summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYohann Ferreira <bertram@cegetel.net>2006-01-21 01:09:31 +0000
committerYohann Ferreira <bertram@cegetel.net>2006-01-21 01:09:31 +0000
commit5293e989f8ad43a1b02562be2bcba071803f24c3 (patch)
treea6807c32949eb0869063291413a4147247c264a0
parenta5c3439bd5f07921fd46913184281092051faf86 (diff)
downloadmanaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.tar.gz
manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.tar.bz2
manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.tar.xz
manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.zip
Corrected a mistake. and made a simple way to avoid crashing sql queries. Need to see how we could improve it.
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--src/accounthandler.cpp58
-rw-r--r--src/client.cpp3
-rw-r--r--src/dalstorage.cpp65
4 files changed, 95 insertions, 35 deletions
diff --git a/ChangeLog b/ChangeLog
index 734b3823..f33a8dfe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,9 @@
2006-01-21 Yohann Ferreira <bertram@cegetel.net>
* src/accounthandler.cpp, src/client.cpp, src/defines.h,
- src/dalstorage.cpp: Very little corrections.
+ src/dalstorage.cpp: Very little corrections. Corrected a little
+ mistake in the channels loading. Made a simple function to test
+ for double quotes. We could see how to improve that.
* src/chatchannelmanager.h, src/chatchannelmanager.cpp,
src/chatchannel.h, src/chatchannel.cpp, src/dalstorage.cpp,
src/dalstorage.h, src/storage.h, src/chathandler.cpp,
diff --git a/src/accounthandler.cpp b/src/accounthandler.cpp
index ccd79a4a..b37bbc68 100644
--- a/src/accounthandler.cpp
+++ b/src/accounthandler.cpp
@@ -35,6 +35,16 @@ using tmwserv::Account;
using tmwserv::AccountPtr;
using tmwserv::Storage;
+// Useful to avoid failing SQL queries cause of " in strings.
+bool findDoubleQuotes(const std::string& text)
+{
+ for (unsigned int i = 0; i < text.length(); i++)
+ {
+ if (text[i] == '\"') return true;
+ }
+ return false;
+}
+
/**
* Generic interface convention for getting a message and sending it to the
* correct subroutines. Account handler takes care of determining the
@@ -84,7 +94,7 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
if (connectionHandler->getClientNumber() >= MAX_CLIENTS )
{
// Too much clients logged in.
- LOG_INFO("Client couldn't log. Already has " << MAX_CLIENTS
+ LOG_INFO("Client couldn't login. Already has " << MAX_CLIENTS
<< " logged in.", 1)
result.writeByte(LOGIN_SERVER_FULL);
break;
@@ -175,12 +185,22 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
}
// Checking if the Name is slang's free.
+
if (!slangsFilter->filterContent(username))
{
result.writeByte(REGISTER_INVALID_USERNAME);
LOG_INFO(username << ": has got bad words in it.", 1)
break;
}
+
+ // Checking if there are double quotes in it.
+ if (findDoubleQuotes(username))
+ {
+ result.writeByte(REGISTER_INVALID_USERNAME);
+ LOG_INFO(username << ": has got double quotes in it.", 1)
+ break;
+ }
+
// Checking conditions for having a good account.
LOG_INFO(username << " is trying to register.", 1)
@@ -206,6 +226,12 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
result.writeByte(REGISTER_INVALID_EMAIL);
LOG_INFO(email << ": Email Invalid, only a@b.c format is accepted.", 1)
}
+ if (findDoubleQuotes(email))
+ {
+ result.writeByte(REGISTER_INVALID_EMAIL);
+ LOG_INFO(email << ": has got double quotes in it.", 1)
+ break;
+ }
else if (store.getSameEmailNumber(email) > 0) // Search if Email already exists.
{
result.writeByte(REGISTER_EXISTS_EMAIL);
@@ -283,6 +309,12 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
LOG_INFO(email << ": Invalid format, cannot change Email for " <<
computer.getAccount()->getName(), 1)
}
+ if (findDoubleQuotes(email))
+ {
+ result.writeByte(EMAILCHG_INVALID);
+ LOG_INFO(email << ": has got double quotes in it.", 1)
+ break;
+ }
else if (store.getSameEmailNumber(email) > 1) // Search if Email already exists,
{ // Except for the one already that is to
result.writeByte(EMAILCHG_EXISTS_EMAIL); // be changed.
@@ -334,6 +366,18 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
LOG_INFO(computer.getAccount()->getName() <<
": New password too long or too short.", 1)
}
+ else if (findDoubleQuotes(password1))
+ {
+ result.writeByte(PASSCHG_INVALID);
+ LOG_INFO(password1 << ": has got double quotes in it.", 1)
+ break;
+ }
+ else if (findDoubleQuotes(password2))
+ {
+ result.writeByte(PASSCHG_INVALID);
+ LOG_INFO(password2 << ": has got double quotes in it.", 1)
+ break;
+ }
else if ( password1 != password2 )
{
result.writeByte(PASSCHG_MISMATCH);
@@ -384,6 +428,13 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
LOG_INFO(name << ": Character has got bad words in it.", 1)
break;
}
+ // Checking if the Name has got double quotes.
