cyberpresidentvanellope/Yogstation
1
0
Fork 0
mirror of https://github.com/yogstation13/Yogstation.git synced 2025-02-26 09:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removes BSQL (#8697)

Browse Source 
* Update rust_g.dm

* thing

* thing

* thing

* thing

* thing

* t

* t

* Update random_books.dm

* Update new_player.dm

* Update client_procs.dm

* f

* uwu

* Update dbcore.dm

* uwu

* Update permissionedit.dm

* Update dbcore.dm

* Update dbcore.dm

* Update blackbox.dm

* Update dbcore.dm

* d

* uwu

* Parameterize ipintel

* Update lib_machines.dm

* Parameterize stickyban

* Update sql_message_system.dm

* f

* thing

* thing

* polls

* Parameterize some of sql_ban_system

* f

* Update dbcore.dm

* Parameterize ban check

* Parameterize jobban creation

* uwu

* uwu

* Parameterize edit ban

* git

* uwu

* uwu

* Update install_rust_g.sh

* Remove libmariadb.dll

* Update deploy.sh

* uwu

* Avoid extra __detect_rust_g proccalls

* uwu

* ree

* Remove libmariadb.so download script

* boom

* Turdis

* finally

* sneaky

* night night

* list(

* token

* Update dbcore.dm

* uwu

* Improve readability on a query

* uwu

* Update sql_message_system.dm

* Update sql_message_system.dm

* Fix Malformed SQL Queries When Editing Admin Permissions (#51625)

* fixes

* s

* Update antag_token.dm

* Update create_poll.dm

* Update lib_machines.dm

* Update lib_machines.dm

* Update client_procs.dm

* Update rust_g.dm

* Update code/__DEFINES/rust_g.dm

Co-authored-by: alexkar598 <25136265+alexkar598@users.noreply.github.com>

* Update sql_message_system.dm

* Update sql_message_system.dm

* Update sql_message_system.dm

* Update sql_message_system.dm

* Update code/controllers/subsystem/blackbox.dm

Co-authored-by: alexkar598 <25136265+alexkar598@users.noreply.github.com>

* Update code/controllers/subsystem/blackbox.dm

Co-authored-by: alexkar598 <25136265+alexkar598@users.noreply.github.com>

* Update turdis.yml

* Update client_procs.dm

* Update client_procs.dm

* debug logging

* Update client_procs.dm

* Update client_procs.dm

* Update yogstation/code/modules/client/client_procs.dm

Co-authored-by: alexkar598 <25136265+alexkar598@users.noreply.github.com>

* Update sql_ban_system.dm

Co-authored-by: Tad Hardesty <tad@platymuus.com>
Co-authored-by: Bobbahbrown <bobbahbrown@gmail.com>
Co-authored-by: alexkar598 <25136265+alexkar598@users.noreply.github.com>
This commit is contained in:
TheGamerdk
2020-07-03 01:46:37 +02:00
committed by GitHub
parent 0d2e3f4bea
commit 9f66ed674e
52 changed files with 1161 additions and 1085 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/turdis.yml vendored
View File

@@ -30,6 +30,8 @@ jobs:
- name: Setup Rust
uses: hecrj/setup-rust-action@v1.3.2
with:
default: true
- name: Install Dependencies
run: |
@@ -101,7 +103,7 @@ jobs:
sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt install libstdc++6:i386 gcc-multilib g++-7 g++-7-multilib libmariadb-client-lgpl-dev:i386 libmariadbd-dev
sudo apt install libstdc++6:i386 gcc-multilib g++-7 g++-7-multilib libssl1.1:i386 zlib1g:i386
- name: Cache BYOND
uses: actions/cache@v1
@@ -118,13 +120,11 @@ jobs:
echo "::set-env name=LD_LIBRARY_PATH::/home/runner/BYOND/byond/bin:$LD_LIBRARY_PATH"
echo "::set-env name=MANPATH::/home/runner/BYOND/byond/man:$MANPATH"
cd $GITHUB_WORKSPACE
tools/travis/install_libmariadb.sh
tools/travis/install_rust_g.sh
mysql -u root -h 127.0.0.1 -e 'CREATE DATABASE tg_travis;'
mysql -u root -h 127.0.0.1 tg_travis < SQL/tgstation_schema.sql
mysql -u root -h 127.0.0.1 -e 'CREATE DATABASE tg_travis_prefixed;'
mysql -u root -h 127.0.0.1 tg_travis_prefixed < SQL/tgstation_schema_prefixed.sql
tools/travis/build_bsql.sh
- name: Compile
run: |

BIN
BSQL.dll
View File

Binary file not shown.

6
code/__DEFINES/bsql.config.dm
View File

@@ -1,6 +0,0 @@
#define BSQL_EXTERNAL_CONFIGURATION
#define BSQL_DEL_PROC(path) ##path/Destroy()
#define BSQL_DEL_CALL(obj) qdel(##obj)
#define BSQL_IS_DELETED(obj) (QDELETED(obj))
#define BSQL_PROTECT_DATUM(path) GENERAL_PROTECT_DATUM(##path)
#define BSQL_ERROR(message) SSdbcore.ReportError(message)

135
code/__DEFINES/bsql.dm
View File

@@ -1,135 +0,0 @@
//BSQL - DMAPI
#define BSQL_VERSION "v1.3.0.0"
//types of connections
#define BSQL_CONNECTION_TYPE_MARIADB "MySql"
#define BSQL_CONNECTION_TYPE_SQLSERVER "SqlServer"
#define BSQL_DEFAULT_TIMEOUT 5
#define BSQL_DEFAULT_THREAD_LIMIT 50
//Call this before rebooting or shutting down your world to clean up gracefully. This invalidates all active connection and operation datums
/world/proc/BSQL_Shutdown()
return
/*
Called whenever a library call is made with verbose information, override and do with as you please
message: English debug message
*/
/world/proc/BSQL_Debug(msg)
return
/*
Create a new database connection, does not perform the actual connect
connection_type: The BSQL connection_type to use
asyncTimeout: The timeout to use for normal operations, 0 for infinite, defaults to BSQL_DEFAULT_TIMEOUT
blockingTimeout: The timeout to use for blocking operations, must be less than or equal to asyncTimeout, 0 for infinite, defaults to asyncTimeout
threadLimit: The limit of additional threads BSQL will run simultaneously, defaults to BSQL_DEFAULT_THREAD_LIMIT
*/
/datum/BSQL_Connection/New(connection_type, asyncTimeout, blockingTimeout, threadLimit)
return ..()
/*
Starts an operation to connect to a database. Should only have 1 successful call
ipaddress: The ip/hostname of the target server
port: The port of the target server
username: The username to login to the target server
password: The password for the target server
database: Optional database to connect to. Must be used when trying to do database operations, `USE x` is not sufficient
Returns: A /datum/BSQL_Operation representing the connection or null if an error occurred
*/
/datum/BSQL_Connection/proc/BeginConnect(ipaddress, port, username, password, database)
return
/*
Properly quotes a string for use by the database. The connection must be open for this proc to succeed
str: The string to quote
Returns: The string quoted on success, null on error
*/
/datum/BSQL_Connection/proc/Quote(str)
return
/*
Starts an operation for a query
query: The text of the query. Only one query allowed per invocation, no semicolons
Returns: A /datum/BSQL_Operation/Query representing the running query and subsequent result set or null if an error occurred
Note for MariaDB: The underlying connection is pooled. In order to use connection state based properties (i.e. LAST_INSERT_ID()) you can guarantee multiple queries will use the same connection by running BSQL_DEL_CALL(query) on the finished /datum/BSQL_Operation/Query and then creating the next one with another call to BeginQuery() with no sleeps in between
*/
/datum/BSQL_Connection/proc/BeginQuery(query)
return
/*
Checks if the operation is complete. This, in some cases must be called multiple times with false return before a result is present regardless of timespan. For best performance check it once per tick
Returns: TRUE if the operation is complete, FALSE if it's not, null on error
*/
/datum/BSQL_Operation/proc/IsComplete()
return
/*
Blocks the entire game until the given operation completes. IsComplete should not be checked after calling this to avoid potential side effects.
Returns: TRUE on success, FALSE if the operation wait time exceeded the connection's blockingTimeout setting
*/
/datum/BSQL_Operation/proc/WaitForCompletion()
return
/*
Get the error message associated with an operation. Should not be used while IsComplete() returns FALSE
Returns: The error message, if any. null otherwise
*/
/datum/BSQL_Operation/proc/GetError()
return
/*
Get the error code associated with an operation. Should not be used while IsComplete() returns FALSE
Returns: The error code, if any. null otherwise
*/
/datum/BSQL_Operation/proc/GetErrorCode()
return
/*
Gets an associated list of column name -> value representation of the most recent row in the query. Only valid if IsComplete() returns TRUE. If this returns null and no errors are present there are no more results in the query. Important to note that once IsComplete() returns TRUE it must not be called again without checking this or the row values may be lost
Returns: An associated list of column name -> value for the row. Values will always be either strings or null
*/
/datum/BSQL_Operation/Query/proc/CurrentRow()
return
/*
Code configuration options below
Define this to avoid modifying this file but the following defines must be declared somewhere else before BSQL/includes.dm is included
*/
#ifndef BSQL_EXTERNAL_CONFIGURATION
//Modify this if you disagree with byond's GC schemes. Ensure this is called for all connections and operations when they are deleted or they will leak native resources until /world/proc/BSQL_Shutdown() is called
#define BSQL_DEL_PROC(path) ##path/Del()
//The equivalent of calling del() in your codebase
#define BSQL_DEL_CALL(obj) del(##obj)
//Returns TRUE if an object is delete
#define BSQL_IS_DELETED(obj) (obj == null)
//Modify this to add protections to the connection and query datums
#define BSQL_PROTECT_DATUM(path)
//Modify this to change up error handling for the library
#define BSQL_ERROR(message) CRASH("BSQL: [##message]")
#endif
/*
Copyright 2018 Jordan Brown
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/

51
code/__DEFINES/rust_g.dm
View File

@@ -1,12 +1,52 @@
// rust_g.dm - DM API for rust_g extension library
#define RUST_G "rust_g"
//
// To configure, create a `rust_g.config.dm` and set what you care about from
// the following options:
//
// #define RUST_G "path/to/rust_g"
// Override the .dll/.so detection logic with a fixed path or with detection
// logic of your own.
//
// #define RUSTG_OVERRIDE_BUILTINS
// Enable replacement rust-g functions for certain builtins. Off by default.
#ifndef RUST_G
// Default automatic RUST_G detection.
// On Windows, looks in the standard places for `rust_g.dll`.
// On Linux, looks in `.`, `$LD_LIBRARY_PATH`, and `~/.byond/bin` for either of
// `librust_g.so` (preferred) or `rust_g` (old).
/* This comment bypasses grep checks */ /var/__rust_g
/proc/__detect_rust_g()
if (world.system_type == UNIX)
if (fexists("./librust_g.so"))
// No need for LD_LIBRARY_PATH badness.
return __rust_g = "./librust_g.so"
else if (fexists("./rust_g"))
// Old dumb filename.
return __rust_g = "./rust_g"
else if (fexists("[world.GetConfig("env", "HOME")]/.byond/bin/rust_g"))
// Old dumb filename in `~/.byond/bin`.
return __rust_g = "rust_g"
else
// It's not in the current directory, so try others
return __rust_g = "librust_g.so"
else
return __rust_g = "rust_g"
#define RUST_G (__rust_g || __detect_rust_g())
#endif
#define RUSTG_JOB_NO_RESULTS_YET "NO RESULTS YET"
#define RUSTG_JOB_NO_SUCH_JOB "NO SUCH JOB"
#define RUSTG_JOB_ERROR "JOB PANICKED"
#define rustg_dmi_strip_metadata(fname) call(RUST_G, "dmi_strip_metadata")(fname)
#define rustg_dmi_create_png(fname,width,height,data) call(RUST_G, "dmi_create_png")(fname,width,height,data)
#define rustg_dmi_create_png(path, width, height, data) call(RUST_G, "dmi_create_png")(path, width, height, data)
#define rustg_noise_get_at_coordinates(seed, x, y) call(RUST_G, "noise_get_at_coordinates")(seed, x, y)
#define rustg_git_revparse(rev) call(RUST_G, "rg_git_revparse")(rev)
#define rustg_git_commit_date(rev) call(RUST_G, "rg_git_commit_date")(rev)
@@ -22,6 +62,13 @@
#define RUSTG_HTTP_METHOD_PATCH "patch"
#define RUSTG_HTTP_METHOD_HEAD "head"
#define rustg_sql_connect_pool(options) call(RUST_G, "sql_connect_pool")(options)
#define rustg_sql_query_async(handle, query, params) call(RUST_G, "sql_query_async")(handle, query, params)
#define rustg_sql_query_blocking(handle, query, params) call(RUST_G, "sql_query_blocking")(handle, query, params)
#define rustg_sql_connected(handle) call(RUST_G, "sql_connected")(handle)
#define rustg_sql_disconnect_pool(handle) call(RUST_G, "sql_disconnect_pool")(handle)
#define rustg_sql_check_query(job_id) call(RUST_G, "sql_check_query")("[job_id]")
#define rustg_http_request_blocking(method, url, body, headers) call(RUST_G, "http_request_blocking")(method, url, body, headers)
#define rustg_http_request_async(method, url, body, headers) call(RUST_G, "http_request_async")(method, url, body, headers)
#define rustg_http_check_request(req_id) call(RUST_G, "http_check_request")(req_id)

15
code/__HELPERS/roundend.dm
View File

@@ -595,9 +595,7 @@
var/list/sql_admins = list()
for(var/i in GLOB.protected_admins)
var/datum/admins/A = GLOB.protected_admins[i]
var/sql_ckey = sanitizeSQL(A.target)
var/sql_rank = sanitizeSQL(A.rank.name)
sql_admins += list(list("ckey" = "'[sql_ckey]'", "rank" = "'[sql_rank]'"))
sql_admins += list(list("ckey" = A.target, "rank" = A.rank.name))
SSdbcore.MassInsert(format_table_name("admin"), sql_admins, duplicate_key = TRUE)
var/datum/DBQuery/query_admin_rank_update = SSdbcore.NewQuery("UPDATE [format_table_name("player")] p INNER JOIN [format_table_name("admin")] a ON p.ckey = a.ckey SET p.lastadminrank = a.rank")
query_admin_rank_update.Execute()
@@ -632,15 +630,20 @@
flags += "can_edit_flags"
if(!flags.len)
continue
var/sql_rank = sanitizeSQL(R.name)
var/flags_to_check = flags.Join(" != [R_EVERYTHING] AND ") + " != [R_EVERYTHING]"
var/datum/DBQuery/query_check_everything_ranks = SSdbcore.NewQuery("SELECT flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] WHERE rank = '[sql_rank]' AND ([flags_to_check])")
var/datum/DBQuery/query_check_everything_ranks = SSdbcore.NewQuery(
"SELECT flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] WHERE rank = :rank AND ([flags_to_check])",
list("rank" = R.name)
)
if(!query_check_everything_ranks.Execute())
qdel(query_check_everything_ranks)
return
if(query_check_everything_ranks.NextRow()) //no row is returned if the rank already has the correct flag value
var/flags_to_update = flags.Join(" = [R_EVERYTHING], ") + " = [R_EVERYTHING]"
var/datum/DBQuery/query_update_everything_ranks = SSdbcore.NewQuery("UPDATE [format_table_name("admin_ranks")] SET [flags_to_update] WHERE rank = '[sql_rank]'")
var/datum/DBQuery/query_update_everything_ranks = SSdbcore.NewQuery(
"UPDATE [format_table_name("admin_ranks")] SET [flags_to_update] WHERE rank = :rank",
list("rank" = R.name)
)
if(!query_update_everything_ranks.Execute())
qdel(query_update_everything_ranks)
return

