1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
Report bug
Zeus666
Gangsta
****
Posts: 675
Threads: 160
Joined: Mar 2015
Reputation: 0
#1

21.10.2018, 22:05
( Последний раз редактировалось Zeus666; 22.10.2018 в 09:10. )
, so, when I type /re something to report

It saves in mysql but it doesn't show that I sent the report / it doesn't show for admins that report was received.

Also I can spam with /re

Errors mentioned above applies for /report too


PHP код:
forward OnPlayerReport(playeridtargetidreason);
public OnPlayerReport(playeridtargetidreason)
{
    new rowsfields;
    cache_get_data(rowsfieldshandle);
    new  reportid;
    new count cache_num_rows();
    if(count 0)
    {
        new reportstring[250],reportstring2[250];
           reportid cache_get_field_content_int(0"ID"handle);
        format(reportstring2,sizeof(reportstring2), ""chat""COL_YELLOW"[REF:#%d]: Your report upon %s(%d) has been sent "COL_WHITE" (Reason: %s)",reportidPlayerName(targetid),targetidreason);
        SendClientMessage(playerid,-1,reportstring2);
        format(reportstring,sizeof(reportstring), ""chat""COL_YELLOW"[REF:#%d]: Player %s(ID:%d) has reported %s(ID:%d)"COL_WHITE" (Reason: %s)",reportidPlayerName(playerid),playerid,PlayerName(targetid),targetid,reason);
        SendMessageToAllAdmins(reportstring,-1);
          pInfo[playerid][pReported] = 1;
          timeras[playerid] = SetTimerEx("Report"600000"i"playerid);
    }
}
forward OnPlayerReporte(playeridreason);
public OnPlayerReporte(playeridreason)
{
    new rowsfields;
    cache_get_data(rowsfieldshandle);
    new  reportid;
    new count cache_num_rows();
    if(count 0)
    {
        new reportstring[250],reportstring2[250];
           reportid cache_get_field_content_int(0"ID"handle);
        format(reportstring2,sizeof(reportstring2), ""chat""COL_YELLOW"[REF:#%d]: Your report was sent. "COL_WHITE" Title: [%s].",reportidreason);
        SendClientMessage(playerid,-1,reportstring2);
        format(reportstring,sizeof(reportstring), ""chat""COL_YELLOW"[REF:#%d]: Player %s(ID:%d) has reported an error. "COL_WHITE" (Title: %s)",reportidPlayerName(playerid),playerid,reason);
        SendMessageToAllAdmins(reportstring,-1);
          pInfo[playerid][pReported] = 1;
          timeras[playerid] = SetTimerEx("Report"600000"i"playerid);
    }


PHP код:
CMD:report(playerid,params[])
{
    new targetid,reason[250];
    if(sscanf(params"us[105]"targetid,reason)) return SendClientMessage(playerid,-1,""chat" /report [playerid] [Reason]");
    if(!IsPlayerConnected(targetid)) return SendClientMessage(playerid,-1,""COL_RED"Not online");
     if(targetid == playerid) return SendClientMessage(playerid,-1""COL_RED"EROARE:  Can report yourself.");
    if(!IsPlayerNPC(targetid))
    {
        if(pInfo[playerid][pReported] == 0)
        {
            format(jQueryMAX_QUERY_LENGTH"INSERT INTO `"#reportlog"` (Username, Targetname, Report, Data) VALUES ('%s', '%s', '%s', CURRENT_TIMESTAMP)",PlayerName(playerid),PlayerName(targetid), reason);
            mysql_tquery(handlejQuery"""");
            mysql_tquery(handle"SELECT * FROM `reportlog` ORDER BY ID DESC LIMIT 1""OnPlayerReport""uus[80]"playeridtargetidreason);
        }
        else {
            SendClientMessage(playerid,-1,""COL_RED"Wait 1 minute");
        }
    }
    else return SendClientMessage(playerid,-1,""COL_RED"can't report npc !");
    return 1;
}
CMD:re(playerid,params[])
{
        new reason[250];
        if(sscanf(params"s[80]",reason)) return SendClientMessage(playerid,-1,""chat" /(re)port [Reason]");
        if(pInfo[playerid][pReported] == 0)
        {
            format(jQueryMAX_QUERY_LENGTH"INSERT INTO `"#reportlog"` (Username, Report, Data) VALUES ('%s', '%s', CURRENT_TIMESTAMP)",PlayerName(playerid), reason);
            mysql_tquery(handlejQuery"""");
            mysql_tquery(handle"SELECT * FROM `reportlog` ORDER BY ID DESC LIMIT 1""OnPlayerReporte""s[80]"playeridreason);
        }
        else {
            SendClientMessage(playerid,-1,""COL_RED"Wait one minute");
        }
        return 1;