+ if (findDoubleQuotes(name))
+ {
+ result.writeByte(CREATE_INVALID_NAME);
+ LOG_INFO(name << ": has got double quotes in it.", 1)
+ break;
+ }
// Check if the character's name already exists
if (store.doesCharacterNameExists(name))
{
@@ -628,6 +679,7 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
LOG_INFO(computer.getAccount()->getName() << "'s account has "
<< chars.size() << " character(s).", 1)
std::string charStats = "";
+ std::string mapName = "";
for (unsigned int i = 0; i < chars.size(); i++)
{
result.writeByte(i);
@@ -645,6 +697,10 @@ void AccountHandler::receiveMessage(NetComputer &computer, MessageIn &message)
result.writeShort(chars[i]->getIntelligence());
result.writeShort(chars[i]->getDexterity());
result.writeShort(chars[i]->getLuck());
+ mapName = store.getMapNameFromId(chars[i]->getMapId());
+ result.writeString(mapName);
+ result.writeShort(chars[i]->getX());
+ result.writeShort(chars[i]->getY());
}
charStats += ".";
LOG_INFO(charStats.c_str(), 1)
diff --git a/src/client.cpp b/src/client.cpp
index a58cd3d9..f71f9d2c 100644
--- a/src/client.cpp
+++ b/src/client.cpp
@@ -643,6 +643,9 @@ int main(int argc, char *argv[])
std::cout << "Intelligence: " << int(msg.readShort()) << ", ";
std::cout << "Dexterity: " << int(msg.readShort()) << ", ";
std::cout << "Luck: " << int(msg.readShort()) << ". "
+ << std::endl;
+ std::cout << "Current Map: " << msg.readString() << " (X:";
+ std::cout << int(msg.readShort()) << ", Y:" << int(msg.readShort()) << ")."
<< std::endl << std::endl;
}
break;
diff --git a/src/dalstorage.cpp b/src/dalstorage.cpp
index fa2c4920..be5222dd 100644
--- a/src/dalstorage.cpp
+++ b/src/dalstorage.cpp
@@ -183,9 +183,9 @@ DALStorage::getAccount(const std::string& userName)
try {
std::string sql("select * from ");
sql += ACCOUNTS_TBL_NAME;
- sql += " where username = '";
+ sql += " where username = \"";
sql += userName;
- sql += "';";
+ sql += "\";";
const RecordSet& accountInfo = mDb->execSql(sql);
// if the account is not even in the database then
@@ -417,7 +417,7 @@ DALStorage::getSameEmailNumber(const std::string &email)
try {
std::string sql("select count(email) from ");
sql += ACCOUNTS_TBL_NAME;
- sql += " where upper(email) = upper('" + email + "');";
+ sql += " where upper(email) = upper(\"" + email + "\");";
const dal::RecordSet& accountInfo = mDb->execSql(sql);
@@ -452,9 +452,9 @@ DALStorage::doesCharacterNameExists(const std::string& name)
try {
std::string sql("select count(name) from ");
sql += CHARACTERS_TBL_NAME;
- sql += " where name = '";
+ sql += " where name = \"";
sql += name;
- sql += "';";
+ sql += "\";";
const dal::RecordSet& accountInfo = mDb->execSql(sql);
// if the account is empty then
@@ -546,13 +546,13 @@ DALStorage::getChannelList()
for ( unsigned int i = 0; i < channelInfo.rows(); ++i)
{
- channels.insert(std::make_pair(toShort(channelInfo(0,0)),
- ChatChannel(channelInfo(0,1),
- channelInfo(0,2),
- channelInfo(0,3))));
+ channels.insert(std::make_pair(toShort(channelInfo(i,0)),
+ ChatChannel(channelInfo(i,1),
+ channelInfo(i,2),
+ channelInfo(i,3))));
- LOG_DEBUG("Channel (" << channelInfo(0,0) << ") loaded: " << channelInfo(0,1)
- << ": " << channelInfo(0,2), 5)
+ LOG_DEBUG("Channel (" << channelInfo(i,0) << ") loaded: " << channelInfo(i,1)
+ << ": " << channelInfo(i,2), 5)
}
return channels;
@@ -584,7 +584,6 @@ DALStorage::updateChannels(std::map<short, ChatChannel>& channelList)
mDb->execSql(sql.str());
- //TODO: See if the ' don't make the SQL queries fail.
