mirror of
https://github.com/CHOMPStation2/CHOMPStation2.git
synced 2025-12-10 02:09:41 +00:00
Implementing TGSQL security
This commit is contained in:
Cadyn
@@ -65,7 +65,7 @@
|
||||
if (config.log_say)
|
||||
WRITE_LOG(diary, "SAY: [speaker.simple_info_line()]: [html_decode(text)]")
|
||||
|
||||
//Log the message to in-game dialogue logs, as well.
|
||||
//Log the message to in-game dialogue logs, as well. //CHOMPEdit Begin
|
||||
if(speaker.client)
|
||||
//speaker.dialogue_log += "<b>([time_stamp()])</b> (<b>[speaker]/[speaker.client]</b>) <u>SAY:</u> - <span style=\"color:#32cd32\">[text]</span>"
|
||||
if(!SSdbcore.IsConnected())
|
||||
@@ -75,8 +75,12 @@
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "say", "message_content" = text))
|
||||
if(!query_insert.Execute())
|
||||
log_debug(query_insert.ErrorMsg())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//GLOB.round_text_log += "<b>([time_stamp()])</b> (<b>[speaker]/[speaker.client]</b>) <u>SAY:</u> - <span style=\"color:#32cd32\">[text]</span>"
|
||||
//CHOMPEdit End
|
||||
|
||||
/proc/log_ooc(text, client/user)
|
||||
if (config.log_ooc)
|
||||
@@ -87,7 +91,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = user.ckey, "sender_mob" = user.mob.real_name, "message_type" = "ooc", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//GLOB.round_text_log += "<b>([time_stamp()])</b> (<b>[user]</b>) <u>OOC:</u> - <span style=\"color:blue\"><b>[text]</b></span>"
|
||||
|
||||
/proc/log_aooc(text, client/user)
|
||||
@@ -99,7 +107,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = user.ckey, "sender_mob" = user.mob.real_name, "message_type" = "aooc", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//GLOB.round_text_log += "<b>([time_stamp()])</b> (<b>[user]</b>) <u>AOOC:</u> - <span style=\"color:red\"><b>[text]</b></span>"
|
||||
|
||||
/proc/log_looc(text, client/user)
|
||||
@@ -111,7 +123,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = user.ckey, "sender_mob" = user.mob.real_name, "message_type" = "looc", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//GLOB.round_text_log += "<b>([time_stamp()])</b> (<b>[user]</b>) <u>LOOC:</u> - <span style=\"color:orange\"><b>[text]</b></span>"
|
||||
|
||||
/proc/log_whisper(text, mob/speaker)
|
||||
@@ -127,7 +143,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "whisper", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
|
||||
|
||||
/proc/log_emote(text, mob/speaker)
|
||||
@@ -143,7 +163,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "emote", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//CHOMPEdit End
|
||||
|
||||
/proc/log_attack(attacker, defender, message)
|
||||
@@ -173,7 +197,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "deadsay", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//speaker.dialogue_log += "<b>([time_stamp()])</b> (<b>[speaker]/[speaker.client]</b>) <u>DEADSAY:</u> - <span style=\"color:green\">[text]</span>"
|
||||
//GLOB.round_text_log += "<font size=1><span style=\"color:#7e668c\"><b>([time_stamp()])</b> (<b>[src]/[speaker.client]</b>) <u>DEADSAY:</u> - [text]</span></font>"
|
||||
//CHOMPEdit End
|
||||
@@ -189,7 +217,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "deademote", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//CHOMPEdit End
|
||||
|
||||
/proc/log_adminwarn(text)
|
||||
@@ -207,7 +239,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "pda", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
|
||||
//speaker.dialogue_log += "<b>([time_stamp()])</b> (<b>[speaker]/[speaker.client]</b>) <u>MSG:</u> - <span style=\"color:[COLOR_GREEN]\">[text]</span>"
|
||||
//GLOB.round_text_log += "<b>([time_stamp()])</b> (<b>[speaker]/[speaker.client]</b>) <u>MSG:</u> - <span style=\"color:[COLOR_GREEN]\">[text]</span>"
|
||||
|
||||
@@ -9,7 +9,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "nsay", "message_content" = text))
|
||||
query_insert.ErrorMsg()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//CHOMPEdit End
|
||||
|
||||
/proc/log_nme(text, inside, mob/speaker)
|
||||
@@ -23,7 +27,11 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "nme", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//CHOMPEdit End
|
||||
|
||||
/proc/log_subtle(text, mob/speaker)
|
||||
@@ -37,5 +45,9 @@
|
||||
return null
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_dialog (mid, time, ckey, mob, type, message) VALUES (null, NOW(), :sender_ckey, :sender_mob, :message_type, :message_content)", \
|
||||
list("sender_ckey" = speaker.ckey, "sender_mob" = speaker.real_name, "message_type" = "subtle", "message_content" = text))
|
||||
query_insert.Execute()
|
||||
if(!query_insert.Execute())
|
||||
log_debug("Error during logging: "+query_insert.ErrorMsg())
|
||||
qdel(query_insert)
|
||||
return
|
||||
qdel(query_insert)
|
||||
//CHOMPEdit End
|
||||
|
||||
@@ -22,6 +22,8 @@ SUBSYSTEM_DEF(dbcore)
|
||||
for(var/I in active_queries)
|
||||
var/DBQuery/Q = I
|
||||
if(world.time - Q.last_activity_time > (5 MINUTES))
|
||||
message_admins("Found undeleted query, please check the server logs and notify coders.")
|
||||
log_debug("Undeleted query: \"[Q.sql]\" LA: [Q.last_activity] LAT: [Q.last_activity_time]")
|
||||
qdel(Q)
|
||||
if(MC_TICK_CHECK)
|
||||
return
|
||||
|
||||
@@ -84,10 +84,11 @@ SUBSYSTEM_DEF(persist)
|
||||
var/sql_dpt = sql_sanitize_text(department_earning)
|
||||
var/sql_bal = text2num("[C.department_hours[department_earning]]")
|
||||
var/sql_total = text2num("[C.play_hours[department_earning]]")
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO vr_player_hours (ckey, department, hours, total_hours) VALUES ('[sql_ckey]', '[sql_dpt]', [sql_bal], [sql_total]) ON DUPLICATE KEY UPDATE hours = VALUES(hours), total_hours = VALUES(total_hours)") //CHOMPEdit TGSQL
|
||||
var/list/sqlargs = list("t_ckey" = sql_ckey, "t_department" = sql_dpt) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO vr_player_hours (ckey, department, hours, total_hours) VALUES (:t_ckey, :t_department, [sql_bal], [sql_total]) ON DUPLICATE KEY UPDATE hours = VALUES(hours), total_hours = VALUES(total_hours)", sqlargs) //CHOMPEdit TGSQL
|
||||
if(!query.Execute()) //CHOMPEdit
|
||||
log_admin(query.ErrorMsg()) //CHOMPEdit
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if (MC_TICK_CHECK)
|
||||
return
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ proc/sql_poll_population()
|
||||
if(!query.Execute())
|
||||
var/err = query.ErrorMsg()
|
||||
log_game("SQL ERROR during population polling. Error : \[[err]\]\n")
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
|
||||
proc/sql_report_round_start()
|
||||
// TODO
|
||||
@@ -53,10 +54,11 @@ proc/sql_report_death(var/mob/living/carbon/human/H)
|
||||
if(!SSdbcore.IsConnected()) //CHOMPEdit TGSQL
|
||||
log_game("SQL ERROR during death reporting. Failed to connect.")
