From 1cbbeef8c0feb5b380613f121170bc69eedf5d85 Mon Sep 17 00:00:00 2001
From: Jesusaves <cpntb1@ymail.com>
Date: Wed, 18 Jul 2018 01:54:20 -0300
Subject: Best balance between query security and usefulness. We still have
 problem if player logouts, though. Again, the stuff with queries should be
 moved to a web sys.

---
 npc/012-1/_mobs.txt  |  2 +-
 npc/commands/ucp.txt | 21 +++++++++++++--------
 2 files changed, 14 insertions(+), 9 deletions(-)

(limited to 'npc')

diff --git a/npc/012-1/_mobs.txt b/npc/012-1/_mobs.txt
index b622bce20..500ea2d35 100644
--- a/npc/012-1/_mobs.txt
+++ b/npc/012-1/_mobs.txt
@@ -3,7 +3,7 @@
 012-1,90,63,35,14	monster	Red Butterfly	1025,4,30000,90000
 012-1,90,62,36,15	monster	Mana Bug	1075,5,30000,90000
 012-1,85,33,35,15	monster	Pinkie	1132,8,30000,50000,Hinnak::OnKillPinkie
-012-1,44,47,21,32	monster	Clover Patch	1028,4,60000,90000
+012-1,44,56,21,41	monster	Clover Patch	1028,3,60000,90000
 012-1,135,58,7,29	monster	Piousse	1003,6,40000,60000
 012-1,85,86,52,15	monster	Silk Worm	1034,5,30000,30000
 012-1,115,69,1,1	monster	Training Dummy	1021,1,10000,10000
diff --git a/npc/commands/ucp.txt b/npc/commands/ucp.txt
index a11d2e0c5..f632d8a1e 100644
--- a/npc/commands/ucp.txt
+++ b/npc/commands/ucp.txt
@@ -20,16 +20,18 @@ function	script	UserCtrlPanel	{
             case 1: GameRules; break;
             case 2: GameNews; break;
             case 3:
-                if (@query) {
-                    mesn;
-                    mesc l("Anti flood protection is enabled. Request rejected."), 1;
-                    next;
-                    break;
-                }
                 if (!validatepin())
                     break;
-                @query=1;
-                query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+                if (!@email$) {
+                    query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+                    @email$=.@email$;
+                    @lgc=.@lgc;
+                    @ip$=.@ip$;
+                } else {
+                    .@email$=@email$;
+                    .@lgc=@lgc;
+                    .@ip$=@ip$;
+                }
                 mes l("Char Name: @@", strcharinfo(0));
                 mes l("Party Name: @@", strcharinfo(1));
                 mes l("Guild Name: @@", strcharinfo(2));
@@ -43,6 +45,9 @@ function	script	UserCtrlPanel	{
                 mes l("Last IP: @@", .@ip$[0]);
                 mes l("Total Logins: @@", .@lgc[0]);
                 next;
+                if (@query)
+                    break;
+                @query=1;
                 query_sql("SELECT name,last_login,last_map,partner_id FROM `char` WHERE account_id="+getcharid(3)+"' LIMIT 9", .@name$, .@lastlogin$, .@map$, .@married);
                 for (.@i = 1; .@i < getarraysize(.@name$); .@i++) {
                 mesn .@name$[i-1];
-- 
cgit v1.2.3-60-g2f50