Find
Reply
v1k1nG
Huge Clucker
****
Posts: 497
Threads: 21
Joined: Feb 2018
Reputation: 0
#2

21.10.2018, 22:48
PHP код:
if(sscanf(params"s[80]",reason)) return SendClientMessage(playerid,-1,""chat" /(re)port [Reason]"); 
You need to specify the id to report:
PHP код:
new reportid// Define that now before using sscanf
if(sscanf(params"ds[80]",reportidreason)) return SendClientMessage(playerid,-1,""chat" /(re)port [ID] [Reason]"); 
And

PHP код:
reportid cache_get_field_content_int(playerid"ID"); 
That ID doesn't mean (I guess) PLAYERID, but the account id saved in the database.
Find
Reply
Zeus666
Gangsta
****
Posts: 675
Threads: 160
Joined: Mar 2015
Reputation: 0
#3

21.10.2018, 22:51
Quote:
Originally Posted by v1k1nG
Посмотреть сообщение
PHP код:
if(sscanf(params"s[80]",reason)) return SendClientMessage(playerid,-1,""chat" /(re)port [Reason]"); 
You need to specify the id to report:
PHP код:
new reportid// Define that now before using sscanf
if(sscanf(params"ds[80]",reportidreason)) return SendClientMessage(playerid,-1,""chat" /(re)port [ID] [Reason]"); 
And

PHP код:
reportid cache_get_field_content_int(playerid"ID"); 
That ID doesn't mean (I guess) PLAYERID, but the account id saved in the database.

I mean, ID as the ID Column in the MYSQL.

Not the ID as the TargetID
Find
Reply
Jefff
Banned
Posts: 2,593
Threads: 34
Joined: Dec 2007
#4

21.10.2018, 23:11
you need to learn how to use mysql_tquery correctly same mysql_query
Find
Reply
Chyakka
Big Clucker
***
Posts: 61
Threads: 4
Joined: Jul 2015
Reputation: 0
#5

21.10.2018, 23:15
You're trying to fetch fields from the database without a select query, you'd have to run another query after inserting the new report which would select from the reportlog table ordered by id in a descending order with a limit of 1 to ensure you're selecting the latest entry to the database, it'd look something like this:

Код:
CMD:re(playerid,params[]) 
{ 
    new reason[250],reportstring[250],reportstring2[250], targetid; 
    if(sscanf(params, "s[80]",reason)) return SendClientMessage(playerid,-1,""chat" /(re)port [Reason]"); 
    if(pInfo[playerid][pReported] == 0) 
        { 
            format(jQuery, MAX_QUERY_LENGTH, "INSERT INTO `"#reportlog"` (Username, REPORT, DATA) VALUES ('%s', '%s', CURRENT_TIMESTAMP)",PlayerName(playerid), reason); 
            mysql_tquery(handle, jQuery, "", ""); 
			mysql_tquery(mysql, "SELECT * FROM `reportlog` ORDER BY ID DESC LIMIT 1", "OnPlayerReport", "uus[80]", playerid, targetid, reason);
        } 
        else { 
            SendClientMessage(playerid,-1,""COL_RED"Wait 1  minute"); 
        } 
    return 1; 
}  


