summaryrefslogtreecommitdiff
path: root/npc
diff options
context:
space:
mode:
authorJesusaves <cpntb1@ymail.com>2018-07-18 01:54:20 -0300
committerJesusaves <cpntb1@ymail.com>2018-07-18 01:54:20 -0300
commit1cbbeef8c0feb5b380613f121170bc69eedf5d85 (patch)
tree591947d04ea68b535cc8b2e705af186ff1381046 /npc
parent49f3515d312b08b8513abba3c27449413848f81b (diff)
downloadserverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.gz
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.bz2
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.xz
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.zip
Best balance between query security and usefulness. We still have problem if player
logouts, though. Again, the stuff with queries should be moved to a web sys.
Diffstat (limited to 'npc')
-rw-r--r--npc/012-1/_mobs.txt2
-rw-r--r--npc/commands/ucp.txt21
2 files changed, 14 insertions, 9 deletions
diff --git a/npc/012-1/_mobs.txt b/npc/012-1/_mobs.txt
index b622bce20..500ea2d35 100644
--- a/npc/012-1/_mobs.txt
+++ b/npc/012-1/_mobs.txt
@@ -3,7 +3,7 @@
012-1,90,63,35,14 monster Red Butterfly 1025,4,30000,90000
012-1,90,62,36,15 monster Mana Bug 1075,5,30000,90000
012-1,85,33,35,15 monster Pinkie 1132,8,30000,50000,Hinnak::OnKillPinkie
-012-1,44,47,21,32 monster Clover Patch 1028,4,60000,90000
+012-1,44,56,21,41 monster Clover Patch 1028,3,60000,90000
012-1,135,58,7,29 monster Piousse 1003,6,40000,60000
012-1,85,86,52,15 monster Silk Worm 1034,5,30000,30000
012-1,115,69,1,1 monster Training Dummy 1021,1,10000,10000
diff --git a/npc/commands/ucp.txt b/npc/commands/ucp.txt
index a11d2e0c5..f632d8a1e 100644
--- a/npc/commands/ucp.txt
+++ b/npc/commands/ucp.txt
@@ -20,16 +20,18 @@ function script UserCtrlPanel {
case 1: GameRules; break;
case 2: GameNews; break;
case 3:
- if (@query) {
- mesn;
- mesc l("Anti flood protection is enabled. Request rejected."), 1;
- next;
- break;
- }
if (!validatepin())
break;
- @query=1;
- query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+ if (!@email$) {
+ query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+ @email$=.@email$;
+ @lgc=.@lgc;
+ @ip$=.@ip$;
+ } else {
+ .@email$=@email$;
+ .@lgc=@lgc;
+ .@ip$=@ip$;
+ }
mes l("Char Name: @@", strcharinfo(0));
mes l("Party Name: @@", strcharinfo(1));
mes l("Guild Name: @@", strcharinfo(2));
@@ -43,6 +45,9 @@ function script UserCtrlPanel {
mes l("Last IP: @@", .@ip$[0]);
mes l("Total Logins: @@", .@lgc[0]);
next;
+ if (@query)
+ break;
+ @query=1;
query_sql("SELECT name,last_login,last_map,partner_id FROM `char` WHERE account_id="+getcharid(3)+"' LIMIT 9", .@name$, .@lastlogin$, .@map$, .@married);
for (.@i = 1; .@i < getarraysize(.@name$); .@i++) {
mesn .@name$[i-1];