new DB:bans;
bans = db_open("BansList.db");
db_query(bans, "CREATE TABLE IF NOT EXISTS `BANNED` (`NAME`, `IP`, `REASON`, `ADMIN`, `DATE`, `TIME`)");
db_close(bans);
CMD:ban(playerid, params[]) {
new id, reason[48];
if(/*AdminEnum here!*/) return SendClientMessage(playerid, -1, "SERVER: You need to be an admin!");
if(sscanf(params, "us[48]", id, reason)) return SendClientMessage(playerid, -1, "USAGE: /ban PLAYERID REASON");
if(id == INVALID_PLAYER_ID || !IsPlayerConnected(id)) return SendClientMessage(playerid, -1, "SERVER: Invalid ID");
BanWithReason(playerid, id, reason);
return 1;
}
CMD:offlineban(playerid, params[]) {
new Query[240], string[112], pName[24], reason[48], DBResult:result, day, month, year, second, minute, hour, datestring[24], timestring[24];
if(/*AdminEnum here*/) return SendClientMessage(playerid, -1, "SERVER: You need to be an admin!");
if(sscanf(params, "s[24]s[48]", pName, reason)) return SendClientMessage(playerid, -1, "USAGE: /offlineban PLAYERNAME REASON");
format(Query, sizeof(Query), "SELECT `NAME` FROM `BANNED` WHERE `NAME` = '%s'", pName);
result = db_query(bans, Query);
if(!db_num_rows(result))
{
getdate(day, month, year), gettime(hour, minute, second);
format(datestring, sizeof(datestring), "%i-%i-%i", day, month, year), format(timestring, sizeof(timestring), "%i:%i:%i", hour, minute, second);
format(Query, sizeof(Query), "INSERT INTO `BANNED` (`NAME`, `IP`, `REASON`, `ADMIN`, `DATE`, `TIME`) VALUES ('%s', '0', '%s', '%s', '%s', '%s')", DB_Escape(pName), reason, DB_Escape(GetName(playerid)), datestring, timestring);
result = db_query(bans, Query);
if(result)
{
format(string, sizeof(string), "BAN: %s has been offline banned by %s(%d) due to %s", pName, GetName(playerid), playerid, reason);
SendClientMessageToAll(-1, string), string = "\0";
printf("[ban] [%s]: offlinebanned %s due to %s", GetName(playerid), pName, reason);
}
else
{
format(string, sizeof(string), "SERVER: Failed to ban '%s'..", pName), SendClientMessage(playerid, -1, string);
printf("[ban] [%s]: failed to offlineban %s due to %s", GetName(playerid), pName, reason);
}
}
else return SendClientMessage(playerid, -1, "INFO: That username is already banned!");
db_free_result(result);
return 1;
}
stock BanWithReason(playerid = INVALID_PLAYER_ID, targetid, reason[])
{
new Query[240], string[112], DBResult:result, day, month, year, second, minute, hour, datestring[24], timestring[24];
getdate(day, month, year);
gettime(hour, minute, second);
format(datestring, sizeof(datestring), "%i-%i-%i", day, month, year);
format(timestring, sizeof(timestring), "%i:%i:%i", hour, minute, second);
if(playerid != INVALID_PLAYER_ID)
{
format(Query, sizeof(Query), "INSERT INTO `BANNED` (`NAME`, `IP`, `REASON`, `ADMIN`, `DATE`, `TIME`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", DB_Escape(GetName(targetid)), DB_Escape(PlayerIP(targetid)), reason, DB_Escape(GetName(playerid)), datestring, timestring);
result = db_query(bans, Query);
if(result)
{
format(string, sizeof(string), "BAN: %s(%d) has been banned by %s(%d) due to %s", GetName(targetid), targetid, GetName(playerid), playerid, reason);
SendClientMessageToAll(-1, string), string = "\0";
printf("[ban] [%s]: successfully added %s's ban info", GetName(playerid), GetName(targetid));
}
else
{
format(string, sizeof(string), "SERVER: failed to ban '%s'", GetName(targetid));
SendClientMessageToAll(-1, string), string = "\0";
printf("[ban] [%s]: failed to add %s's ban info", GetName(playerid), GetName(targetid));
}
}
/*
else
{
format(Query, sizeof(Query), "INSERT INTO `BANNED` (`NAME`, `IP`, `REASON`, `ADMIN`, `DATE`, `TIME`) VALUES ('%s', '%s', '%s', 'Server', '%s', '%s')", DB_Escape(GetName(targetid)), DB_Escape(PlayerIP(targetid)), reason, datestring, timestring);
result = db_query(bans, Query);
format(string, sizeof(string), "BAN: %s(%d) has been banned by the Server due to %s", GetName(targetid), targetid, reason);
SendClientMessageToAll(COLOR_RED, string), string = "\0";
}
for anti-cheat purposes ^
*/
Query = "\0", db_free_result(result);
SetTimerEx("KickTimer", 100, false, "i", targetid);
}
forward KickTimer(playerid);
public KickTimer(playerid)
{
Kick(playerid);
return 1;
}
stock DB_Escape(text[])
{
new
ret[80 * 2],
ch,
i,
j
;
while ((ch = text[i++]) && j < sizeof (ret))
{
if (ch == '\'')
{
if (j < sizeof (ret) - 2)
{
