My Account System v0.1 Beta

Started by [VM_U]Spectra.PhantoM^, Apr 15, 2016, 04:56 AM

Previous topic - Next topic

[VM_U]Spectra.PhantoM^


Lemme know if there are any bugs.
Bug Fixes till now:
Exec Prob fixed.
Wanna Talk To Me? Come At Irc #Jugo@LUNet

KAKAN

local y = QuerySQL(DB, "SELECT Level FROM PlayerAccount WHERE Name='" + player.Name + "'" );
if ( y <= 0 ) MessagePlayer("Hello and welcome to the server.
I can clearly say that you haven't tested it yet.
oh no

[VM_U]Spectra.PhantoM^

Quote from: KAKAN on Apr 15, 2016, 05:00 AMlocal y = QuerySQL(DB, "SELECT Level FROM PlayerAccount WHERE Name='" + player.Name + "'" );
if ( y <= 0 ) MessagePlayer("Hello and welcome to the server.
I can clearly say that you haven't tested it yet.
oh plz thats false i did dis
if ( y <= 0 ) MessagePlayer("Hello and welcome to the server. Please /register to register in the server", player);
else if ( y >= 0 ) MessagePlayer("Welcome Back. Please /login to continue", player);
Wanna Talk To Me? Come At Irc #Jugo@LUNet

.

AFAIK, QuerySQL() returns a user pointer if the operation succeeded or null if it failed. And treating that user pointer or null value as an integer might not be the best idea.

But the real issue is not releasing that statement result which is considered a memory leak. And therefore, on a fast track to a crash depending on how much memory that eats.

Secondly, the code is totally exposed to SQL Injection from anyone with a bit of SQL knowledge. The only thing that saves you is the fact that VCMP itself cleans up the user name a bit. But you should never rely on that for something this critical.

The rest of the code is pure nonsense and should not be given to new users as a sample script from which they can learn. Why? Because there's absolutely no safety implemented into this script. Any user and execute arbitrary code on the server with the "exec" command. Therefore anyone can do something like "/exec QuerySQL(DB, "DROP TABLE [PlayerAccount]");" or worse.

This script is not about an account system. This is just a list of all available server events and a few failed commands.

My recommendation to new users? Run from this script!
.

[VM_U]Spectra.PhantoM^

Quote from: . on Apr 15, 2016, 05:22 AMAFAIK, QuerySQL() returns a user pointer if the operation succeeded or null if it failed. And treating that user pointer or null value as an integer might not be the best idea.

But the real issue is not releasing that statement result which is considered a memory leak. And therefore, on a fast track to a crash depending on how much memory that eats.

Secondly, the code is totally exposed to SQL Injection from anyone with a bit of SQL knowledge. The only thing that saves you is the fact that VCMP itself cleans up the user name a bit. But you should never rely on that for something this critical.

The rest of the code is pure nonsense and should not be given to new users as a sample script from which they can learn. Why? Because there's absolutely no safety implemented into this script. Any user and execute arbitrary code on the server with the "exec" command. Therefore anyone can do something like "/exec QuerySQL(DB, "DROP TABLE [PlayerAccount]");" or worse.

This script is not about an account system. This is just a list of all available server events and a few failed commands.

My recommendation to new users? Run from this script!
Im sorry bout that. anywayz updated.
Wanna Talk To Me? Come At Irc #Jugo@LUNet

DizzasTeR

Updated? I don't see anything making this "broken" code a script.

Xmair

Untested.
function onPlayerJoin( player )
{
Message(""+player.Name+" Connected");
local q = QuerySQL(DB, "SELECT Level FROM PlayerAccount WHERE Name='" + player.Name + "'" ),y = GetSQLColumnData( q, 0 );
if ( y <= 0 ) MessagePlayer("Hello and welcome to the server. Please /register to register in the server", player);
else if ( y >= 0 ) MessagePlayer("Welcome Back. Please /login to continue", player);
}

Credits to Boystang!

VU Full Member | VCDC 6 Coordinator & Scripter | EG A/D Contributor | Developer of VCCNR | Developer of KTB | Ex-Scripter of EAD

Fuzzie

No indentation, (OMG ARE YOU BLOODY SERIOUS???)



function onPlayerJoin( player )
{
Message(""+player.Name+" Connected");
local y = QuerySQL(DB, "SELECT Level FROM PlayerAccount WHERE Name='" + player.Name + "'" );
if ( y <= 0 ) MessagePlayer("Hello and welcome to the server. Please /register to register in the server", player);
else if ( y >= 0 ) MessagePlayer("Welcome Back. Please /login to continue", player);
}

What? We all know that y will never equal to 0 but if y is 0, your script still wouldn't properly work. Go figure...



