[Markx]

Hello all, just started a blank gamemode, to try to use MySQL and this is my code:

pawn Код:

//======================9======================================================//
//                                  Includes                                  //
//============================================================================//

#include <a_samp>
#include <zcmd>
#include <sscanf2>
#include <foreach>
#include <streamer>
#include <a_mysql>

//============================================================================//
//                                  Define s                                  //
//============================================================================//

#define SERVER_NAME     "Crazy Ass Server"
#define SERVER_VERSION  "v5.0"
#define SERVER_TIME     "12"
#define SERVER_GRAVITY  "0.00800"

#define SQL_HOST "localhost"
#define SQL_USER "root" 
#define SQL_PASS "" 
#define SQL_DB "sa-mp"
#define mysql_fetch_row(%1) mysql_fetch_row_format(%1,"|")

#define Blue    "003DF5"
#define Red     "FF0000"
#define Green   "66FF00"
#define White   "FFFFFF"

#define DIALOG_AUTOLOGIN        100
#define DIALOG_REGISTER         101
#define DIALOG_LOGIN            102
#define DIALOG_LOGGED           103
#define DIALOG_REGGED           104


//============================================================================//
//                                  New's                                     //
//============================================================================//

enum pInfo
{
    pLevel,
    pVIP,
    pKMA,
    pRank,
    pScore,
    pMoney,
    pKills,
    pDeaths,
    pMuted,
    pJailed,
    pFrozen,
    pMutedTimes,
    pJailedTimes,
    pFrozenTimes,
    pBanned,
    pBannedBy,
    pLoggins,
    pPosX,
    pPosY,
    pPosZ,
    pPosA
}

new PlayerInfo[MAX_PLAYERS][pInfo];

//============================================================================//
//                                  Forwards                                  //
//============================================================================//

//============================================================================//
//                                  Main                                      //
//============================================================================//

main()
{
    print("\t====================================================");
    print("\t\tCrazy Ass Server v5.0");
    print("\t====================================================");
}

//============================================================================//
//                                  Publics                                   //
//============================================================================//
public OnGameModeInit()
{

    //================================================================//
    //                              MySQL part                        //
    //================================================================//
    if(!mysql_connect(SQL_HOST, SQL_USER, SQL_DB, SQL_PASS))
    {
        print("SQL connection attempt 1 FAILED!");
        if(!mysql_connect(SQL_HOST, SQL_USER, SQL_DB, SQL_PASS))
        {
            print("SQL connection attempt 2 FAILED!");
            if(!mysql_connect(SQL_HOST, SQL_USER, SQL_DB, SQL_PASS))
            {
                print("SQL connection attempt 3 FAILED!");
                return 1;
            }
        }
    }
    return 1;
}

public OnGameModeExit()
{
    return 1;
}

public OnPlayerRequestSpawn(playerid)
{
    //================================================================//
    //                              MySQL part                        //
    //================================================================//
    if(GetPVarInt(playerid, "Logged") == 0)
    {
        new Query[200], Pname[24];
        GetPlayerName(playerid, Pname, 24);
        new escpname[24];
        mysql_real_escape_string(Pname, escpname); 
        format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s'" , escpname);
        mysql_query(Query);
        mysql_store_result();
        if(!mysql_num_rows()) ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT , ""Red"User registration", ""White"Welcome to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" register!\n"Blue"Please insert a password below:", "Okay", "Leave");
        else ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT , ""Red"User Loggin", ""White"Welcome back to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" login!\n"Blue"Please insert your password below:", "Okay", "Leave");
        return 0;
    }
    return 1;
}

public OnPlayerSpawn(playerid)
{
    SetPVarInt(playerid, "MoneyGiven", 0);
    return 1;
}