|
||||
else
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO death (name, byondkey, job, special, pod, tod, laname, lakey, gender, bruteloss, fireloss, brainloss, oxyloss, coord) VALUES ('[sqlname]', '[sqlkey]', '[sqljob]', '[sqlspecial]', '[sqlpod]', '[sqltime]', '[laname]', '[lakey]', '[H.gender]', [H.getBruteLoss()], [H.getFireLoss()], [H.brainloss], [H.getOxyLoss()], '[coord]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO death (name, byondkey, job, special, pod, tod, laname, lakey, gender, bruteloss, fireloss, brainloss, oxyloss, coord) VALUES (:t_name, :t_byondkey, :t_job, :t_special, :t_pod, '[sqltime]', :t_laname, :t_lakey, '[H.gender]', [H.getBruteLoss()], [H.getFireLoss()], [H.brainloss], [H.getOxyLoss()], '[coord]')", list("t_name" = sqlname,"t_byondkey" = sqlkey, "t_job" = sqljob, "t_special" = sqlspecial, "t_pod" = sqlpod, "t_laname" = laname, "t_lakey" = lakey)) //CHOMPEdit TGSQL
|
||||
if(!query.Execute())
|
||||
var/err = query.ErrorMsg()
|
||||
log_game("SQL ERROR during death reporting. Error : \[[err]\]\n")
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
|
||||
|
||||
proc/sql_report_cyborg_death(var/mob/living/silicon/robot/H)
|
||||
@@ -87,10 +89,11 @@ proc/sql_report_cyborg_death(var/mob/living/silicon/robot/H)
|
||||
if(!SSdbcore.IsConnected()) //CHOMPEdit TGSQL
|
||||
log_game("SQL ERROR during death reporting. Failed to connect.")
|
||||
else
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO death (name, byondkey, job, special, pod, tod, laname, lakey, gender, bruteloss, fireloss, brainloss, oxyloss, coord) VALUES ('[sqlname]', '[sqlkey]', '[sqljob]', '[sqlspecial]', '[sqlpod]', '[sqltime]', '[laname]', '[lakey]', '[H.gender]', [H.getBruteLoss()], [H.getFireLoss()], [H.brainloss], [H.getOxyLoss()], '[coord]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO death (name, byondkey, job, special, pod, tod, laname, lakey, gender, bruteloss, fireloss, brainloss, oxyloss, coord) VALUES (:t_name, :t_byondkey, :t_job, :t_special, :t_pod, '[sqltime]', :t_laname, :t_lakey, '[H.gender]', [H.getBruteLoss()], [H.getFireLoss()], [H.brainloss], [H.getOxyLoss()], '[coord]')", list("t_name" = sqlname,"t_byondkey" = sqlkey, "t_job" = sqljob, "t_special" = sqlspecial, "t_pod" = sqlpod, "t_laname" = laname, "t_lakey" = lakey)) //CHOMPEdit TGSQL
|
||||
if(!query.Execute())
|
||||
var/err = query.ErrorMsg()
|
||||
log_game("SQL ERROR during death reporting. Error : \[[err]\]\n")
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
|
||||
|
||||
proc/statistic_cycle()
|
||||
@@ -126,7 +129,7 @@ proc/sql_commit_feedback()
|
||||
|
||||
while(max_query.NextRow())
|
||||
newroundid = max_query.item[1]
|
||||
|
||||
qdel(max_query) //CHOMPEdit TGSQL
|
||||
if(!(isnum(newroundid)))
|
||||
newroundid = text2num(newroundid)
|
||||
|
||||
@@ -143,3 +146,4 @@ proc/sql_commit_feedback()
|
||||
if(!query.Execute())
|
||||
var/err = query.ErrorMsg()
|
||||
log_game("SQL ERROR during death reporting. Error : \[[err]\]\n")
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
|
||||
@@ -573,6 +573,7 @@ var/failed_old_db_connections = 0
|
||||
|
||||
if(num_tries==5)
|
||||
log_admin("ERROR TRYING TO CLEAR erro_dialog")
|
||||
qdel(query_truncate)
|
||||
else
|
||||
to_world_log("Feedback database connection failed.")
|
||||
//CHOMPEdit End
|
||||
|
||||
@@ -44,11 +44,12 @@ datum/admins/proc/DB_ban_record(var/bantype, var/mob/banned_mob, var/duration =
|
||||
computerid = bancid
|
||||
ip = banip
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id FROM erro_player WHERE ckey = '[ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id FROM erro_player WHERE ckey = :t_ckey", list("t_ckey",ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
var/validckey = 0
|
||||
if(query.NextRow())
|
||||
validckey = 1
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(!validckey)
|
||||
if(!banned_mob || (banned_mob && !IsGuestKey(banned_mob.key))) //VOREStation Edit Start.
|
||||
var/confirm = alert(usr, "This ckey hasn't been seen, are you sure?", "Confirm Badmin" , "Yes", "No")
|
||||
@@ -79,13 +80,14 @@ datum/admins/proc/DB_ban_record(var/bantype, var/mob/banned_mob, var/duration =
|
||||
adminwho += ", [C]"
|
||||
|
||||
reason = sql_sanitize_text(reason)
|
||||
var/list/sqlargs = list("t_bantype" = bantype_str, "t_reason" = reason, "t_job" = job, "t_ckey" = ckey, "t_a_ckey" = a_ckey, "t_who" = who, "t_adminwho" = adminwho) //CHOMPEdit TGSQL
|
||||
var/sql = "INSERT INTO erro_ban (`id`,`bantime`,`serverip`,`bantype`,`reason`,`job`,`duration`,`rounds`,`expiration_time`,`ckey`,`computerid`,`ip`,`a_ckey`,`a_computerid`,`a_ip`,`who`,`adminwho`,`edits`,`unbanned`,`unbanned_datetime`,`unbanned_ckey`,`unbanned_computerid`,`unbanned_ip`) VALUES (null, Now(), '[serverip]', :t_bantype, :t_reason, :t_job, [(duration)?"[duration]":"0"], [(rounds)?"[rounds]":"0"], Now() + INTERVAL [(duration>0) ? duration : 0] MINUTE, :t_ckey, '[computerid]', '[ip]', :t_a_ckey, '[a_computerid]', '[a_ip]', :t_who, :t_adminwho, '', null, null, null, null, null)" //CHOMPEdit TGSQL
|
||||
|
||||
var/sql = "INSERT INTO erro_ban (`id`,`bantime`,`serverip`,`bantype`,`reason`,`job`,`duration`,`rounds`,`expiration_time`,`ckey`,`computerid`,`ip`,`a_ckey`,`a_computerid`,`a_ip`,`who`,`adminwho`,`edits`,`unbanned`,`unbanned_datetime`,`unbanned_ckey`,`unbanned_computerid`,`unbanned_ip`) VALUES (null, Now(), '[serverip]', '[bantype_str]', '[reason]', '[job]', [(duration)?"[duration]":"0"], [(rounds)?"[rounds]":"0"], Now() + INTERVAL [(duration>0) ? duration : 0] MINUTE, '[ckey]', '[computerid]', '[ip]', '[a_ckey]', '[a_computerid]', '[a_ip]', '[who]', '[adminwho]', '', null, null, null, null, null)"
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql,sqlargs) //CHOMPEdit TGSQL
|
||||
query_insert.Execute()
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='blue'>Ban saved to database.</font></span>")
|
||||
message_admins("[key_name_admin(usr)] has added a [bantype_str] for [ckey] [(job)?"([job])":""] [(duration > 0)?"([duration] minutes)":""] with the reason: \"[reason]\" to the ban database.",1)
|
||||
|
||||
qdel(query_insert) //CHOMPEdit TGSQL
|
||||
|
||||
|
||||
datum/admins/proc/DB_ban_unban(var/ckey, var/bantype, var/job = "")
|
||||
@@ -119,7 +121,7 @@ datum/admins/proc/DB_ban_unban(var/ckey, var/bantype, var/job = "")
|
||||
else
|
||||
bantype_sql = "bantype = '[bantype_str]'"
|
||||
|
||||
var/sql = "SELECT id FROM erro_ban WHERE ckey = '[ckey]' AND [bantype_sql] AND (unbanned is null OR unbanned = false)"
|
||||
var/sql = "SELECT id FROM erro_ban WHERE ckey = :t_ckey AND [bantype_sql] AND (unbanned is null OR unbanned = false)" //CHOMPEdit TGSQL
|
||||
if(job)
|
||||
sql += " AND job = '[job]'"
|
||||