2
code/__HELPERS/text.dm
View File

@@ -14,8 +14,6 @@
*/
// Run all strings to be used in an SQL query through this proc first to properly escape out injection attempts.
/proc/sanitizeSQL(t)
return SSdbcore.Quote("[t]")
/proc/format_table_name(table as text)
return CONFIG_GET(string/feedback_tableprefix) + table

14
code/controllers/subsystem/achievements.dm
View File

@@ -12,14 +12,14 @@ SUBSYSTEM_DEF(achievements)
var/datum/achievement/A = new i
achievements[A] = A.id
var/datum/DBQuery/medalQuery = SSdbcore.NewQuery("SELECT name, descr FROM [format_table_name("achievements")] WHERE id = '[A.id]'") // No sanitation of A is needed for these calls because we instantiated A right here in this proc.
var/datum/DBQuery/medalQuery = SSdbcore.NewQuery("SELECT name, descr FROM [format_table_name("achievements")] WHERE id = :id", list("id" = A.id)) // No sanitation of A is needed for these calls because we instantiated A right here in this proc.
medalQuery.Execute()
if(!medalQuery.NextRow())
var/datum/DBQuery/medalQuery2 = SSdbcore.NewQuery("INSERT INTO [format_table_name("achievements")] (name, id, descr) VALUES ('[A.name]', '[A.id]', '[A.desc]')")
var/datum/DBQuery/medalQuery2 = SSdbcore.NewQuery("INSERT INTO [format_table_name("achievements")] (name, id, descr) VALUES (:name, :id, :desc)", list("name" = A.name, "id" = A.id, "desc" = A.desc))
medalQuery2.Execute()
qdel(medalQuery2)
else if(medalQuery.item[1] != A.name || medalQuery.item[2] != A.desc)
var/datum/DBQuery/medalQuery2 = SSdbcore.NewQuery("UPDATE [format_table_name("achievements")] SET name = '[A.name]', descr = '[A.desc]' WHERE id = '[A.id]'")
var/datum/DBQuery/medalQuery2 = SSdbcore.NewQuery("UPDATE [format_table_name("achievements")] SET name = :name, descr = :desc WHERE id = :id", list("name" = A.name, "desc" = A.desc, "id" = A.id))
medalQuery2.Execute()
qdel(medalQuery2)
@@ -38,9 +38,9 @@ SUBSYSTEM_DEF(achievements)
break
if(!found_achievement)
log_sql("Old achievement [id] found in database, removing")
var/datum/DBQuery/getRidOfOldStuff = SSdbcore.NewQuery("DELETE FROM [format_table_name("achievements")] WHERE id = '[id]'")
var/datum/DBQuery/getRidOfOldStuff = SSdbcore.NewQuery("DELETE FROM [format_table_name("achievements")] WHERE id = :id", list("id" = id))
getRidOfOldStuff.Execute()
var/datum/DBQuery/ridTheOtherTableAsWell = SSdbcore.NewQuery("DELETE FROM [format_table_name("earned_achievements")] WHERE id = '[id]'")
var/datum/DBQuery/ridTheOtherTableAsWell = SSdbcore.NewQuery("DELETE FROM [format_table_name("earned_achievements")] WHERE id = :id", list("id" = id))
ridTheOtherTableAsWell.Execute()
qdel(ridTheOtherTableAsWell)
qdel(getRidOfOldStuff)
@@ -75,7 +75,7 @@ SUBSYSTEM_DEF(achievements)
if(istype(achievement,/datum/achievement/greentext) && achievementPath != /datum/achievement/greentext)
unlock_achievement(/datum/achievement/greentext,C) // Oooh, a little bit recursive!
if(!has_achievement(achievementPath, C))
var/datum/DBQuery/medalQuery = SSdbcore.NewQuery("INSERT INTO [format_table_name("earned_achievements")] (ckey, id) VALUES ('[ckey(C.ckey)]', '[initial(achievement.id)]')")
var/datum/DBQuery/medalQuery = SSdbcore.NewQuery("INSERT INTO [format_table_name("earned_achievements")] (ckey, id) VALUES (:ckey, :id)", list("ckey" = ckey(C.ckey), "id" = initial(achievement.id)))
medalQuery.Execute()
qdel(medalQuery)
cached_achievements[C.ckey] += achievement
@@ -96,7 +96,7 @@ SUBSYSTEM_DEF(achievements)
return (achievement in cached_achievements[C.ckey])
/datum/controller/subsystem/achievements/proc/cache_achievements(client/C)
var/datum/DBQuery/cacheQuery = SSdbcore.NewQuery("SELECT id FROM [format_table_name("earned_achievements")] WHERE ckey = '[ckey(C.ckey)]'")
var/datum/DBQuery/cacheQuery = SSdbcore.NewQuery("SELECT id FROM [format_table_name("earned_achievements")] WHERE ckey = :ckey", list("ckey" = ckey(C.ckey)))
cacheQuery.Execute()
cached_achievements[C.ckey] = list()
while(cacheQuery.NextRow())

104
code/controllers/subsystem/blackbox.dm
View File

@@ -45,7 +45,17 @@ SUBSYSTEM_DEF(blackbox)
if(M.client)
playercount += 1
var/admincount = GLOB.admins.len
var/datum/DBQuery/query_record_playercount = SSdbcore.NewQuery("INSERT INTO [format_table_name("legacy_population")] (playercount, admincount, time, server_ip, server_port, round_id) VALUES ([playercount], [admincount], '[SQLtime()]', INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]', '[GLOB.round_id]')")
var/datum/DBQuery/query_record_playercount = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("legacy_population")] (playercount, admincount, time, server_ip, server_port, round_id)
VALUES (:playercount, :admincount, :time, INET_ATON(:server_ip), :server_port, :round_id)
"}, list(
"playercount" = playercount,
"admincount" = admincount,
"time" = SQLtime(),
"server_ip" = world.internet_address || "0",
"server_port" = world.port,
"round_id" = GLOB.round_id,
))
query_record_playercount.Execute()
qdel(query_record_playercount)
@@ -89,18 +99,23 @@ SUBSYSTEM_DEF(blackbox)
if (!SSdbcore.Connect())
return
var/list/special_columns = list(
"datetime" = "NOW()"
)
var/list/sqlrowlist = list()
for (var/datum/feedback_variable/FV in feedback)
var/sqlversion = 1
if(FV.key in versions)
sqlversion = versions[FV.key]
sqlrowlist += list(list("datetime" = "Now()", "round_id" = GLOB.round_id, "key_name" = "'[sanitizeSQL(FV.key)]'", "key_type" = "'[FV.key_type]'", "version" = "[sqlversion]", "json" = "'[sanitizeSQL(json_encode(FV.json))]'"))
sqlrowlist += list(list(
"key_type" = FV.key_type,
"round_id" = GLOB.round_id,
"key_name" = FV.key,
"version" = versions[FV.key] || 1,
"json" = json_encode(FV.json)
))
if (!length(sqlrowlist))
return
SSdbcore.MassInsert(format_table_name("feedback"), sqlrowlist, ignore_errors = TRUE, delayed = TRUE)
SSdbcore.MassInsert(format_table_name("feedback"), sqlrowlist, ignore_errors = TRUE, delayed = TRUE, special_columns = special_columns)
/datum/controller/subsystem/blackbox/proc/Seal()
if(sealed)
@@ -286,51 +301,36 @@ Versioning
first_death["area"] = "[AREACOORD(L)]"
first_death["damage"] = "<font color='#FF5555'>[L.getBruteLoss()]</font>/<font color='orange'>[L.getFireLoss()]</font>/<font color='lightgreen'>[L.getToxLoss()]</font>/<font color='lightblue'>[L.getOxyLoss()]</font>/<font color='pink'>[L.getCloneLoss()]</font>"
first_death["last_words"] = L.last_words
var/sqlname = L.real_name
var/sqlkey = L.ckey
var/sqljob = L.mind.assigned_role
var/sqlspecial = L.mind.special_role
var/sqlpod = get_area_name(L, TRUE)
var/laname = L.lastattacker
var/lakey = L.lastattackerckey
var/sqlbrute = L.getBruteLoss()
var/sqlfire = L.getFireLoss()
var/sqlbrain = L.getOrganLoss(ORGAN_SLOT_BRAIN)
var/sqloxy = L.getOxyLoss()
var/sqltox = L.getToxLoss()
var/sqlclone = L.getCloneLoss()
var/sqlstamina = L.getStaminaLoss()
var/x_coord = L.x
var/y_coord = L.y
var/z_coord = L.z
var/last_words = L.last_words
var/suicide = L.suiciding
var/map = SSmapping.config.map_name
if(!SSdbcore.Connect())
return
sqlname = sanitizeSQL(sqlname)
sqlkey = sanitizeSQL(sqlkey)
sqljob = sanitizeSQL(sqljob)
sqlspecial = sanitizeSQL(sqlspecial)
sqlpod = sanitizeSQL(sqlpod)
laname = sanitizeSQL(laname)
lakey = sanitizeSQL(lakey)
sqlbrute = sanitizeSQL(sqlbrute)
sqlfire = sanitizeSQL(sqlfire)
sqlbrain = sanitizeSQL(sqlbrain)
sqloxy = sanitizeSQL(sqloxy)
sqltox = sanitizeSQL(sqltox)
sqlclone = sanitizeSQL(sqlclone)
sqlstamina = sanitizeSQL(sqlstamina)
x_coord = sanitizeSQL(x_coord)
y_coord = sanitizeSQL(y_coord)
z_coord = sanitizeSQL(z_coord)
last_words = sanitizeSQL(last_words)
suicide = sanitizeSQL(suicide)
map = sanitizeSQL(map)
var/datum/DBQuery/query_report_death = SSdbcore.NewQuery("INSERT INTO [format_table_name("death")] (pod, x_coord, y_coord, z_coord, mapname, server_ip, server_port, round_id, tod, job, special, name, byondkey, laname, lakey, bruteloss, fireloss, brainloss, oxyloss, toxloss, cloneloss, staminaloss, last_words, suicide) VALUES ('[sqlpod]', '[x_coord]', '[y_coord]', '[z_coord]', '[map]', INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]', [GLOB.round_id], '[SQLtime()]', '[sqljob]', '[sqlspecial]', '[sqlname]', '[sqlkey]', '[laname]', '[lakey]', [sqlbrute], [sqlfire], [sqlbrain], [sqloxy], [sqltox], [sqlclone], [sqlstamina], '[last_words]', [suicide])")
var/datum/DBQuery/query_report_death = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("death")] (pod, x_coord, y_coord, z_coord, mapname, server_ip, server_port, round_id, tod, job, special, name, byondkey, laname, lakey, bruteloss, fireloss, brainloss, oxyloss, toxloss, cloneloss, staminaloss, last_words, suicide)
VALUES (:pod, :x_coord, :y_coord, :z_coord, :map, INET_ATON(:internet_address), :port, :round_id, :time, :job, :special, :name, :key, :laname, :lakey, :brute, :fire, :brain, :oxy, :tox, :clone, :stamina, :last_words, :suicide)
"}, list(
"name" = L.real_name,
"key" = L.ckey,
"job" = L.mind.assigned_role,
"special" = L.mind.special_role,
"pod" = get_area_name(L, TRUE),
"laname" = L.lastattacker,
"lakey" = L.lastattackerckey,
"brute" = L.getBruteLoss(),
"fire" = L.getFireLoss(),
"brain" = L.getOrganLoss(ORGAN_SLOT_BRAIN) || BRAIN_DAMAGE_DEATH, //getOrganLoss returns null without a brain but a value is required for this column
"oxy" = L.getOxyLoss(),
"tox" = L.getToxLoss(),
"clone" = L.getCloneLoss(),
"stamina" = L.getStaminaLoss(),
"x_coord" = L.x,
"y_coord" = L.y,
"z_coord" = L.z,
"last_words" = L.last_words,
"suicide" = L.suiciding,
"map" = SSmapping.config.map_name,
"internet_address" = world.internet_address || "0",
"port" = world.port,
"round_id" = GLOB.round_id,
"time" = SQLtime(),
))
if(query_report_death)
query_report_death.Execute(async = TRUE)
qdel(query_report_death)

