Jump to content

KeyWorld

Members
 View Profile  See their activity

  • Posts

    379

  • Joined

  • Last visited

  • Days Won

    11

 Content Type 

Posts posted by KeyWorld

    how to prevent sql injection in website

    in Web Support

    Posted

    please can anyone help me here cuz my site has been injected and the hackers add commands like @item

    please help me here

    How do you know it's a SQL injection in your website ?...

    If you know the answer, you will be able to fix it alone.

    Why people still continue to believe that the only way to hack is using SQL injection ? There are so more fun and exotic way to have full or partial access to a server.

    • Upvote 1

    Unique Item ID Discussion

    in Implemented

    Posted

    @Keyworld: Do you have any suggestions regarding the implementation of related script commands?

    About script commands:

    Add:

    hasuniqueitem(<item uid>) // check if you have it in your inventory
deluniqueitem(<item uid>) // delete an item

    Modify:

    getitem() / getitem2() / rentitem() // return item unique_id - getitem 1201, 1 {, .@output_uid_array };
getinventorylist() - add an uid array to the list.
successremovecards / failedremovecards / successrefitem / downrefitem - keep the item uid

    And maybe add an optional "unique_item" argument to getitem2() to get RID of auto-magnifier NPC (delete item -> create item) ?

    So now we can get RID of scripts like npc/jobs/2-1/blacksmith.txt:

                    mes "[Geschupenschte]";
               mes "Oh, you should make sure that you are not carrying ^FF0000more than one "+getitemname(.@items[6])+"^000000, you should really only have an "+getitemname(.@items[6])+" that you bought from an NPC shop in your inventory.";
               next;
               if (select("Oh, could you give me a second?:Oh, I brought what you asked for.") == 1) {
                   mes "[Geschupenschte]";
                   mes "Hmmm, it would be";
                   mes "a good idea to put the";
                   mes "rest of your items";
                   mes "in Kafra Storage.";
                   close;
               }

    Or to check integrity of an item you give to someone.

    Well just some ideas.

    • Upvote 4

    Unique Item ID Discussion

    in Implemented

    Posted

    I don't think we really need "nsi" in the name too, but I don't care.

    In my own opinion this feature isn't important if it's just for tracing items. But it can help for script commands, when you want to modify/remove one specify item from a list that contain the same item multiples times.

    Question about duplicating

    in Scripting Support

    Posted

    Duplicate NPC don't duplicate NPC script/memory.

    It just create an object on the map and when you click/touch or run an event on it, it redirect the action to the original script, so you don't duplicate the script, the variables, etc.

    (You can compare it to a shortcut icon in your desktop, it don't duplicate the original file).

    NPC will not cause problems on your server.

    • Upvote 1

    DGS User Center (The goodbye of the control panel concept)

    in Web Releases

    Posted

    I think you should use the hash based url ( http://www.ro.com/index.php#register ) when loading pages coz for me its annoying when you refresh a page, I need to click the register button again but with the help of the hash you can know what page that the user last visited.

    The HTML5 history API is better for this kind of things (but you still can use the hash method if the API isn't supported).

    I don't see anything new in your panel for the moment honestly but hard to compare without testing.

    Hope the best for your project :)

    Playertalk

    in Rejected

    Posted

    The command you wrote was the same than message(), not unittalk().
    Doesn't clif_disp_overhead send the message to the surrounding area? Whereas the message script command uses clif_displaymessage.

    You're right.

    I just read the latest line on clif.c (clif_send(...,SELF)) but didn't see the other packet send to the area just before :)

    Using Setd/Getd

    in Scripting Support

    Posted

    In your function you are trying to access the array SummonType.

    You have to know first that you can't set a permanent player variable as an array :)

    Getd()/Setd() don't turn a variable into a string (as you said), it get a variable from the specify name.

    set .@varname$, "test";
setd ".@" + .@varname$, 5; // same as set .@test, 5;
dispbottom getd(".@" + .@varname$); // same as dispbottom .@test;

setd "$test", 5; // same as set $test, 5;
mes getd("$test"); // same as mes $test;

    Anyone want to make Roulette script?

    in Script Requests

    Posted

    Not bad Omnipotent, love the way you do/code it (I don't have an emu but I can see the way it should like with the code) :)

    Just one possible bug (but it's a one year old npc):

    - Player A (and C,D,E,F,G,...) run the game and wait at "close2".

    - Player B run the game, start the roulette.

    - Player A (and C,D,E,F,G...) press the "close2".

    Result: the roulette will have some fun :P

    Anyone want to make Roulette script?

    in Script Requests

    Posted

    Thank you for the pm, I didn't see your edit :P

    So now we can comment your script and try to improve it !