|
||||
@@ -130,12 +132,12 @@ datum/admins/proc/DB_ban_unban(var/ckey, var/bantype, var/job = "")
|
||||
var/ban_id
|
||||
var/ban_number = 0 //failsafe
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery(sql) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery(sql, list("t_ckey" = ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
while(query.NextRow())
|
||||
ban_id = query.item[1]
|
||||
ban_number++;
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(ban_number == 0)
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='red'>Database update failed due to no bans fitting the search criteria. If this is not a legacy ban you should contact the database admin.</font></span>")
|
||||
return
|
||||
@@ -175,7 +177,7 @@ datum/admins/proc/DB_ban_edit(var/banid = null, var/param = null)
|
||||
else
|
||||
to_chat(usr, "<span class='filter_adminlog'>Invalid ban id. Contact the database admin</span>")
|
||||
return
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
reason = sql_sanitize_text(reason)
|
||||
var/value
|
||||
|
||||
@@ -187,20 +189,22 @@ datum/admins/proc/DB_ban_edit(var/banid = null, var/param = null)
|
||||
if(!value)
|
||||
to_chat(usr, "Cancelled")
|
||||
return
|
||||
|
||||
var/DBQuery/update_query = SSdbcore.NewQuery("UPDATE erro_ban SET reason = '[value]', edits = CONCAT(edits,'- [eckey] changed ban reason from <cite><b>\\\"[reason]\\\"</b></cite> to <cite><b>\\\"[value]\\\"</b></cite><BR>') WHERE id = [banid]") //CHOMPEdit TGSQL
|
||||
var/list/sqlargs = list("t_reason" = value, "t_edits" = "- [eckey] changed ban reason from <cite><b>\\\"[reason]\\\"</b></cite> to <cite><b>\\\"[value]\\\"</b></cite><BR>") //CHOMPEdit TGSQL
|
||||
var/DBQuery/update_query = SSdbcore.NewQuery("UPDATE erro_ban SET reason = '[value]', edits = CONCAT(edits,:t_edits) WHERE id = [banid]", sqlargs) //CHOMPEdit TGSQL
|
||||
update_query.Execute()
|
||||
message_admins("[key_name_admin(usr)] has edited a ban for [pckey]'s reason from [reason] to [value]",1)
|
||||
qdel(update_query) //CHOMPEdit TGSQL
|
||||
if("duration")
|
||||
if(!value)
|
||||
value = input("Insert the new duration (in minutes) for [pckey]'s ban", "New Duration", "[duration]", null) as null|num
|
||||
if(!isnum(value) || !value)
|
||||
to_chat(usr, "Cancelled")
|
||||
return
|
||||
|
||||
var/DBQuery/update_query = SSdbcore.NewQuery("UPDATE erro_ban SET duration = [value], edits = CONCAT(edits,'- [eckey] changed ban duration from [duration] to [value]<br>'), expiration_time = DATE_ADD(bantime, INTERVAL [value] MINUTE) WHERE id = [banid]") //CHOMPEdit TGSQL
|
||||
var/list/sqlargs = list("t_edits" = "- [eckey] changed ban duration from [duration] to [value]<br>") //CHOMPEdit TGSQL
|
||||
var/DBQuery/update_query = SSdbcore.NewQuery("UPDATE erro_ban SET duration = [value], edits = CONCAT(edits,:t_edits), expiration_time = DATE_ADD(bantime, INTERVAL [value] MINUTE) WHERE id = [banid]",sqlargs) //CHOMPEdit TGSQL
|
||||
message_admins("[key_name_admin(usr)] has edited a ban for [pckey]'s duration from [duration] to [value]",1)
|
||||
update_query.Execute()
|
||||
qdel(update_query) //CHOMPEdit TGSQL
|
||||
if("unban")
|
||||
if(alert("Unban [pckey]?", "Unban?", "Yes", "No") == "Yes")
|
||||
DB_ban_unban_by_id(banid)
|
||||
@@ -226,7 +230,7 @@ datum/admins/proc/DB_ban_unban_by_id(var/id)
|
||||
while(query.NextRow())
|
||||
pckey = query.item[1]
|
||||
ban_number++;
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(ban_number == 0)
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='red'>Database update failed due to a ban id not being present in the database.</font></span>")
|
||||
return
|
||||
@@ -241,13 +245,13 @@ datum/admins/proc/DB_ban_unban_by_id(var/id)
|
||||
var/unban_ckey = src.owner:ckey
|
||||
var/unban_computerid = src.owner:computer_id
|
||||
var/unban_ip = src.owner:address
|
||||
|
||||
var/sql_update = "UPDATE erro_ban SET unbanned = 1, unbanned_datetime = Now(), unbanned_ckey = '[unban_ckey]', unbanned_computerid = '[unban_computerid]', unbanned_ip = '[unban_ip]' WHERE id = [id]"
|
||||
var/list/sqlargs = list("t_ckey" = unban_ckey) //CHOMPEdit TGSQL
|
||||
var/sql_update = "UPDATE erro_ban SET unbanned = 1, unbanned_datetime = Now(), unbanned_ckey = :t_ckey, unbanned_computerid = '[unban_computerid]', unbanned_ip = '[unban_ip]' WHERE id = [id]" //CHOMPEdit TGSQL
|
||||
message_admins("[key_name_admin(usr)] has lifted [pckey]'s ban.",1)
|
||||
|
||||
var/DBQuery/query_update = SSdbcore.NewQuery(sql_update) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_update = SSdbcore.NewQuery(sql_update,sqlargs) //CHOMPEdit TGSQL
|
||||
query_update.Execute()
|
||||
|
||||
qdel(query_update) //CHOMPEdit TGSQL
|
||||
|
||||
/client/proc/DB_ban_panel()
|
||||
set category = "Admin"
|
||||
@@ -363,21 +367,26 @@ datum/admins/proc/DB_ban_unban_by_id(var/id)
|
||||
var/ipsearch = ""
|
||||
var/cidsearch = ""
|
||||
var/bantypesearch = ""
|
||||
|
||||
//CHOMPEdit Begin
|
||||
var/list/sqlargs = list()
|
||||
if(!match)
|
||||
if(adminckey)
|
||||
adminsearch = "AND a_ckey = '[adminckey]' "
|
||||
adminsearch = "AND a_ckey = :t_adminckey "
|
||||
sqlargs["t_adminckey"] = adminckey
|
||||
if(playerckey)
|
||||
playersearch = "AND ckey = '[playerckey]' "
|
||||
playersearch = "AND ckey = :t_playerckey "
|
||||
sqlargs["t_playerckey"] = playerckey //CHOMPEdit End
|
||||
if(playerip)
|
||||
ipsearch = "AND ip = '[playerip]' "
|
||||
if(playercid)
|
||||
cidsearch = "AND computerid = '[playercid]' "
|
||||
else
|
||||
if(adminckey && length(adminckey) >= 3)
|
||||
adminsearch = "AND a_ckey LIKE '[adminckey]%' "
|
||||
if(adminckey && length(adminckey) >= 3) //CHOMPEdit Begin
|
||||
adminsearch = "AND a_ckey LIKE CONCAT(:t_adminckey,'%') "
|
||||
sqlargs["t_adminckey"] = adminckey
|
||||
if(playerckey && length(playerckey) >= 3)
|
||||
playersearch = "AND ckey LIKE '[playerckey]%' "
|
||||
playersearch = "AND ckey LIKE CONCAT(:t_playerckey,'%') "
|
||||
sqlargs["t_playerckey"] = playerckey //CHOMPEdit End
|
||||
if(playerip && length(playerip) >= 3)
|
||||
ipsearch = "AND ip LIKE '[playerip]%' "
|
||||
if(playercid && length(playercid) >= 7)
|
||||
@@ -396,7 +405,7 @@ datum/admins/proc/DB_ban_unban_by_id(var/id)
|
||||
else
|
||||
bantypesearch += "'PERMABAN' "
|
||||
|
||||
var/DBQuery/select_query = SSdbcore.NewQuery("SELECT id, bantime, bantype, reason, job, duration, expiration_time, ckey, a_ckey, unbanned, unbanned_ckey, unbanned_datetime, edits, ip, computerid FROM erro_ban WHERE 1 [playersearch] [adminsearch] [ipsearch] [cidsearch] [bantypesearch] ORDER BY bantime DESC LIMIT 100") //CHOMPEdit TGSQL
|
||||
