Jump to content

Question

Posted

Hello, I would like someone to help me with this script, because I tried anyway to show the menu to delete items if GM wants and I could not ... There are no errors in map-server, but as explained, I would like the option to delete Items along with the rest of npc.

OBS: Yes, the script is very messy, if you want to optimize it, I will also thank.

 

Spoiler

prontera,162,161,6	script	ghjkl	56,{
	if ( getgroupid() <= 1 ){
	mes "Input a item id.";
		input .@tmp$;
		if( getitemname( .@tmp$ ) != "null" ){
			for( set .@i,0; .@i < .sql_size; set .@i,.@i + 1 ){
				query_sql( "SELECT SUM(`amount`) FROM `"+.sql_table$[.@i]+"` WHERE `nameid`='"+.@tmp$+"'",.@amount );
				query_sql( "SELECT COUNT(`card0`) FROM `"+.sql_table$[.@i]+"` WHERE `card0`='"+.@tmp$+"'",.@card0 );
				query_sql( "SELECT COUNT(`card1`) FROM `"+.sql_table$[.@i]+"` WHERE `card1`='"+.@tmp$+"'",.@card1 );
				query_sql( "SELECT COUNT(`card2`) FROM `"+.sql_table$[.@i]+"` WHERE `card2`='"+.@tmp$+"'",.@card2 );
				query_sql( "SELECT COUNT(`card3`) FROM `"+.sql_table$[.@i]+"` WHERE `card3`='"+.@tmp$+"'",.@card3 );
				set .@total,.@total + ( .@amount + .@card0 + .@card1 + .@card2 + .@card3 );
			}
			mes "Found "+.@total+" x "+getitemname( .@tmp$ );
		}
		else{
			mes "Wrong item id";
			}
		close;
	}
	if ( getgroupid() == 99 ){
		mes "Enter an item id or item name. Display a list order by max amount found.";
		input .@tmp$;
		set .@item_id, atoi( .@tmp$ );
		if ( .@item_id == 0 && getstrlen( .@tmp$ ) > 2 ) {// item name, eventually
			set .@count, searchitem( .@tmp_array, .@tmp$ );
			if ( .@count == 0 ) {// none item found
				next;
				mes "None item found.";
				close;
			}
			next;
			mes "I found the following items: ";
			next;
			while( .@i < .@count ) {
				set .@menu$, .@menu$ + getitemname( .@tmp_array[.@i] ) +" (ID "+ .@tmp_array[.@i] +"):";
				set .@i, .@i +1;
			}
			set .@s, select( .@menu$ ) -1;
			set .@item_id, .@tmp_array[.@s];
		}
		else if ( .@item_id == 0 || getiteminfo( .@item_id,2 ) == -1 ) {
			next;
			mes "Wrong item id";
			close;
		}
	