    So here a list...

    1. Please don't use inline switch() / if(), it's not user-friendly to read and add comments :P
    2. Try to don't put "str" in a numerical variable, it can confuse :
      input .@StrPick;


    3. Code before a goto is NEVER execute, so you can remove all your close/end after a goto.
    4. In the start of your script, we have:
      set .RBet,select(.@RouletteMenu$);

      You are using a global NPC variable .RBet and use it after some next and menu. Problem ? Each time someone talk to the npc will reset everyone choice. So replace it by a player variable or scope variable should be a good choice.

    5. Some part can really be rewrite to reduce lines of code, like the huge switch() + goto part, it can be replace by an array...
    6. Do you really need to store the choice in permanent variable ? (getd("Bet_"+.@i+"$")). Should be better to use an @array$[].

    Well I will try to make mine, but not have time today :(

    Playertalk

    in Rejected

    Posted

    Yah but message() is this:

    *message "<character name>","<message>";

    That command will send a message to the chat window of the character specified

    by name. The text will also appear above the head of that character. It will not

    be seen by anyone else.

    Where as for playertalk, the variable is different + the message appears in the box and outside and people can see it.

    The variable is different ? It's not a valid argument for me.

    Other people can't see message(), just the specify character.

    The only valid reason is the message appear in the message box (don't know there was a packet just for a message over the head (and not in the dialog box)).

    progressbar stop when getting hitted?

    in Scripting Support

    Posted

    Funny...

    doevent strnpcinfo(3)+"::OnStartProgressBar";
doevent strnpcinfo(3)+"::OnCheckHit";
input .@rcode;

[...]

OnStartProgressBar:
progressbar "green", 5;
end;

OnCheckHit:
for ( set .@last_life, HP; .@i<5; set .@i, .@i+1 ) {
	if ( @last_life < HP )
		close;
	set .@last_life, HP;
	sleep2 1000;
}

    Try it, but: I'm not sure if it will work to close the script like this (it should since it's the same npcid...), and there is noway to remove a npc dialog/menu/input without the need of the client (or @refresh).

    • Upvote 1

    Koe script_rid2sd

    in Scripting Support

    Posted

    As you can see, he's calling the KoEActualEnd label from an OnMinute event label, so into a script that has NO rid attached.

    Checking that label...

    ...

    You can easily notice that there is no commands that attach a RID to the script, and a getcharid() is called, commands that NEEDS a RID attached to work.

    OnWhisperGlobal = RID :P

    But I agree with $KOEGUILD, I was busy to read the entire script :P

    So the correct fix should be, replace:

    if($KOEGUILD!=0) { Announce "The King of Emperium Hill has ended! The King Of Emperium Hill is the ["+GetGuildName($KOEGUILD)+"] guild.",bc_all|bc_WoE; } else { Announce "The King of Emperium Hill has ended! No guild has proven themselves King Of Emperium Hill!",bc_all|bc_WoE; }
query_sql "UPDATE guild SET guild_points=guild_points +1 WHERE guild_id="+ getcharid(2);

    With:

    if( $KOEGUILD !=0 ) {
   Announce "The King of Emperium Hill has ended! The King Of Emperium Hill is the ["+GetGuildName($KOEGUILD)+"] guild.",bc_all|bc_WoE;
   query_sql "UPDATE guild SET guild_points=guild_points +1 WHERE guild_id="+ $KOEGUILD;
} else {
   Announce "The King of Emperium Hill has ended! No guild has proven themselves King Of Emperium Hill!",bc_all|bc_WoE;
}

    Koe script_rid2sd

    in Scripting Support

    Posted

    Well, try to replace:

    query_sql "UPDATE guild SET guild_points=guild_points +1 WHERE guild_id="+ getcharid(2);

    With:

    if ( playerattached() )
   query_sql "UPDATE guild SET guild_points=guild_points +1 WHERE guild_id=" + getcharid(2);

    variable -> label?

    in Scripting Support

    Posted

    No you can't store a label into a variable, you will save its value (numerical) but not it's type.

    But as far I know you can send a label as an argument to a function or return a label from a function.

    Well, I think you should re-organize your code to avoid using this structure :)

    • Upvote 2

    Anyone want to make Roulette script?

    in Script Requests

    Posted

    There are some reasons why I don't reply to this topic.

    The main reason is because you didn't mention me in your first post ! *joke*

    Seriously, I don't know well the rules so I can't really figure out how it works. It doesn't seem like a complex script but more like a boring script (to code) but the main reason is mostly because the result in-game will not be impressive : just a NPC dialog/menu like all casinos NPC.

×
×
  • Create New...