var/DBQuery/select_query = SSdbcore.NewQuery("SELECT id, bantime, bantype, reason, job, duration, expiration_time, ckey, a_ckey, unbanned, unbanned_ckey, unbanned_datetime, edits, ip, computerid FROM erro_ban WHERE 1 [playersearch] [adminsearch] [ipsearch] [cidsearch] [bantypesearch] ORDER BY bantime DESC LIMIT 100", sqlargs) //CHOMPEdit TGSQL
|
||||
select_query.Execute()
|
||||
|
||||
var/now = time2text(world.realtime, "YYYY-MM-DD hh:mm:ss") // MUST BE the same format as SQL gives us the dates in, and MUST be least to most specific (i.e. year, month, day not day, month, year)
|
||||
@@ -475,5 +484,6 @@ datum/admins/proc/DB_ban_unban_by_id(var/id)
|
||||
output += "</tr>"
|
||||
|
||||
output += "</table></div>"
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
|
||||
usr << browse(output,"window=lookupbans;size=900x700")
|
||||
|
||||
@@ -52,7 +52,7 @@ world/IsBanned(key,address,computer_id)
|
||||
failedcid = 0
|
||||
cidquery = " OR computerid = '[computer_id]' "
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT ckey, ip, computerid, a_ckey, reason, expiration_time, duration, bantime, bantype FROM erro_ban WHERE (ckey = '[ckeytext]' [ipquery] [cidquery]) AND (bantype = 'PERMABAN' OR (bantype = 'TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT ckey, ip, computerid, a_ckey, reason, expiration_time, duration, bantime, bantype FROM erro_ban WHERE (ckey = :t_ckey [ipquery] [cidquery]) AND (bantype = 'PERMABAN' OR (bantype = 'TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)", list("t_ckey" = ckeytext)) //CHOMPEdit TGSQL
|
||||
|
||||
query.Execute()
|
||||
|
||||
@@ -72,9 +72,9 @@ world/IsBanned(key,address,computer_id)
|
||||
expires = " The ban is for [duration] minutes and expires on [expiration] (server time)."
|
||||
|
||||
var/desc = "\nReason: You, or another user of this computer or connection ([pckey]) is banned from playing here. The ban reason is:\n[reason]\nThis ban was applied by [ackey] on [bantime], [expires]"
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
return list("reason"="[bantype]", "desc"="[desc]")
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if (failedcid)
|
||||
message_admins("[key] has logged in with a blank computer id in the ban check.")
|
||||
if (failedip)
|
||||
|
||||
@@ -135,6 +135,7 @@ var/list/admin_ranks = list() //list of all ranks with associated rights
|
||||
|
||||
//find the client for a ckey if they are connected and associate them with the new admin datum
|
||||
D.associate(GLOB.directory[ckey])
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(!admin_datums)
|
||||
error("The database query in load_admins() resulted in no admins being added to the list. Reverting to legacy system.")
|
||||
log_misc("The database query in load_admins() resulted in no admins being added to the list. Reverting to legacy system.")
|
||||
|
||||
@@ -45,7 +45,7 @@
|
||||
//CHOMPEdit Begin
|
||||
/*for(var/d in M.dialogue_log)
|
||||
dat += "[d]<br>"*/
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT mid,time,ckey,mob,type,message from erro_dialog WHERE ckey = '[M.ckey]'")
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT mid,time,ckey,mob,type,message from erro_dialog WHERE ckey = :t_ckey", list("t_ckey" = M.ckey))
|
||||
if(!query.Execute())
|
||||
dat += "<i>Database query error</i>"
|
||||
else
|
||||
@@ -59,6 +59,7 @@
|
||||
dat += "<fieldset style='border: 2px solid white; display: inline'>"
|
||||
dat += messages
|
||||
dat += "</fieldset>"
|
||||
qdel(query)
|
||||
//CHOMPEdit End
|
||||
var/datum/browser/popup = new(usr, "admin_dialogue_log", "[src]", 650, 650, src)
|
||||
popup.set_content(jointext(dat,null))
|
||||
|
||||
@@ -85,7 +85,7 @@ DEBUG
|
||||
var/job = query.item[2]
|
||||
|
||||
jobban_keylist.Add("[ckey] - [job]")
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
//Job tempbans
|
||||
var/DBQuery/query1 = SSdbcore.NewQuery("SELECT ckey, job FROM erro_ban WHERE bantype = 'JOB_TEMPBAN' AND isnull(unbanned) AND expiration_time > Now()") //CHOMPEdit TGSQL
|
||||
query1.Execute()
|
||||
@@ -95,6 +95,7 @@ DEBUG
|
||||
var/job = query1.item[2]
|
||||
|
||||
jobban_keylist.Add("[ckey] - [job]")
|
||||
qdel(query1) //CHOMPEdit TGSQL
|
||||
|
||||
/proc/jobban_savebanfile()
|
||||
var/savefile/S=new("data/job_full.ban")
|
||||
|
||||
@@ -79,19 +79,23 @@
|
||||
while(select_query.NextRow())
|
||||
new_admin = 0
|
||||
admin_id = text2num(select_query.item[1])
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(new_admin)
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO `erro_admin` (`id`, `ckey`, `rank`, `level`, `flags`) VALUES (null, '[adm_ckey]', '[new_rank]', -1, 0)") //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
var/DBQuery/log_query = SSdbcore.NewQuery("INSERT INTO `test`.`erro_admin_log` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Added new admin [adm_ckey] to rank [new_rank]');") //CHOMPEdit TGSQL
|
||||
log_query.Execute()
|
||||
qdel(log_query) //CHOMPEdit TGSQL
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='blue'>New admin added.</font></span>")
|
||||
else
|
||||
if(!isnull(admin_id) && isnum(admin_id))
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("UPDATE `erro_admin` SET rank = '[new_rank]' WHERE id = [admin_id]") //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
var/DBQuery/log_query = SSdbcore.NewQuery("INSERT INTO `test`.`erro_admin_log` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Edited the rank of [adm_ckey] to [new_rank]');") //CHOMPEdit TGSQL
|
||||
log_query.Execute()
|
||||
qdel(log_query) //CHOMPEdit TGSQL
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='blue'>Admin rank changed.</font></span>")
|
||||
|
||||
/datum/admins/proc/log_admin_permission_modification(var/adm_ckey, var/new_permission)
|
||||
@@ -131,19 +135,23 @@
|
||||
while(select_query.NextRow())
|
||||
admin_id = text2num(select_query.item[1])
|
||||
admin_rights = text2num(select_query.item[2])
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!admin_id)
|
||||
return
|
||||
|
||||
if(admin_rights & new_permission) //This admin already has this permission, so we are removing it.
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("UPDATE `erro_admin` SET flags = [admin_rights & ~new_permission] WHERE id = [admin_id]") //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
var/DBQuery/log_query = SSdbcore.NewQuery("INSERT INTO `test`.`erro_admin_log` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Removed permission [rights2text(new_permission)] (flag = [new_permission]) to admin [adm_ckey]');") //CHOMPEdit TGSQL
|
||||
log_query.Execute()
|
||||
qdel(log_query) //CHOMPEdit TGSQL
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='blue'>Permission removed.</font></span>")
|
||||
else //This admin doesn't have this permission, so we are adding it.
