Add new 'if'.

[Like it]

Hello, I would like someone to help me with this script, because I tried anyway to show the menu to delete items if GM wants and I could not ... There are no errors in map-server, but as explained, I would like the option to delete Items along with the rest of npc.

OBS: Yes, the script is very messy, if you want to optimize it, I will also thank.

 

Spoiler

prontera,162,161,6	script	ghjkl	56,{
	if ( getgroupid() <= 1 ){
	mes "Input a item id.";
		input .@tmp$;
		if( getitemname( .@tmp$ ) != "null" ){
			for( set .@i,0; .@i < .sql_size; set .@i,.@i + 1 ){
				query_sql( "SELECT SUM(`amount`) FROM `"+.sql_table$[.@i]+"` WHERE `nameid`='"+.@tmp$+"'",.@amount );
				query_sql( "SELECT COUNT(`card0`) FROM `"+.sql_table$[.@i]+"` WHERE `card0`='"+.@tmp$+"'",.@card0 );
				query_sql( "SELECT COUNT(`card1`) FROM `"+.sql_table$[.@i]+"` WHERE `card1`='"+.@tmp$+"'",.@card1 );
				query_sql( "SELECT COUNT(`card2`) FROM `"+.sql_table$[.@i]+"` WHERE `card2`='"+.@tmp$+"'",.@card2 );
				query_sql( "SELECT COUNT(`card3`) FROM `"+.sql_table$[.@i]+"` WHERE `card3`='"+.@tmp$+"'",.@card3 );
				set .@total,.@total + ( .@amount + .@card0 + .@card1 + .@card2 + .@card3 );
			}
			mes "Found "+.@total+" x "+getitemname( .@tmp$ );
		}
		else{
			mes "Wrong item id";
			}
		close;
	}
	if ( getgroupid() == 99 ){
		mes "Enter an item id or item name. Display a list order by max amount found.";
		input .@tmp$;
		set .@item_id, atoi( .@tmp$ );
		if ( .@item_id == 0 && getstrlen( .@tmp$ ) > 2 ) {// item name, eventually
			set .@count, searchitem( .@tmp_array, .@tmp$ );
			if ( .@count == 0 ) {// none item found
				next;
				mes "None item found.";
				close;
			}
			next;
			mes "I found the following items: ";
			next;
			while( .@i < .@count ) {
				set .@menu$, .@menu$ + getitemname( .@tmp_array[.@i] ) +" (ID "+ .@tmp_array[.@i] +"):";
				set .@i, .@i +1;
			}
			set .@s, select( .@menu$ ) -1;
			set .@item_id, .@tmp_array[.@s];
		}
		else if ( .@item_id == 0 || getiteminfo( .@item_id,2 ) == -1 ) {
			next;
			mes "Wrong item id";
			close;
		}
	
