summaryrefslogtreecommitdiff
path: root/npc/commands
diff options
context:
space:
mode:
authorJesusaves <cpntb1@ymail.com>2018-07-18 01:54:20 -0300
committerJesusaves <cpntb1@ymail.com>2018-07-18 01:54:20 -0300
commit1cbbeef8c0feb5b380613f121170bc69eedf5d85 (patch)
tree591947d04ea68b535cc8b2e705af186ff1381046 /npc/commands
parent49f3515d312b08b8513abba3c27449413848f81b (diff)
downloadserverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.gz
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.bz2
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.tar.xz
serverdata-1cbbeef8c0feb5b380613f121170bc69eedf5d85.zip
Best balance between query security and usefulness. We still have problem if player
logouts, though. Again, the stuff with queries should be moved to a web sys.
Diffstat (limited to 'npc/commands')
-rw-r--r--npc/commands/ucp.txt21
1 files changed, 13 insertions, 8 deletions
diff --git a/npc/commands/ucp.txt b/npc/commands/ucp.txt
index a11d2e0c5..f632d8a1e 100644
--- a/npc/commands/ucp.txt
+++ b/npc/commands/ucp.txt
@@ -20,16 +20,18 @@ function script UserCtrlPanel {
case 1: GameRules; break;
case 2: GameNews; break;
case 3:
- if (@query) {
- mesn;
- mesc l("Anti flood protection is enabled. Request rejected."), 1;
- next;
- break;
- }
if (!validatepin())
break;
- @query=1;
- query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+ if (!@email$) {
+ query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+"' LIMIT 2", .@email$, .@lgc, .@ip$);
+ @email$=.@email$;
+ @lgc=.@lgc;
+ @ip$=.@ip$;
+ } else {
+ .@email$=@email$;
+ .@lgc=@lgc;
+ .@ip$=@ip$;
+ }
mes l("Char Name: @@", strcharinfo(0));
mes l("Party Name: @@", strcharinfo(1));
mes l("Guild Name: @@", strcharinfo(2));
@@ -43,6 +45,9 @@ function script UserCtrlPanel {
mes l("Last IP: @@", .@ip$[0]);
mes l("Total Logins: @@", .@lgc[0]);
next;
+ if (@query)
+ break;
+ @query=1;
query_sql("SELECT name,last_login,last_map,partner_id FROM `char` WHERE account_id="+getcharid(3)+"' LIMIT 9", .@name$, .@lastlogin$, .@map$, .@married);
for (.@i = 1; .@i < getarraysize(.@name$); .@i++) {
mesn .@name$[i-1];