299
code/controllers/subsystem/dbcore.dm
View File

@@ -14,8 +14,7 @@ SUBSYSTEM_DEF(dbcore)
var/last_error
var/list/active_queries = list()
var/datum/BSQL_Connection/connection
var/datum/BSQL_Operation/connectOperation
var/connection // Arbitrary handle returned from rust_g.
/datum/controller/subsystem/dbcore/Initialize()
//We send warnings to the admins during subsystem init, as the clients will be New'd and messages
@@ -40,24 +39,25 @@ SUBSYSTEM_DEF(dbcore)
/datum/controller/subsystem/dbcore/Recover()
connection = SSdbcore.connection
connectOperation = SSdbcore.connectOperation
/datum/controller/subsystem/dbcore/Shutdown()
//This is as close as we can get to the true round end before Disconnect() without changing where it's called, defeating the reason this is a subsystem
if(SSdbcore.Connect())
var/datum/DBQuery/query_round_shutdown = SSdbcore.NewQuery("UPDATE [format_table_name("round")] SET shutdown_datetime = Now(), end_state = '[sanitizeSQL(SSticker.end_state)]' WHERE id = [GLOB.round_id]")
var/datum/DBQuery/query_round_shutdown = SSdbcore.NewQuery(
"UPDATE [format_table_name("round")] SET shutdown_datetime = Now(), end_state = :end_state WHERE id = :round_id",
list("end_state" = SSticker.end_state, "round_id" = GLOB.round_id)
)
query_round_shutdown.Execute()
qdel(query_round_shutdown)
if(IsConnected())
Disconnect()
world.BSQL_Shutdown()
//nu
/datum/controller/subsystem/dbcore/can_vv_get(var_name)
return var_name != NAMEOF(src, connection) && var_name != NAMEOF(src, active_queries) && var_name != NAMEOF(src, connectOperation) && ..()
return var_name != NAMEOF(src, connection) && var_name != NAMEOF(src, active_queries) && ..()
/datum/controller/subsystem/dbcore/vv_edit_var(var_name, var_value)
if(var_name == NAMEOF(src, connection) || var_name == NAMEOF(src, connectOperation))
if(var_name == NAMEOF(src, connection))
return FALSE
return ..()
@@ -80,26 +80,28 @@ SUBSYSTEM_DEF(dbcore)
var/db = CONFIG_GET(string/feedback_database)
var/address = CONFIG_GET(string/address)
var/port = CONFIG_GET(number/port)
var/timeout = max(CONFIG_GET(number/async_query_timeout), CONFIG_GET(number/blocking_query_timeout))
var/thread_limit = CONFIG_GET(number/bsql_thread_limit)
connection = new /datum/BSQL_Connection(BSQL_CONNECTION_TYPE_MARIADB, CONFIG_GET(number/async_query_timeout), CONFIG_GET(number/blocking_query_timeout), CONFIG_GET(number/bsql_thread_limit))
var/error
if(QDELETED(connection))
connection = null
error = last_error
var/result = json_decode(rustg_sql_connect_pool(json_encode(list(
"host" = address,
"port" = port,
"user" = user,
"pass" = pass,
"db_name" = db,
"max_threads" = 5,
"read_timeout" = timeout,
"write_timeout" = timeout,
"max_threads" = thread_limit,
))))
. = (result["status"] == "ok")
if (.)
connection = result["handle"]
else
SSdbcore.last_error = null
connectOperation = connection.BeginConnect(address, port, user, pass, db)
if(SSdbcore.last_error)
CRASH(SSdbcore.last_error)
UNTIL(connectOperation.IsComplete())
error = connectOperation.GetError()
. = !error
if (!.)
last_error = error
log_sql("Connect() failed | [error]")
connection = null
last_error = result["data"]
log_sql("Connect() failed | [last_error]")
++failed_connections
QDEL_NULL(connection)
QDEL_NULL(connectOperation)
/datum/controller/subsystem/dbcore/proc/CheckSchemaVersion()
if(CONFIG_GET(flag/sql_enabled))
@@ -125,50 +127,49 @@ SUBSYSTEM_DEF(dbcore)
/datum/controller/subsystem/dbcore/proc/SetRoundID()
if(!Connect())
return
var/datum/DBQuery/query_round_initialize = SSdbcore.NewQuery("INSERT INTO [format_table_name("round")] (initialize_datetime, server_ip, server_port) VALUES (Now(), INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]')")
var/datum/DBQuery/query_round_initialize = SSdbcore.NewQuery(
"INSERT INTO [format_table_name("round")] (initialize_datetime, server_ip, server_port) VALUES (Now(), INET_ATON(:internet_address), :port)",
list("internet_address" = world.internet_address || "0", "port" = "[world.port]")
)
query_round_initialize.Execute(async = FALSE)
qdel(query_round_initialize)
var/datum/DBQuery/query_round_last_id = SSdbcore.NewQuery("SELECT LAST_INSERT_ID()")
query_round_last_id.Execute(async = FALSE)
if(query_round_last_id.NextRow(async = FALSE))
GLOB.round_id = query_round_last_id.item[1]
var/datum/DBQuery/query_fix_connections = SSdbcore.NewQuery("UPDATE [format_table_name("connection_log")] SET 'left' = NOW() WHERE 'left' IS NULL AND round_id = [text2num(GLOB.round_id) - 1]")
GLOB.round_id = "[query_round_initialize.last_insert_id]"
var/datum/DBQuery/query_fix_connections = SSdbcore.NewQuery("UPDATE [format_table_name("connection_log")] SET 'left' = NOW() WHERE 'left' IS NULL AND round_id = :id", list("id" = text2num(GLOB.round_id) - 1))
query_fix_connections.Execute()
qdel(query_fix_connections)
qdel(query_round_last_id)
qdel(query_round_initialize)
/datum/controller/subsystem/dbcore/proc/SetRoundStart()
if(!Connect())
return
var/datum/DBQuery/query_round_start = SSdbcore.NewQuery("UPDATE [format_table_name("round")] SET start_datetime = Now() WHERE id = [GLOB.round_id]")
var/datum/DBQuery/query_round_start = SSdbcore.NewQuery(
"UPDATE [format_table_name("round")] SET start_datetime = Now() WHERE id = :round_id",
list("round_id" = GLOB.round_id)
)
query_round_start.Execute()
qdel(query_round_start)
/datum/controller/subsystem/dbcore/proc/SetRoundEnd()
if(!Connect())
return
var/sql_station_name = sanitizeSQL(station_name())
var/datum/DBQuery/query_round_end = SSdbcore.NewQuery("UPDATE [format_table_name("round")] SET end_datetime = Now(), game_mode_result = '[sanitizeSQL(SSticker.mode_result)]', station_name = '[sql_station_name]' WHERE id = [GLOB.round_id]")
var/datum/DBQuery/query_round_end = SSdbcore.NewQuery(
"UPDATE [format_table_name("round")] SET end_datetime = Now(), game_mode_result = :game_mode_result, station_name = :station_name WHERE id = :round_id",
list("game_mode_result" = SSticker.mode_result, "station_name" = station_name(), "round_id" = GLOB.round_id)
)
query_round_end.Execute()
qdel(query_round_end)
/datum/controller/subsystem/dbcore/proc/Disconnect()
failed_connections = 0
QDEL_NULL(connectOperation)
QDEL_NULL(connection)
if (connection)
rustg_sql_disconnect_pool(connection)
connection = null
/datum/controller/subsystem/dbcore/proc/IsConnected()
if(!CONFIG_GET(flag/sql_enabled))
if (!CONFIG_GET(flag/sql_enabled))
return FALSE
//block until any connect operations finish
var/datum/BSQL_Connection/_connection = connection
var/datum/BSQL_Operation/op = connectOperation
UNTIL(QDELETED(_connection) || op.IsComplete())
return !QDELETED(connection) && !op.GetError()
/datum/controller/subsystem/dbcore/proc/Quote(str)
if(connection)
return connection.Quote(str)
if (!connection)
return FALSE
return json_decode(rustg_sql_connected(connection))["status"] == "online"
/datum/controller/subsystem/dbcore/proc/ErrorMsg()
if(!CONFIG_GET(flag/sql_enabled))
@@ -178,12 +179,12 @@ SUBSYSTEM_DEF(dbcore)
/datum/controller/subsystem/dbcore/proc/ReportError(error)
last_error = error
/datum/controller/subsystem/dbcore/proc/NewQuery(sql_query)
/datum/controller/subsystem/dbcore/proc/NewQuery(sql_query, arguments)
if(IsAdminAdvancedProcCall())
log_admin_private("ERROR: Advanced admin proc call led to sql query: [sql_query]. Query has been blocked")
message_admins("ERROR: Advanced admin proc call led to sql query. Query has been blocked")
return FALSE
return new /datum/DBQuery(sql_query, connection)
return new /datum/DBQuery(connection, sql_query, arguments)
/datum/controller/subsystem/dbcore/proc/QuerySelect(list/querys, warn = FALSE, qdel = FALSE)
if (!islist(querys))
@@ -218,55 +219,60 @@ Delayed insert mode was removed in mysql 7 and only works with MyISAM type table
It was included because it is still supported in mariadb.
It does not work with duplicate_key and the mysql server ignores it in those cases
*/
/datum/controller/subsystem/dbcore/proc/MassInsert(table, list/rows, duplicate_key = FALSE, ignore_errors = FALSE, delayed = FALSE, warn = FALSE, async = TRUE)
/datum/controller/subsystem/dbcore/proc/MassInsert(table, list/rows, duplicate_key = FALSE, ignore_errors = FALSE, delayed = FALSE, warn = FALSE, async = TRUE, special_columns = null)
if (!table || !rows || !istype(rows))
return
// Prepare column list
var/list/columns = list()
var/list/sorted_rows = list()
var/list/has_question_mark = list()
for (var/list/row in rows)
var/list/sorted_row = list()
sorted_row.len = columns.len
for (var/column in row)
var/idx = columns[column]
if (!idx)
idx = columns.len + 1
columns[column] = idx
sorted_row.len = columns.len
columns[column] = "?"
has_question_mark[column] = TRUE
for (var/column in special_columns)
columns[column] = special_columns[column]
has_question_mark[column] = findtext(special_columns[column], "?")
sorted_row[idx] = row[column]
sorted_rows[++sorted_rows.len] = sorted_row
// Prepare SQL query full of placeholders
var/list/query_parts = list("INSERT")
if (delayed)
query_parts += " DELAYED"
if (ignore_errors)
query_parts += " IGNORE"
query_parts += " INTO "
query_parts += table
query_parts += "\n([columns.Join(", ")])\nVALUES"
var/list/arguments = list()
var/has_row = FALSE
for (var/list/row in rows)
if (has_row)
query_parts += ","
query_parts += "\n ("
var/has_col = FALSE
for (var/column in columns)
if (has_col)
query_parts += ", "
if (has_question_mark[column])
var/name = "p[arguments.len]"
query_parts += replacetext(columns[column], "?", ":[name]")
arguments[name] = row[column]
else
query_parts += columns[column]
has_col = TRUE
query_parts += ")"
has_row = TRUE
if (duplicate_key == TRUE)
var/list/column_list = list()
for (var/column in columns)
column_list += "[column] = VALUES([column])"
duplicate_key = "ON DUPLICATE KEY UPDATE [column_list.Join(", ")]\n"
else if (duplicate_key == FALSE)
duplicate_key = null
query_parts += "\nON DUPLICATE KEY UPDATE [column_list.Join(", ")]"
else if (duplicate_key != FALSE)
query_parts += duplicate_key
if (ignore_errors)
ignore_errors = " IGNORE"
else
ignore_errors = null
if (delayed)
delayed = " DELAYED"
else
delayed = null
var/list/sqlrowlist = list()
var/len = columns.len
for (var/list/row in sorted_rows)
if (length(row) != len)
row.len = len
for (var/value in row)
if (value == null)
value = "NULL"
sqlrowlist += "([row.Join(", ")])"
sqlrowlist = " [sqlrowlist.Join(",\n ")]"
var/datum/DBQuery/Query = NewQuery("INSERT[delayed][ignore_errors] INTO [table]\n([columns.Join(", ")])\nVALUES\n[sqlrowlist]\n[duplicate_key]")
var/datum/DBQuery/Query = NewQuery(query_parts.Join(), arguments)
if (warn)
. = Query.warn_execute(async)
else
@@ -274,24 +280,33 @@ Delayed insert mode was removed in mysql 7 and only works with MyISAM type table
qdel(Query)
/datum/DBQuery
var/sql // The sql query being executed.
var/list/item //list of data values populated by NextRow()
// Inputs
var/connection
var/sql
var/arguments
// Status information
var/in_progress
var/last_error
var/last_activity
var/last_activity_time
var/last_error
var/skip_next_is_complete
var/in_progress
var/datum/BSQL_Connection/connection
var/datum/BSQL_Operation/Query/query
// Output
var/list/list/rows
var/next_row_to_take = 1
var/affected
var/last_insert_id
/datum/DBQuery/New(sql_query, datum/BSQL_Connection/connection)
var/list/item //list of data values populated by NextRow()
/datum/DBQuery/New(connection, sql, arguments)
SSdbcore.active_queries[src] = TRUE
Activity("Created")
item = list()
src.connection = connection
sql = sql_query
src.sql = sql
src.arguments = arguments
/datum/DBQuery/Destroy()
Close()
@@ -302,12 +317,6 @@ Delayed insert mode was removed in mysql 7 and only works with MyISAM type table
//fuck off kevinz
return FALSE
/datum/DBQuery/proc/SetQuery(new_sql)
if(in_progress)
CRASH("Attempted to set new sql while waiting on active query")
Close()
sql = new_sql
/datum/DBQuery/proc/Activity(activity)
last_activity = activity
last_activity_time = world.time
@@ -322,30 +331,18 @@ Delayed insert mode was removed in mysql 7 and only works with MyISAM type table
if(in_progress)
CRASH("Attempted to start a new query while waiting on the old one")
if(QDELETED(connection))
if(!SSdbcore.IsConnected())
last_error = "No connection!"
return FALSE
var/start_time
var/timed_out
if(!async)
start_time = REALTIMEOFDAY
Close()
timed_out = run_query(async)
if(query.GetErrorCode() == 2006) //2006 is the return code for "MySQL server has gone away" time-out error, meaning the connection has been lost to the server (if it's still alive)
log_sql("Executing query encountered returned a lost database connection (2006).")
SSdbcore.Disconnect()
if(SSdbcore.Connect()) //connection was restablished, reattempt the query
log_sql("Connection restablished")
timed_out = run_query(async)
else
log_sql("Executing query failed to restablish database connection.")
skip_next_is_complete = TRUE
var/error = QDELETED(query) ? "Query object deleted!" : query.GetError()
last_error = error
. = !error
. = run_query(async)
var/timed_out = !. && findtext(last_error, "Operation timed out")
if(!. && log_error)
log_sql("[error] | Query used: [sql]")
log_sql("[last_error] | Query used: [sql]")
if(!async && timed_out)
log_query_debug("Query execution started at [start_time]")
log_query_debug("Query execution ended at [REALTIMEOFDAY]")
@@ -354,52 +351,50 @@ Delayed insert mode was removed in mysql 7 and only works with MyISAM type table
slow_query_check()
/datum/DBQuery/proc/run_query(async)
query = connection.BeginQuery(sql)
if(!async)
. = !query.WaitForCompletion()
else
var/job_result_str
if (async)
var/job_id = rustg_sql_query_async(connection, sql, json_encode(arguments))
in_progress = TRUE
UNTIL(query.IsComplete())
UNTIL((job_result_str = rustg_sql_check_query(job_id)) != RUSTG_JOB_NO_RESULTS_YET)
in_progress = FALSE
if (job_result_str == RUSTG_JOB_ERROR)
last_error = job_result_str
return FALSE
else
job_result_str = rustg_sql_query_blocking(connection, sql, json_encode(arguments))
var/result = json_decode(job_result_str)
switch (result["status"])
if ("ok")
rows = result["rows"]
affected = result["affected"]
last_insert_id = result["last_insert_id"]
return TRUE
if ("err")
last_error = result["data"]
return FALSE
if ("offline")
last_error = "offline"
return FALSE
/datum/DBQuery/proc/slow_query_check()
message_admins("HEY! A database query timed out. Did the server just hang? <a href='?_src_=holder;[HrefToken()];slowquery=yes'>\[YES\]</a>|<a href='?_src_=holder;[HrefToken()];slowquery=no'>\[NO\]</a>")
/datum/DBQuery/proc/NextRow(async = TRUE)
Activity("NextRow")
UNTIL(!in_progress)
if(!skip_next_is_complete)
if(!async)
query.WaitForCompletion()
else
in_progress = TRUE
UNTIL(query.IsComplete())
in_progress = FALSE
else
skip_next_is_complete = FALSE
last_error = query.GetError()
var/list/results = query.CurrentRow()
. = results != null
item.Cut()
//populate item array
for(var/I in results)
item += results[I]
if (rows && next_row_to_take <= rows.len)
item = rows[next_row_to_take]
next_row_to_take++
return !!item
else
return FALSE
/datum/DBQuery/proc/ErrorMsg()
return last_error
/datum/DBQuery/proc/Close()
item.Cut()
QDEL_NULL(query)
/world/BSQL_Debug(message)
if(!CONFIG_GET(flag/bsql_debug))
return
//strip sensitive stuff
if(findtext(message, ": OpenConnection("))
message = "OpenConnection CENSORED"
log_sql("BSQL_DEBUG: [message]")
rows = null
item = null