for (std::map<short, ChatChannel>::iterator i = channelList.begin();
i != channelList.end();)
{
@@ -598,10 +597,10 @@ DALStorage::updateChannels(std::map<short, ChatChannel>& channelList)
<< CHANNELS_TBL_NAME
<< " (id, name, announcement, password)"
<< " values ("
- << i->first << ", '"
- << i->second.getName() << "', '"
- << i->second.getAnnouncement() << "', '"
- << i->second.getPassword() << "');";
+ << i->first << ", \""
+ << i->second.getName() << "\", \""
+ << i->second.getAnnouncement() << "\", \""
+ << i->second.getPassword() << "\");";
LOG_DEBUG("Channel (" << i->first << ") saved: " << i->second.getName()
<< ": " << i->second.getAnnouncement(), 5)
@@ -710,17 +709,17 @@ DALStorage::_addAccount(const AccountPtr& account)
std::ostringstream sql1;
sql1 << "insert into " << ACCOUNTS_TBL_NAME
<< " (username, password, email, level, banned)"
- << " values ('"
- << account->getName() << "', '"
- << account->getPassword() << "', '"
- << account->getEmail() << "', "
+ << " values (\""
+ << account->getName() << "\", \""
+ << account->getPassword() << "\", \""
+ << account->getEmail() << "\", "
<< account->getLevel() << ", 0);";
mDb->execSql(sql1.str());
// get the account id.
std::ostringstream sql2;
sql2 << "select id from " << ACCOUNTS_TBL_NAME
- << " where username = '" << account->getName() << "';";
+ << " where username = \"" << account->getName() << "\";";
const RecordSet& accountInfo = mDb->execSql(sql2.str());
string_to<unsigned int> toUint;
@@ -747,8 +746,8 @@ DALStorage::_addAccount(const AccountPtr& account)
<< " (name, gender, hair_style, hair_color, level, money, x, y, "
<< "map_id, str, agi, vit, int, dex, luck)"
<< " values ("
- << (account_it->second).id << ", '"
- << (*it)->getName() << "', "
+ << (account_it->second).id << ", \""
+ << (*it)->getName() << "\", "
<< (*it)->getGender() << ", "
<< (int)(*it)->getHairStyle() << ", "
<< (int)(*it)->getHairColor() << ", "
@@ -806,9 +805,9 @@ DALStorage::_updAccount(const AccountPtr& account)
// update the account.
std::ostringstream sql1;
sql1 << "update " << ACCOUNTS_TBL_NAME
- << " set username = '" << account->getName() << "', "
- << "password = '" << account->getPassword() << "', "
- << "email = '" << account->getEmail() << "', "
+ << " set username = \"" << account->getName() << "\", "
+ << "password = \"" << account->getPassword() << "\", "
+ << "email = \"" << account->getEmail() << "\", "
<< "level = '" << account->getLevel() << "' "
<< "where id = '" << (account_it->second).id << "';";
mDb->execSql(sql1.str());
@@ -826,7 +825,7 @@ DALStorage::_updAccount(const AccountPtr& account)
// (reminder: the character names are unique in the database).
std::ostringstream sql2;
sql2 << "select id from " << CHARACTERS_TBL_NAME
- << " where name = '" << (*it)->getName() << "';";
+ << " where name = \"" << (*it)->getName() << "\";";
const RecordSet& charInfo = mDb->execSql(sql2.str());
RawStatistics& stats = (*it)->getRawStatistics();
@@ -841,11 +840,11 @@ DALStorage::_updAccount(const AccountPtr& account)
<< "name, gender, hair_style, hair_color, level, money, x, y, map_id, str, agi, vit, int, dex, luck)"
<< " values ("
#ifdef SQLITE_SUPPORT
- << (account_it->second).id << ", '"
+ << (account_it->second).id << ", \""
#else
- << "'"
+ << "\""
#endif
- << (*it)->getName() << "', "
+ << (*it)->getName() << "\", "
<< (*it)->getGender() << ", "
<< (*it)->getHairStyle() << ", "
<< (*it)->getHairColor() << ", "
@@ -863,7 +862,7 @@ DALStorage::_updAccount(const AccountPtr& account)
}
else {
sql3 << "update " << CHARACTERS_TBL_NAME
- << " set name = '" << (*it)->getName() << "', "
+ << " set name = \"" << (*it)->getName() << "\", "
<< " gender = " << (*it)->getGender() << ", "
<< " hair_style = " << (*it)->getHairStyle() << ", "
<< " hair_color = " << (*it)->getHairColor() << ", "
@@ -973,9 +972,9 @@ DALStorage::_delAccount(const std::string& userName)
// get the account id.
std::string sql("select id from ");
sql += ACCOUNTS_TBL_NAME;
- sql += " where username = '";
+ sql += " where username = \"";
sql += userName;
- sql += "';";
+ sql += "\";";
const RecordSet& accountInfo = mDb->execSql(sql);
// the account does not even exist in the database,
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-13 02:09:43 +0000