This one command! /unban
#1

Ok this was my last resort.

Our script has ALWAYS compiled just fine. Then we discovered a security flaw in one of the Admin commands.

Код:
if(strcmp(cmd, "/unban", true) == 0)
	{
	    if(IsPlayerConnected(playerid))
	    {
         	new length = strlen(cmdtext);
			while ((idx < length) && (cmdtext[idx] <= ' '))
			{
				idx++;
			}
			new offset = idx;
			new result[128];
			while ((idx < length) && ((idx - offset) < (sizeof(result) - 1)))
			{
				result[idx - offset] = cmdtext[idx];
				idx++;
			}
			result[idx - offset] = EOS;
			if(!strlen(result))
			{
				SendClientMessage(playerid, COLOR_GRAD2, "{00FF00}Usage:{FFFFFF} /unban [EXACT_NAME]");
				return 1;
			}
			new Query[256];
		   	format(Query, sizeof(Query), "SELECT `username` FROM `players` WHERE username = '%s' AND Registered = -999 LIMIT 1", (result));
			mysql_query(Query);
			mysql_store_result();
			if(!mysql_num_rows())
			{
		    	format(string, sizeof(string), "Nobody with the name %s is banned!", (result));
				mysql_free_result();
				return SendClientMessage(playerid, 0xDC0C0CFF, string);
			}
			else if(mysql_num_rows() != 0)
			{
			    format(Query, sizeof(Query), "UPDATE `players` SET `Registered` = 1 WHERE username = '%s'", (result));
				mysql_query(Query);
				mysql_store_result();
				format(string, sizeof(string), "{DC0C0C}[Info:] {FFFFFF}%s got unbanned!", (result));
				ABroadCast(0xa9c4e4FF, string, 1);
				mysql_free_result();
			}
	    }
	}
One thing is missing from here, and I hate to say it, but the admin restriction wasn't added. (Not my fault, actually)
I've tried in many ways to add the Admin Level restriction to where only a set admin level would use this command, and no matter what, either the pawno compiler crashes, or it throws me errors in other lines of the script that have nothing to do with this command. (Which is why I hate coding in the first place, but i do try)

So here's the thing, if(PlayerInfo[playerid][pAdmin] >= 1) should be added, but whenever I do it, Pawno Crashes

Any help would be greatly appreciated
Reply
#2

I have a feeling you were adding that in, but you were forgetting or were not properly matching the braces that you added, therefore causing an error with missing or unmatched braces, continuing to make the script/pawno crash during compilation. So give this a try instead:

pawn Код:
if(strcmp(cmd, "/unban", true) == 0)
{
    if(IsPlayerConnected(playerid))
    {
        if(PlayerInfo[playerid][pAdmin] < 1) return SendClientMessage(playerid, 0xFF0000FF, "You must be an Administrator to use this command!");
        new length = strlen(cmdtext);
    while ((idx < length) && (cmdtext[idx] <= ' '))
    {
        idx++;
    }
    new offset = idx;
    new result[128];
    while ((idx < length) && ((idx - offset) < (sizeof(result) - 1)))
    {
        result[idx - offset] = cmdtext[idx];
        idx++;
    }
    result[idx - offset] = EOS;
    if(!strlen(result))
    {
        SendClientMessage(playerid, COLOR_GRAD2, "{00FF00}Usage:{FFFFFF} /unban [EXACT_NAME]");
        return 1;
    }
    new Query[256];
    format(Query, sizeof(Query), "SELECT `username` FROM `players` WHERE username = '%s' AND Registered = -999 LIMIT 1", (result));
    mysql_query(Query);
    mysql_store_result();
    if(!mysql_num_rows())
    {
        format(string, sizeof(string), "Nobody with the name %s is banned!", (result));
        mysql_free_result();
        return SendClientMessage(playerid, 0xDC0C0CFF, string);
    }
    else if(mysql_num_rows() != 0)
    {
        format(Query, sizeof(Query), "UPDATE `players` SET `Registered` = 1 WHERE username = '%s'", (result));
        mysql_query(Query);
        mysql_store_result();
        format(string, sizeof(string), "{DC0C0C}[Info:] {FFFFFF}%s got unbanned!", (result));
        ABroadCast(0xa9c4e4FF, string, 1);
        mysql_free_result();
    }
    }
    return 1;
}
Reply
#3

Try using the opposite of it, for example:
pawn Код:
if(PlayerInfo[playerid][pAdmin] < 5)
Because just yesterday, I don't know why but when I tried doing pAdmin > 1, it didn't work, but when I dod pAdmin < 1, it worked. I don't know why, it might be a fault in my coding, but try it! God knows :0
Reply
#4

Quote:
Originally Posted by BenzoAMG
Посмотреть сообщение
I have a feeling you were adding that in, but you were forgetting or were not properly matching the braces that you added, therefore causing an error with missing or unmatched braces, continuing to make the script/pawno crash during compilation. So give this a try instead:

pawn Код:
if(strcmp(cmd, "/unban", true) == 0)
{
    if(IsPlayerConnected(playerid))
    {
        if(PlayerInfo[playerid][pAdmin] < 1) return SendClientMessage(playerid, 0xFF0000FF, "You must be an Administrator to use this command!");
        new length = strlen(cmdtext);
    while ((idx < length) && (cmdtext[idx] <= ' '))
    {
        idx++;
    }
    new offset = idx;
    new result[128];
    while ((idx < length) && ((idx - offset) < (sizeof(result) - 1)))
    {
        result[idx - offset] = cmdtext[idx];
        idx++;
    }
    result[idx - offset] = EOS;
    if(!strlen(result))
    {
        SendClientMessage(playerid, COLOR_GRAD2, "{00FF00}Usage:{FFFFFF} /unban [EXACT_NAME]");
        return 1;
    }
    new Query[256];
    format(Query, sizeof(Query), "SELECT `username` FROM `players` WHERE username = '%s' AND Registered = -999 LIMIT 1", (result));
    mysql_query(Query);
    mysql_store_result();
    if(!mysql_num_rows())
    {
        format(string, sizeof(string), "Nobody with the name %s is banned!", (result));
        mysql_free_result();
        return SendClientMessage(playerid, 0xDC0C0CFF, string);
    }
    else if(mysql_num_rows() != 0)
    {
        format(Query, sizeof(Query), "UPDATE `players` SET `Registered` = 1 WHERE username = '%s'", (result));
        mysql_query(Query);
        mysql_store_result();
        format(string, sizeof(string), "{DC0C0C}[Info:] {FFFFFF}%s got unbanned!", (result));
        ABroadCast(0xa9c4e4FF, string, 1);
        mysql_free_result();
    }
    }
    return 1;
}
OMG THANK YOU THANK YOU!!!!!!!!
I can't believe I overlooked this!

Thank you BOTH for helping with this! /me runs to the coffee maker to finish this up.

Merry Christmas!
Reply
#5

Rep please
Reply
#6

Quote:
Originally Posted by BenzoAMG
Посмотреть сообщение
Rep please
Reply
#7

Quote:
Originally Posted by Rajat_Pawar
Посмотреть сообщение
I agree... it seems my friend has logged onto my account and done this. -___-

*Double Facepalm*
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)