		set .@search$, "`nameid` = "+ .@item_id +" or `card0` = "+ .@item_id +" or `card1` = "+ .@item_id +" or `card2` = "+ .@item_id +" or `card3` = "+ .@item_id;
		while(1) {
			set .@count, query_sql( "SELECT `char`.`name`, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `inventory` WHERE `char`.`char_id` = `inventory`.`char_id` and ( "+ .@search$ +" ) ) AS inv, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `cart_inventory` WHERE `char`.`char_id` = `cart_inventory`.`char_id` and ( "+ .@search$ +" ) ) AS cart, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `storage` WHERE `storage`.`account_id` = `char`.`account_id` and ( "+ .@search$ +" ) ) AS sto, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `guild_storage` WHERE `guild_storage`.`guild_id` = `char`.`guild_id` and ( "+ .@search$ +" ) ) AS gsto "+
				"FROM `char` order by ( inv + cart + sto + gsto ) desc limit "+ ( .@page * 100 ) +", 100", .@name$, .@inventory, .@cart, .@storage, .@gstorage );
			if ( .@count == 0 ) break;
			for ( set .@i, 0; .@i < .@count && .@name$[.@i] != ""; set .@i, .@i +20 ) {
				mes "^ff0000<player>^000000 <inv>,^00ff00<cart>,^0000ff<sto>,^006600<gsto>";
				for ( set .@j, 0; .@j < 20 && .@name$[ (.@i+.@j) ] != ""; set .@j, .@j +1 ) {
					set .@tmp, .@i + .@j;
					if ( ( .@inventory[.@tmp] + .@cart[.@tmp] + .@storage[.@tmp] + .@gstorage[.@tmp] ) == 0 ) {
						next;
						goto L_End;// XP!
					}
					set .@num, .@num +1;
					mes .@num +"/ ^ff0000"+ .@name$[.@tmp] +"^000000 : < "+ .@inventory[.@tmp] +", ^00ff00"+ .@cart[.@tmp] +", ^0000ff"+ .@storage[.@tmp] +", ^006600"+ .@gstorage[.@tmp] +"^000000 >";
				}
				next;
				set .@page, .@page +1;
			}
				if ( select( "Cancel", "Delete item" ) == 2 ) {
					for( set .@i,0; .@i < .@count; set .@i,.@i + 1 ) {
						query_sql "delete from `"+.sql_table$[.@i]+"` WHERE ( `nameid`='"+.@item_id+"' or `card0`='"+.@item_id+"' or "+
								"`card1`='"+.@item_id+"' or `card2`='"+.@item_id+"' or `card3`='"+.@item_id+"' )";
					}
					set .@count, query_sql( "select `account_id` from `char` where `online` = 1", .@account_id );
					set .@origin, getcharid(3);
					for( set .@i,0; .@i < .@count; set .@i,.@i + 1 ){
						attachrid .@account_id;
						set .@amount, countitem( .@item_id );
						delitem .@item_id, .@amount;
					}
					attachrid .@origin;
					mes "Pronto.";
				}	
		}
	}
L_End:
	mes "*end of the list*";
	close;
	
OnInit:
	setarray .sql_table$[0],"inventory","cart_inventory","guild_storage","storage","mail";
	set .sql_size,getarraysize( .sql_table$ );
	end;
}

 

 

[Ninja]

Well, before I do anything with your script, You should be aware that first of all, you will not be able to delete items of players that are online because items get saved when players logout.  Second,  you may make sure that you are using the right group id in your script. I guess setting it to < 99 Will be a better choice. Then try it again and let us know the results.

[Secrets]

First, this script is vulnerable to SQL injection.

Second, add a check if each owner of the target item is online or not. If they are online, use `delitem2`. Otherwise, query for deletion directly. 

[Like it]

3 hours ago, Ninja said:

Well, before I do anything with your script, You should be aware that first of all, you will not be able to delete items of players that are online because items get saved when players logout.  Second,  you may make sure that you are using the right group id in your script. I guess setting it to < 99 Will be a better choice. Then try it again and let us know the results.

 

2 hours ago, Secrets said:

First, this script is vulnerable to SQL injection.

Second, add a check if each owner of the target item is online or not. If they are online, use `delitem2`. Otherwise, query for deletion directly. 

I'm confused, you're saying different things ...

After all, can I delete items from online players? If not, there is no need to tinker with the script unless it is to optimize it.
As for the id group, whatever, because on my server there is only Admin, players group 0 and group 1, there are no GMs

[Ninja]

43 minutes ago, Like it said:

I'm confused, you're saying different things ...

Yes, because we are saying different points. @Secrets is saying that it can be a security issue for your server if someone knows how to do SQL injection. I was simply checking things that I was not aware of about your server.

49 minutes ago, Like it said:

After all, can I delete items from online players? If not, there is no need to tinker with the script unless it is to optimize it.

On her second point she is suggesting that you check if the player is online or not, if he is online you should delete directly the items in his inventory through delitem2, if not, proceed with SQL Delete query. Her second point also invalidates my point regarding "you will not be able to delete items of players that are online because items get saved when players logout."

[Like it]

On 25/05/2017 at 1:56 AM, Ninja said:

Yes, because we are saying different points. @Secrets is saying that it can be a security issue for your server if someone knows how to do SQL injection. I was simply checking things that I was not aware of about your server.

On her second point she is suggesting that you check if the player is online or not, if he is online you should delete directly the items in his inventory through delitem2, if not, proceed with SQL Delete query. Her second point also invalidates my point regarding "you will not be able to delete items of players that are online because items get saved when players logout."

So you think I'd better not create this drop-down menu?

What if we kick the player(s) before deleting the items?

@Ninja

Edited August 3, 2017 by Like it