `Money`, `Kills`, `Deaths`, `Muted`, `Jailed`, `Frozen`, `Times Muted`, `Times Jailed`, `Times Frozen`, `Loggins`, `PossitionX`, `PossitionY`, `PossitionZ`, `PossitionA`, `Banned by`, IP) VALUES ('%s', '%s', 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, '%s', '%s')", escpname, escpass, str,PIP); //Insert string
mysql_query(Query);
GameTextForPlayer(playerid, "~g~Registered sucessfully!", 2000, 3);
ShowPlayerDialog(playerid, DIALOG_REGGED, DIALOG_STYLE_MSGBOX, ""Red"You have sucessfully created a new account!",""White"You have been registerd and logged in!", "Okay", "");
SetPVarInt(playerid, "Logged", 1);
}
}
if(dialogid == DIALOG_LOGIN)
{
if(response)
{
new Query[200], Pname[24];
GetPlayerName(playerid, Pname, 24);
new escpname[24];
mysql_real_escape_string(Pname, escpname);
format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s' AND `password` = '%s'", escpname, inputtext);
mysql_query(Query);
mysql_store_result();
if(!mysql_num_rows())
{
SendClientMessage(playerid, 0xF60000AA, ""Blue"[System] "White"Invaild passowrd, please try again! "Red"Max tries: 3");
SetPVarInt(playerid, "WrongPass", GetPVarInt(playerid, "WrongPass") + 1);
ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT , ""Red"User Loggin", ""White"Welcome back to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" login!\n"Blue"Please insert your password below:", "Okay", "Leave");
if(GetPVarInt(playerid, "WrongPass") == 3)
{
SendClientMessage(playerid, 0xF60000AA, ""Blue"[System] "White"Max password tries exceeded!");
Kick(playerid);
}
}
else
{
new line[750];
if(mysql_fetch_row(line))
{
sscanf(line, "p|ddddddddddddddddsffff",
PlayerInfo[playerid][pLevel],
PlayerInfo[playerid][pVIP],
PlayerInfo[playerid][pKMA],
PlayerInfo[playerid][pRank],
PlayerInfo[playerid][pScore],
PlayerInfo[playerid][pMoney],
PlayerInfo[playerid][pKills],
PlayerInfo[playerid][pDeaths],
PlayerInfo[playerid][pMuted],
PlayerInfo[playerid][pJailed],
PlayerInfo[playerid][pFrozen],
PlayerInfo[playerid][pMutedTimes],
PlayerInfo[playerid][pJailedTimes],
PlayerInfo[playerid][pFrozenTimes],
PlayerInfo[playerid][pBanned],
PlayerInfo[playerid][pLoggins],
PlayerInfo[playerid][pBannedBy],
PlayerInfo[playerid][pPosX],
PlayerInfo[playerid][pPosY],
PlayerInfo[playerid][pPosZ],
PlayerInfo[playerid][pPosA]);
SetPlayerScore(playerid, PlayerInfo[playerid][pScore]);
GivePlayerMoney(playerid, PlayerInfo[playerid][pMoney]);
mysql_free_result();
}
}
}
}
return 1;
}
public OnPlayerClickPlayer(playerid, clickedplayerid, source)
{
return 1;
}
//============================================================================//
// Player Commands //
//============================================================================//
//============================================================================//
// Admin Commands //
//============================================================================//
//============================================================================//
// Stocks //
//============================================================================//
stock RemoveUnderScore(playerid)
{
new name[MAX_PLAYER_NAME];
GetPlayerName(playerid,name,sizeof(name));
for(new i = 0; i < MAX_PLAYER_NAME; i++)
{
if(name[i] == '_') name[i] = ' ';
}
return name;
}
Re: MySQL - JaTochNietDan - 08.08.2011
That's some very messy code, in OnPlayerConnect you first of all do a query which selects all of the columns data for that row, then you store the data, then you do another query again with selects all of the columns data again for that row....without even freeing the result of the last query...but why do you select all of that data in the first place if you're not going to use it? You do the same thing in OnPlayerRequestSpawn, which by the way could be spammed quite heavily, that's a possible denial of service exploit right there since you've not even threaded the query!