20
code/controllers/subsystem/discord.dm
View File

@@ -19,7 +19,10 @@ SUBSYSTEM_DEF(discord)
// Returns ID from ckey
/datum/controller/subsystem/discord/proc/lookup_id(lookup_ckey)
var/datum/DBQuery/query_get_discord_id = SSdbcore.NewQuery("SELECT discord_id FROM [format_table_name("player")] WHERE ckey = '[sanitizeSQL(lookup_ckey)]'")
var/datum/DBQuery/query_get_discord_id = SSdbcore.NewQuery(
"SELECT discord_id FROM [format_table_name("player")] WHERE ckey = :ckey",
list("ckey" = lookup_ckey)
)
if(!query_get_discord_id.Execute())
qdel(query_get_discord_id)
return
@@ -29,7 +32,10 @@ SUBSYSTEM_DEF(discord)
// Returns ckey from ID
/datum/controller/subsystem/discord/proc/lookup_ckey(lookup_id)
var/datum/DBQuery/query_get_discord_ckey = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE discord_id = '[sanitizeSQL(lookup_id)]'")
var/datum/DBQuery/query_get_discord_ckey = SSdbcore.NewQuery(
"SELECT ckey FROM [format_table_name("player")] WHERE discord_id = :discord_id",
list("discord_id" = lookup_id)
)
if(!query_get_discord_ckey.Execute())
qdel(query_get_discord_ckey)
return
@@ -39,14 +45,20 @@ SUBSYSTEM_DEF(discord)
// Finalises link
/datum/controller/subsystem/discord/proc/link_account(ckey)
var/datum/DBQuery/link_account = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET discord_id = '[sanitizeSQL(account_link_cache[ckey])]' WHERE ckey = '[sanitizeSQL(ckey)]'")
var/datum/DBQuery/link_account = SSdbcore.NewQuery(
"UPDATE [format_table_name("player")] SET discord_id = :discord_id WHERE ckey = :ckey",
list("discord_id" = account_link_cache[ckey], "ckey" = ckey)
)
link_account.Execute()
qdel(link_account)
account_link_cache -= ckey
// Unlink account (Admin verb used)
/datum/controller/subsystem/discord/proc/unlink_account(ckey)
var/datum/DBQuery/unlink_account = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET discord_id = NULL WHERE ckey = '[sanitizeSQL(ckey)]'")
var/datum/DBQuery/unlink_account = SSdbcore.NewQuery(
"UPDATE [format_table_name("player")] SET discord_id = NULL WHERE ckey = :ckey",
list("ckey" = ckey)
)
unlink_account.Execute()
qdel(unlink_account)

4
code/controllers/subsystem/mapping.dm
View File

@@ -264,7 +264,9 @@ SUBSYSTEM_DEF(mapping)
LoadGroup(FailedZs, "Station", config.map_path, config.map_file, config.traits, ZTRAITS_STATION)
if(SSdbcore.Connect())
var/datum/DBQuery/query_round_map_name = SSdbcore.NewQuery("UPDATE [format_table_name("round")] SET map_name = '[config.map_name]' WHERE id = [GLOB.round_id]")
var/datum/DBQuery/query_round_map_name = SSdbcore.NewQuery({"
UPDATE [format_table_name("round")] SET map_name = :map_name WHERE id = :round_id
"}, list("map_name" = config.map_name, "round_id" = GLOB.round_id))
query_round_map_name.Execute()
qdel(query_round_map_name)

27
code/controllers/subsystem/stickyban.dm
View File

@@ -150,7 +150,10 @@ SUBSYSTEM_DEF(stickyban)
if (!ban["message"])
ban["message"] = "Evasion"
var/datum/DBQuery/query_create_stickyban = SSdbcore.NewQuery("INSERT IGNORE INTO [format_table_name("stickyban")] (ckey, reason, banning_admin) VALUES ('[sanitizeSQL(ckey)]', '[sanitizeSQL(ban["message"])]', '[sanitizeSQL(ban["admin"])]')")
var/datum/DBQuery/query_create_stickyban = SSdbcore.NewQuery(
"INSERT IGNORE INTO [format_table_name("stickyban")] (ckey, reason, banning_admin) VALUES (:ckey, :message, :admin)",
list("ckey" = ckey, "message" = ban["message"], "admin" = ban["admin"])
)
if (!query_create_stickyban.warn_execute())
qdel(query_create_stickyban)
return
@@ -164,8 +167,8 @@ SUBSYSTEM_DEF(stickyban)
var/list/keys = splittext(ban["keys"], ",")
for (var/key in keys)
var/list/sqlckey = list()
sqlckey["stickyban"] = "'[sanitizeSQL(ckey)]'"
sqlckey["matched_ckey"] = "'[sanitizeSQL(ckey(key))]'"
sqlckey["stickyban"] = ckey
sqlckey["matched_ckey"] = ckey(key)
sqlckey["exempt"] = FALSE
sqlckeys[++sqlckeys.len] = sqlckey
@@ -173,8 +176,8 @@ SUBSYSTEM_DEF(stickyban)
var/list/keys = splittext(ban["whitelist"], ",")
for (var/key in keys)
var/list/sqlckey = list()
sqlckey["stickyban"] = "'[sanitizeSQL(ckey)]'"
sqlckey["matched_ckey"] = "'[sanitizeSQL(ckey(key))]'"
sqlckey["stickyban"] = ckey
sqlckey["matched_ckey"] = ckey(key)
sqlckey["exempt"] = TRUE
sqlckeys[++sqlckeys.len] = sqlckey
@@ -182,26 +185,26 @@ SUBSYSTEM_DEF(stickyban)
var/list/cids = splittext(ban["computer_id"], ",")
for (var/cid in cids)
var/list/sqlcid = list()
sqlcid["stickyban"] = "'[sanitizeSQL(ckey)]'"
sqlcid["matched_cid"] = "'[sanitizeSQL(cid)]'"
sqlcid["stickyban"] = ckey
sqlcid["matched_cid"] = cid
sqlcids[++sqlcids.len] = sqlcid
if (ban["IP"])
var/list/ips = splittext(ban["IP"], ",")
for (var/ip in ips)
var/list/sqlip = list()
sqlip["stickyban"] = "'[sanitizeSQL(ckey)]'"
sqlip["matched_ip"] = "'[sanitizeSQL(ip)]'"
sqlip["stickyban"] = ckey
sqlip["matched_ip"] = ip
sqlips[++sqlips.len] = sqlip
if (length(sqlckeys))
SSdbcore.MassInsert(format_table_name("stickyban_matched_ckey"), sqlckeys, FALSE, TRUE)
SSdbcore.MassInsert(format_table_name("stickyban_matched_ckey"), sqlckeys, ignore_errors = TRUE)
if (length(sqlcids))
SSdbcore.MassInsert(format_table_name("stickyban_matched_cid"), sqlcids, FALSE, TRUE)
SSdbcore.MassInsert(format_table_name("stickyban_matched_cid"), sqlcids, ignore_errors = TRUE)
if (length(sqlips))
SSdbcore.MassInsert(format_table_name("stickyban_matched_ip"), sqlips, FALSE, TRUE)
SSdbcore.MassInsert(format_table_name("stickyban_matched_ip"), sqlips, ignore_errors = TRUE)
return TRUE

2
code/datums/achievements/achievements.dm
View File

@@ -124,7 +124,7 @@
.=..()
var/datum/DBQuery/Q = SSdbcore.NewQuery("SELECT value FROM [format_table_name("misc")] WHERE `key` = 'cargorecord'")
Q.Execute()
if(Q.item.len)
if(Q.item && Q.item.len)
amount = Q.item[1]
qdel(Q)
desc += "[amount]"

21
code/game/gamemodes/game_mode.dm
View File

@@ -1,5 +1,3 @@
/*
* GAMEMODES (by Rastaf0)
*
@@ -100,15 +98,20 @@
addtimer(CALLBACK(GLOBAL_PROC, .proc/reopen_roundstart_suicide_roles), delay)
if(SSdbcore.Connect())
var/sql
var/list/to_set = list()
var/arguments = list()
if(SSticker.mode)
sql += "game_mode = '[SSticker.mode]'"
to_set += "game_mode = :game_mode"
arguments ["game_mode"] = SSticker.mode
if(GLOB.revdata.originmastercommit)
if(sql)
sql += ", "
sql += "commit_hash = '[GLOB.revdata.originmastercommit]'"
if(sql)
var/datum/DBQuery/query_round_game_mode = SSdbcore.NewQuery("UPDATE [format_table_name("round")] SET [sql] WHERE id = [GLOB.round_id]")
to_set += "commit_hash = :commit_hash"
arguments ["commit_hash"] = GLOB.revdata.originmastercommit
if(to_set.len)
arguments ["round_id"] = GLOB.round_id
var/datum/DBQuery/query_round_game_mode = SSdbcore.NewQuery(
"UPDATE [format_table_name("round")] SET [to_set.Join(", ")] WHERE id = :round_id",
arguments
)
query_round_game_mode.Execute()
qdel(query_round_game_mode)
if(report)

15
code/modules/admin/IsBanned.dm
View File

@@ -208,9 +208,18 @@ Yogs End*/
if (ban["fromdb"])
if(SSdbcore.Connect())
INVOKE_ASYNC(SSdbcore, /datum/controller/subsystem/dbcore/proc.QuerySelect, list(
SSdbcore.NewQuery("INSERT INTO [format_table_name("stickyban_matched_ckey")] (matched_ckey, stickyban) VALUES ('[sanitizeSQL(ckey)]', '[sanitizeSQL(bannedckey)]') ON DUPLICATE KEY UPDATE last_matched = now()"),
SSdbcore.NewQuery("INSERT INTO [format_table_name("stickyban_matched_ip")] (matched_ip, stickyban) VALUES ( INET_ATON('[sanitizeSQL(address)]'), '[sanitizeSQL(bannedckey)]') ON DUPLICATE KEY UPDATE last_matched = now()"),
SSdbcore.NewQuery("INSERT INTO [format_table_name("stickyban_matched_cid")] (matched_cid, stickyban) VALUES ('[sanitizeSQL(computer_id)]', '[sanitizeSQL(bannedckey)]') ON DUPLICATE KEY UPDATE last_matched = now()")
SSdbcore.NewQuery(
"INSERT INTO [format_table_name("stickyban_matched_ckey")] (matched_ckey, stickyban) VALUES (:ckey, :bannedckey) ON DUPLICATE KEY UPDATE last_matched = now()",
list("ckey" = ckey, "bannedckey" = bannedckey)
),
SSdbcore.NewQuery(
"INSERT INTO [format_table_name("stickyban_matched_ip")] (matched_ip, stickyban) VALUES (INET_ATON(:address), :bannedckey) ON DUPLICATE KEY UPDATE last_matched = now()",
list("address" = address, "bannedckey" = bannedckey)
),
SSdbcore.NewQuery(
"INSERT INTO [format_table_name("stickyban_matched_cid")] (matched_cid, stickyban) VALUES (:computer_id, :bannedckey) ON DUPLICATE KEY UPDATE last_matched = now()",
list("computer_id" = computer_id, "bannedckey" = bannedckey)
)
), FALSE, TRUE)

6
code/modules/admin/admin_ranks.dm
View File

@@ -117,11 +117,7 @@ GLOBAL_PROTECT(protected_ranks)
var/list/sql_ranks = list()
for(var/datum/admin_rank/R in GLOB.protected_ranks)
var/sql_rank = sanitizeSQL(R.name)
var/sql_flags = sanitizeSQL(R.include_rights)
var/sql_exclude_flags = sanitizeSQL(R.exclude_rights)
var/sql_can_edit_flags = sanitizeSQL(R.can_edit_rights)
sql_ranks += list(list("rank" = "'[sql_rank]'", "flags" = "[sql_flags]", "exclude_flags" = "[sql_exclude_flags]", "can_edit_flags" = "[sql_can_edit_flags]"))
sql_ranks += list(list("rank" = R.name, "flags" = R.include_rights, "exclude_flags" = R.exclude_rights, "can_edit_flags" = R.can_edit_rights))
SSdbcore.MassInsert(format_table_name("admin_ranks"), sql_ranks, duplicate_key = TRUE)
//load our rank - > rights associations