public OnPlayerConnect(playerid)
{
    RemoveUnderScore(playerid);
    //================================================================//
    //                              MySQL part                        //
    //================================================================//
    new Query[200], Pname[24], escpname[24];
    GetPlayerName(playerid, Pname, 24);
    mysql_real_escape_string(Pname, escpname);
    format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s'", escpname);
    mysql_query(Query);
    mysql_store_result();
    if(mysql_num_rows() != 0)
    {
        new PIP[56];
        GetPlayerIp(playerid, PIP, 56);
        format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s' AND `IP` = '%s'", escpname, PIP);
        mysql_query(Query);
        mysql_store_result();
        if(mysql_num_rows() != 0)
        {
            new line[750];
            SetPVarInt(playerid, "Logged", 1); 
            ShowPlayerDialog(playerid, DIALOG_AUTOLOGIN, DIALOG_STYLE_MSGBOX, ""Red"You have been auto-logged in!",""White"You have been sucessfully auto logged in!", "Okay", "");
            if(mysql_fetch_row(line))
            {
                sscanf(line, "p|ddddddddddddddddsffff",
                PlayerInfo[playerid][pLevel],
                PlayerInfo[playerid][pVIP],
                PlayerInfo[playerid][pKMA],
                PlayerInfo[playerid][pRank],
                PlayerInfo[playerid][pScore],
                PlayerInfo[playerid][pMoney],
                PlayerInfo[playerid][pKills],
                PlayerInfo[playerid][pDeaths],
                PlayerInfo[playerid][pMuted],
                PlayerInfo[playerid][pJailed],
                PlayerInfo[playerid][pFrozen],
                PlayerInfo[playerid][pMutedTimes],
                PlayerInfo[playerid][pJailedTimes],
                PlayerInfo[playerid][pFrozenTimes],
                PlayerInfo[playerid][pBanned],
                PlayerInfo[playerid][pLoggins],
                PlayerInfo[playerid][pBannedBy],
                PlayerInfo[playerid][pPosX],
                PlayerInfo[playerid][pPosY],
                PlayerInfo[playerid][pPosZ],
                PlayerInfo[playerid][pPosA]);
                SetPlayerScore(playerid, PlayerInfo[playerid][pScore]);
                GivePlayerMoney(playerid, PlayerInfo[playerid][pMoney]);
                mysql_free_result();
            }
        }
        if(!mysql_num_rows())
        {
            ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT , ""Red"User Loggin", ""White"Welcome back to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" login!\n"Blue"Please insert your password below:", "Okay", "Leave");
        }
    }
    else
    {
        ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT , ""Red"User registration", ""White"Welcome to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" register!\n"Blue"Please insert a password below:", "Okay", "Leave");
    }
    mysql_free_result();
    return 1;
}

public OnPlayerDisconnect(playerid, reason)
{
    //================================================================//
    //                              MySQL part                        //
    //================================================================//
    if(GetPVarInt(playerid, "Logged") == 1)
    {
        new query[300];
        new Pname[24];
        GetPlayerName(playerid, Pname, 24);
        new escpname[24];
        mysql_real_escape_string(Pname, escpname);
        format(query, sizeof(query), "UPDATE `playerinfo` SET `Level` = '%d',, `VIP` = '%d', `KMA` = '%d', `Rank` = '%d', `Score` = '%d', `Money` = '%d', `Kills` = '%d', `Deaths` = '%d', `Muted` = '%d', `Jailed` = '%d', `Frozen` = '%d', `Times Muted` = '%d', `Times Jailed` = '%d', `Times Frozen` = '%d', `Loggins` = '%d', `PossitionX` = '%f', `PossitionY` = '%f', `PossitionZ` = '%f', `PossitionA` = '%f', `Banned by` = '%s' WHERE `user` = '%s'",
        PlayerInfo[playerid][pLevel],
        PlayerInfo[playerid][pVIP],
        PlayerInfo[playerid][pKMA],
        PlayerInfo[playerid][pRank],
        GetPlayerScore(playerid),
        GetPlayerMoney(playerid),
        PlayerInfo[playerid][pKills],
        PlayerInfo[playerid][pDeaths],
        PlayerInfo[playerid][pMuted],
        PlayerInfo[playerid][pJailed],
        PlayerInfo[playerid][pFrozen],
        PlayerInfo[playerid][pMutedTimes],
        PlayerInfo[playerid][pJailedTimes],
        PlayerInfo[playerid][pFrozenTimes],
        PlayerInfo[playerid][pBanned],
        PlayerInfo[playerid][pLoggins],
        PlayerInfo[playerid][pBannedBy],
        PlayerInfo[playerid][pPosX],
        PlayerInfo[playerid][pPosY],
        PlayerInfo[playerid][pPosZ],
        PlayerInfo[playerid][pPosA],
        escpname);
        mysql_query(query);
        mysql_free_result();
    }
    return 1;
}

