[Outbreak]

I changed to SQLite Database for my server. It all was going fine, then some of the players started getting banned by an admin, but it was a hacker on an admin account...

We knew it was a hacker cos the person whos account they were using was in IRC chat talking to me at the time, and didnt have their game open.

Then it started happening again, someone joining the server under admin names and using admin commands to ban or kick players.

I tried myself to do it, but i have no idea how they have got into the accounts

[Marcel]

In OnPlayerDisconnect or OnPlayerConnect, do you reset the player's admin level?

[Sergei]

Possible SQL injection? You could also tell us how your account system work.

[Outbreak]

Everything on connect and disconnect is reset. And al seems to work fine. Then after a couple of hours it just goes crazy..

Admins cant ban, players cant login, and their accounts appear unregistered.

I re-hashed the passwords using whirlpool, which seems to be ok now... But im not sure why the accounts and bans stop working after so long

[Marcel]

Try using mysql_escape_string with every user input you use, or basicly every inpute / update query.

[Outbreak]

if something needs doing, i have it open the database, update, insert or query...

Then close the database.

I tried it opening it from when the gamemode starts, and closing the database when the gamemode exits.. But still had the same problems.

I'm gonna go back to dini for now until i write something else with another database format... SQLite isn't impressing me at all.

[Outbreak]

Everything was working perfectly fine, then suddenly it goes crazy..

With the old account system i used, there was no such problems.

I don't pretend to fully understand sql, i tried learning it and wrote an account and ban system that seems to work perfect, for a few hours.

Then any command that requires the database suddenly stops working...

I have around 1300 lines of code for the database in a sepperate file... If anyone with great knowledge on SQL is willing to help me and would like to take a look please PM me.

[Dabombber]

Sounds like the database is locked, maybe you're forgetting to end a transaction somewhere.

[Outbreak]

Ok i tried looking through and im unable to find exactly whats causing it... Here is the code for my database handler

The indention went a little crazy on pastebin so i fixed it up as best i could..


http://pawn.pastebin.com/m2d79f225

[Dabombber]

You open databases and don't close them, maybe samp has a limit on the number of databases that can be open, or the number of connections to a database or something.

You might also want to look at the SQLite time functions, it makes dealing with dates and stuff look a lot nicer than using pawn. You could just make the default value CURRENT_TIMESTAMP (or CURRENT_DATE and CURRENT_TIME) and then you wouldn't even need to have it in the insert query. SQlite uses UTC time by default do you'll need to use [code=sql]datetime(`timestamp`,'localtime') AS `timestamp`[/code] in your select statements, or you could use [code=sql]datetime('now','localtime')[/code] in your inserts.