diff options
| author | Jesusaves <cpntb1@ymail.com> | 2018-07-18 01:54:20 -0300 |
|---|---|---|
| committer | Jesusaves <cpntb1@ymail.com> | 2018-07-18 01:54:20 -0300 |
| commit | 1cbbeef8c0feb5b380613f121170bc69eedf5d85 (patch) | |
| tree | 591947d04ea68b535cc8b2e705af186ff1381046 /npc/commands/ucp.txt | |
| parent | 49f3515d312b08b8513abba3c27449413848f81b (diff) | |
| download | serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.gz serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.bz2 serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.xz serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.zip | |
Best balance between query security and usefulness. We still have problem if player
logouts, though. Again, the stuff with queries should be moved to a web sys.
Diffstat (limited to 'npc/commands/ucp.txt')
| -rw-r--r-- | npc/commands/ucp.txt | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/npc/commands/ucp.txt b/npc/commands/ucp.txt index a11d2e0c5..f632d8a1e 100644 --- a/npc/commands/ucp.txt +++ b/npc/commands/ucp.txt @@ -20,16 +20,18 @@ function script UserCtrlPanel { case 1: GameRules; break; case 2: GameNews; break; case 3: - if (@query) { - mesn; - mesc l("Anti flood protection is enabled. Request rejected."), 1; - next; - break; - } if (!validatepin()) break; - @query=1; - query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$); + if (!@email$) { + query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$); + @email$=.@email$; + @lgc=.@lgc; + @ip$=.@ip$; + } else { + .@email$=@email$; + .@lgc=@lgc; + .@ip$=@ip$; + } mes l("Char Name: @@", strcharinfo(0)); mes l("Party Name: @@", strcharinfo(1)); mes l("Guild Name: @@", strcharinfo(2)); @@ -43,6 +45,9 @@ function script UserCtrlPanel { mes l("Last IP: @@", .@ip$[0]); mes l("Total Logins: @@", .@lgc[0]); next; + if (@query) + break; + @query=1; query_sql("SELECT name,last_login,last_map,partner_id FROM `char` WHERE account_id="+getcharid(3)+"' LIMIT 9", .@name$, .@lastlogin$, .@map$, .@married); for (.@i = 1; .@i < getarraysize(.@name$); .@i++) { mesn .@name$[i-1]; |