Vice City: Multiplayer

Community Projects => SLC's Squirrel Plugin => Bug Reports => Topic started by: EK.IceFlake on May 02, 2017, 12:33 PM

Title: Passing 'this' to Connect
Post by: EK.IceFlake on May 02, 2017, 12:33 PM
I tried a script that saves a player's variables to the database when they disconnect.
UXPlayer.newmember("Login", function ()
{
//...
    this.On.Destroyed.Connect(this, function (header, payload)
    {
        Exec("Saving " + this.Name + " to database", function ()
        {
            ::UXPlayerVars.apply(function (v)
            {
                switch (typeof v)
                {
                    case "string": SQLd.Exec("insert or replace into players_vars ([name], [indx], varchar(24) [value]) values ('" + ::SQLite.Escape(this.Name) + "', '" + ::SQLite.Escape(v) + "', '" + this[v] + "');"); break;
                    case "integer": SQLd.Exec("insert or replace into players_vars ([name], [indx], integer [value]) values ('" + ::SQLite.Escape(this.Name) + "', '" + ::SQLite.Escape(v) + "', " + this[v] + ");"); break;
                    case "float": SQLd.Exec("insert or replace into players_vars ([name], [indx], float [value]) values ('" + ::SQLite.Escape(this.Name) + "', '" + ::SQLite.Escape(v) + "', " + this[v] + ");"); break;
                    default: throw "Invalid parameter type";
                }
                return v;
            });
        });
    });
});

And it gives me this error:
[ERR] Squirrel exception caught while destroying player
[ERR] the index 'Name' does not exist
[
=>Location: unknown
=>Line: unknown
=>Function: unknown
]
[INF] Traceback:
[
]
[INF] Locals:
[
]
How should I figure the out the player?
(:edit: I've noticed that this is vulnerable to an SQL injection attack since I didn't escape the value, only the player's name and the variable's name. Let's forget that for now since I solved it)
Title: Re: Passing 'this' to Connect
Post by: EK.IceFlake on May 02, 2017, 02:08 PM
Solved by messing about with it
    this.On.Destroyed.Connect(this, function (header, payload)
    {
        local Entity = this;

        Exec("Saving " + this.Name + " to database", function ()
        {
            local v = "UID";
            ::UXPlayerVars.apply(function (v)
            {
                switch (typeof Entity[v])
                {
                    case "null": break;
                    case "string": SQLd.Exec("insert or replace into players_vars ([name], [indx], varchar(24) [value]) values ('" + ::SQLite.Escape(Entity.Name) + "', '" + ::SQLite.Escape(v) + "', '" + SQLite.Escape(Entity[v]) + "');"); break;
                    case "integer": SQLd.Exec("insert or replace into players_vars ([name], [indx], integer [value]) values ('" + ::SQLite.Escape(Entity.Name) + "', '" + ::SQLite.Escape(v) + "', " + SQLite.Escape(Entity[v]) + ");"); break;
                    case "float": SQLd.Exec("insert or replace into players_vars ([name], [indx], float [value]) values ('" + ::SQLite.Escape(Entity.Name) + "', '" + ::SQLite.Escape(v) + "', " + SQLite.Escape(Entity[v]) + ");"); break;
                    default: throw "Invalid parameter type";
                }
                return v;
            });
        });
    });