SA-MP Forums Archive
oban - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: oban (/showthread.php?tid=641261)



oban - Loinal - 13.09.2017

fixed


Re: oban - Chesher - 13.09.2017

I think its not working for ips. It only working for usernames
Well you can /banip instead using /oban (ip)


Re: oban - Loinal - 13.09.2017

Quote:
Originally Posted by Chesher
Посмотреть сообщение
I think its not working for ips. It only working for usernames
Well you can /banip instead using /oban (ip)
Why should i?


Re: oban - Vince - 13.09.2017

This is very confusing to read. I can also see several issues but none seem to be directly related.

1) Your queries are vulnerable to SQL injection because you're not escaping user input. Use mysql_format and %e. Try issuing !oban 0' OR 1=1; -- and watch how you ban the admin account.
2) You have a memory leak because you don't delete the active cache if the account exists.
3) If you're only interested in the IP then select the IP instead of the entire row.
4) You are mixing threaded and non-threaded queries which I think is a bad idea.
5) Decide whether you actually need "Total_Banned" because you can also use SELECT COUNT(*) from banlist. This depends on the situation. I usually won't delete a ban but rather mark it as "expired".
6) Use the sizeof operator instead of specifying literal values in format(). If the value you supply is larger than the target string's size you will get buffer overflow errors.
7) You are sending a "successful" message before even doing the actual insert. You ought to move that to a callback.
Look up MySQL time and date functions so you don't have to format anything in Pawn.