1g0rS1lv4 68 Report post Posted June 12, 2017 Would someone have the guild name change script available, to pass me? Quote Being better than others is for those who are weak; what matters is to be true to yourself. Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted June 15, 2017 Hello @1g0rS1lv4! There is no such scripts. We can't change guild names in game. Or do you mean PHP script for web? Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
Faller 93 Report post Posted June 15, 2017 Hey, @V3ct0r! It could also be done in-game with LuaSQL, if that's what he's talking about... Quote Share this post Link to post Share on other sites
iZae 55 Report post Posted June 15, 2017 6 minutes ago, Faller said: Hey, @V3ct0r! It could also be done in-game with LuaSQL, if that's what he's talking about... Could it? Wouldn't it be buggy af? Just wondering tho Quote Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted June 15, 2017 7 минут назад, Faller сказал: Hey, @V3ct0r! It could also be done in-game with LuaSQL, if that's what he's talking about... Good idea, @Faller! LuaSQL + HandleChat 2 Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
Faller 93 Report post Posted June 15, 2017 (edited) @iZae, @V3ct0r The script would be something like this: CMD_HANDLER["guildchange"] = function(role, param) --Check if player is a GM if(GetGmLv(role) ~=99) then BickerNotice (role, " <UPO GM Commands> You are not a GM!") return 0 end --Check if params are nil if param[0] == nil then BickerNotice(role," <UPO GM Commands> Please define the old guild name!") return 0 elseif param[1] == nil then BickerNotice(role," <UPO GM Commands> Please define the new guild name!") return 0 end --Query QueryAsync( YouSQLHost, YouSQLUser, YouSQLPass, "UPDATE GameDB.dbo.guild SET guid_name = '"..param[1].."' WHERE guild_name = '"..param[0].."'" ); end That's a very quick example with no tests, should work with LuaSQL DLL. Requirements: ChatHandler and LuaSQL. Also, I didn't make any functions to check if the guild name already exists, take money, etc... That's why I made it a GM-only command. You can edit as you wish... IMPORTANT NOTE: I wouldn't give players any access to this command (just GMs or yourself with cha_name), as it have user-input (SQL Inject-able). Usage should be: /guildchange CurrentGuildName, NewGuildName Edited June 15, 2017 by Faller 4 Quote Share this post Link to post Share on other sites
iZae 55 Report post Posted June 15, 2017 Cool, Just save a table with chaname at the moment you create a guild Then check if the one who is trying to change the name is its creator to allow or not. Quote Share this post Link to post Share on other sites
Faller 93 Report post Posted June 15, 2017 4 minutes ago, iZae said: Cool, Just save a table with chaname at the moment you create a guild Then check if the one who is trying to change the name is its creator to allow or not. Or simply use GetGuildLeaderID(role) The only problem is the SQL-Injection possibility, although it can be fixed. 1 Quote Share this post Link to post Share on other sites
iZae 55 Report post Posted June 15, 2017 Yep, my bad, I really don't touch any files I just script by logic, so I didn't know there was such a getguildleaderid function. I got your point, if guild leader write something like Quote /guildchange newname, oldname; "UPDATE GameDB......." Would be injectable and not safe. 1 Quote Share this post Link to post Share on other sites
Simon 76 Report post Posted June 15, 2017 Is there any solution for this to be fixed toward SQL Injection? Quote Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted June 15, 2017 1 час назад, iZae сказал: Cool, Just save a table with chaname at the moment you create a guild Then check if the one who is trying to change the name is its creator to allow or not. 12 минуты назад, Sk3let0n сказал: Is there any solution for this to be fixed toward SQL Injection? Check the input parameters for length and valid characters 2 Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
