Best balance between query security and usefulness. We still have problem if player

logouts, though. Again, the stuff with queries should be moved to a web sys.
author: Jesusaves <cpntb1@ymail.com> 2018-07-18 01:54:20 -0300
committer: Jesusaves <cpntb1@ymail.com> 2018-07-18 01:54:20 -0300
commit: 1cbbeef8c0feb5b380613f121170bc69eedf5d85 (patch)
tree: 591947d04ea68b535cc8b2e705af186ff1381046 /npc/commands/ucp.txt
parent: 49f3515d312b08b8513abba3c27449413848f81b (diff)
download: serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.gz
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.bz2
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.xz
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.zip
1 files changed, 13 insertions, 8 deletions
diff --git a/npc/commands/ucp.txt b/npc/commands/ucp.txt
index a11d2e0c5..f632d8a1e 100644
--- a/npc/commands/ucp.txt
+++ b/npc/commands/ucp.txt
@@ -20,16 +20,18 @@ function	script	UserCtrlPanel	{
             case 1: GameRules; break;
             case 2: GameNews; break;
             case 3:
-                if (@query) {
-                    mesn;
-                    mesc l("Anti flood protection is enabled. Request rejected."), 1;
-                    next;
-                    break;
-                }
                 if (!validatepin())
                     break;
-                @query=1;
-                query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+                if (!@email$) {
+                    query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+                    @email$=.@email$;
+                    @lgc=.@lgc;
+                    @ip$=.@ip$;
+                } else {
+                    .@email$=@email$;
+                    .@lgc=@lgc;
+                    .@ip$=@ip$;
+                }
                 mes l("Char Name: @@", strcharinfo(0));
                 mes l("Party Name: @@", strcharinfo(1));
                 mes l("Guild Name: @@", strcharinfo(2));
@@ -43,6 +45,9 @@ function	script	UserCtrlPanel	{
                 mes l("Last IP: @@", .@ip$[0]);
                 mes l("Total Logins: @@", .@lgc[0]);
                 next;
+                if (@query)
+                    break;
+                @query=1;
                 query_sql("SELECT name,last_login,last_map,partner_id FROM `char` WHERE account_id="+getcharid(3)+"' LIMIT 9", .@name$, .@lastlogin$, .@map$, .@married);
                 for (.@i = 1; .@i < getarraysize(.@name$); .@i++) {
                 mesn .@name$[i-1];
author	Jesusaves <cpntb1@ymail.com>	2018-07-18 01:54:20 -0300
committer	Jesusaves <cpntb1@ymail.com>	2018-07-18 01:54:20 -0300
commit	1cbbeef8c0feb5b380613f121170bc69eedf5d85 (patch)
tree	591947d04ea68b535cc8b2e705af186ff1381046 /npc/commands/ucp.txt
parent	49f3515d312b08b8513abba3c27449413848f81b (diff)
download	serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.gz serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.bz2 serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.xz serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.zip