		set .@search$, "`nameid` = "+ .@item_id +" or `card0` = "+ .@item_id +" or `card1` = "+ .@item_id +" or `card2` = "+ .@item_id +" or `card3` = "+ .@item_id;
		while(1) {
			set .@count, query_sql( "SELECT `char`.`name`, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `inventory` WHERE `char`.`char_id` = `inventory`.`char_id` and ( "+ .@search$ +" ) ) AS inv, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `cart_inventory` WHERE `char`.`char_id` = `cart_inventory`.`char_id` and ( "+ .@search$ +" ) ) AS cart, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `storage` WHERE `storage`.`account_id` = `char`.`account_id` and ( "+ .@search$ +" ) ) AS sto, "+
				"( SELECT COALESCE( SUM(`amount`),0 ) FROM `guild_storage` WHERE `guild_storage`.`guild_id` = `char`.`guild_id` and ( "+ .@search$ +" ) ) AS gsto "+
				"FROM `char` order by ( inv + cart + sto + gsto ) desc limit "+ ( .@page * 100 ) +", 100", .@name$, .@inventory, .@cart, .@storage, .@gstorage );
			if ( .@count == 0 ) break;
			for ( set .@i, 0; .@i < .@count && .@name$[.@i] != ""; set .@i, .@i +20 ) {
				mes "^ff0000<player>^000000 <inv>,^00ff00<cart>,^0000ff<sto>,^006600<gsto>";
				for ( set .@j, 0; .@j < 20 && .@name$[ (.@i+.@j) ] != ""; set .@j, .@j +1 ) {
					set .@tmp, .@i + .@j;
					if ( ( .@inventory[.@tmp] + .@cart[.@tmp] + .@storage[.@tmp] + .@gstorage[.@tmp] ) == 0 ) {
						next;
						goto L_End;// XP!
					}
					set .@num, .@num +1;
					mes .@num +"/ ^ff0000"+ .@name$[.@tmp] +"^000000 : < "+ .@inventory[.@tmp] +", ^00ff00"+ .@cart[.@tmp] +", ^0000ff"+ .@storage[.@tmp] +", ^006600"+ .@gstorage[.@tmp] +"^000000 >";
				}
				next;
				set .@page, .@page +1;
			}
				if ( select( "Cancel", "Delete item" ) == 2 ) {
					for( set .@i,0; .@i < .@count; set .@i,.@i + 1 ) {
						query_sql "delete from `"+.sql_table$[.@i]+"` WHERE ( `nameid`='"+.@item_id+"' or `card0`='"+.@item_id+"' or "+
								"`card1`='"+.@item_id+"' or `card2`='"+.@item_id+"' or `card3`='"+.@item_id+"' )";
					}
					set .@count, query_sql( "select `account_id` from `char` where `online` = 1", .@account_id );
					set .@origin, getcharid(3);
					for( set .@i,0; .@i < .@count; set .@i,.@i + 1 ){
						attachrid .@account_id;
						set .@amount, countitem( .@item_id );
						delitem .@item_id, .@amount;
					}
					attachrid .@origin;
					mes "Pronto.";
				}	
		}
	}
L_End:
	mes "*end of the list*";
	close;
	
OnInit:
	setarray .sql_table$[0],"inventory","cart_inventory","guild_storage","storage","mail";
	set .sql_size,getarraysize( .sql_table$ );
	end;
}

 

 

5 answers to this question

Recommended Posts

  • 0
Posted

Well, before I do anything with your script, You should be aware that first of all, you will not be able to delete items of players that are online because items get saved when players logout.  Second,  you may make sure that you are using the right group id in your script. I guess setting it to < 99 Will be a better choice. Then try it again and let us know the results. :)

  • 0
Posted

First, this script is vulnerable to SQL injection.

Second, add a check if each owner of the target item is online or not. If they are online, use `delitem2`. Otherwise, query for deletion directly. 

  • Upvote 1
  • 0
Posted
3 hours ago, Ninja said:

Well, before I do anything with your script, You should be aware that first of all, you will not be able to delete items of players that are online because items get saved when players logout.  Second,  you may make sure that you are using the right group id in your script. I guess setting it to < 99 Will be a better choice. Then try it again and let us know the results. :)

 

2 hours ago, Secrets said:

First, this script is vulnerable to SQL injection.

Second, add a check if each owner of the target item is online or not. If they are online, use `delitem2`. Otherwise, query for deletion directly. 

I'm confused, you're saying different things ...

After all, can I delete items from online players? If not, there is no need to tinker with the script unless it is to optimize it.
As for the id group, whatever, because on my server there is only Admin, players group 0 and group 1, there are no GMs

  • 0
Posted
43 minutes ago, Like it said:

I'm confused, you're saying different things ...

Yes, because we are saying different points. @Secrets is saying that it can be a security issue for your server if someone knows how to do SQL injection. I was simply checking things that I was not aware of about your server.

49 minutes ago, Like it said:

After all, can I delete items from online players? If not, there is no need to tinker with the script unless it is to optimize it.

On her second point she is suggesting that you check if the player is online or not, if he is online you should delete directly the items in his inventory through delitem2, if not, proceed with SQL Delete query. Her second point also invalidates my point regarding "you will not be able to delete items of players that are online because items get saved when players logout."

  • 0
Posted (edited)
On 25/05/2017 at 1:56 AM, Ninja said:

Yes, because we are saying different points. @Secrets is saying that it can be a security issue for your server if someone knows how to do SQL injection. I was simply checking things that I was not aware of about your server.

On her second point she is suggesting that you check if the player is online or not, if he is online you should delete directly the items in his inventory through delitem2, if not, proceed with SQL Delete query. Her second point also invalidates my point regarding "you will not be able to delete items of players that are online because items get saved when players logout."

So you think I'd better not create this drop-down menu?

What if we kick the player(s) before deleting the items?

@Ninja

Edited by Like it

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...