Someone is crashing my server! - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Someone is crashing my server! (/showthread.php?tid=491386)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Someone is crashing my server! (/showthread.php?tid=491386)
Someone is crashing my server! - TheBosss - 30.01.2014
Hello guys,
My problem is that someone is crashing my server,i think that is doing something in the login dialog..
I got this in my server_log:
Код:
[18:22:41] Last dialog input: '; UPDATE Accounts SET Admin = '100' WHERE name = 'Rhaskos. from dialogid: 83 [18:22:41] [debug] Server crashed while executing rrs.amx [18:22:41] [debug] AMX backtrace: [18:22:41] [debug] #0 00000069 in Debug_Print0 (... <27 variable arguments>) at C:\Users\Computer\Desktop\RRS\pawno\include\float.inc:102 [18:22:41] [debug] #1 00000069 in Debug_Print0 (... <255852544 variable arguments>) at C:\Users\Computer\Desktop\RRS\pawno\include\float.inc:102 [18:22:41] [debug] System backtrace:
How can i solve this problem?
Re: Someone is crashing my server! - TheBosss - 30.01.2014
Nobody knows whats the problem
Re: Someone is crashing my server! - MP2 - 31.01.2014
Looks like SQL injection. Print out the entire query. Make sure you escape the input string (mysql_real_escape_string() IIRC).
Re: Someone is crashing my server! - DobbysGamertag - 31.01.2014
Quote:
|
Originally Posted by MP2
 Looks like SQL injection. Print out the entire query. Make sure you escape the input string (mysql_real_escape_string() IIRC).
|
pawn Код:
new safestring[129] //129 is max input right? o_O
mysql_real_escape_string(inputtext,safestring);
pawn Код:
new query[124];
format(query,sizeof(query),"UPDATE `accounts` SET `Admin`='%d' WHERE `name`='%s'",safestring,Name[playerid]);
mysql_query(query);
Re: Someone is crashing my server! - MP2 - 31.01.2014
Wait.. what? Why are you setting someone's admin level to 100 when they login..? So you're telling me on the login dialog, when they enter their password, it takes their password and tries to update mySQL to set their admin level to the value of their password? Either I'm very stupid and have vastly misunderstood this, or you haven't explained it properly. I'm thinking the latter..
Re: Someone is crashing my server! - TheBosss - 31.01.2014
You didn't understand!The problem is that if someone is writing a huge password in the login dialog the server is going to crash.I escaped the string that's not the problem .So if someone types a password with a lot of characters than the server crashes and how do you see the injection has a lot of characters is crashing my server,but its nothing to do with real escape string.
Re: Someone is crashing my server! - StreetGT - 31.01.2014
Use strlen for check string lenght then set a limit
Re: Someone is crashing my server! - PowerPC603 - 31.01.2014
Or hash the password.
It will not only increase the security of your player's accounts (in case they could hack your database/playerfiles).
Also the length of the password won't matter as all characters inputted will be hashed into a single limited-size string.
You won't even need to escape the hash, as hashes don't contain MySQL-sensitive characters like '
Re: Someone is crashing my server! - SwisherSweet - 31.01.2014
Are you setting the player admin level after he loggs in or before, Because if you set it before that can actually be the problem to why it crashes...
Re: Someone is crashing my server! - TheBosss - 31.01.2014
StreetGT gave me the good answer,thanks!