40
code/modules/admin/antag_token.dm
View File

@@ -22,8 +22,8 @@
if(ckey)
var/datum/DBQuery/query_antag_token = SSdbcore.NewQuery({"SELECT reason, denial_reason, applying_admin, denying_admin, granted_time, redeemed, round_id, id
FROM [format_table_name("antag_tokens")] WHERE ckey = '[sanitizeSQL(ckey(ckey))]'
ORDER BY granted_time DESC"})
FROM [format_table_name("antag_tokens")] WHERE ckey = :ckey
ORDER BY granted_time DESC"}, list("ckey" = ckey(ckey)))
if(!query_antag_token.warn_execute())
qdel(query_antag_token)
return
@@ -90,16 +90,14 @@
return
var/admin_key = key_name_admin(usr)
reason = sanitizeSQL(reason)
var/token = list(
list("granted_time" = "NOW()",
"ckey" = "'[sanitizeSQL(ckey(ckey))]'",
"round_id" = sanitizeSQL(roundid),
"reason" = "'[reason]'",
"applying_admin" = "'[sanitizeSQL(ckey(owner.ckey))]'",
))
if(!SSdbcore.MassInsert(format_table_name("antag_tokens"), token, warn = 1))
var/datum/DBQuery/add_token = SSdbcore.NewQuery(
"INSERT INTO [format_table_name("antag_tokens")] (granted_time, ckey, round_id, reason, applying_admin) VALUES (NOW(), :ckey, :id, :reason, :admin)",
list("ckey" = ckey(ckey), "id" = roundid,"reason" = reason, "admin" = ckey(owner.ckey))
)
if(!add_token.warn_execute())
qdel(add_token)
alert("Failed to give token!")
return
@@ -123,8 +121,8 @@
return
var/datum/DBQuery/query_antag_token = SSdbcore.NewQuery({"SELECT id
FROM [format_table_name("antag_tokens")] WHERE ckey = '[sanitizeSQL(ckey(ckey))]' AND redeemed = 0
ORDER BY granted_time DESC"})
FROM [format_table_name("antag_tokens")] WHERE ckey = :ckey AND redeemed = 0
ORDER BY granted_time DESC"}, list("ckey" = ckey(ckey)))
if(!query_antag_token.warn_execute())
qdel(query_antag_token)
@@ -133,8 +131,8 @@
if(query_antag_token.NextRow())
var/id = query_antag_token.item[1]
var/datum/DBQuery/query_antag_token_redeem = SSdbcore.NewQuery({"UPDATE [format_table_name("antag_tokens")]
SET redeemed = 1, denying_admin = '[sanitizeSQL(ckey(owner.ckey))]'
WHERE id = [id]"})
SET redeemed = 1, denying_admin = :admin
WHERE id = :id"}, list("admin" = ckey(owner.ckey), "id" = id))
if(!query_antag_token_redeem.warn_execute())
alert("Failed to redeem token!")
qdel(query_antag_token_redeem)
@@ -152,7 +150,7 @@
/datum/admins/proc/has_antag_token(ckey)
var/datum/DBQuery/query_antag_token_existing = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE ckey = '[sanitizeSQL(ckey(ckey))]' AND redeemed = 0"})
var/datum/DBQuery/query_antag_token_existing = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE ckey = :ckey AND redeemed = 0"}, list("ckey" = ckey(ckey)))
if(!query_antag_token_existing.warn_execute())
qdel(query_antag_token_existing)
@@ -178,7 +176,7 @@
var/number_id = text2num(id)
var/ckey
var/datum/DBQuery/query_antag_token_exists = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE id = [number_id]"})
var/datum/DBQuery/query_antag_token_exists = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE id = :id"}, list("id" = number_id))
if(!query_antag_token_exists.warn_execute())
qdel(query_antag_token_exists)
alert("Token not redeemed!")
@@ -194,7 +192,7 @@
qdel(query_antag_token_exists)
var/datum/DBQuery/query_antag_token_deny = SSdbcore.NewQuery({"UPDATE [format_table_name("antag_tokens")] SET redeemed = 1, denying_admin = '[sanitizeSQL(ckey(owner.ckey))]' WHERE id = [number_id]"})
var/datum/DBQuery/query_antag_token_deny = SSdbcore.NewQuery({"UPDATE [format_table_name("antag_tokens")] SET redeemed = 1, denying_admin = :admin WHERE id = :id"}, list("admin" = ckey(owner.ckey), "id" = number_id))
if(!query_antag_token_deny.warn_execute())
qdel(query_antag_token_deny)
@@ -227,7 +225,7 @@
var/number_id = text2num(id)
var/ckey
var/datum/DBQuery/query_antag_token_exists = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE id = [number_id]"})
var/datum/DBQuery/query_antag_token_exists = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE id = :id"}, list("id" = number_id))
if(!query_antag_token_exists.warn_execute())
qdel(query_antag_token_exists)
alert("Token not redeemed!")
@@ -242,8 +240,8 @@
qdel(query_antag_token_exists)
var/datum/DBQuery/query_antag_token_deny = SSdbcore.NewQuery({"UPDATE [format_table_name("antag_tokens")] SET denying_admin = '[sanitizeSQL(ckey(owner.ckey))]',
denial_reason = '[sanitizeSQL(reason)]', redeemed = 1 WHERE id = [number_id]"})
var/datum/DBQuery/query_antag_token_deny = SSdbcore.NewQuery({"UPDATE [format_table_name("antag_tokens")] SET denying_admin = :admin,
denial_reason = :reason, redeemed = 1 WHERE id = :id"}, list("admin" = ckey(owner.ckey), "reason" = reason, "id" = number_id))
if(!query_antag_token_deny.warn_execute())
qdel(query_antag_token_deny)
return

32
code/modules/admin/create_poll.dm
View File

@@ -34,8 +34,7 @@
var/endtime = input("Set end time for poll as format YYYY-MM-DD HH:MM:SS. All times in server time. HH:MM:SS is optional and 24-hour. Must be later than starting time for obvious reasons.", "Set end time", SQLtime()) as text
if(!endtime)
return
endtime = sanitizeSQL(endtime)
var/datum/DBQuery/query_validate_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[endtime]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[endtime]','%Y-%c-%d %T'), 0)")
var/datum/DBQuery/query_validate_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE(:endtime,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:endtime,'%Y-%c-%d %T'), 0)", list("endtime" = endtime))
if(!query_validate_time.warn_execute() || QDELETED(usr) || !src)
qdel(query_validate_time)
return
@@ -47,6 +46,7 @@
return
endtime = query_validate_time.item[1]
qdel(query_validate_time)
var/adminonly
switch(alert("Admin only poll?",,"Yes","No","Cancel"))
if("Yes")
@@ -63,11 +63,10 @@
dontshow = 0
else
return
var/sql_ckey = sanitizeSQL(ckey)
var/question = input("Write your question","Question") as message|null
if(!question)
return
question = sanitizeSQL(question)
var/list/sql_option_list = list()
if(polltype != POLLTYPE_TEXT)
var/add_option = 1
@@ -75,7 +74,6 @@
var/option = input("Write your option","Option") as message|null
if(!option)
return
option = sanitizeSQL(option)
var/default_percentage_calc = 0
if(polltype != POLLTYPE_IRV)
switch(alert("Should this option be included by default when poll result percentages are generated?",,"Yes","No","Cancel"))
@@ -92,34 +90,24 @@
var/descmax = ""
if(polltype == POLLTYPE_RATING)
minval = input("Set minimum rating value.","Minimum rating") as num|null
if(minval)
minval = sanitizeSQL(minval)
else if(minval == null)
if(minval == null)
return
maxval = input("Set maximum rating value.","Maximum rating") as num|null
if(maxval)
maxval = sanitizeSQL(maxval)
if(minval >= maxval)
to_chat(src, "Maximum rating value can't be less than or equal to minimum rating value", confidential=TRUE)
continue
else if(maxval == null)
return
descmin = input("Optional: Set description for minimum rating","Minimum rating description") as message|null
if(descmin)
descmin = sanitizeSQL(descmin)
else if(descmin == null)
if(descmin == null)
return
descmid = input("Optional: Set description for median rating","Median rating description") as message|null
if(descmid)
descmid = sanitizeSQL(descmid)
else if(descmid == null)
if(descmid == null)
return
descmax = input("Optional: Set description for maximum rating","Maximum rating description") as message|null
if(descmax)
descmax = sanitizeSQL(descmax)
else if(descmax == null)
if(descmax == null)
return
sql_option_list += list(list("text" = "'[option]'", "minval" = "'[minval]'", "maxval" = "'[maxval]'", "descmin" = "'[descmin]'", "descmid" = "'[descmid]'", "descmax" = "'[descmax]'", "default_percentage_calc" = "'[default_percentage_calc]'"))
sql_option_list += list(list("text" = "[option]", "minval" = "[minval]", "maxval" = "[maxval]", "descmin" = "[descmin]", "descmid" = "[descmid]", "descmax" = "[descmax]", "default_percentage_calc" = "[default_percentage_calc]"))
switch(alert(" ",,"Add option","Finish", "Cancel"))
if("Add option")
add_option = 1
@@ -129,7 +117,9 @@
return 0
var/m1 = "[key_name(usr)] has created a new server poll. Poll type: [polltype] - Admin Only: [adminonly ? "Yes" : "No"] - Question: [question]"
var/m2 = "[key_name_admin(usr)] has created a new server poll. Poll type: [polltype] - Admin Only: [adminonly ? "Yes" : "No"]<br>Question: [question]"
var/datum/DBQuery/query_polladd_question = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_question")] (polltype, starttime, endtime, question, adminonly, multiplechoiceoptions, createdby_ckey, createdby_ip, dontshow) VALUES ('[polltype]', '[starttime]', '[endtime]', '[question]', '[adminonly]', '[choice_amount]', '[sql_ckey]', INET_ATON('[address]'), '[dontshow]')")
var/datum/DBQuery/query_polladd_question = SSdbcore.NewQuery({"INSERT INTO [format_table_name("poll_question")] (polltype, starttime, endtime, question, adminonly, multiplechoiceoptions, createdby_ckey, createdby_ip, dontshow)
VALUES (:polltype, :starttime, :endtime, :question, :adminonly, :choice_amount, :sql_ckey, INET_ATON(:address), :dontshow)"},
list("polltype" = polltype, "starttime" = starttime, "endtime" = endtime, "question" = question, "adminonly" = adminonly, "choice_amount" = choice_amount, "sql_ckey" = ckey, "address" = address, "dontshow" = dontshow))
if(!query_polladd_question.warn_execute())
qdel(query_polladd_question)
return

17
code/modules/admin/ipintel.dm
View File

@@ -39,17 +39,17 @@
SELECT date, intel, TIMESTAMPDIFF(MINUTE,date,NOW())
FROM [format_table_name("ipintel")]
WHERE
ip = INET_ATON('[ip]')
ip = INET_ATON(:ip)
AND ((
intel < [rating_bad]
intel < :rating_bad
AND
date + INTERVAL [CONFIG_GET(number/ipintel_save_good)] HOUR > NOW()
date + INTERVAL :save_good HOUR > NOW()
) OR (
intel >= [rating_bad]
intel >= :rating_bad
AND
date + INTERVAL [CONFIG_GET(number/ipintel_save_bad)] HOUR > NOW()
date + INTERVAL :save_bad HOUR > NOW()
))
"})
"}, list("ip" = ip, "rating_bad" = rating_bad, "save_good" = CONFIG_GET(number/ipintel_save_good), "save_bad" = CONFIG_GET(number/ipintel_save_bad)))
if(!query_get_ip_intel.Execute())
qdel(query_get_ip_intel)
return
@@ -67,7 +67,10 @@
if (updatecache && res.intel >= 0)
SSipintel.cache[ip] = res
if(SSdbcore.Connect())
var/datum/DBQuery/query_add_ip_intel = SSdbcore.NewQuery("INSERT INTO [format_table_name("ipintel")] (ip, intel) VALUES (INET_ATON('[ip]'), [res.intel]) ON DUPLICATE KEY UPDATE intel = VALUES(intel), date = NOW()")
var/datum/DBQuery/query_add_ip_intel = SSdbcore.NewQuery(
"INSERT INTO [format_table_name("ipintel")] (ip, intel) VALUES (INET_ATON(:ip), :intel) ON DUPLICATE KEY UPDATE intel = VALUES(intel), date = NOW()",
list("ip" = ip, "intel" = res.intel)
)
query_add_ip_intel.Execute()
qdel(query_add_ip_intel)