ret[j++] = '\'';
ret[j++] = '\'';
}
}
else if (j < sizeof (ret))
{
ret[j++] = ch;
}
else
{
j++;
}
}
ret[sizeof (ret) - 1] = '\0';
return ret;
}
stock GetName(playerid)
{
new pnameid[24];
GetPlayerName(playerid,pnameid,sizeof(pnameid));
return pnameid;
}
stock PlayerIP(playerid)
{
new str[16];
GetPlayerIp(playerid, str, sizeof(str));
return str;
}
CMD:searchban(playerid, params[])
{
if(/*AdminEnum here!*/ return SendClientMessage(playerid, -1, "SERVER: You need to be an admin!");
else if(isnull(params)) return SendClientMessage(playerid, -1, "USAGE: /searchban PLAYERNAME/PLAYERIP");
else
{
new Query[240], string[180];
format(Query, sizeof(Query), "SELECT * FROM `BANNED` WHERE `NAME` LIKE '%%%s%%' OR `IP` LIKE '%%%s%%' ORDER BY `DATE` DESC LIMIT 6", params, params);
new DBResult:Result = db_query(bans, Query);
if(db_num_rows(Result))
{
new BannedBy[MAX_PLAYER_NAME], BannedName[MAX_PLAYER_NAME], BannedIP[MAX_PLAYER_NAME], BannedReason[MAX_PLAYER_NAME*2];
do
{
db_get_field_assoc(Result, "NAME", BannedName, sizeof(BannedName));
db_get_field_assoc(Result, "IP", BannedIP, sizeof(BannedIP));
db_get_field_assoc(Result, "ADMIN", BannedBy, sizeof(BannedBy));
db_get_field_assoc(Result, "REASON", BannedReason, sizeof(BannedReason));
format(string, sizeof(string), "- {FC4949}%s(IP: %s) {FFFFFF}- {FC4949}banned by %s {FFFFFF}- due to %s", BannedName, BannedIP, BannedBy, BannedReason);
SendClientMessage(playerid, -1, string);
}
while(db_next_row(Result));
}
else SendClientMessage(playerid, COLOR_ORANGE, "NOTE: No bans found!");
db_free_result(Result);
string = "\0", Query = "\0";
}
return 1;
}
CMD:unban(playerid, params[]) {
new pName[24], reason[50], Query[132], DBResult:Result;
new stringz[92];
if(/*AdminEnum here!*/) return SendClientMessage(playerid, -1, "SERVER: You need to be an level 2 admin!");
if(sscanf(params, "s[24]s[50]", pName, reason)) return SendClientMessage(playerid, -1, "USAGE: /unban [Name] [Reason]");
format(Query, sizeof(Query), "SELECT * FROM `BANNED` WHERE `NAME` = '%s'", pName);
Result = db_query(bans, Query);
if(db_num_rows(Result))
{
format(Query, sizeof(Query), "DELETE FROM `BANNED` WHERE `NAME` = '%s'", pName);
Result = db_query(bans, Query);
format(stringz, sizeof(stringz), "UNBAN: %s has been unbanned by %s due to: %s", GetName(playerid), pName, reason);
SendClientMessageToAll(-1, stringz), stringz = "\0";
}
else SendClientMessage(playerid, -1, "SERVER: No bans found on that user-name!");
stringz = "\0", Query = "\0", reason = "\0";
db_free_result(Result);
return 1;
}
new Query[98], DBResult:Result;
format(Query, sizeof(Query), "SELECT * FROM `BANNED` WHERE `NAME` = '%s' OR `IP` = '%s'", DB_Escape(GetName(playerid)), DB_Escape(PlayerIP(playerid))); // this checks if player's username is in "BANNED" table
Result = db_query(bans, Query);
if(db_num_rows(Result))
{
new banreason[50], bannedby[24], banname[24], banip[18], string[300];
db_get_field_assoc(Result, "REASON", banreason, sizeof(banreason)); db_get_field_assoc(Result, "ADMIN", bannedby, sizeof(bannedby));
db_get_field_assoc(Result, "NAME", banname, sizeof(banname)); db_get_field_assoc(Result, "IP", banip, sizeof(banip));
format(string, sizeof(string), "{FFFFFF}Our system has detected that your {FC4949}username/IP{FFFFFF}is {FC4949}banned.\n{FFFFFF}Banned Name: {FC4949}%s\n{FFFFFF}Banned IP:{FC4949}%s\nBanned by: {FC4949}%s\n{FFFFFF}Reason: {FC4949}%s\n* If you wish to be unbanned, contact the server owner.", banname, banip, bannedby, banreason);
ShowPlayerDialog(playerid, 0, DIALOG_STYLE_MSGBOX, "{FC4949}Ban detected.", string, "Close", ""), string = "\0";
printf("%s has been kicked from OnPlayerConnect - Username ban detection", GetName(playerid));
SetTimerEx("KickTimer", 75, false, "i", playerid);
db_free_result(Result);
string = "\0";
}
stringz = "\0", Query = "\0", reason = "\0";
pawn Код:
Wait what? You're escaping players name INSTEAD of escaping admin input aka ban reason? |
Seriously, if you're gonna criticize, you should also tell them(me, others) what's wrong, and how to fix/improve it.
|
I just told you what is wrong. You're not escaping admin's input.
Also there's really no need to reset variables as they aren't global. |
If I were to explain it all I would be giving away too many trade secrets
I will say this, it involves using gpci, geoip and specially crafted queries. |