forward OnPlayerReport(playerid, targetid, reason);
public OnPlayerReport(playerid, targetid, reason)
{
    new rows, fields; 
    cache_get_data(rows, fields, handle); 
    new  reportid; 
    new count = cache_num_rows();
    if(count > 0)
    {
    	  reportid = cache_get_field_content_int(0, "ID", handle); 
    	  format(reportstring2,sizeof(reportstring), ""chat""COL_YELLOW"[REF:#%d] Your report was sent.",reportid); 
      	SendClientMessage(playerid,-1,reportstring2); 
      	format(reportstring,sizeof(reportstring), ""chat""COL_YELLOW"[REF:#%d] Player has reported %s(ID:%d)"COL_WHITE" (Reason: %s)",reportid, PlayerName(playerid),playerid,reason); 
      	SendMessageToAllAdmins(reportstring,-1); 
      	pInfo[playerid][pReported] = 1; 
      	timeras[playerid] = SetTimerEx("Report", 60000, 0, "i", playerid); 
    }
}
Also you shouldn't be giving your reason string such a large size of 250 if you're only using 81 of those characters.
Find
Reply
Zeus666
Gangsta
****
Posts: 675
Threads: 160
Joined: Mar 2015
Reputation: 0
#6

21.10.2018, 23:30
Thank you. I was sleepy but I figured what I was doing wrong!!
Find
Reply
Zeus666
Gangsta
****
Posts: 675
Threads: 160
Joined: Mar 2015
Reputation: 0
#7

21.10.2018, 23:53


I'm back, so, when I type /re something to report

It saves in mysql but it doesn't show that I sent the report / it doesn't show for admins that report was received.

Also I can spam with /re

Errors mentioned above applies for /report too


PHP код:
forward OnPlayerReport(playeridtargetidreason);
public OnPlayerReport(playeridtargetidreason)
{
    new rowsfields;
    cache_get_data(rowsfieldshandle);
    new  reportid;
    new count cache_num_rows();
    if(count 0)
    {
        new reportstring[250],reportstring2[250];
           reportid cache_get_field_content_int(0"ID"handle);
        format(reportstring2,sizeof(reportstring2), ""chat""COL_YELLOW"[REF:#%d]: Your report upon %s(%d) has been sent "COL_WHITE" (Reason: %s)",reportidPlayerName(targetid),targetidreason);
        SendClientMessage(playerid,-1,reportstring2);
        format(reportstring,sizeof(reportstring), ""chat""COL_YELLOW"[REF:#%d]: Player %s(ID:%d) has reported %s(ID:%d)"COL_WHITE" (Reason: %s)",reportidPlayerName(playerid),playerid,PlayerName(targetid),targetid,reason);
        SendMessageToAllAdmins(reportstring,-1);
          pInfo[playerid][pReported] = 1;
          timeras[playerid] = SetTimerEx("Report"600000"i"playerid);
    }
}
forward OnPlayerReporte(playeridreason);
public OnPlayerReporte(playeridreason)
{
    new rowsfields;
    cache_get_data(rowsfieldshandle);
    new  reportid;
    new count cache_num_rows();
    if(count 0)
    {
        new reportstring[250],reportstring2[250];
           reportid cache_get_field_content_int(0"ID"handle);
        format(reportstring2,sizeof(reportstring2), ""chat""COL_YELLOW"[REF:#%d]: Your report was sent. "COL_WHITE" Title: [%s].",reportidreason);
        SendClientMessage(playerid,-1,reportstring2);
        format(reportstring,sizeof(reportstring), ""chat""COL_YELLOW"[REF:#%d]: Player %s(ID:%d) has reported an error. "COL_WHITE" (Title: %s)",reportidPlayerName(playerid),playerid,reason);
        SendMessageToAllAdmins(reportstring,-1);
          pInfo[playerid][pReported] = 1;
          timeras[playerid] = SetTimerEx("Report"600000"i"playerid);
    }