131
code/modules/admin/permissionedit.dm
View File

@@ -15,21 +15,14 @@
else
output += "<br><a href='?_src_=holder;[HrefToken()];editrightsbrowserlog=1;editrightspage=0'>\[Log\]</a><br><a href='?_src_=holder;[HrefToken()];editrightsbrowsermanage=1'>\[Management\]</a>"
if(action == 1)
var/list/searchlist = list(" WHERE ")
if(target)
searchlist += "ckey = '[sanitizeSQL(target)]'"
if(operation)
if(target)
searchlist += " AND "
searchlist += "operation = '[sanitizeSQL(operation)]'"
var/search
if(searchlist.len > 1)
search = searchlist.Join("")
var/logcount = 0
var/logssperpage = 20
var/pagecount = 0
page = text2num(page)
var/datum/DBQuery/query_count_admin_logs = SSdbcore.NewQuery("SELECT COUNT(id) FROM [format_table_name("admin_log")][search]")
var/datum/DBQuery/query_count_admin_logs = SSdbcore.NewQuery(
"SELECT COUNT(id) FROM [format_table_name("admin_log")] WHERE (:target IS NULL OR adminckey = :target) AND (:operation IS NULL OR operation = :operation)",
list("target" = target, "operation" = operation)
)
if(!query_count_admin_logs.warn_execute())
qdel(query_count_admin_logs)
return
@@ -43,8 +36,20 @@
logcount -= logssperpage
pagecount++
output += "|"
var/limit = " LIMIT [logssperpage * page], [logssperpage]"
var/datum/DBQuery/query_search_admin_logs = SSdbcore.NewQuery("SELECT datetime, round_id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), operation, IF(ckey IS NULL, target, byond_key), log FROM [format_table_name("admin_log")] LEFT JOIN [format_table_name("player")] ON target = ckey[search] ORDER BY datetime DESC[limit]")
var/datum/DBQuery/query_search_admin_logs = SSdbcore.NewQuery({"
SELECT
datetime,
round_id,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
operation,
IF(ckey IS NULL, target, byond_key),
log
FROM [format_table_name("admin_log")]
LEFT JOIN [format_table_name("player")] ON target = ckey
WHERE (:target IS NULL OR ckey = :target) AND (:operation IS NULL OR operation = :operation)
ORDER BY datetime DESC
LIMIT :skip, :take
"}, list("target" = target, "operation" = operation, "skip" = logssperpage * page, "take" = logssperpage))
if(!query_search_admin_logs.warn_execute())
qdel(query_search_admin_logs)
return
@@ -164,7 +169,6 @@
return
if(use_db == "Permanent")
use_db = TRUE
admin_ckey = sanitizeSQL(admin_ckey)
else
use_db = FALSE
if(QDELETED(usr))
@@ -211,9 +215,11 @@
to_chat(usr, "<span class='danger'>[admin_key] is already an admin.</span>", confidential=TRUE)
return FALSE
if(use_db)
. = sanitizeSQL(.)
//if an admin exists without a datum they won't be caught by the above
var/datum/DBQuery/query_admin_in_db = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("admin")] WHERE ckey = '[.]'")
var/datum/DBQuery/query_admin_in_db = SSdbcore.NewQuery(
"SELECT 1 FROM [format_table_name("admin")] WHERE ckey = :ckey",
list("ckey" = .)
)
if(!query_admin_in_db.warn_execute())
qdel(query_admin_in_db)
return FALSE
@@ -222,12 +228,18 @@
to_chat(usr, "<span class='danger'>[admin_key] already listed in admin database. Check the Management tab if they don't appear in the list of admins.</span>", confidential=TRUE)
return FALSE
qdel(query_admin_in_db)
var/datum/DBQuery/query_add_admin = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin")] (ckey, rank) VALUES ('[.]', 'NEW ADMIN')")
var/datum/DBQuery/query_add_admin = SSdbcore.NewQuery(
"INSERT INTO [format_table_name("admin")] (ckey, `rank`) VALUES (:ckey, 'NEW ADMIN')",
list("ckey" = .)
)
if(!query_add_admin.warn_execute())
qdel(query_add_admin)
return FALSE
qdel(query_add_admin)
var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'add admin', '[.]', 'New admin added: [.]')")
var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'add admin', :target, CONCAT('New admin added: ', :target))
"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "target" = .))
if(!query_add_admin_log.warn_execute())
qdel(query_add_admin_log)
return FALSE
@@ -242,12 +254,18 @@
var/m1 = "[key_name_admin(usr)] removed [admin_key] from the admins list [use_db ? "permanently" : "temporarily"]"
var/m2 = "[key_name(usr)] removed [admin_key] from the admins list [use_db ? "permanently" : "temporarily"]"
if(use_db)
var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery("DELETE FROM [format_table_name("admin")] WHERE ckey = '[admin_ckey]'")
var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery(
"DELETE FROM [format_table_name("admin")] WHERE ckey = :ckey",
list("ckey" = admin_ckey)
)
if(!query_add_rank.warn_execute())
qdel(query_add_rank)
return
qdel(query_add_rank)
var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'remove admin', '[admin_ckey]', 'Admin removed: [admin_ckey]')")
var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'remove admin', :admin_ckey, CONCAT('Admin removed: ', :admin_ckey))
"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "admin_ckey" = admin_ckey))
if(!query_add_rank_log.warn_execute())
qdel(query_add_rank_log)
return
@@ -301,10 +319,12 @@
var/m1 = "[key_name_admin(usr)] edited the admin rank of [admin_key] to [new_rank] [use_db ? "permanently" : "temporarily"]"
var/m2 = "[key_name(usr)] edited the admin rank of [admin_key] to [new_rank] [use_db ? "permanently" : "temporarily"]"
if(use_db)
new_rank = sanitizeSQL(new_rank)
//if a player was tempminned before having a permanent change made to their rank they won't yet be in the db
var/old_rank
var/datum/DBQuery/query_admin_in_db = SSdbcore.NewQuery("SELECT rank FROM [format_table_name("admin")] WHERE ckey = '[admin_ckey]'")
var/datum/DBQuery/query_admin_in_db = SSdbcore.NewQuery(
"SELECT `rank` FROM [format_table_name("admin")] WHERE ckey = :admin_ckey",
list("admin_ckey" = admin_ckey)
)
if(!query_admin_in_db.warn_execute())
qdel(query_admin_in_db)
return
@@ -315,29 +335,45 @@
old_rank = query_admin_in_db.item[1]
qdel(query_admin_in_db)
//similarly if a temp rank is created it won't be in the db if someone is permanently changed to it
var/datum/DBQuery/query_rank_in_db = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("admin_ranks")] WHERE rank = '[new_rank]'")
var/datum/DBQuery/query_rank_in_db = SSdbcore.NewQuery(
"SELECT 1 FROM [format_table_name("admin_ranks")] WHERE `rank` = :new_rank",
list("new_rank" = new_rank)
)
if(!query_rank_in_db.warn_execute())
qdel(query_rank_in_db)
return
if(!query_rank_in_db.NextRow())
QDEL_NULL(query_rank_in_db)
var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_ranks")] (rank, flags, exclude_flags, can_edit_flags) VALUES ('[new_rank]', '0', '0', '0')")
var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_ranks")] (`rank`, flags, exclude_flags, can_edit_flags)
VALUES (:new_rank, '0', '0', '0')
"}, list("new_rank" = new_rank))
if(!query_add_rank.warn_execute())
qdel(query_add_rank)
return
qdel(query_add_rank)
var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'add rank', '[new_rank]', 'New rank added: [new_rank]')")
var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'add rank', :new_rank, CONCAT('New rank added: ', :new_rank))
"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "new_rank" = new_rank))
if(!query_add_rank_log.warn_execute())
qdel(query_add_rank_log)
return
qdel(query_add_rank_log)
qdel(query_rank_in_db)
var/datum/DBQuery/query_change_rank = SSdbcore.NewQuery("UPDATE [format_table_name("admin")] SET rank = '[new_rank]' WHERE ckey = '[admin_ckey]'")
var/datum/DBQuery/query_change_rank = SSdbcore.NewQuery(
"UPDATE [format_table_name("admin")] SET `rank` = :new_rank WHERE ckey = :admin_ckey",
list("new_rank" = new_rank, "admin_ckey" = admin_ckey)
)
if(!query_change_rank.warn_execute())
qdel(query_change_rank)
return
qdel(query_change_rank)
var/datum/DBQuery/query_change_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'change admin rank', '[admin_ckey]', 'Rank of [admin_ckey] changed from [old_rank] to [new_rank]')")
var/datum/DBQuery/query_change_rank_log = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'change admin rank', :target, CONCAT('Rank of ', :target, ' changed from ', :old_rank, ' to ', :new_rank))
"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "target" = admin_ckey, "old_rank" = old_rank, "new_rank" = new_rank))
if(!query_change_rank_log.warn_execute())
qdel(query_change_rank_log)
return
@@ -365,10 +401,14 @@
var/m1 = "[key_name_admin(usr)] edited the permissions of [use_db ? " rank [D.rank.name] permanently" : "[admin_key] temporarily"]"
var/m2 = "[key_name(usr)] edited the permissions of [use_db ? " rank [D.rank.name] permanently" : "[admin_key] temporarily"]"
if(use_db || legacy_only)
var/rank_name = D.rank.name
var/old_flags
var/old_exclude_flags
var/old_can_edit_flags
var/datum/DBQuery/query_get_rank_flags = SSdbcore.NewQuery("SELECT flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] WHERE rank = '[D.rank.name]'")
var/datum/DBQuery/query_get_rank_flags = SSdbcore.NewQuery(
"SELECT flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] WHERE `rank` = :rank_name",
list("rank_name" = rank_name)
)
if(!query_get_rank_flags.warn_execute())
qdel(query_get_rank_flags)
return
@@ -377,12 +417,19 @@
old_exclude_flags = text2num(query_get_rank_flags.item[2])
old_can_edit_flags = text2num(query_get_rank_flags.item[3])
qdel(query_get_rank_flags)
var/datum/DBQuery/query_change_rank_flags = SSdbcore.NewQuery("UPDATE [format_table_name("admin_ranks")] SET flags = '[new_flags]', exclude_flags = '[new_exclude_flags]', can_edit_flags = '[new_can_edit_flags]' WHERE rank = '[D.rank.name]'")
var/datum/DBQuery/query_change_rank_flags = SSdbcore.NewQuery(
"UPDATE [format_table_name("admin_ranks")] SET flags = :new_flags, exclude_flags = :new_exclude_flags, can_edit_flags = :new_can_edit_flags WHERE `rank` = :rank_name",
list("new_flags" = new_flags, "new_exclude_flags" = new_exclude_flags, "new_can_edit_flags" = new_can_edit_flags, "rank_name" = rank_name)
)
if(!query_change_rank_flags.warn_execute())
qdel(query_change_rank_flags)
return
qdel(query_change_rank_flags)
var/datum/DBQuery/query_change_rank_flags_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'change rank flags', '[D.rank.name]', 'Permissions of [D.rank.name] changed from[rights2text(old_flags," ")][rights2text(old_exclude_flags," ", "-")][rights2text(old_can_edit_flags," ", "*")] to[rights2text(new_flags," ")][rights2text(new_exclude_flags," ", "-")][rights2text(new_can_edit_flags," ", "*")]')")
var/log_message = "Permissions of [rank_name] changed from[rights2text(old_flags," ")][rights2text(old_exclude_flags," ", "-")][rights2text(old_can_edit_flags," ", "*")] to[rights2text(new_flags," ")][rights2text(new_exclude_flags," ", "-")][rights2text(new_can_edit_flags," ", "*")]"
var/datum/DBQuery/query_change_rank_flags_log = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'change rank flags', :rank_name, :log)
"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "rank_name" = rank_name, "log" = log_message))
if(!query_change_rank_flags_log.warn_execute())
qdel(query_change_rank_flags_log)
return
@@ -433,8 +480,10 @@
if(CONFIG_GET(flag/load_legacy_ranks_only))
to_chat(usr, "<span class='admin prefix'>Rank deletion not permitted while database rank loading is disabled.</span>", confidential=TRUE)
return
admin_rank = sanitizeSQL(admin_rank)
var/datum/DBQuery/query_admins_with_rank = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("admin")] WHERE rank = '[admin_rank]'")
var/datum/DBQuery/query_admins_with_rank = SSdbcore.NewQuery(
"SELECT 1 FROM [format_table_name("admin")] WHERE `rank` = :admin_rank",
list("admin_rank" = admin_rank)
)
if(!query_admins_with_rank.warn_execute())
qdel(query_admins_with_rank)
return
@@ -446,12 +495,18 @@
if(alert("Are you sure you want to remove [admin_rank]?","Confirm Removal","Do it","Cancel") == "Do it")
var/m1 = "[key_name_admin(usr)] removed rank [admin_rank] permanently"
var/m2 = "[key_name(usr)] removed rank [admin_rank] permanently"
var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery("DELETE FROM [format_table_name("admin_ranks")] WHERE rank = '[admin_rank]'")
var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery(
"DELETE FROM [format_table_name("admin_ranks")] WHERE `rank` = :admin_rank",
list("admin_rank" = admin_rank)
)
if(!query_add_rank.warn_execute())
qdel(query_add_rank)
return
qdel(query_add_rank)
var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'remove rank', '[admin_rank]', 'Rank removed: [admin_rank]')")
var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'remove rank', :admin_rank, CONCAT('Rank removed: ', :admin_rank))
"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "admin_rank" = admin_rank))
if(!query_add_rank_log.warn_execute())
qdel(query_add_rank_log)
return
@@ -462,9 +517,11 @@
/datum/admins/proc/sync_lastadminrank(admin_ckey, admin_key, datum/admins/D)
var/sqlrank = "Player"
if (D)
sqlrank = sanitizeSQL(D.rank.name)
admin_ckey = sanitizeSQL(admin_ckey)
var/datum/DBQuery/query_sync_lastadminrank = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET lastadminrank = '[sqlrank]' WHERE ckey = '[admin_ckey]'")
sqlrank = D.rank.name
var/datum/DBQuery/query_sync_lastadminrank = SSdbcore.NewQuery(
"UPDATE [format_table_name("player")] SET lastadminrank = :rank WHERE ckey = :ckey",
list("rank" = sqlrank, "ckey" = admin_ckey)
)
if(!query_sync_lastadminrank.warn_execute())
qdel(query_sync_lastadminrank)
return