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("UPDATE `erro_admin` SET flags = '[admin_rights | new_permission]' WHERE id = [admin_id]") //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
var/DBQuery/log_query = SSdbcore.NewQuery("INSERT INTO `test`.`erro_admin_log` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Added permission [rights2text(new_permission)] (flag = [new_permission]) to admin [adm_ckey]')") //CHOMPEdit TGSQL
|
||||
log_query.Execute()
|
||||
qdel(log_query) //CHOMPEdit TGSQL
|
||||
to_chat(usr, "<span class='filter_adminlog'><font color='blue'>Permission added.</font></span>")
|
||||
@@ -63,15 +63,16 @@ var/inactive_keys = "None<br>"
|
||||
if(ckeys_with_customitems.Find(cur_ckey))
|
||||
ckeys_with_customitems.Remove(cur_ckey)
|
||||
inactive_ckeys[cur_ckey] = "last seen on [query_inactive.item[2]]"
|
||||
qdel(query_inactive) //CHOMPEdit TGSQL
|
||||
|
||||
//if there are ckeys left over, check whether they have a database entry at all
|
||||
if(ckeys_with_customitems.len)
|
||||
for(var/cur_ckey in ckeys_with_customitems)
|
||||
var/DBQuery/query_inactive = SSdbcore.NewQuery("SELECT ckey FROM erro_player WHERE ckey = '[cur_ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_inactive = SSdbcore.NewQuery("SELECT ckey FROM erro_player WHERE ckey = :t_ckey", list("t_ckey" = cur_ckey)) //CHOMPEdit TGSQL
|
||||
query_inactive.Execute()
|
||||
if(!query_inactive.RowCount())
|
||||
inactive_ckeys += cur_ckey
|
||||
|
||||
qdel(query_inactive) //CHOMPEdit TGSQL
|
||||
if(inactive_ckeys.len)
|
||||
inactive_keys = ""
|
||||
for(var/cur_key in inactive_ckeys)
|
||||
|
||||
@@ -95,16 +95,18 @@
|
||||
|
||||
var/sql_discord = sql_sanitize_text(their_id)
|
||||
var/sql_ckey = sql_sanitize_text(ckey)
|
||||
var/DBQuery/query = SSdbcore.NewQuery("UPDATE erro_player SET discord_id = '[sql_discord]' WHERE ckey = '[sql_ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("UPDATE erro_player SET discord_id = :t_discord_id WHERE ckey = :t_ckey", list("t_discord_id" = sql_discord, "t_ckey" = sql_ckey)) //CHOMPEdit TGSQL
|
||||
if(query.Execute())
|
||||
to_chat(src, "<span class='notice'>Registration complete! Thank you for taking the time to register your Discord ID.</span>")
|
||||
log_and_message_admins("[ckey] has registered their Discord ID. Their Discord snowflake ID is: [their_id]") //YW EDIT
|
||||
admin_chat_message(message = "[ckey] has registered their Discord ID. Their Discord is: <@[their_id]>", color = "#4eff22") //YW EDIT
|
||||
notes_add(ckey, "Discord ID: [their_id]")
|
||||
world.VgsAddMemberRole(their_id)
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
else
|
||||
to_chat(src, "<span class='warning'>There was an error registering your Discord ID in the database. Contact an administrator.</span>")
|
||||
log_and_message_admins("[ckey] failed to register their Discord ID. Their Discord snowflake ID is: [their_id]. Is the database connected?")
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
return
|
||||
//VOREStation Add End
|
||||
|
||||
@@ -279,13 +281,17 @@
|
||||
|
||||
var/sql_ckey = sql_sanitize_text(ckey(key))
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT datediff(Now(),firstseen) as age FROM erro_player WHERE ckey = '[sql_ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT datediff(Now(),firstseen) as age FROM erro_player WHERE ckey = :t_ckey", list("t_ckey" = sql_ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
|
||||
//CHOMPEdit Begin
|
||||
if(query.NextRow())
|
||||
return text2num(query.item[1])
|
||||
var/outp = text2num(query.item[1])
|
||||
qdel(query)
|
||||
return outp
|
||||
else
|
||||
qdel(query)
|
||||
return -1
|
||||
//CHOMPEdit End
|
||||
|
||||
|
||||
/client/proc/log_client_to_db()
|
||||
@@ -299,7 +305,7 @@
|
||||
|
||||
var/sql_ckey = sql_sanitize_text(src.ckey)
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id, datediff(Now(),firstseen) as age FROM erro_player WHERE ckey = '[sql_ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id, datediff(Now(),firstseen) as age FROM erro_player WHERE ckey = :t_ckey", list("t_ckey" = sql_ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
var/sql_id = 0
|
||||
player_age = 0 // New players won't have an entry so knowing we have a connection we set this to zero to be updated if their is a record.
|
||||
@@ -307,12 +313,13 @@
|
||||
sql_id = query.item[1]
|
||||
player_age = text2num(query.item[2])
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
account_join_date = sanitizeSQL(findJoinDate())
|
||||
if(account_join_date && SSdbcore.IsConnected()) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_datediff = SSdbcore.NewQuery("SELECT DATEDIFF(Now(),'[account_join_date]')") //CHOMPEdit TGSQL
|
||||
if(query_datediff.Execute() && query_datediff.NextRow())
|
||||
account_age = text2num(query_datediff.item[1])
|
||||
qdel(query_datediff) //CHOMPEdit TGSQL
|
||||
|
||||
var/DBQuery/query_ip = SSdbcore.NewQuery("SELECT ckey FROM erro_player WHERE ip = '[address]'") //CHOMPEdit TGSQL
|
||||
query_ip.Execute()
|
||||
@@ -320,14 +327,14 @@
|
||||
while(query_ip.NextRow())
|
||||
related_accounts_ip += "[query_ip.item[1]], "
|
||||
break
|
||||
|
||||
qdel(query_ip) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_cid = SSdbcore.NewQuery("SELECT ckey FROM erro_player WHERE computerid = '[computer_id]'") //CHOMPEdit TGSQL
|
||||
query_cid.Execute()
|
||||
related_accounts_cid = ""
|
||||
while(query_cid.NextRow())
|
||||
related_accounts_cid += "[query_cid.item[1]], "
|
||||
break
|
||||
|
||||
qdel(query_cid) //CHOMPEdit TGSQL
|
||||
//Just the standard check to see if it's actually a number
|
||||
if(sql_id)
|
||||
if(istext(sql_id))
|
||||
@@ -376,7 +383,7 @@
|
||||
log_admin("Couldn't perform IP check on [key] with [address]")
|
||||
|
||||
// VOREStation Edit Start - Department Hours
|
||||
var/DBQuery/query_hours = SSdbcore.NewQuery("SELECT department, hours, total_hours FROM vr_player_hours WHERE ckey = '[sql_ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_hours = SSdbcore.NewQuery("SELECT department, hours, total_hours FROM vr_player_hours WHERE ckey = :t_ckey", list("t_ckey" = sql_ckey)) //CHOMPEdit TGSQL
|
||||
if(query_hours.Execute())
|
||||
while(query_hours.NextRow())
|
||||
department_hours[query_hours.item[1]] = text2num(query_hours.item[2])
|
||||
@@ -387,20 +394,23 @@
|
||||
spawn(0)
|
||||
alert(src, "The query to load your existing playtime failed. Screenshot this, give the screenshot to a developer, and reconnect, otherwise you may lose any recorded play hours (which may limit access to jobs). ERROR: [error_message]", "PROBLEMS!!")