PHP код:
CMD:report(playerid,params[])
{
    new targetid,reason[250];
    if(sscanf(params"us[105]"targetid,reason)) return SendClientMessage(playerid,-1,""chat" /report [playerid] [Reason]");
    if(!IsPlayerConnected(targetid)) return SendClientMessage(playerid,-1,""COL_RED"Not online");
     if(targetid == playerid) return SendClientMessage(playerid,-1""COL_RED"EROARE:  Can report yourself.");
    if(!IsPlayerNPC(targetid))
    {
        if(pInfo[playerid][pReported] == 0)
        {
            format(jQueryMAX_QUERY_LENGTH"INSERT INTO `"#reportlog"` (Username, Targetname, Report, Data) VALUES ('%s', '%s', '%s', CURRENT_TIMESTAMP)",PlayerName(playerid),PlayerName(targetid), reason);
            mysql_tquery(handlejQuery"""");
            mysql_tquery(handle"SELECT * FROM `reportlog` ORDER BY ID DESC LIMIT 1""OnPlayerReport""uus[80]"playeridtargetidreason);
        }
        else {
            SendClientMessage(playerid,-1,""COL_RED"Wait 1 minute");
        }
    }
    else return SendClientMessage(playerid,-1,""COL_RED"can't report npc !");
    return 1;
}
CMD:re(playerid,params[])
{
        new reason[250];
        if(sscanf(params"s[80]",reason)) return SendClientMessage(playerid,-1,""chat" /(re)port [Reason]");
        if(pInfo[playerid][pReported] == 0)
        {
            format(jQueryMAX_QUERY_LENGTH"INSERT INTO `"#reportlog"` (Username, Report, Data) VALUES ('%s', '%s', CURRENT_TIMESTAMP)",PlayerName(playerid), reason);
            mysql_tquery(handlejQuery"""");
            mysql_tquery(handle"SELECT * FROM `reportlog` ORDER BY ID DESC LIMIT 1""OnPlayerReporte""s[80]"playeridreason);
        }
        else {
            SendClientMessage(playerid,-1,""COL_RED"Wait one minute");
        }
        return 1;

Find
Reply
Zeus666
Gangsta
****
Posts: 675
Threads: 160
Joined: Mar 2015
Reputation: 0
#8

22.10.2018, 09:09
Bump
Find
Reply
Calisthenics
High-roller
*****
Posts: 1,228
Threads: 1
Joined: May 2018
Reputation: 0
#9

22.10.2018, 09:56
Quote:
Originally Posted by Chyakka
Посмотреть сообщение
you'd have to run another query after inserting the new report which would select from the reportlog table ordered by id in a descending order with a limit of 1 to ensure you're selecting the latest entry to the database
Two queries consecutively will not work as he is using threaded queries. When a new row is inserted, you know it if you pass a callback in mysql_tquery.


Zeus666, always escape input by players to avoid SQL injection.

Read about %e placeholder: https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format
pawn Код:
mysql_format(..., "INSERT INTO ...", ...);
mysql_tquery(handle, jQuery, "OnPlayerReport", "dds", playerid, targetid, reason);
"u" specifier is ONLY used in sscanf. Read about format specifiers: https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_tquery
strings do not require length either.

pawn Код:
forward OnPlayerReport(playerid, targetid, reason[]); 
public OnPlayerReport(playerid, targetid, reason[]) 
{ 
    if (cache_affected_rows(handle))
    {
        // send messages and start the timer
    }
}
`reason` is an array so it needs []

Now if a new row is inserted, it will affect 1 row obviously.
Find
Reply
Zeus666
Gangsta
****
Posts: 675
Threads: 160
Joined: Mar 2015
Reputation: 0
#10

22.10.2018, 11:37
How can I test the sql injection?
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help