25.06.2014, 11:13
So I'm starting to learn mysql, I'm a few years late but it's better late than never. How ever I don't know if I've done it the most proficient way, and whether or not it's safe from sql attacks/injections. So it would be appreciated if someone experienced with mysql had a look at it!
Here's how I've done it:
So, have I done it correctly, or can it be improved?
(The actual mysql bits; not any other bits)
Thank you in advance.
Here's how I've done it:
pawn Код:
format(query, sizeof(query), "SELECT * from `fortcarson` WHERE Fullname = '%s' LIMIT 1", GetPlayersName(playerid));
mysql_tquery(Mysql_users, query, "IsAccountRegistered", "i", playerid);
pawn Код:
forward IsAccountRegistered(playerid);
public IsAccountRegistered(playerid)
{
new rows, fields, string[256], query[1052];
cache_get_data(rows, fields, Mysql_users);
if(rows) // If account is registered
{
mysql_format(Mysql_users, query, sizeof(query), "SELECT * FROM `fortcarson` WHERE `Fullname` = '%e' LIMIT 1", GetPlayersName(playerid));
mysql_tquery(Mysql_users, query, "Loadplayerdata", "i", playerid);
format(string, sizeof(string), "{FFFFFF}Hello, %s!\n\nWelcome back to {D69929}Fort Carson{FFFFFF}.\nPlease login with your existing password below.", GetPlayersName(playerid));
ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{FFFFFF}Welcome back to Fort Carson.", string, "Login", "Leave");
}
else if(!rows) {
format(string, sizeof(string), "{FFFFFF}Hello, %s.\n\nWelcome to {D69929}Fort Carson Roleplay!{FFFFFF}\nYour account doesn't seem to exist.\nPlease input a desired password below.", GetPlayersName(playerid));
ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT, "{FFFFFF}Welcome to Fort Carson.", string, "Register", "Leave");
}
return 1;
}
pawn Код:
if(dialogid == DIALOG_LOGIN)
{
if(response)
{
if(!strlen(inputtext))
{
format(string, sizeof(string), "{FFFFFF}Hello, %s!\n\nWelcome back to {D69929}Fort Carson{FFFFFF}.\nPlease login with your existing password below.", GetPlayersName(playerid));
ShowPlayerDialog(playerid, DIALOG_LOGIN, DIALOG_STYLE_PASSWORD, "{FFFFFF}Welcome back to Fort Carson.", string, "Login", "Leave");
}
format(string, sizeof(string), "%s", inputtext);
WP_Hash(password, sizeof (password), string);
if(!strcmp(password, PlayerData[playerid][Password]))
{
if(PlayerData[playerid][Banned] == 1)
{
foreach(Player, i)
{
if(PlayerData[i][AdminLevel] >=1 )
{
format(string, sizeof(string), "Admin:{FFFFFF} %s just attempted to log into their banned account.", GetPlayersName(playerid));
SendClientMessage(i, COLOR_PALERED, string);
}
}
SendClientMessage(playerid, COLOR_PALERED, "You are currently banned from the server.");
format(string, sizeof(string), "Reason:{FFFFFF} %s", PlayerData[playerid][BanReason]);
SendClientMessage(playerid, COLOR_PALERED, string);
format(string, sizeof(string), "Banned by:{FFFFFF} %s", PlayerData[playerid][BannedBy]);
SendClientMessage(playerid, COLOR_PALERED, string);
SendClientMessage(playerid, COLOR_WHITE, "You can protest this ban on our forums, just take a screenshot of this.");
KickEx(playerid);
return 1;
}
if(PlayerData[playerid][AdminLevel] == 0)
{
SpawnPlayer(playerid);
format(string, sizeof(string), "Welcome back to Fort Carson,{FFFFFF} %s.", GetPlayersName(playerid));
SendClientMessage(playerid, COLOR_SERVER, string);
gIsPlayerLoggedIn[playerid] = 1;
}
else if(PlayerData[playerid][AdminLevel] >= 1)
{
ShowPlayerDialog(playerid, DIALOG_ADMINAUTH, DIALOG_STYLE_INPUT, "Administration Security", "Please enter your Administration Key to continue", "Submit", "Cancel");
}
return 1;
}
else
{
SendClientMessage(playerid, COLOR_PALERED, "Warning:{FFFFFF} That password was incorrect. You have been kicked from the server.");
KickEx(playerid);
}
}
else
{
SendClientMessage(playerid, COLOR_SERVER, "Warning:{FFFFFF} You chose to leave the server.");
KickEx(playerid);
}
return 1;
}
else if(dialogid == DIALOG_REGISTER)
{
if(response)
{
if(!strlen(inputtext))
{
format(string, sizeof(string), "{FFFFFF}Hello, %s.\n\nWelcome to {D69929}Fort Carson Roleplay!{FFFFFF}\nYour account doesn't seem to exist.\nPlease input a desired password below.", GetPlayersName(playerid));
ShowPlayerDialog(playerid, DIALOG_REGISTER, DIALOG_STYLE_INPUT, "{FFFFFF}Welcome to Fort Carson.", string, "Register", "Leave");
}
format(string, sizeof(string), "%s", inputtext);
WP_Hash(password, sizeof(password), string);
format(PlayerData[playerid][Fullname], 126, "%s", GetPlayersName(playerid));
format(PlayerData[playerid][Password], 129, "%s", password);
PlayerData[playerid][PositionX] = 155.435546;
PlayerData[playerid][PositionY] = 1174.296875;
PlayerData[playerid][PositionZ] = 15.491741;
PlayerData[playerid][PositionA] = 75.370346;
PlayerData[playerid][Health] = 100; PlayerData[playerid][Armour] = 0;
PlayerData[playerid][Interior] = 0; PlayerData[playerid][VirtualWorld] = 0;
gIsPlayerLoggedIn[playerid] = 1;
SpawnPlayer(playerid);
format(string, sizeof(string), "Welcome to Fort Carson,{FFFFFF} %s.", GetPlayersName(playerid));
SendClientMessage(playerid, COLOR_SERVER, string);
mysql_format(Mysql_users, query, sizeof(query), "INSERT INTO `fortcarson` (`Fullname`, `Password`, `PositionX`, `PositionY`, `PositionZ`, `PositionA`, `Health` ,`Armour`, `Interior`, `VirtualWorld`) VALUES ('%s', '%s', 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0, 0)", PlayerData[playerid][Fullname], PlayerData[playerid][Password]);
mysql_tquery(Mysql_users, query, "", "");
}
else
{
SendClientMessage(playerid, COLOR_SERVER, "Warning:{FFFFFF} You chose to leave the server.");
KickEx(playerid);
}
}
So, have I done it correctly, or can it be improved?
(The actual mysql bits; not any other bits)
Thank you in advance.
