Jump to content

Recommended Posts

Would someone have the guild name change script available, to pass me?


Being better than others is for those who are weak; what matters is to be true to yourself.         

 

Share this post


Link to post
Share on other sites

Hello @1g0rS1lv4!

 

There is no such scripts. We can't change guild names in game. Or do you mean PHP script for web?


Share this post


Link to post
Share on other sites
6 minutes ago, Faller said:

Hey, @V3ct0r! It could also be done in-game with LuaSQL, if that's what he's talking about... xD

Could it? Wouldn't it be buggy af? Just wondering tho

 

Share this post


Link to post
Share on other sites
7 минут назад, Faller сказал:

Hey, @V3ct0r! It could also be done in-game with LuaSQL, if that's what he's talking about... xD

Good idea, @Faller!

 

LuaSQL + HandleChat

  • Like 2

Share this post


Link to post
Share on other sites

@iZae, @V3ct0r

The script would be something like this:

CMD_HANDLER["guildchange"] = function(role, param)
	--Check if player is a GM
	if(GetGmLv(role) ~=99) then
		BickerNotice (role, " <UPO GM Commands> You are not a GM!")
		return 0
	end
	--Check if params are nil
	if param[0] == nil then	
		BickerNotice(role," <UPO GM Commands> Please define the old guild name!")
		return 0
	elseif param[1] == nil then
		BickerNotice(role," <UPO GM Commands> Please define the new guild name!")
		return 0
	end
	--Query
	QueryAsync(
		YouSQLHost,
		YouSQLUser,
		YouSQLPass,
		"UPDATE GameDB.dbo.guild SET guid_name = '"..param[1].."' WHERE guild_name = '"..param[0].."'"
	);
end

That's a very quick example with no tests, should work with LuaSQL DLL.

Requirements: ChatHandler and LuaSQL.

Also, I didn't make any functions to check if the guild name already exists, take money, etc... That's why I made it a GM-only command. You can edit as you wish...

IMPORTANT NOTE: I wouldn't give players any access to this command (just GMs or yourself with cha_name), as it have user-input (SQL Inject-able).

Usage should be: /guildchange CurrentGuildName, NewGuildName

Edited by Faller
  • Like 4

Share this post


Link to post
Share on other sites

Cool,

Just save a table with chaname at the moment you create a guild

Then check if the one who is trying to change the name is its creator to allow or not.

 

 

Share this post


Link to post
Share on other sites
4 minutes ago, iZae said:

Cool,

Just save a table with chaname at the moment you create a guild

Then check if the one who is trying to change the name is its creator to allow or not.

Or simply use GetGuildLeaderID(role) :D

The only problem is the SQL-Injection possibility, although it can be fixed.

  • Like 1

Share this post


Link to post
Share on other sites

Yep, my bad, I really don't touch any files I just script by logic, so I didn't know there was such a  getguildleaderid function.

I got your point, if guild leader write something like 

Quote

/guildchange newname, oldname; "UPDATE GameDB......." 

 

Would be injectable and not safe.

 

 

  • Like 1

Share this post


Link to post
Share on other sites
1 час назад, iZae сказал:

Cool,

Just save a table with chaname at the moment you create a guild

Then check if the one who is trying to change the name is its creator to allow or not.

 

 

 

 

12 минуты назад, Sk3let0n сказал:

Is there any solution for this to be fixed toward SQL  Injection?

Check the input parameters for length and valid characters

  • Like 2

Share this post


Link to post
Share on other sites
19 minutes ago, Sk3let0n said:

Is there any solution for this to be fixed toward SQL  Injection?

Yea, stuff like:

> Instead of directly changing the guild name upon command usage, send a request to the GMs (if not online, the request would show up when the gm logs), showing what the player has written and approve it or not. OK I know that's not a solution for the injection, just a workaround.

> Somehow check the characters the player has written in the param, and make sure there's no injection string. This surely would be the best way, BUT, I can't think of anything to do so... Maybe modify ChatHandler to also check for ' (as it does with ,) and if there's ', return 0.

#EDIT
> Use string.find to make sure the param has no injection strings...

Edited by Faller
  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, Faller said:

Yea, stuff like:

> Instead of directly changing the guild name upon command usage, send a request to the GMs (if not online, the request would show up when the gm logs), showing what the player has written and approve it or not. OK I know that's not a solution for the injection, just a workaround.

> Somehow check the characters the player has written in the param, and make sure there's no injection string. This surely would be the best way, BUT, I can't think of anything to do so... Maybe modify ChatHandler to also check for ' (as it does with ,) and if there's ', return 0.

#EDIT
> Use string.find to make sure the param has no injection strings...

In that case you'll have to recreate the way your HandleChat function is,but is there a possibility to use string.find within it?I don't see any on it.

Share this post


Link to post
Share on other sites

wouldnt 

if (string.find(param[0], "UPDATE") == nil and string.find(param[1], "UPDATE") == nil) then
return 1
end

do the job?

Is just an example, the only problem is with guilds that use "UPDATE" in their names.

Edited by iZae

Share this post


Link to post
Share on other sites
1 час назад, iZae сказал:

wouldnt 


if (string.find(param[0], "UPDATE") == nil and string.find(param[1], "UPDATE") == nil) then
return 1
end

do the job?

Is just an example, the only problem is with guilds that use "UPDATE" in their names.

 

It wouldn't work. Make sure that length of the new guild name is less than max length or equal and guild name contains only allowed characters (a-zA-Z0-9 and spaces)


Share this post


Link to post
Share on other sites
12 часа назад, 1g0rS1lv4 сказал:

@ V3ct0r  yea PHP script for web

I didn't see such script. Why don't you try to write it?


Share this post


Link to post
Share on other sites
11 hours ago, V3ct0r said:

I didn't see such script. Why don't you try to write it?

Would it have any basis?


Being better than others is for those who are weak; what matters is to be true to yourself.         

 

Share this post


Link to post
Share on other sites

As i remember there is ingame name change in SacredPK Files ( Yudha Serverfiles ) 

Edited by Rinor

Share this post


Link to post
Share on other sites
В 17.06.2017 в 01:22, 1g0rS1lv4 сказал:

Would it have any basis?

Don't understand you


Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...