330
code/modules/admin/sql_ban_system.dm
View File

@@ -3,7 +3,7 @@
//checks client ban cache or DB ban table if ckey is banned from one or more roles
//doesn't return any details, use only for if statements
/proc/is_banned_from(player_ckey, roles)
/proc/is_banned_from(player_ckey, list/roles)
if(!player_ckey)
return
var/client/C = GLOB.directory[player_ckey]
@@ -17,17 +17,30 @@
else if(roles in C.ban_cache)
return TRUE
else
player_ckey = sanitizeSQL(player_ckey)
var/admin_where
if(GLOB.admin_datums[player_ckey] || GLOB.deadmins[player_ckey])
admin_where = " AND applies_to_admins = 1"
var/values = list(
"player_ckey" = player_ckey,
"must_apply_to_admins" = !!(GLOB.admin_datums[player_ckey] || GLOB.deadmins[player_ckey]),
)
var/sql_roles
if(islist(roles))
sql_roles = jointext(roles, "', '")
var/list/sql_roles_list = list()
for (var/i in 1 to roles.len)
values["role[i]"] = roles[i]
sql_roles_list += ":role[i]"
sql_roles = sql_roles_list.Join(", ")
else
sql_roles = roles
sql_roles = sanitizeSQL(sql_roles)
var/datum/DBQuery/query_check_ban = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("ban")] WHERE ckey = '[player_ckey]' AND role IN ('[sql_roles]') AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW())[admin_where]")
values["role"] = roles
sql_roles = ":role"
var/datum/DBQuery/query_check_ban = SSdbcore.NewQuery({"
SELECT 1
FROM [format_table_name("ban")]
WHERE
ckey = :player_ckey AND
role IN ([sql_roles]) AND
unbanned_datetime IS NULL AND
(expiration_time IS NULL OR expiration_time > NOW())
AND (NOT :must_apply_to_admins OR applies_to_admins = 1)
"}, values)
if(!query_check_ban.warn_execute())
qdel(query_check_ban)
return
@@ -41,19 +54,26 @@
/proc/is_banned_from_with_details(player_ckey, player_ip, player_cid, role)
if(!player_ckey && !player_ip && !player_cid)
return
role = sanitizeSQL(role)
var/list/where_list = list()
if(player_ckey)
player_ckey = sanitizeSQL(player_ckey)
where_list += "ckey = '[player_ckey]'"
if(player_ip)
player_ip = sanitizeSQL(player_ip)
where_list += "ip = INET_ATON('[player_ip]')"
if(player_cid)
player_cid = sanitizeSQL(player_cid)
where_list += "computerid = '[player_cid]'"
var/where = "([where_list.Join(" OR ")])"
var/datum/DBQuery/query_check_ban = SSdbcore.NewQuery("SELECT id, bantime, round_id, expiration_time, TIMESTAMPDIFF(MINUTE, bantime, expiration_time), applies_to_admins, reason, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), INET_NTOA(ip), computerid, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey) FROM [format_table_name("ban")] WHERE role = '[role]' AND [where] AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW()) ORDER BY bantime DESC")
var/datum/DBQuery/query_check_ban = SSdbcore.NewQuery({"
SELECT
id,
bantime,
round_id,
expiration_time,
TIMESTAMPDIFF(MINUTE, bantime, expiration_time),
applies_to_admins,
reason,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey),
INET_NTOA(ip),
computerid,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey)
FROM [format_table_name("ban")]
WHERE role = :role
AND (ckey = :ckey OR ip = INET_ATON(:ip) OR computerid = :computerid)
AND unbanned_datetime IS NULL
AND (expiration_time IS NULL OR expiration_time > NOW())
ORDER BY bantime DESC
"}, list("role" = role, "ckey" = player_ckey, "ip" = player_ip, "computerid" = player_cid))
if(!query_check_ban.warn_execute())
qdel(query_check_ban)
return
@@ -67,11 +87,13 @@
return
if(C && istype(C))
C.ban_cache = list()
var/player_key = sanitizeSQL(C.ckey)
var/is_admin = FALSE
if(GLOB.admin_datums[C.ckey] || GLOB.deadmins[C.ckey])
is_admin = TRUE
var/datum/DBQuery/query_build_ban_cache = SSdbcore.NewQuery("SELECT role, applies_to_admins FROM [format_table_name("ban")] WHERE ckey = '[player_key]' AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW())")
var/datum/DBQuery/query_build_ban_cache = SSdbcore.NewQuery(
"SELECT role, applies_to_admins FROM [format_table_name("ban")] WHERE ckey = :ckey AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW())",
list("ckey" = C.ckey)
)
if(!query_build_ban_cache.warn_execute())
qdel(query_build_ban_cache)
return
@@ -177,8 +199,15 @@
//there's not always a client to use the bancache of so to avoid many individual queries from using is_banned_form we'll build a cache to use here
var/banned_from = list()
if(player_key)
var/player_ckey = sanitizeSQL(ckey(player_key))
var/datum/DBQuery/query_get_banned_roles = SSdbcore.NewQuery("SELECT role FROM [format_table_name("ban")] WHERE ckey = '[player_ckey]' AND role <> 'server' AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW())")
var/datum/DBQuery/query_get_banned_roles = SSdbcore.NewQuery({"
SELECT role
FROM [format_table_name("ban")]
WHERE
ckey = :player_ckey AND
role <> 'server'
AND unbanned_datetime IS NULL
AND (expiration_time IS NULL OR expiration_time > NOW())
"}, list("player_ckey" = ckey(player_key)))
if(!query_get_banned_roles.warn_execute())
qdel(query_get_banned_roles)
return
@@ -387,11 +416,11 @@
if(!SSdbcore.Connect())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential=TRUE)
return
var/player_ckey = sanitizeSQL(ckey(player_key))
player_ip = sanitizeSQL(player_ip)
player_cid = sanitizeSQL(player_cid)
var/player_ckey = ckey(player_key)
if(player_ckey)
var/datum/DBQuery/query_create_ban_get_player = SSdbcore.NewQuery("SELECT byond_key, INET_NTOA(ip), computerid FROM [format_table_name("player")] WHERE ckey = '[player_ckey]'")
var/datum/DBQuery/query_create_ban_get_player = SSdbcore.NewQuery({"
SELECT byond_key, INET_NTOA(ip), computerid FROM [format_table_name("player")] WHERE ckey = :player_ckey
"}, list("player_ckey" = player_ckey))
if(!query_create_ban_get_player.warn_execute())
qdel(query_create_ban_get_player)
return
@@ -412,9 +441,17 @@
qdel(query_create_ban_get_player)
return
qdel(query_create_ban_get_player)
var/admin_ckey = sanitizeSQL(usr.client.ckey)
var/admin_ckey = usr.client.ckey
if(applies_to_admins)
var/datum/DBQuery/query_check_adminban_count = SSdbcore.NewQuery("SELECT COUNT(DISTINCT bantime) FROM [format_table_name("ban")] WHERE a_ckey = '[admin_ckey]' AND applies_to_admins = 1 AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW())")
var/datum/DBQuery/query_check_adminban_count = SSdbcore.NewQuery({"
SELECT COUNT(DISTINCT bantime)
FROM [format_table_name("ban")]
WHERE
a_ckey = :admin_ckey AND
applies_to_admins = 1 AND
unbanned_datetime IS NULL AND
(expiration_time IS NULL OR expiration_time > NOW())
"}, list("admin_ckey" = admin_ckey))
if(!query_check_adminban_count.warn_execute()) //count distinct bantime to treat rolebans made at the same time as one ban
qdel(query_check_adminban_count)
return
@@ -428,18 +465,15 @@
qdel(query_check_adminban_count)
return
qdel(query_check_adminban_count)
var/admin_ip = sanitizeSQL(usr.client.address)
var/admin_cid = sanitizeSQL(usr.client.computer_id)
var/admin_ip = usr.client.address
var/admin_cid = usr.client.computer_id
duration = text2num(duration)
if(interval)
interval = sanitizeSQL(interval)
else
if (!(interval in list("SECOND", "MINUTE", "HOUR", "DAY", "WEEK", "MONTH", "YEAR")))
interval = "MINUTE"
var/time_message = "[duration] [lowertext(interval)]" //no DisplayTimeText because our duration is of variable interval type
if(duration > 1) //pluralize the interval if necessary
time_message += "s"
var/note_reason = "Banned from [roles_to_ban[1] == "Server" ? "the server" : " Roles: [roles_to_ban.Join(", ")]"] [isnull(duration) ? "permanently" : "for [time_message]"] - [reason]"
reason = sanitizeSQL(reason)
var/list/clients_online = GLOB.clients.Copy()
var/list/admins_online = list()
for(var/client/C in clients_online)
@@ -449,26 +483,34 @@
var/adminwho = admins_online.Join(", ")
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/sql_ban
var/special_columns = list(
"bantime" = "NOW()",
"server_ip" = "INET_ATON(?)",
"ip" = "INET_ATON(?)",
"a_ip" = "INET_ATON(?)",
"expiration_time" = "IF(? IS NULL, NULL, NOW() + INTERVAL ? [interval])"
)
var/sql_ban = list()
for(var/role in roles_to_ban)
sql_ban += list(list("bantime" = "NOW()",
"server_ip" = "INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]'))",
"server_port" = sanitizeSQL(world.port),
"round_id" = sanitizeSQL(GLOB.round_id),
"role" = "'[sanitizeSQL(role)]'",
"expiration_time" = "IF('[duration]' LIKE '', NULL, NOW() + INTERVAL [duration ? "[duration]" : "0"] [interval])",
"applies_to_admins" = sanitizeSQL(applies_to_admins),
"reason" = "'[reason]'",
"ckey" = "IF('[player_ckey]' LIKE '', NULL, '[player_ckey]')",
"ip" = "INET_ATON(IF('[player_ip]' LIKE '', NULL, '[player_ip]'))",
"computerid" = "IF('[player_cid]' LIKE '', NULL, '[player_cid]')",
"a_ckey" = "'[admin_ckey]'",
"a_ip" = "INET_ATON(IF('[admin_ip]' LIKE '', NULL, '[admin_ip]'))",
"a_computerid" = "'[admin_cid]'",
"who" = "'[who]'",
"adminwho" = "'[adminwho]'"
sql_ban += list(list(
"server_ip" = world.internet_address || 0,
"server_port" = world.port,
"round_id" = GLOB.round_id,
"role" = role,
"expiration_time" = duration,
"applies_to_admins" = applies_to_admins,
"reason" = reason,
"ckey" = player_ckey || null,
"ip" = player_ip || null,
"computerid" = player_cid || null,
"a_ckey" = admin_ckey,
"a_ip" = admin_ip || null,
"a_computerid" = admin_cid,
"who" = who,
"adminwho" = adminwho,
))
if(!SSdbcore.MassInsert(format_table_name("ban"), sql_ban, warn = 1))
if(!SSdbcore.MassInsert(format_table_name("ban"), sql_ban, warn = TRUE, special_columns = special_columns))
return
var/target = ban_target_string(player_key, player_ip, player_cid)
var/msg = "has created a [isnull(duration) ? "permanent" : "temporary [time_message]"] [applies_to_admins ? "admin " : ""][roles_to_ban[1] == "Server" ? "server ban" : "role ban from [roles_to_ban.len] roles"] for [target]."
@@ -522,20 +564,23 @@
<div class='main'>
"}
if(player_key || admin_key || player_ip || player_cid)
var/list/searchlist = list()
if(player_key)
searchlist += "ckey = '[sanitizeSQL(ckey(player_key))]'"
if(admin_key)
searchlist += "a_ckey = '[sanitizeSQL(ckey(admin_key))]'"
if(player_ip)
searchlist += "ip = INET_ATON('[sanitizeSQL(player_ip)]')"
if(player_cid)
searchlist += "computerid = '[sanitizeSQL(player_cid)]'"
var/search = searchlist.Join(" AND ")
var/bancount = 0
var/bansperpage = 10
page = text2num(page)
var/datum/DBQuery/query_unban_count_bans = SSdbcore.NewQuery("SELECT COUNT(id) FROM [format_table_name("ban")] WHERE [search]")
var/datum/DBQuery/query_unban_count_bans = SSdbcore.NewQuery({"
SELECT COUNT(id)
FROM [format_table_name("ban")]
WHERE
(:player_key IS NULL OR ckey = :player_key) AND
(:admin_key IS NULL OR a_ckey = :admin_key) AND
(:player_ip IS NULL OR ip = INET_ATON(:player_ip)) AND
(:player_cid IS NULL OR computerid = :player_cid)
"}, list(
"player_key" = ckey(player_key),
"admin_key" = ckey(admin_key),
"player_ip" = player_ip || null,
"player_cid" = player_cid || null,
))
if(!query_unban_count_bans.warn_execute())
qdel(query_unban_count_bans)
return
@@ -551,8 +596,53 @@
bancount -= bansperpage
pagecount++
output += pagelist.Join(" | ")
var/limit = " LIMIT [bansperpage * page], [bansperpage]"
var/datum/DBQuery/query_unban_search_bans = SSdbcore.NewQuery({"SELECT id, bantime, round_id, role, expiration_time, TIMESTAMPDIFF(MINUTE, bantime, expiration_time), IF(expiration_time < NOW(), 1, NULL), applies_to_admins, reason, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), INET_NTOA(ip), computerid, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey), IF(edits IS NOT NULL, 1, NULL), unbanned_datetime, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].unbanned_ckey), unbanned_ckey), unbanned_round_id FROM [format_table_name("ban")] WHERE [search] ORDER BY id DESC[limit]"})
var/datum/DBQuery/query_unban_search_bans = SSdbcore.NewQuery({"
SELECT
id,
bantime,
round_id,
role,
expiration_time,
TIMESTAMPDIFF(MINUTE, bantime, expiration_time),
IF(expiration_time < NOW(), 1, NULL),
applies_to_admins,
reason,
IFNULL((
SELECT byond_key
FROM [format_table_name("player")]
WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey
), ckey),
INET_NTOA(ip),
computerid,
IFNULL((
SELECT byond_key
FROM [format_table_name("player")]
WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey
), a_ckey),
IF(edits IS NOT NULL, 1, NULL),
unbanned_datetime,
IFNULL((
SELECT byond_key
FROM [format_table_name("player")]
WHERE [format_table_name("player")].ckey = [format_table_name("ban")].unbanned_ckey
), unbanned_ckey),
unbanned_round_id
FROM [format_table_name("ban")]
WHERE
(:player_key IS NULL OR ckey = :player_key) AND
(:admin_key IS NULL OR a_ckey = :admin_key) AND
(:player_ip IS NULL OR ip = INET_ATON(:player_ip)) AND
(:player_cid IS NULL OR computerid = :player_cid)
ORDER BY id DESC
LIMIT :skip, :take
"}, list(
"player_key" = ckey(player_key),
"admin_key" = ckey(admin_key),
"player_ip" = player_ip || null,
"player_cid" = player_cid || null,
"skip" = bansperpage * page,
"take" = bansperpage,
))
if(!query_unban_search_bans.warn_execute())
qdel(query_unban_search_bans)
return
@@ -605,13 +695,17 @@
var/target = ban_target_string(player_key, player_ip, player_cid)
if(alert(usr, "Please confirm unban of [target] from [role].", "Unban confirmation", "Yes", "No") == "No")
return
ban_id = sanitizeSQL(ban_id)
var/admin_ckey = sanitizeSQL(usr.client.ckey)
var/admin_ip = sanitizeSQL(usr.client.address)
var/admin_cid = sanitizeSQL(usr.client.computer_id)
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_unban = SSdbcore.NewQuery("UPDATE [format_table_name("ban")] SET unbanned_datetime = NOW(), unbanned_ckey = '[admin_ckey]', unbanned_ip = INET_ATON('[admin_ip]'), unbanned_computerid = '[admin_cid]', unbanned_round_id = '[GLOB.round_id]' WHERE id = [ban_id]")
var/datum/DBQuery/query_unban = SSdbcore.NewQuery({"
UPDATE [format_table_name("ban")] SET
unbanned_datetime = NOW(),
unbanned_ckey = :admin_ckey,
unbanned_ip = INET_ATON(:admin_ip),
unbanned_computerid = :admin_cid,
unbanned_round_id = :round_id
WHERE id = :ban_id
"}, list("ban_id" = ban_id, "admin_ckey" = usr.client.ckey, "admin_ip" = usr.client.address, "admin_cid" = usr.client.computer_id, "round_id" = GLOB.round_id))
if(!query_unban.warn_execute())
qdel(query_unban)
return
@@ -634,13 +728,18 @@
if(!SSdbcore.Connect())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential=TRUE)
return
ban_id = sanitizeSQL(ban_id)
var/player_ckey = sanitizeSQL(ckey(player_key))
player_ip = sanitizeSQL(player_ip)
player_cid = sanitizeSQL(player_cid)
var/player_ckey = ckey(player_key)
var/bantime
if(player_ckey)
var/datum/DBQuery/query_edit_ban_get_player = SSdbcore.NewQuery("SELECT byond_key, (SELECT bantime FROM [format_table_name("ban")] WHERE id = [ban_id]), ip, computerid FROM [format_table_name("player")] WHERE ckey = '[player_ckey]'")
var/datum/DBQuery/query_edit_ban_get_player = SSdbcore.NewQuery({"
SELECT
byond_key,
(SELECT bantime FROM [format_table_name("ban")] WHERE id = :ban_id),
ip,
computerid
FROM [format_table_name("player")]
WHERE ckey = :player_ckey
"}, list("player_ckey" = player_ckey, "ban_id" = ban_id))
if(!query_edit_ban_get_player.warn_execute())
qdel(query_edit_ban_get_player)
return
@@ -663,8 +762,14 @@
return
qdel(query_edit_ban_get_player)
if(applies_to_admins && (applies_to_admins != old_applies))
var/admin_ckey = sanitizeSQL(usr.client.ckey)
var/datum/DBQuery/query_check_adminban_count = SSdbcore.NewQuery("SELECT COUNT(DISTINCT bantime) FROM [format_table_name("ban")] WHERE a_ckey = '[admin_ckey]' AND applies_to_admins = 1 AND unbanned_datetime IS NULL AND (expiration_time IS NULL OR expiration_time > NOW())")
var/datum/DBQuery/query_check_adminban_count = SSdbcore.NewQuery({"
SELECT COUNT(DISTINCT bantime)
FROM [format_table_name("ban")]
WHERE a_ckey = :admin_ckey
AND applies_to_admins = 1
AND unbanned_datetime IS NULL
AND (expiration_time IS NULL OR expiration_time > NOW())
"}, list("admin_ckey" = usr.client.ckey))
if(!query_check_adminban_count.warn_execute()) //count distinct bantime to treat rolebans made at the same time as one ban
qdel(query_check_adminban_count)
return
@@ -678,37 +783,63 @@
qdel(query_check_adminban_count)
return
qdel(query_check_adminban_count)
applies_to_admins = sanitizeSQL(applies_to_admins)
duration = sanitizeSQL(duration)
if(interval)
interval = sanitizeSQL(interval)
else
if (!(interval in list("SECOND", "MINUTE", "HOUR", "DAY", "WEEK", "MONTH", "YEAR")))
interval = "MINUTE"
reason = sanitizeSQL(reason)
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/list/changes_text= list()
var/list/changes_text = list()
var/list/changes_keys = list()
for(var/i in changes)
changes_text += "[sanitizeSQL(i)]: [sanitizeSQL(changes[i])]"
changes_text += "[i]: [changes[i]]"
changes_keys += i
var/where = "id = [sanitizeSQL(ban_id)]"
var/change_message = "[usr.client.key] edited the following [jointext(changes_text, ", ")]<hr>"
var/list/arguments = list(
"duration" = duration || null,
"reason" = reason,
"applies_to_admins" = applies_to_admins,
"ckey" = player_ckey || null,
"ip" = player_ip || null,
"cid" = player_cid || null,
"change_message" = change_message,
)
var/where
if(text2num(mirror_edit))
var/list/wherelist = list("bantime = '[bantime]'")
if(old_key)
wherelist += "ckey = '[sanitizeSQL(ckey(old_key))]'"
wherelist += "ckey = :old_ckey"
arguments["old_ckey"] = ckey(old_key)
if(old_ip)
old_ip = sanitizeSQL(old_ip)
wherelist += "ip = INET_ATON(IF('[old_ip]' LIKE '', NULL, '[old_ip]'))"
wherelist += "ip = INET_ATON(:old_ip)"
arguments["old_ip"] = old_ip || null
if(old_cid)
wherelist += "computerid = '[sanitizeSQL(old_cid)]'"
wherelist += "computerid = :old_cid"
arguments["old_cid"] = old_cid
where = wherelist.Join(" AND ")
var/datum/DBQuery/query_edit_ban = SSdbcore.NewQuery("UPDATE [format_table_name("ban")] SET expiration_time = IF('[duration]' LIKE '', NULL, bantime + INTERVAL [duration ? "[duration]" : "0"] [interval]), applies_to_admins = [applies_to_admins], reason = '[reason]', ckey = IF('[player_ckey]' LIKE '', NULL, '[player_ckey]'), ip = INET_ATON(IF('[player_ip]' LIKE '', NULL, '[player_ip]')), computerid = IF('[player_cid]' LIKE '', NULL, '[player_cid]'), edits = CONCAT(IFNULL(edits,''),'[sanitizeSQL(usr.client.key)] edited the following [jointext(changes_text, ", ")]<hr>') WHERE [where]")
else
where = "id = :ban_id"
arguments["ban_id"] = ban_id
var/datum/DBQuery/query_edit_ban = SSdbcore.NewQuery({"
UPDATE [format_table_name("ban")]
SET
expiration_time = IF(:duration IS NULL, NULL, bantime + INTERVAL :duration [interval])
applies_to_admins = :applies_to_admins,
reason = :reason,
ckey = :ckey,
ip = INET_ATON(:ip),
computerid = :ci
edits = CONCAT(IFNULL(edits,''), :change_message)
WHERE [where]
"}, arguments)
if(!query_edit_ban.warn_execute())
qdel(query_edit_ban)
return
qdel(query_edit_ban)
var/changes_keys_text = jointext(changes_keys, ", ")
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
log_admin_private("[kn] has edited the [changes_keys_text] of a ban for [old_key ? "[old_key]" : "[old_ip]-[old_cid]"].") //if a ban doesn't have a key it must have an ip and/or a cid to have reached this point normally
message_admins("[kna] has edited the [changes_keys_text] of a ban for [old_key ? "[old_key]" : "[old_ip]-[old_cid]"].")
if(changes["Applies to admins"])
@@ -729,8 +860,9 @@
if(!SSdbcore.Connect())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential=TRUE)
return
ban_id = sanitizeSQL(ban_id)
var/datum/DBQuery/query_get_ban_edits = SSdbcore.NewQuery("SELECT edits FROM [format_table_name("ban")] WHERE id = '[ban_id]'")
var/datum/DBQuery/query_get_ban_edits = SSdbcore.NewQuery({"
SELECT edits FROM [format_table_name("ban")] WHERE id = :ban_id
"}, list("ban_id" = ban_id))
if(!query_get_ban_edits.warn_execute())
qdel(query_get_ban_edits)
return