|
||||
// VOREStation Edit End - Department Hours
|
||||
|
||||
qdel(query_hours) //CHOMPEdit TGSQL
|
||||
if(sql_id)
|
||||
//Player already identified previously, we need to just update the 'lastseen', 'ip' and 'computer_id' variables
|
||||
var/DBQuery/query_update = SSdbcore.NewQuery("UPDATE erro_player SET lastseen = Now(), ip = '[sql_ip]', computerid = '[sql_computerid]', lastadminrank = '[sql_admin_rank]' WHERE id = [sql_id]") //CHOMPEdit TGSQL
|
||||
query_update.Execute()
|
||||
qdel(query_update) //CHOMPEdit TGSQL
|
||||
else
|
||||
//New player!! Need to insert all the stuff
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_player (id, ckey, firstseen, lastseen, ip, computerid, lastadminrank) VALUES (null, '[sql_ckey]', Now(), Now(), '[sql_ip]', '[sql_computerid]', '[sql_admin_rank]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery("INSERT INTO erro_player (id, ckey, firstseen, lastseen, ip, computerid, lastadminrank) VALUES (null, :t_ckey, Now(), Now(), '[sql_ip]', '[sql_computerid]', '[sql_admin_rank]')", list("t_ckey" = sql_ckey)) //CHOMPEdit TGSQL
|
||||
query_insert.Execute()
|
||||
qdel(query_insert) //CHOMPEdit TGSQL
|
||||
|
||||
//Logging player access
|
||||
var/serverip = "[world.internet_address]:[world.port]"
|
||||
var/DBQuery/query_accesslog = SSdbcore.NewQuery("INSERT INTO `erro_connection_log`(`id`,`datetime`,`serverip`,`ckey`,`ip`,`computerid`) VALUES(null,Now(),'[serverip]','[sql_ckey]','[sql_ip]','[sql_computerid]');") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_accesslog = SSdbcore.NewQuery("INSERT INTO `erro_connection_log`(`id`,`datetime`,`serverip`,`ckey`,`ip`,`computerid`) VALUES(null,Now(),'[serverip]',:t_ckey,'[sql_ip]','[sql_computerid]');", list("t_ckey" = sql_ckey)) //CHOMPEdit TGSQL
|
||||
query_accesslog.Execute()
|
||||
qdel(query_accesslog) //CHOMPEdit TGSQL
|
||||
|
||||
#undef TOPIC_SPAM_DELAY
|
||||
#undef UPLOAD_LIMIT
|
||||
|
||||
@@ -31,6 +31,7 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
var/category = "Any"
|
||||
var/author
|
||||
var/SQLquery
|
||||
var/list/SQLargs //CHOMPEdit TGSQL
|
||||
|
||||
/obj/machinery/librarypubliccomp/attack_hand(var/mob/user as mob)
|
||||
usr.set_machine(src)
|
||||
@@ -52,7 +53,7 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
dat += {"<table>
|
||||
<tr><td>AUTHOR</td><td>TITLE</td><td>CATEGORY</td><td>SS<sup>13</sup>BN</td></tr>"}
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery(SQLquery) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery(SQLquery, SQLargs) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
|
||||
while(query.NextRow())
|
||||
@@ -61,6 +62,7 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
var/category = query.item[3]
|
||||
var/id = query.item[4]
|
||||
dat += "<tr><td>[author]</td><td>[title]</td><td>[category]</td><td>[id]</td></tr>"
|
||||
qdel(query)
|
||||
dat += "</table><BR>"
|
||||
dat += "<A href='?src=\ref[src];back=1'>\[Go Back\]</A><BR>"
|
||||
user << browse(dat, "window=publiclibrary")
|
||||
@@ -95,10 +97,16 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
author = sanitizeSQL(author)
|
||||
if(href_list["search"])
|
||||
SQLquery = "SELECT author, title, category, id FROM library WHERE "
|
||||
SQLargs = list() //CHOMPEdit begin
|
||||
if(category == "Any")
|
||||
SQLquery += "author LIKE '%[author]%' AND title LIKE '%[title]%'"
|
||||
SQLquery += "author LIKE '%:t_author%' AND title LIKE '%:t_title%'"
|
||||
SQLargs["t_author"] = author
|
||||
SQLargs["t_title"] = title
|
||||
else
|
||||
SQLquery += "author LIKE '%[author]%' AND title LIKE '%[title]%' AND category='[category]'"
|
||||
SQLquery += "author LIKE CONCAT('%',:t_author,'%') AND title LIKE CONCAT('%',:t_title,'%') AND category=:t_category"
|
||||
SQLargs["t_author"] = author
|
||||
SQLargs["t_title"] = title
|
||||
SQLargs["t_category"] = category //CHOMPEdit End
|
||||
screenstate = 1
|
||||
|
||||
if(href_list["back"])
|
||||
@@ -283,7 +291,7 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
dat += {"<A href='?src=\ref[src];orderbyid=1'>(Order book by SS<sup>13</sup>BN)</A><BR><BR>
|
||||
<table>
|
||||
<tr><td><A href='?src=\ref[src];sort=author>AUTHOR</A></td><td><A href='?src=\ref[src];sort=title>TITLE</A></td><td><A href='?src=\ref[src];sort=category>CATEGORY</A></td><td></td></tr>"}
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id, author, title, category FROM library ORDER BY [sortby]") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id, author, title, category FROM library ORDER BY :t_sortby", list("t_sortby" = sortby)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
|
||||
while(query.NextRow())
|
||||
@@ -292,6 +300,7 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
var/title = query.item[3]
|
||||
var/category = query.item[4]
|
||||
dat += "<tr><td>[author]</td><td>[title]</td><td>[category]</td><td><A href='?src=\ref[src];targetid=[id]'>\[Order\]</A></td></tr>"
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
dat += "</table>"
|
||||
dat += "<BR><A href='?src=\ref[src];switchscreen=0'>(Return to main menu)</A><BR>"
|
||||
|
||||
@@ -411,16 +420,18 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
var/sqlcontent = dbcon.Quote(scanner.cache.dat)
|
||||
var/sqlcategory = dbcon.Quote(upload_category)
|
||||
*/
|
||||
var/sqltitle = sanitizeSQL(scanner.cache.name)
|
||||
var/list/sql_args = list("t_title" = scanner.cache.name, "t_author" = scanner.cache.author, "t_content" = scanner.cache.dat, "t_category" = upload_category) //CHOMPEdit TGSQL
|
||||
/*var/sqltitle = sanitizeSQL(scanner.cache.name) CHOMPEdit TGSQL
|
||||
var/sqlauthor = sanitizeSQL(scanner.cache.author)
|
||||
var/sqlcontent = sanitizeSQL(scanner.cache.dat)
|
||||
var/sqlcategory = sanitizeSQL(upload_category)
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO library (author, title, content, category) VALUES ('[sqlauthor]', '[sqltitle]', '[sqlcontent]', '[sqlcategory]')") //CHOMPEdit TGSQL
|
||||
var/sqlcategory = sanitizeSQL(upload_category)*/
|
||||
var/DBQuery/query = SSdbcore.NewQuery("INSERT INTO library (author, title, content, category) VALUES (:t_author, :t_title, :t_content, :t_category)", sql_args) //CHOMPEdit TGSQL
|
||||
if(!query.Execute())
|
||||
to_chat(usr,query.ErrorMsg())
|
||||
else
|
||||
log_game("[usr.name]/[usr.key] has uploaded the book titled [scanner.cache.name], [length(scanner.cache.dat)] signs")
|
||||
alert("Upload Complete.")
