Mysql crash issue - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Mysql crash issue (/showthread.php?tid=620816)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Mysql crash issue (/showthread.php?tid=620816)
Mysql crash issue - TheDarkBlade - 03.11.2016
so recently i have been getting some crashes and started looking into it , and it seems that players are somehow abusing the /changepass command to crash the server .
if they type in the box %s or anything the server crashes .
I tryed adding strfind for the % symbol but no succes .
I changed the %s parameter from the query to %e
this is the code .
Код:
if(dialogid == DIALOG_NEWPASS)
{
if(response)
{
new length = strlen(inputtext);
if(length == 0 || length > 15)
{
SendClientMessage(playerid, COLOR_WHITE, "Please enter another password (maximum 15 characters).");
ShowPlayerDialog(playerid, DIALOG_NEWPASS,DIALOG_STYLE_INPUT, "Change password:","Type in box your new password:","Done","Close");
return 1;
}
if(strfind(inputtext,"%")!= -1) return Kick(playerid);
if(strlen(inputtext) > 1 && strlen(inputtext) < 16)
{
new tmppass[64],namee[30],playerip[16];
mysql_real_escape_string(inputtext, tmppass);
strmid(PlayerInfo[playerid][pKey], tmppass, 0, strlen(tmppass), 255);
format(string,sizeof(string),"Your new password is %s.",tmppass);
SendClientMessage(playerid, COLOR_YELLOW,string);
GetPlayerName(playerid, namee, sizeof(namee));
GetPlayerIp(playerid, playerip, sizeof(playerip));
format(string,sizeof(string),"%s[user:%d] changed his password. IP: %s",namee,PlayerInfo[playerid][pSQLID],playerip);
ABroadCast(COLOR_YELLOW, string,1);
GetPlayerName(playerid,sendername,sizeof(sendername));
new str2[240];
mysql_format(SQL, str2, sizeof(str2), "UPDATE users SET `password`='%e' WHERE `name`='%s'",PlayerInfo[playerid][pKey], PlayerInfo[playerid][pNormalName]);
mysql_tquery(SQL,str2,"","");
return 1;
}
else
{
ShowPlayerDialog(playerid, DIALOG_NEWPASS,DIALOG_STYLE_INPUT, "Change password:","Type in box your new password:","Done","Close");
return 1;
}
Re: Mysql crash issue - TheDarkBlade - 03.11.2016
bump
Re: Mysql crash issue - dicknyson - 03.11.2016
Код:
if(strfind(inputtext,"%%")!= -1) return Kick(playerid);
Format Specifiers
%i Integer (whole number)
%d Integer (whole number).
%s String
%f Floating-point number (Float: tag)
%c ASCII character
%x Hexadecimal number
%b Binary number
%% Literal '%'
%q Escape a text for SQLite. (Added in 0.3.7 R2)