public OnPlayerDeath(playerid, killerid, reason)
{
    return 1;
}

public OnVehicleSpawn(vehicleid)
{
    return 1;
}

public OnVehicleDeath(vehicleid, killerid)
{
    return 1;
}

public OnPlayerText(playerid, text[])
{
    return 1;
}

public OnPlayerEnterVehicle(playerid, vehicleid, ispassenger)
{
    return 1;
}

public OnPlayerExitVehicle(playerid, vehicleid)
{
    return 1;
}

public OnPlayerStateChange(playerid, newstate, oldstate)
{
    return 1;
}

public OnPlayerEnterCheckpoint(playerid)
{
    return 1;
}

public OnPlayerLeaveCheckpoint(playerid)
{
    return 1;
}

public OnPlayerEnterRaceCheckpoint(playerid)
{
    return 1;
}

public OnPlayerLeaveRaceCheckpoint(playerid)
{
    return 1;
}

public OnRconCommand(cmd[])
{
    return 1;
}

public OnObjectMoved(objectid)
{
    return 1;
}

public OnPlayerObjectMoved(playerid, objectid)
{
    return 1;
}

public OnPlayerPickUpPickup(playerid, pickupid)
{
    return 1;
}

public OnVehicleMod(playerid, vehicleid, componentid)
{
    return 1;
}

public OnVehiclePaintjob(playerid, vehicleid, paintjobid)
{
    return 1;
}

public OnVehicleRespray(playerid, vehicleid, color1, color2)
{
    return 1;
}

public OnPlayerSelectedMenuRow(playerid, row)
{
    return 1;
}

public OnPlayerExitedMenu(playerid)
{
    return 1;
}

public OnPlayerInteriorChange(playerid, newinteriorid, oldinteriorid)
{
    return 1;
}