Faller 93 Report post Posted June 15, 2017 (edited) 19 minutes ago, Sk3let0n said: Is there any solution for this to be fixed toward SQL Injection? Yea, stuff like: > Instead of directly changing the guild name upon command usage, send a request to the GMs (if not online, the request would show up when the gm logs), showing what the player has written and approve it or not. OK I know that's not a solution for the injection, just a workaround. > Somehow check the characters the player has written in the param, and make sure there's no injection string. This surely would be the best way, BUT, I can't think of anything to do so... Maybe modify ChatHandler to also check for ' (as it does with ,) and if there's ', return 0. #EDIT > Use string.find to make sure the param has no injection strings... Edited June 15, 2017 by Faller 1 Quote Share this post Link to post Share on other sites
Simon 76 Report post Posted June 15, 2017 1 hour ago, Faller said: Yea, stuff like: > Instead of directly changing the guild name upon command usage, send a request to the GMs (if not online, the request would show up when the gm logs), showing what the player has written and approve it or not. OK I know that's not a solution for the injection, just a workaround. > Somehow check the characters the player has written in the param, and make sure there's no injection string. This surely would be the best way, BUT, I can't think of anything to do so... Maybe modify ChatHandler to also check for ' (as it does with ,) and if there's ', return 0. #EDIT > Use string.find to make sure the param has no injection strings... In that case you'll have to recreate the way your HandleChat function is,but is there a possibility to use string.find within it?I don't see any on it. Quote Share this post Link to post Share on other sites
iZae 55 Report post Posted June 15, 2017 (edited) wouldnt if (string.find(param[0], "UPDATE") == nil and string.find(param[1], "UPDATE") == nil) then return 1 end do the job? Is just an example, the only problem is with guilds that use "UPDATE" in their names. Edited June 15, 2017 by iZae Quote Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted June 15, 2017 1 час назад, iZae сказал: wouldnt if (string.find(param[0], "UPDATE") == nil and string.find(param[1], "UPDATE") == nil) then return 1 end do the job? Is just an example, the only problem is with guilds that use "UPDATE" in their names. It wouldn't work. Make sure that length of the new guild name is less than max length or equal and guild name contains only allowed characters (a-zA-Z0-9 and spaces) Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
1g0rS1lv4 68 Report post Posted June 15, 2017 (edited) @ V3ct0r yea PHP script for web Edited June 15, 2017 by 1g0rS1lv4 Quote Being better than others is for those who are weak; what matters is to be true to yourself. Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted June 16, 2017 12 часа назад, 1g0rS1lv4 сказал: @ V3ct0r yea PHP script for web I didn't see such script. Why don't you try to write it? Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites
1g0rS1lv4 68 Report post Posted June 16, 2017 11 hours ago, V3ct0r said: I didn't see such script. Why don't you try to write it? Would it have any basis? Quote Being better than others is for those who are weak; what matters is to be true to yourself. Share this post Link to post Share on other sites
Rinor 59 Report post Posted June 17, 2017 (edited) As i remember there is ingame name change in SacredPK Files ( Yudha Serverfiles ) Edited June 17, 2017 by Rinor Quote Share this post Link to post Share on other sites
V3ct0r 2,117 Report post Posted June 19, 2017 В 17.06.2017 в 01:22, 1g0rS1lv4 сказал: Would it have any basis? Don't understand you Quote Some useful links / Полезные ссылки Tips for making a topic in 'Questions & Help' / Рекомендации по созданию тем в разделе "Помощь" Server Advertising Section Rules / Правила раздела "Реклама серверов" Available e-mail domains for registration / Допустимые e-mail домены для регистрации User groups / Группы пользователей User ranks / Звания пользователей "Broken" pictures on the forum / "Битые" изображения на форуме Beware of scammers! / Осторожно, мошенники! My developments / Мои разработки Mods for client and server / Моды для клиента и сервера PKOdev.NET website for Tales of Pirates Server / PKOdev.NET веб-обвязка для сервера Пиратии I do not provide any help in private messages and outside the forum. Use 'Questions & Help' section please. Thank you for understanding! Я не оказываю какую-либо помощь в личных сообщениях и вне форума. Пожалуйста, используйте раздел "Пиратия: Помощь". Благодарю за понимание! Share this post Link to post Share on other sites