There's also an SQL injection exploit in your login code, all someone would have to do is type '; DELETE *; at the login dialog box and your entire database would be deleted. This is especially strange because you take the time to escape the name (which cannot contain quotes so it technically cannot be used for injection), but you don't escape the most important part, the one where someone can literally type anything they want into it.
Another thing is that you have several logic paths where you store a result and never free it!
I don't really know why you're experiencing these problems, but when a system is coded this badly in the first place then it's bound to have a lot of problems.
Re: MySQL - Markx - 08.08.2011
That was a bit to advanced for me..Well i followed this tutorial, and it seems it failed very bad. Could you explain me how to fix it?
EDIT: Yeah i see the missing mysql_free_result();
Re: MySQL - JaTochNietDan - 08.08.2011
Quote:
|
Originally Posted by Markx
 That was a bit to advanced for me..Well i followed this tutorial, and it seems it failed very bad. Could you explain me how to fix it?
EDIT: Yeah i see the missing mysql_free_result(); |
If that's still troubling, there are plenty of resources around the internet for learning how to write good SQL code and practicing good coding techniques that make sense. There's also the official PAWN documentation at CompuPhase. I can't tell you how to fix this because there's so much wrong with it, it would just have to be completely re-written.
I'm sure you could find a solution to your specific problem, but that's not going to change the vast majority of problems with this code!
Note: There isn't just one missing mysql_free_result, there are several logical paths where it is missing.
Re: MySQL - Markx - 08.08.2011
Quote:
|
Originally Posted by JaTochNietDan
Well instead of following that tutorial which is clearly teaching some horrible coding methods, then you should actually learn what the functions do and how the MySQL API works by reading the documentation on the SA-MP Wiki. There's plenty of it there that explains everything about the function.
If that's still troubling, there are plenty of resources around the internet for learning how to write good SQL code and practicing good coding techniques that make sense. There's also the official PAWN documentation at CompuPhase. I can't tell you how to fix this because there's so much wrong with it, it would just have to be completely re-written. I'm sure you could find a solution to your specific problem, but that's not going to change the vast majority of problems with this code! Note: There isn't just one missing mysql_free_result, there are several logical paths where it is missing. |
Re: MySQL - JaTochNietDan - 08.08.2011
Quote:
|
Originally Posted by Markx
Alright. I will read it! Which tutorial for MySQL Register/Login system would you suggest me?
|
Also I'm pretty sure the creator of the MySQL plugin (G-sTyLeZzZ) even released an example filterscript with an account system in it, that would be properly coded, maybe you could learn from that.
Edit: It's here
Re: MySQL - Markx - 08.08.2011
Well, i cant just write the script, i can learn all the functions but i dont know how to use them, im not that good scripter, i could do that in y_ini or some other file saving systems but not with MySQL, its a bit to hard for me, thats why i follow tutorials to get how to use them and then make my own.
Re: MySQL - [HiC]TheKiller - 08.08.2011
Quote:
|
Originally Posted by Markx
EDIT: Yeah i see the missing mysql_free_result();
|
Re: MySQL - Markx - 08.08.2011
Quote:
|
Originally Posted by [HiC]TheKiller
Interesting thing was I checked the tutorial 2 minutes ago and there was actually a mysql_free_result there. Anyway, I deleted the tutorial, I'll make a new one if I have the time.
|
Re: MySQL - JaTochNietDan - 08.08.2011
Quote:
|
Originally Posted by Markx
Well, i cant just write the script, i can learn all the functions but i dont know how to use them, im not that good scripter, i could do that in y_ini or some other file saving systems but not with MySQL, its a bit to hard for me, thats why i follow tutorials to get how to use them and then make my own.
|
Also it sounds like you actually have a problem with the programming concept in general, I suggest you learn some of the programming basics and understand what functions mean and what they do, that is the key to learning programming, then all you need to know is what the function does, its parameters and its return value, all of which are supplied on the SA-MP Wiki for almost every function released on these forums.
If you learn the basics of programming properly and actually understand what you are writing, why you are writing it and start learning how to do/use algorithmic problem solving, this will all become crystal clear. There's no reason that people learning programming should ever have to ask people for help, it's all out there answered already for them, there are very few things that you would not be able to figure out yourself.