public OnPlayerKeyStateChange(playerid, newkeys, oldkeys)
{
    return 1;
}

public OnRconLoginAttempt(ip[], password[], success)
{
    return 1;
}

public OnPlayerUpdate(playerid)
{
    return 1;
}

public OnPlayerStreamIn(playerid, forplayerid)
{
    return 1;
}

public OnPlayerStreamOut(playerid, forplayerid)
{
    return 1;
}

public OnVehicleStreamIn(vehicleid, forplayerid)
{
    return 1;
}

public OnVehicleStreamOut(vehicleid, forplayerid)
{
    return 1;
}

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    //================================================================//
    //                              MySQL part                        //
    //================================================================//
    if(dialogid == DIALOG_REGISTER)
    {
       if(response)
       {
            if(!strlen(inputtext))
            {
                ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT , ""Red"User registration", ""White"Welcome to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" register!\n"White"Please insert a password below:", "Okay", "Leave");
                SendClientMessage(playerid, 0xF60000AA, ""Blue"[System] "White"You "Red"have"White" to enter a password in order to start playing!");
            }
            new PIP[50];
            new Query[200], Pname[24];
            new str[28];
            format(str, sizeof str, "Not banned");
            GetPlayerName(playerid, Pname, 24);
            new escpname[24], escpass[100];
            mysql_real_escape_string(inputtext, escpass);
            mysql_real_escape_string(Pname, escpname); 
            GetPlayerIp(playerid, PIP, 50);
            format(Query, sizeof(Query), "INSERT INTO `playerinfo` (`user`, `password`, `Level`, `VIP`, `KMA`, `Rank`, `Score`, `Money`, `Kills`, `Deaths`, `Muted`, `Jailed`, `Frozen`, `Times Muted`, `Times Jailed`, `Times Frozen`, `Loggins`, `PossitionX`, `PossitionY`, `PossitionZ`, `PossitionA`, `Banned by`, IP) VALUES ('%s', '%s', 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, '%s', '%s')", escpname, escpass, str,PIP); //Insert string
            mysql_query(Query);
            GameTextForPlayer(playerid, "~g~Registered sucessfully!", 2000, 3);
            ShowPlayerDialog(playerid, DIALOG_REGGED, DIALOG_STYLE_MSGBOX, ""Red"You have sucessfully created a new account!",""White"You have been registerd and logged in!", "Okay", "");
            SetPVarInt(playerid, "Logged", 1);
        }
    }
    if(dialogid == DIALOG_LOGIN)
    {
       if(response)
       {
           new Query[200], Pname[24];
           GetPlayerName(playerid, Pname, 24);
           new escpname[24];
           mysql_real_escape_string(Pname, escpname);
           format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `user` = '%s' AND `password` = '%s'", escpname, inputtext);
           mysql_query(Query);
           mysql_store_result();
           if(!mysql_num_rows())
           {
               SendClientMessage(playerid, 0xF60000AA, ""Blue"[System] "White"Invaild passowrd, please try again! "Red"Max tries: 3");
               SetPVarInt(playerid, "WrongPass", GetPVarInt(playerid, "WrongPass") + 1);
               ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_INPUT , ""Red"User Loggin", ""White"Welcome back to "Red"Crazy Ass Server!\n\n"White"In order to start playing you "Red"must"White" login!\n"Blue"Please insert your password below:", "Okay", "Leave");
               if(GetPVarInt(playerid, "WrongPass") == 3)
               {
                   SendClientMessage(playerid, 0xF60000AA, ""Blue"[System] "White"Max password tries exceeded!");
                   Kick(playerid);
               }
           }
           else
           {
               new line[750];
               if(mysql_fetch_row(line))
               {
                    sscanf(line, "p|ddddddddddddddddsffff",
                    PlayerInfo[playerid][pLevel],
                    PlayerInfo[playerid][pVIP],
                    PlayerInfo[playerid][pKMA],
                    PlayerInfo[playerid][pRank],
                    PlayerInfo[playerid][pScore],
                    PlayerInfo[playerid][pMoney],
                    PlayerInfo[playerid][pKills],
                    PlayerInfo[playerid][pDeaths],
                    PlayerInfo[playerid][pMuted],
                    PlayerInfo[playerid][pJailed],
                    PlayerInfo[playerid][pFrozen],
                    PlayerInfo[playerid][pMutedTimes],
                    PlayerInfo[playerid][pJailedTimes],
                    PlayerInfo[playerid][pFrozenTimes],
                    PlayerInfo[playerid][pBanned],
                    PlayerInfo[playerid][pLoggins],
                    PlayerInfo[playerid][pBannedBy],
                    PlayerInfo[playerid][pPosX],
                    PlayerInfo[playerid][pPosY],
                    PlayerInfo[playerid][pPosZ],
                    PlayerInfo[playerid][pPosA]);
                    SetPlayerScore(playerid, PlayerInfo[playerid][pScore]);
                    GivePlayerMoney(playerid, PlayerInfo[playerid][pMoney]);
                    mysql_free_result();
               }
           }
       }
    }
    return 1;
}

public OnPlayerClickPlayer(playerid, clickedplayerid, source)
{
    return 1;
}

//============================================================================//
//                                  Player Commands                           //
//============================================================================//


//============================================================================//
//                                  Admin Commands                            //
//============================================================================//


//============================================================================//
//                                  Stocks                                    //
//============================================================================//

stock RemoveUnderScore(playerid)
{
    new name[MAX_PLAYER_NAME];
    GetPlayerName(playerid,name,sizeof(name));
    for(new i = 0; i < MAX_PLAYER_NAME; i++)
    {
        if(name[i] == '_') name[i] = ' ';
    }
    return name;
}

The problem is that when i join, it says that im auto-logged in or that i should login, i put a random password and it works. Give me some help please.

[JaTochNietDan]

That's some very messy code, in OnPlayerConnect you first of all do a query which selects all of the columns data for that row, then you store the data, then you do another query again with selects all of the columns data again for that row....without even freeing the result of the last query...but why do you select all of that data in the first place if you're not going to use it? You do the same thing in OnPlayerRequestSpawn, which by the way could be spammed quite heavily, that's a possible denial of service exploit right there since you've not even threaded the query!

There's also an SQL injection exploit in your login code, all someone would have to do is type '; DELETE *; at the login dialog box and your entire database would be deleted. This is especially strange because you take the time to escape the name (which cannot contain quotes so it technically cannot be used for injection), but you don't escape the most important part, the one where someone can literally type anything they want into it.

Another thing is that you have several logic paths where you store a result and never free it!