QuerySQL(DB, "SELECT Level FROM PlayerAccount WHERE Name='" + player.Name + "'" );
I don't know about you guys, but I find using `table_name` more secure in potentially conflicting names.



function onPlayerPart( player, reason )
{
Message(""+player.Name+" left the server.");
SaveStats(player);
}

function SaveStats(player)
{
QuerySQL(DB, "UPDATE PlayerAccount SET Level=" + stats[ player.ID ].Level + "" );
}

What? Useless function is useless...



else if (cmd == "register")
{
...
local Password = text;
local lvl = 1;
...
}

else if (cmd == "login")
{
...
local Pass = text;
...
}

What? Useless variables are useless...



class PlayerClass
{
Level = 0
}

What? This is suppose to be a useful class but it was made useless. Useless class is useless.



I don't know if it's possible, but my suggestion would be to lock this topic and remove the download link until the author of this script can fix and test it properly.

KAKAN

Quote from: Fuzzie on Apr 15, 2016, 08:43 AMI don't know if it's possible, but my suggestion would be to lock this topic and remove the download link until the author of this script can fix and test it properly.
It's possible and that's the right thing to be done. Your script is far more better. He just copied your script and made it look shitty, because the newbies( like him ) lack experience in OOP
oh no

.

Quote from: KAKAN on Apr 15, 2016, 09:04 AM...because the newbies( like him ) lack experience in OOP

You too lack experience in OOP. In fact you don't even know what OOP is, other than the fact that it involves classes. But when it comes to the actual concept, I don't think I've ever seen any piece of code on this forum that makes use of OOP. And just because you define a class with a few member variables doesn't mean you're using OOP. In fact, what you're doing is simply using a class for something that can be solved with a table. But since they're both the same thing who would know to make the difference.

So don't claim that he or anyone else is a "newbie" when you're nearly in the same category as him, except with a little more glitter on you.
.

KAKAN

#10
Quote from: . on Apr 15, 2016, 10:35 AM
Quote from: KAKAN on Apr 15, 2016, 09:04 AM...because the newbies( like him ) lack experience in OOP

You too lack experience in OOP. In fact you don't even know what OOP is, other than the fact that it involves classes. But when it comes to the actual concept, I don't think I've ever seen any piece of code on this forum that makes use of OOP. And just because you define a class with a few member variables doesn't mean you're using OOP. In fact, what you're doing is simply using a class for something that can be solved with a table. But since they're both the same thing who would know to make the difference.

So don't claim that he or anyone else is a "newbie" when you're nearly in the same category as him, except with a little more glitter on you.
Then what's OOP? Explain pl0x. I thought the initialized classes or objects were the OOP thing
oh no

Fuzzie

#11
Quote from: vito on Apr 15, 2016, 01:44 PM
Quote from: KAKAN on Apr 15, 2016, 12:33 PMThen what's OOP? Explain pl0x. I thought the initialized classes or objects were the OOP thing
private and public methods, interfaces, inheritance, factories. a lot of stuff to organize code to be flexible.
actually it's not needed to vc-mp.
This whole OOP thing is a bit off topic. Here is my opinion on this. While you can script without the need for OOP in VC:MP, that doesn't mean it's not needed. As a matter of fact, the only reason why OOP is not that prominent in VC:MP is down to the fact that the scripters themselves don't know how to take advantage of this to create bigger and better servers.

Edit: Just remembered that Squirrel also lack abstract classes and interfaces. It can be overcome with clever techniques though and can still work. *cough*Javascript*cough*

KAKAN

off:
Quote from: vito on Apr 15, 2016, 01:44 PM
Quote from: KAKAN on Apr 15, 2016, 12:33 PMThen what's OOP? Explain pl0x. I thought the initialized classes or objects were the OOP thing
private and public methods, interfaces, inheritance, factories. a lot of stuff to organize code to be flexible.
I'm quite familiar with 'em. I have used them in Java.

Quote from: vito on Apr 15, 2016, 03:25 PMI use it only in php for websites.
Most of the time, you don't need to do OOP in PHP. Though, I prefer OOP in many cases( Database handling etc )

Quote from: vito on Apr 15, 2016, 03:25 PMCan you show example how to use it based on this topic in specific script we talking about here? (I mean OP's script). Thanks.
I want the example too.
oh no

DizzasTeR

Off-Topic: Just read the squirrel documentation and you will see everything.

kennedyarz

porque si quiere colocar el sistema de registro no agregar solo lo de fuziess? el cambio solo seria que le incorpores las funciones del server en blanco de seby y listo. funciona perfectamente. suerte :)