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
//VOREStation Edit End
|
||||
|
||||
if(href_list["targetid"])
|
||||
@@ -451,6 +462,7 @@ datum/borrowbook // Datum used to keep track of who has borrowed what when and f
|
||||
B.item_state = B.icon_state
|
||||
src.visible_message("[src]'s printer hums as it produces a completely bound book. How did it do that?")
|
||||
break
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(href_list["orderbyid"])
|
||||
var/orderid = input("Enter your order:") as num|null
|
||||
if(orderid)
|
||||
|
||||
@@ -50,13 +50,13 @@
|
||||
var/isadmin = 0
|
||||
if(src.client && src.client.holder)
|
||||
isadmin = 1
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id FROM erro_poll_question WHERE [(isadmin ? "" : "adminonly = false AND")] Now() BETWEEN starttime AND endtime AND id NOT IN (SELECT pollid FROM erro_poll_vote WHERE ckey = \"[ckey]\") AND id NOT IN (SELECT pollid FROM erro_poll_textreply WHERE ckey = \"[ckey]\")") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id FROM erro_poll_question WHERE [(isadmin ? "" : "adminonly = false AND")] Now() BETWEEN starttime AND endtime AND id NOT IN (SELECT pollid FROM erro_poll_vote WHERE ckey = :t_ckey) AND id NOT IN (SELECT pollid FROM erro_poll_textreply WHERE ckey = :t_ckey)",list("t_ckey" = ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
var/newpoll = 0
|
||||
while(query.NextRow())
|
||||
newpoll = 1
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(newpoll)
|
||||
output += "<p><b><a href='byond://?src=\ref[src];showpoll=1'>Show Player Polls</A> (NEW!)</b></p>"
|
||||
else
|
||||
@@ -221,12 +221,12 @@
|
||||
var/voted = 0
|
||||
|
||||
//First check if the person has not voted yet.
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey='[src.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey=:t_ckey", list("t_ckey" = src.ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
while(query.NextRow())
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
//This is a safety switch, so only valid options pass through
|
||||
var/option = "UNKNOWN"
|
||||
switch(href_list["privacy_poll"])
|
||||
@@ -246,10 +246,12 @@
|
||||
return
|
||||
|
||||
if(!voted)
|
||||
var/sql = "INSERT INTO erro_privacy VALUES (null, Now(), '[src.ckey]', '[option]')"
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql) //CHOMPEdit TGSQL
|
||||
var/list/sqlargs = list("t_ckey" = src.ckey, "t_option" = "[option]") //CHOMPEdit TGSQL
|
||||
var/sql = "INSERT INTO erro_privacy VALUES (null, Now(), :t_ckey, :t_option)" //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql,sqlargs) //CHOMPEdit TGSQL
|
||||
query_insert.Execute()
|
||||
to_chat(usr, "<b>Thank you for your vote!</b>")
|
||||
qdel(query_insert)
|
||||
usr << browse(null,"window=privacypoll")
|
||||
|
||||
if(!ready && href_list["preference"])
|
||||
|
||||
@@ -5,12 +5,12 @@
|
||||
return
|
||||
var/voted = 0
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey='[src.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey=:t_ckey", list("t_ckey" = src.ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
while(query.NextRow())
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(!voted)
|
||||
privacy_poll()
|
||||
|
||||
@@ -72,7 +72,7 @@
|
||||
pollquestion = select_query.item[2]
|
||||
output += "<tr bgcolor='[ (i % 2 == 1) ? color1 : color2 ]'><td><a href=\"byond://?src=\ref[src];pollid=[pollid]\"><b>[pollquestion]</b></a></td></tr>"
|
||||
i++
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
output += "</table>"
|
||||
|
||||
src << browse(output,"window=playerpolllist;size=500x300")
|
||||
@@ -101,7 +101,7 @@
|
||||
polltype = select_query.item[4]
|
||||
found = 1
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!found)
|
||||
to_chat(usr, "<font color='red'>Poll question details not found.</font>")
|
||||
return
|
||||
@@ -109,7 +109,7 @@
|
||||
switch(polltype)
|
||||
//Polls that have enumerated options
|
||||
if("OPTION")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/voted = 0
|
||||
@@ -118,7 +118,7 @@
|
||||
votedoptionid = text2num(voted_query.item[1])
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
var/list/datum/polloption/options = list()
|
||||
|
||||
var/DBQuery/options_query = SSdbcore.NewQuery("SELECT id, text FROM erro_poll_option WHERE pollid = [pollid]") //CHOMPEdit TGSQL
|
||||
@@ -128,7 +128,7 @@
|
||||
PO.optionid = text2num(options_query.item[1])
|
||||
PO.optiontext = options_query.item[2]
|
||||
options += PO
|
||||
|
||||
qdel(options_query) //CHOMPEdit TGSQL
|
||||
var/output = "<div align='center'><B>Player poll</B>"
|
||||
output +="<hr>"
|
||||
output += "<b>Question: [pollquestion]</b><br>"
|
||||
@@ -162,7 +162,7 @@
|
||||
|
||||
//Polls with a text input
|
||||
if("TEXT")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT replytext FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT replytext FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/voted = 0
|
||||
@@ -171,7 +171,7 @@
|
||||
vote_text = voted_query.item[1]
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
|
||||
var/output = "<div align='center'><B>Player poll</B>"
|
||||
output +="<hr>"
|
||||
@@ -204,7 +204,7 @@
|
||||
|
||||
//Polls with a text input
|
||||
if("NUMVAL")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT o.text, v.rating FROM erro_poll_option o, erro_poll_vote v WHERE o.pollid = [pollid] AND v.ckey = '[usr.ckey]' AND o.id = v.optionid") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT o.text, v.rating FROM erro_poll_option o, erro_poll_vote v WHERE o.pollid = [pollid] AND v.ckey = :t_ckey AND o.id = v.optionid", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/output = "<div align='center'><B>Player poll</B>"
|
||||
@@ -220,7 +220,7 @@
|
||||
var/rating = voted_query.item[2]
|
||||
|
||||
output += "<br><b>[optiontext] - [rating]</b>"
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(!voted) //Only make this a form if we have not voted yet
|
||||
output += "<form name='cardcomp' action='?src=\ref[src]' method='get'>"
|
||||
output += "<input type='hidden' name='src' value='\ref[src]'>"
|
||||
@@ -264,7 +264,7 @@
|
||||
output += "<option value='[j]'>[j]</option>"
|
||||
|
||||
output += "</select>"
|
||||
|
||||
qdel(option_query) //CHOMPEdit TGSQL
|
||||
output += "<input type='hidden' name='minid' value='[minid]'>"
|
||||
output += "<input type='hidden' name='maxid' value='[maxid]'>"
|
||||
|
||||
@@ -273,7 +273,7 @@
|
||||
|
||||
src << browse(output,"window=playerpoll;size=500x500")
|
||||
if("MULTICHOICE")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/list/votedfor = list()
|
||||
@@ -281,7 +281,7 @@
|
||||
while(voted_query.NextRow())
|
||||
votedfor.Add(text2num(voted_query.item[1]))
|
||||
voted = 1
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
var/list/datum/polloption/options = list()
|
||||
var/maxoptionid = 0
|
||||
var/minoptionid = 0
|
||||
@@ -297,7 +297,7 @@
|
||||
if(PO.optionid < minoptionid || !minoptionid)
|
||||
minoptionid = PO.optionid
|
||||
options += PO
|
||||
|
||||
qdel(options_query) //CHOMPEdit TGSQL
|
||||
|
||||
if(select_query.item[5])
|
||||
multiplechoiceoptions = text2num(select_query.item[5])
|
||||
@@ -358,7 +358,7 @@
|
||||
if(select_query.item[5])
|
||||
multiplechoiceoptions = text2num(select_query.item[5])
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!validpoll)
|
||||
to_chat(usr, "<font color='red'>Poll is not valid.</font>")
|
||||
return
|
||||
@@ -378,14 +378,14 @@
|
||||
|
||||
var/alreadyvoted = 0
|
||||
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
while(voted_query.NextRow())
|
||||
alreadyvoted += 1
|
||||
if(!multichoice)
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(!multichoice && alreadyvoted)
|
||||
to_chat(usr, "<font color='red'>You already voted in this poll.</font>")
|
||||
return
|
||||
@@ -399,10 +399,11 @@
|
||||
adminrank = usr.client.holder.rank
|
||||
|
||||
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank) VALUES (null, Now(), [pollid], [optionid], '[usr.ckey]', '[usr.client.address]', '[adminrank]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank) VALUES (null, Now(), [pollid], [optionid], :t_ckey, '[usr.client.address]', '[adminrank]')", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
|
||||
to_chat(usr, "<font color='blue'>Vote successful.</font>")
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
usr << browse(null,"window=playerpoll")
|
||||
|
||||
|
||||
@@ -425,20 +426,20 @@
|
||||
return
|
||||
validpoll = 1
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!validpoll)
|
||||
to_chat(usr, "<font color='red'>Poll is not valid.</font>")
|
||||
return
|
||||
|
||||
var/alreadyvoted = 0
|
||||
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
while(voted_query.NextRow())
|
||||
alreadyvoted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(alreadyvoted)
|
||||
to_chat(usr, "<font color='red'>You already sent your feedback for this poll.</font>")
|
||||
return
|
||||
@@ -457,10 +458,11 @@
|
||||
to_chat(usr, "The text you entered was blank, contained illegal characters or was too long. Please correct the text and submit again.")
