SA-MP Forums Archive
This one command! /unban - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: This one command! /unban (/showthread.php?tid=399156)



This one command! /unban - DJ_Shocker - 13.12.2012

Ok this was my last resort.

Our script has ALWAYS compiled just fine. Then we discovered a security flaw in one of the Admin commands.

Код:
if(strcmp(cmd, "/unban", true) == 0)
	{
	    if(IsPlayerConnected(playerid))
	    {
         	new length = strlen(cmdtext);
			while ((idx < length) && (cmdtext[idx] <= ' '))
			{
				idx++;
			}
			new offset = idx;
			new result[128];
			while ((idx < length) && ((idx - offset) < (sizeof(result) - 1)))
			{
				result[idx - offset] = cmdtext[idx];
				idx++;
			}
			result[idx - offset] = EOS;
			if(!strlen(result))
			{
				SendClientMessage(playerid, COLOR_GRAD2, "{00FF00}Usage:{FFFFFF} /unban [EXACT_NAME]");
				return 1;
			}
			new Query[256];
		   	format(Query, sizeof(Query), "SELECT `username` FROM `players` WHERE username = '%s' AND Registered = -999 LIMIT 1", (result));
			mysql_query(Query);
			mysql_store_result();
			if(!mysql_num_rows())
			{
		    	format(string, sizeof(string), "Nobody with the name %s is banned!", (result));
				mysql_free_result();
				return SendClientMessage(playerid, 0xDC0C0CFF, string);
			}
			else if(mysql_num_rows() != 0)
			{
			    format(Query, sizeof(Query), "UPDATE `players` SET `Registered` = 1 WHERE username = '%s'", (result));
				mysql_query(Query);
				mysql_store_result();
				format(string, sizeof(string), "{DC0C0C}[Info:] {FFFFFF}%s got unbanned!", (result));
				ABroadCast(0xa9c4e4FF, string, 1);
				mysql_free_result();
			}
	    }
	}
One thing is missing from here, and I hate to say it, but the admin restriction wasn't added. (Not my fault, actually)
I've tried in many ways to add the Admin Level restriction to where only a set admin level would use this command, and no matter what, either the pawno compiler crashes, or it throws me errors in other lines of the script that have nothing to do with this command. (Which is why I hate coding in the first place, but i do try)

So here's the thing, if(PlayerInfo[playerid][pAdmin] >= 1) should be added, but whenever I do it, Pawno Crashes

Any help would be greatly appreciated


Re: This one command! /unban - Threshold - 13.12.2012

I have a feeling you were adding that in, but you were forgetting or were not properly matching the braces that you added, therefore causing an error with missing or unmatched braces, continuing to make the script/pawno crash during compilation. So give this a try instead:

pawn Код:
if(strcmp(cmd, "/unban", true) == 0)
{
    if(IsPlayerConnected(playerid))
    {
        if(PlayerInfo[playerid][pAdmin] < 1) return SendClientMessage(playerid, 0xFF0000FF, "You must be an Administrator to use this command!");
        new length = strlen(cmdtext);
    while ((idx < length) && (cmdtext[idx] <= ' '))
    {
        idx++;
    }
    new offset = idx;
    new result[128];
    while ((idx < length) && ((idx - offset) < (sizeof(result) - 1)))
    {
        result[idx - offset] = cmdtext[idx];
        idx++;
    }
    result[idx - offset] = EOS;
    if(!strlen(result))
    {
        SendClientMessage(playerid, COLOR_GRAD2, "{00FF00}Usage:{FFFFFF} /unban [EXACT_NAME]");
        return 1;
    }
    new Query[256];
    format(Query, sizeof(Query), "SELECT `username` FROM `players` WHERE username = '%s' AND Registered = -999 LIMIT 1", (result));
    mysql_query(Query);
    mysql_store_result();
    if(!mysql_num_rows())
    {
        format(string, sizeof(string), "Nobody with the name %s is banned!", (result));
        mysql_free_result();
        return SendClientMessage(playerid, 0xDC0C0CFF, string);
    }
    else if(mysql_num_rows() != 0)
    {
        format(Query, sizeof(Query), "UPDATE `players` SET `Registered` = 1 WHERE username = '%s'", (result));
        mysql_query(Query);
        mysql_store_result();
        format(string, sizeof(string), "{DC0C0C}[Info:] {FFFFFF}%s got unbanned!", (result));
        ABroadCast(0xa9c4e4FF, string, 1);
        mysql_free_result();
    }
    }
    return 1;
}



Re: This one command! /unban - RajatPawar - 13.12.2012

Try using the opposite of it, for example:
pawn Код:
if(PlayerInfo[playerid][pAdmin] < 5)
Because just yesterday, I don't know why but when I tried doing pAdmin > 1, it didn't work, but when I dod pAdmin < 1, it worked. I don't know why, it might be a fault in my coding, but try it! God knows :0


Re: This one command! /unban - DJ_Shocker - 13.12.2012

Quote:
Originally Posted by BenzoAMG
Посмотреть сообщение
I have a feeling you were adding that in, but you were forgetting or were not properly matching the braces that you added, therefore causing an error with missing or unmatched braces, continuing to make the script/pawno crash during compilation. So give this a try instead:

pawn Код:
if(strcmp(cmd, "/unban", true) == 0)
{
    if(IsPlayerConnected(playerid))
    {
        if(PlayerInfo[playerid][pAdmin] < 1) return SendClientMessage(playerid, 0xFF0000FF, "You must be an Administrator to use this command!");
        new length = strlen(cmdtext);
    while ((idx < length) && (cmdtext[idx] <= ' '))
    {
        idx++;
    }
    new offset = idx;
    new result[128];
    while ((idx < length) && ((idx - offset) < (sizeof(result) - 1)))
    {
        result[idx - offset] = cmdtext[idx];
        idx++;
    }
    result[idx - offset] = EOS;
    if(!strlen(result))
    {
        SendClientMessage(playerid, COLOR_GRAD2, "{00FF00}Usage:{FFFFFF} /unban [EXACT_NAME]");
        return 1;
    }
    new Query[256];
    format(Query, sizeof(Query), "SELECT `username` FROM `players` WHERE username = '%s' AND Registered = -999 LIMIT 1", (result));
    mysql_query(Query);
    mysql_store_result();
    if(!mysql_num_rows())
    {
        format(string, sizeof(string), "Nobody with the name %s is banned!", (result));
        mysql_free_result();
        return SendClientMessage(playerid, 0xDC0C0CFF, string);
    }
    else if(mysql_num_rows() != 0)
    {
        format(Query, sizeof(Query), "UPDATE `players` SET `Registered` = 1 WHERE username = '%s'", (result));
        mysql_query(Query);
        mysql_store_result();
        format(string, sizeof(string), "{DC0C0C}[Info:] {FFFFFF}%s got unbanned!", (result));
        ABroadCast(0xa9c4e4FF, string, 1);
        mysql_free_result();
    }
    }
    return 1;
}
OMG THANK YOU THANK YOU!!!!!!!!
I can't believe I overlooked this!

Thank you BOTH for helping with this! /me runs to the coffee maker to finish this up.

Merry Christmas!


Re: This one command! /unban - Threshold - 13.12.2012

Rep please


Re: This one command! /unban - RajatPawar - 13.12.2012

Quote:
Originally Posted by BenzoAMG
Посмотреть сообщение
Rep please



Re: This one command! /unban - Threshold - 13.12.2012

Quote:
Originally Posted by Rajat_Pawar
Посмотреть сообщение
I agree... it seems my friend has logged onto my account and done this. -___-

*Double Facepalm*