I don't really know why you're experiencing these problems, but when a system is coded this badly in the first place then it's bound to have a lot of problems.

[Markx]

That was a bit to advanced for me..Well i followed this tutorial, and it seems it failed very bad. Could you explain me how to fix it?

EDIT: Yeah i see the missing mysql_free_result();

[JaTochNietDan]

Quote:

Originally Posted by Markx That was a bit to advanced for me..Well i followed this tutorial, and it seems it failed very bad. Could you explain me how to fix it? EDIT: Yeah i see the missing mysql_free_result();

Well instead of following that tutorial which is clearly teaching some horrible coding methods, then you should actually learn what the functions do and how the MySQL API works by reading the documentation on the SA-MP Wiki. There's plenty of it there that explains everything about the function.

If that's still troubling, there are plenty of resources around the internet for learning how to write good SQL code and practicing good coding techniques that make sense. There's also the official PAWN documentation at CompuPhase. I can't tell you how to fix this because there's so much wrong with it, it would just have to be completely re-written.

I'm sure you could find a solution to your specific problem, but that's not going to change the vast majority of problems with this code!

Note: There isn't just one missing mysql_free_result, there are several logical paths where it is missing.

[Markx]

Quote:

Originally Posted by JaTochNietDan Well instead of following that tutorial which is clearly teaching some horrible coding methods, then you should actually learn what the functions do and how the MySQL API works by reading the documentation on the SA-MP Wiki. There's plenty of it there that explains everything about the function. If that's still troubling, there are plenty of resources around the internet for learning how to write good SQL code and practicing good coding techniques that make sense. There's also the official PAWN documentation at CompuPhase. I can't tell you how to fix this because there's so much wrong with it, it would just have to be completely re-written. I'm sure you could find a solution to your specific problem, but that's not going to change the vast majority of problems with this code! Note: There isn't just one missing mysql_free_result, there are several logical paths where it is missing.

Alright. I will read it! Which tutorial for MySQL Register/Login system would you suggest me?

[JaTochNietDan]

Quote:

Originally Posted by Markx Alright. I will read it! Which tutorial for MySQL Register/Login system would you suggest me?

Why do you need a tutorial? Just learn what the functions do and make your own MySQL Register/Login system when you're confident you understand what the functions do and know how to use them logically.

Also I'm pretty sure the creator of the MySQL plugin (G-sTyLeZzZ) even released an example filterscript with an account system in it, that would be properly coded, maybe you could learn from that.

Edit: It's here

[Markx]

Well, i cant just write the script, i can learn all the functions but i dont know how to use them, im not that good scripter, i could do that in y_ini or some other file saving systems but not with MySQL, its a bit to hard for me, thats why i follow tutorials to get how to use them and then make my own.

[[HiC]TheKiller]

Quote:

Originally Posted by Markx EDIT: Yeah i see the missing mysql_free_result();

Interesting thing was I checked the tutorial 2 minutes ago and there was actually a mysql_free_result there. Anyway, I deleted the tutorial, I'll make a new one if I have the time.

[Markx]

Quote:

Originally Posted by [HiC]TheKiller Interesting thing was I checked the tutorial 2 minutes ago and there was actually a mysql_free_result there. Anyway, I deleted the tutorial, I'll make a new one if I have the time.

Yeah i saw it too.

[JaTochNietDan]

Quote:

Originally Posted by Markx Well, i cant just write the script, i can learn all the functions but i dont know how to use them, im not that good scripter, i could do that in y_ini or some other file saving systems but not with MySQL, its a bit to hard for me, thats why i follow tutorials to get how to use them and then make my own.

Why not view the example filterscript then? That's one created by the creator of the SA-MP MySQL plugin! I'm pretty sure he's going to know what he's doing and code it correctly.

Also it sounds like you actually have a problem with the programming concept in general, I suggest you learn some of the programming basics and understand what functions mean and what they do, that is the key to learning programming, then all you need to know is what the function does, its parameters and its return value, all of which are supplied on the SA-MP Wiki for almost every function released on these forums.

If you learn the basics of programming properly and actually understand what you are writing, why you are writing it and start learning how to do/use algorithmic problem solving, this will all become crystal clear. There's no reason that people learning programming should ever have to ask people for help, it's all out there answered already for them, there are very few things that you would not be able to figure out yourself.