|
||||
return
|
||||
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_textreply (id ,datetime ,pollid ,ckey ,ip ,replytext ,adminrank) VALUES (null, Now(), [pollid], '[usr.ckey]', '[usr.client.address]', '[replytext]', '[adminrank]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_textreply (id ,datetime ,pollid ,ckey ,ip ,replytext ,adminrank) VALUES (null, Now(), [pollid], :t_ckey, '[usr.client.address]', :t_reply, '[adminrank]')", list("t_ckey" = usr.ckey, "t_reply" = replytext)) //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
|
||||
to_chat(usr, "<font color='blue'>Feedback logging successful.</font>")
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
usr << browse(null,"window=playerpoll")
|
||||
|
||||
|
||||
@@ -483,7 +485,7 @@
|
||||
return
|
||||
validpoll = 1
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!validpoll)
|
||||
to_chat(usr, "<font color='red'>Poll is not valid.</font>")
|
||||
return
|
||||
@@ -496,20 +498,20 @@
|
||||
while(select_query2.NextRow())
|
||||
validoption = 1
|
||||
break
|
||||
|
||||
qdel(select_query2) //CHOMPEdit TGSQL
|
||||
if(!validoption)
|
||||
to_chat(usr, "<font color='red'>Poll option is not valid.</font>")
|
||||
return
|
||||
|
||||
var/alreadyvoted = 0
|
||||
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE optionid = [optionid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE optionid = [optionid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
while(voted_query.NextRow())
|
||||
alreadyvoted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(alreadyvoted)
|
||||
to_chat(usr, "<font color='red'>You already voted in this poll.</font>")
|
||||
return
|
||||
@@ -519,8 +521,9 @@
|
||||
adminrank = usr.client.holder.rank
|
||||
|
||||
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank, rating) VALUES (null, Now(), [pollid], [optionid], '[usr.ckey]', '[usr.client.address]', '[adminrank]', [(isnull(rating)) ? "null" : rating])") //CHOMPEdit TGSQL
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank, rating) VALUES (null, Now(), [pollid], [optionid], '[usr.ckey]', '[usr.client.address]', '[adminrank]', :t_rating)", list("t_ckey" = usr.ckey, "t_rating" = rating)) //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
|
||||
to_chat(usr, "<font color='blue'>Vote successful.</font>")
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
usr << browse(null,"window=playerpoll")
|
||||
@@ -353,17 +353,19 @@ var/obj/machinery/blackbox_recorder/blackbox
|
||||
query.Execute()
|
||||
while(query.NextRow())
|
||||
round_id = query.item[1]
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(!isnum(round_id))
|
||||
round_id = text2num(round_id)
|
||||
round_id++
|
||||
|
||||
for(var/datum/feedback_variable/FV in feedback)
|
||||
var/sql = "INSERT INTO erro_feedback VALUES (null, Now(), [round_id], \"[FV.get_variable()]\", [FV.get_value()], \"[FV.get_details()]\")"
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql) //CHOMPEdit TGSQL
|
||||
var/list/sqlargs = list("t_roundid" = round_id, "t_variable" = "[FV.get_variable()]", "t_value" = "[FV.get_value()]", "t_details" = "[FV.get_details()]") //CHOMPEdit TGSQL
|
||||
var/sql = "INSERT INTO erro_feedback VALUES (null, Now(), :t_roundid, :t_variable, :t_value, :t_details)" //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql, sqlargs) //CHOMPEdit TGSQL
|
||||
query_insert.Execute()
|
||||
qdel(query_insert) //CHOMPEdit TGSQL
|
||||
|
||||
// Sanitize inputs to avoid SQL injection attacks
|
||||
// Sanitize inputs to avoid SQL injection attacks //CHOMPEdit NOTE: This is not secure. Basic filters like this are pretty easy to bypass. Use the format for arguments used in the above.
|
||||
proc/sql_sanitize_text(var/text)
|
||||
text = replacetext(text, "'", "''")
|
||||
text = replacetext(text, ";", "")
|
||||
|
||||
@@ -71,12 +71,13 @@ GLOBAL_LIST_EMPTY(pending_discord_registrations)
|
||||
|
||||
/datum/tgs_chat_command/register/Run(datum/tgs_chat_user/sender, params)
|
||||
// Try to find if that ID is registered to someone already
|
||||
var/sql_discord = sql_sanitize_text(sender.id)
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT discord_id FROM erro_player WHERE discord_id = '[sql_discord]'") //CHOMPEdit TGSQL
|
||||
//var/sql_discord = sql_sanitize_text(sender.id) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT discord_id FROM erro_player WHERE discord_id = :t_discord", list("t_discord"=sender.id)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
if(query.NextRow())
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
return "[sender.friendly_name], your Discord ID is already registered to a Byond username. Please contact an administrator if you changed your Byond username or Discord ID."
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
var/key_to_find = "[ckey(params)]"
|
||||
|
||||
// They didn't provide anything worth looking up.
|
||||
@@ -94,18 +95,20 @@ GLOBAL_LIST_EMPTY(pending_discord_registrations)
|
||||
if(!user)
|
||||
return "[sender.friendly_name], I couldn't find a logged-in user with the username of '[key_to_find]', which is what you provided after conversion to Byond's ckey format. Please connect to the game server and try again."
|
||||
|
||||
var/sql_ckey = sql_sanitize_text(key_to_find)
|
||||
query = SSdbcore.NewQuery("SELECT discord_id FROM erro_player WHERE ckey = '[sql_ckey]'") //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
//var/sql_ckey = sql_sanitize_text(key_to_find) //CHOMPEdit TGSQL
|
||||
var/DBQuery/query2 = SSdbcore.NewQuery("SELECT discord_id FROM erro_player WHERE ckey = :t_ckey",list("t_ckey" = key_to_find)) //CHOMPEdit TGSQL
|
||||
query2.Execute() //CHOMPEdit TGSQL
|
||||
|
||||
// We somehow found their client, BUT they don't exist in the database
|
||||
if(!query.NextRow())
|
||||
if(!query2.NextRow()) //CHOMPEdit TGSQL
|
||||
qdel(query2) //CHOMPEdit TGSQL
|
||||
return "[sender.friendly_name], the server's database is either not responding or there's no evidence you've ever logged in. Please contact an administrator."
|
||||
|
||||
// We found them in the database, AND they already have a discord ID assigned
|
||||
if(query.item[1])
|
||||
if(query2.item[1]) //CHOMPEdit TGSQL
|
||||
qdel(query2) //CHOMPEdit TGSQL
|
||||
return "[sender.friendly_name], it appears you've already registered your chat and game IDs. If you've changed game or chat usernames, please contact an administrator for help."
|
||||
|
||||
qdel(query2) //CHOMPEdit TGSQL
|
||||
// Okay. We found them, they're in the DB, and they have no discord ID set.
|
||||
var/message = "<span class='notice'>A request has been sent from Discord to validate your Byond username, by '[sender.friendly_name]' in '[sender.channel.friendly_name]'</span>\
|
||||
<br><span class='warning'>If you did not send this request, do not click the link below, and do notify an administrator in-game or on Discord ASAP.</span>\
|
||||
|
||||
Reference in New Issue
Block a user