[Release] Anik's Registration system ( GUI - 04rel004 )

Started by Anik, Mar 28, 2017, 09:35 AM

Previous topic - Next topic

Zone_Killer

Quote from: Terror_Styles on Jul 08, 2017, 11:12 AMSo I am too Dumb to ask this question anyway I wanna know Where should i add Client Side Scripts Provided I added them on main.nut & It Pop Up Error
Server does not exist
function Server::ServerData(stream)
use search button
Bohemia Is God Of Punjabi Rap
Yo Yo Honey Singh tou chutiya hai

NicusorN5

Quote from: Terror_Styles on Jul 08, 2017, 11:12 AMSo I am too Dumb to ask this question anyway I wanna know Where should i add Client Side Scripts Provided I added them on main.nut & It Pop Up Error
Server does not exist
function Server::ServerData(stream)
Main.nut from script or client-side?

NicusorN5

Quote from: Terror_Styles on Jul 08, 2017, 11:41 AMOk This Error has been fixed
Now Error is on this line
status[player.ID] = PlayerStats();index Registered does not exist
Stick to play then.

KAKAN

oh no

DizzasTeR

I'm seriously just so annoyed by these low class retards. Thijn only told one person to "stick to playing". These genuine retards never learned something else but they sure learned this sentence and now just using it everywhere.

Get your shit together ffs, if you are so goddamn lazy to guide then don't bullshit about searching or not scripting. This guy is literally asking politely how to do this and infact it was hard for us to figure out client side mess as well so let someone help him properly rather you midgets coming here moaning.

Terror_Styles

Problem Solved
Sorry For Troubling You Guys As I am feeling ashamed! of my deeds!

Apology!

Mahmoud Tornado

Guys Not Working For Me
Always Said Please Register.
 /register no thing did

D4rkR420R

Quote from: Mahmoud Tornado on Aug 21, 2017, 04:21 PMGuys Not Working For Me
Always Said Please Register.
 /register no thing did
Mahmoud, maybe you shouldn't work with this at your level of scripting. This is advanced, my friend.

Mahmoud Tornado

Quote from: DarkRaZoR^ on Aug 21, 2017, 04:49 PM
Quote from: Mahmoud Tornado on Aug 21, 2017, 04:21 PMGuys Not Working For Me
Always Said Please Register.
 /register no thing did
Mahmoud, maybe you shouldn't work with this at your level of scripting. This is advanced, my friend.
I didn't understand any thing xD

Mohamed Boubekri

WTF Any One tell me,
im download server side work but
clien side i am download for other main.nut and pleace thi main for store/script<main>
But i do /register or /login Not Work. :/ Ani One Help :v
| What now ? | Not yet ! |
Morrocan:- [ 🇲🇦 ].

Shadow

I find it admirable that you thought of escaping the strings before doing the select query but you should've also escaped the name in the update query. Otherwise, BAD things can happen...
QuotePS:is trash is ur home language??

Mohamed Boubekri

Quote from: Shadow on Nov 01, 2017, 04:04 PMI find it admirable that you thought of escaping the strings before doing the select query but you should've also escaped the name in the update query. Otherwise, BAD things can happen...
I never Never  Never Never Never Never  Understand Anithingggggggggggggggggggggggggggg
| What now ? | Not yet ! |
Morrocan:- [ 🇲🇦 ].

Xmair

Quote from: [MCO]We3da on Nov 01, 2017, 08:12 PM
Quote from: Shadow on Nov 01, 2017, 04:04 PMI find it admirable that you thought of escaping the strings before doing the select query but you should've also escaped the name in the update query. Otherwise, BAD things can happen...
I never Never  Never Never Never Never  Understand Anithingggggggggggggggggggggggggggg
You'll. Once the 'bad' things happen.














https://www.w3schools.com/sql/sql_injection.asp

Credits to Boystang!

VU Full Member | VCDC 6 Coordinator & Scripter | EG A/D Contributor | Developer of VCCNR | Developer of KTB | Ex-Scripter of EAD

Mohamed Boubekri

Quote from: [MCO]We3da on Nov 01, 2017, 08:12 PM
Quote from: Shadow on Nov 01, 2017, 04:04 PMI find it admirable that you thought of escaping the strings before doing the select query but you should've also escaped the name in the update query. Otherwise, BAD things can happen...
I never Never  Never Never Never Never  Understand Anithingggggggggggggggggggggggggggg
Please @Xmair Give me Example Bro :(
| What now ? | Not yet ! |
Morrocan:- [ 🇲🇦 ].

Xmair

Quote from: [MCO]We3da on Nov 02, 2017, 07:11 AM
Quote from: [MCO]We3da on Nov 01, 2017, 08:12 PM
Quote from: Shadow on Nov 01, 2017, 04:04 PMI find it admirable that you thought of escaping the strings before doing the select query but you should've also escaped the name in the update query. Otherwise, BAD things can happen...
I never Never  Never Never Never Never  Understand Anithingggggggggggggggggggggggggggg
Please @Xmair Give me Example Bro :(
Imagine you have a command /gotoloc which executes the following query:
"SELECT XYZ FROM Locations WHERE Name = '" + locationName + "'"
where locationName is a string input by the user in the gotoloc command. Imagine there's a bad guy who uses /gotoloc '; DROP TABLE Accounts; instead of a location, this'll get executed:
"SELECT XYZ FROM Locations WHERE Name = ''; DROP TABLE Accounts;"
This'll ultimately execute both of the queries as there is a semicolon right after the SELECT query. To avoid this, you use mysql_escape in mySQL and escapeSQLString in SQLite.
You must be using SQLite so I'm going to put on an example in which can be used by the default SQLite plugin for VCMP.
Instead of:
QuerySQL( database, "SELECT XYZ FROM Locations WHERE Name = '" + locationName + "'" );
Use:
QuerySQL( database, "SELECT XYZ FROM Locations WHERE Name = '" + escapeSQLString( locationName ) + "'" );
Simple, isn't it? I've tried my best to explain it as easy as I could, if you still don't get it, meh.

Credits to Boystang!

VU Full Member | VCDC 6 Coordinator & Scripter | EG A/D Contributor | Developer of VCCNR | Developer of KTB | Ex-Scripter of EAD