222
code/modules/admin/sql_message_system.dm
View File

@@ -10,8 +10,11 @@
var/new_key = input(usr,"Who would you like to create a [type] for?","Enter a key or ckey",null) as null|text
if(!new_key)
return
var/new_ckey = sanitizeSQL(ckey(new_key))
var/datum/DBQuery/query_find_ckey = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE ckey = '[new_ckey]'")
var/new_ckey = ckey(new_key)
var/datum/DBQuery/query_find_ckey = SSdbcore.NewQuery(
"SELECT ckey FROM [format_table_name("player")] WHERE ckey = :ckey",
list("ckey" = new_ckey)
)
if(!query_find_ckey.warn_execute())
qdel(query_find_ckey)
return
@@ -24,29 +27,24 @@
target_key = new_key
if(QDELETED(usr))
return
if(target_ckey)
target_ckey = sanitizeSQL(target_ckey)
if(!target_key)
target_key = target_ckey
if(!admin_ckey)
admin_ckey = usr.ckey
if(!admin_ckey)
return
admin_ckey = sanitizeSQL(admin_ckey)
if(!target_ckey)
target_ckey = admin_ckey
if(!text)
text = input(usr,"Write your [type]","Create [type]") as null|message
if(!text)
return
text = sanitizeSQL(text)
if(!timestamp)
timestamp = SQLtime()
if(!server)
var/ssqlname = CONFIG_GET(string/serversqlname)
if (ssqlname)
server = ssqlname
server = sanitizeSQL(server)
if(isnull(secret))
switch(alert("Hide note from being viewed by players?", "Secret note?","Yes","No","Cancel"))
if("Yes")
@@ -60,8 +58,10 @@
var/expire_time = input("Set expiry time for [type] as format YYYY-MM-DD HH:MM:SS. All times in server time. HH:MM:SS is optional and 24-hour. Must be later than current time for obvious reasons.", "Set expiry time", SQLtime()) as null|text
if(!expire_time)
return
expire_time = sanitizeSQL(expire_time)
var/datum/DBQuery/query_validate_expire_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[expire_time]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[expire_time]','%Y-%c-%d %T'), 0)")
var/datum/DBQuery/query_validate_expire_time = SSdbcore.NewQuery(
"SELECT IF(STR_TO_DATE(:expire_time,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:expire_time,'%Y-%c-%d %T'), 0)",
list("expire_time" = expire_time)
)
if(!query_validate_expire_time.warn_execute())
qdel(query_validate_expire_time)
return
@@ -77,8 +77,23 @@
note_severity = input("Set the severity of the note.", "Severity", null, null) as null|anything in list("High", "Medium", "Minor", "None")
if(!note_severity)
return
note_severity = sanitizeSQL(note_severity)
var/datum/DBQuery/query_create_message = SSdbcore.NewQuery("INSERT INTO [format_table_name("messages")] (type, targetckey, adminckey, text, timestamp, server, server_ip, server_port, round_id, secret, expire_timestamp, severity) VALUES ('[type]', '[target_ckey]', '[admin_ckey]', '[text]', '[timestamp]', '[server]', INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]', '[GLOB.round_id]','[secret]', [expiry ? "'[expiry]'" : "NULL"], [note_severity ? "'[note_severity]'" : "NULL"])")
var/datum/DBQuery/query_create_message = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("messages")] (type, targetckey, adminckey, text, timestamp, server, server_ip, server_port, round_id, secret, expire_timestamp, severity)
VALUES (:type, :target_ckey, :admin_ckey, :text, :timestamp, :server, INET_ATON(:internet_address), :port, :round_id, :secret, :expiry, :note_severity)
"}, list(
"type" = type,
"target_ckey" = target_ckey,
"admin_ckey" = admin_ckey,
"text" = text,
"timestamp" = timestamp,
"server" = server,
"internet_address" = world.internet_address || "0",
"port" = "[world.port]",
"round_id" = GLOB.round_id,
"secret" = secret,
"expiry" = expiry || null,
"note_severity" = note_severity,
))
var/pm = "[key_name(usr)] has created a [type][(type == "note" || type == "message" || type == "watchlist entry") ? " for [target_key]" : ""]: [text]"
var/header = "[key_name(usr)] has created a [type][(type == "note" || type == "message" || type == "watchlist entry") ? " for [target_key]" : ""]" // yogs - Yog Tickets
if(!query_create_message.warn_execute())
@@ -107,7 +122,11 @@
var/text
var/user_key_name = key_name(usr)
var/user_name_admin = key_name_admin(usr)
var/datum/DBQuery/query_find_del_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), text FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_del_message = SSdbcore.NewQuery(
"SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), text FROM [format_table_name("messages")] WHERE id = :id AND deleted = 0",
list("id" = message_id)
)
if(!query_find_del_message.warn_execute())
qdel(query_find_del_message)
return
@@ -116,7 +135,12 @@
target_key = query_find_del_message.item[2]
text = query_find_del_message.item[3]
qdel(query_find_del_message)
var/datum/DBQuery/query_del_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET deleted = 1 WHERE id = [message_id]")
var/datum/DBQuery/query_del_message = SSdbcore.NewQuery(
"UPDATE [format_table_name("messages")] SET deleted = 1 WHERE id = :id",
list("id" = message_id)
)
if(!query_del_message.warn_execute())
qdel(query_del_message)
return
@@ -138,11 +162,19 @@
message_id = text2num(message_id)
if(!message_id)
return
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = usr.ckey
var/editor_key = usr.key
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_edit_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_edit_message = SSdbcore.NewQuery({"
SELECT
type,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), targetckey),
text
FROM [format_table_name("messages")]
WHERE id = :id AND deleted = 0
"}, list("id" = message_id))
if(!query_find_edit_message.warn_execute())
qdel(query_find_edit_message)
return
@@ -155,9 +187,12 @@
if(!new_text)
qdel(query_find_edit_message)
return
new_text = sanitizeSQL(new_text)
var/edit_text = sanitizeSQL("Edited by [editor_key] on [SQLtime()] from<br>[old_text]<br>to<br>[new_text]<hr>")
var/datum/DBQuery/query_edit_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET text = '[new_text]', lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
var/edit_text = "Edited by [editor_key] on [SQLtime()] from<br>[old_text]<br>to<br>[new_text]<hr>"
var/datum/DBQuery/query_edit_message = SSdbcore.NewQuery({"
UPDATE [format_table_name("messages")]
SET text = :text, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
WHERE id = :id AND deleted = 0
"}, list("text" = new_text, "lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
if(!query_edit_message.warn_execute())
qdel(query_edit_message)
return
@@ -177,11 +212,19 @@
message_id = text2num(message_id)
if(!message_id)
return
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = usr.ckey
var/editor_key = usr.key
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_edit_expiry_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), expire_timestamp FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_edit_expiry_message = SSdbcore.NewQuery({"
SELECT
type,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
expire_timestamp
FROM [format_table_name("messages")]
WHERE id = :id AND deleted = 0
"}, list("id" = message_id))
if(!query_find_edit_expiry_message.warn_execute())
qdel(query_find_edit_expiry_message)
return
@@ -198,8 +241,9 @@
if(expire_time == "-1")
new_expiry = "non-expiring"
else
expire_time = sanitizeSQL(expire_time)
var/datum/DBQuery/query_validate_expire_time_edit = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[expire_time]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[expire_time]','%Y-%c-%d %T'), 0)")
var/datum/DBQuery/query_validate_expire_time_edit = SSdbcore.NewQuery({"
SELECT IF(STR_TO_DATE(:expire_time,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:expire_time,'%Y-%c-%d %T'), 0)
"}, list("expire_time" = expire_time))
if(!query_validate_expire_time_edit.warn_execute())
qdel(query_validate_expire_time_edit)
qdel(query_find_edit_expiry_message)
@@ -213,8 +257,12 @@
return
new_expiry = query_validate_expire_time_edit.item[1]
qdel(query_validate_expire_time_edit)
var/edit_text = sanitizeSQL("Expiration time edited by [editor_key] on [SQLtime()] from [old_expiry] to [new_expiry]<hr>")
var/datum/DBQuery/query_edit_message_expiry = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET expire_timestamp = [expire_time == "-1" ? "NULL" : "'[new_expiry]'"], lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
var/edit_text = "Expiration time edited by [editor_key] on [SQLtime()] from [old_expiry] to [new_expiry]<hr>"
var/datum/DBQuery/query_edit_message_expiry = SSdbcore.NewQuery({"
UPDATE [format_table_name("messages")]
SET expire_timestamp = :expire_time, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
WHERE id = :id AND deleted = 0
"}, list("expire_time" = (expire_time == "-1" ? null : new_expiry), "lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
if(!query_edit_message_expiry.warn_execute())
qdel(query_edit_message_expiry)
qdel(query_find_edit_expiry_message)
@@ -237,7 +285,15 @@
return
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_edit_note_severity = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), severity FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_edit_note_severity = SSdbcore.NewQuery({"
SELECT
type,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
severity
FROM [format_table_name("messages")]
WHERE id = :id AND deleted = 0
"}, list("id" = message_id))
if(!query_find_edit_note_severity.warn_execute())
qdel(query_find_edit_note_severity)
return
@@ -248,15 +304,19 @@
var/old_severity = query_find_edit_note_severity.item[4]
if(!old_severity)
old_severity = "NA"
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = usr.key
var/editor_ckey = usr.ckey
var/new_severity = input("Set the severity of the note.", "Severity", null, null) as null|anything in list("high", "medium", "minor", "none") //lowercase for edit log consistency
if(!new_severity)
qdel(query_find_edit_note_severity)
return
new_severity = sanitizeSQL(new_severity)
var/edit_text = sanitizeSQL("Note severity edited by [editor_key] on [SQLtime()] from [old_severity] to [new_severity]<hr>")
var/datum/DBQuery/query_edit_note_severity = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET severity = '[new_severity]', lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
new_severity = new_severity
var/edit_text = "Note severity edited by [editor_key] on [SQLtime()] from [old_severity] to [new_severity]<hr>"
var/datum/DBQuery/query_edit_note_severity = SSdbcore.NewQuery({"
UPDATE [format_table_name("messages")]
SET severity = :severity, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
WHERE id = :id AND deleted = 0
"}, list("severity" = new_severity, "lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
if(!query_edit_note_severity.warn_execute(async = TRUE))
qdel(query_edit_note_severity)
qdel(qdel(query_find_edit_note_severity))
@@ -274,11 +334,19 @@
message_id = text2num(message_id)
if(!message_id)
return
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = usr.ckey
var/editor_key = usr.key
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_message_secret = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), secret FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_message_secret = SSdbcore.NewQuery({"
SELECT
type,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), targetckey),
secret
FROM [format_table_name("messages")]
WHERE id = :id AND deleted = 0
"}, list("id" = message_id))
if(!query_find_message_secret.warn_execute())
qdel(query_find_message_secret)
return
@@ -288,7 +356,11 @@
var/admin_key = query_find_message_secret.item[3]
var/secret = text2num(query_find_message_secret.item[4])
var/edit_text = "Made [secret ? "not secret" : "secret"] by [editor_key] on [SQLtime()]<hr>"
var/datum/DBQuery/query_message_secret = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET secret = NOT secret, lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id]")
var/datum/DBQuery/query_message_secret = SSdbcore.NewQuery({"
UPDATE [format_table_name("messages")]
SET secret = NOT secret, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
WHERE id = :id
"}, list("lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
if(!query_message_secret.warn_execute())
qdel(query_find_message_secret)
qdel(query_message_secret)
@@ -328,7 +400,20 @@
else
output += "<a href='?_src_=holder;[HrefToken()];showwatchfilter=1'>Filter offline clients</a></center>"
output += ruler
var/datum/DBQuery/query_get_type_messages = SSdbcore.NewQuery("SELECT id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, server, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), expire_timestamp FROM [format_table_name("messages")] WHERE type = '[type]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)")
var/datum/DBQuery/query_get_type_messages = SSdbcore.NewQuery({"
SELECT
id,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
targetckey,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
text,
timestamp,
server,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor),
expire_timestamp
FROM [format_table_name("messages")]
WHERE type = :type AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
"}, list("type" = type))
if(!query_get_type_messages.warn_execute())
qdel(query_get_type_messages)
return
@@ -361,9 +446,24 @@
output += "<br>[text]<hr style='background:#000000; border:0; height:1px'>"
qdel(query_get_type_messages)
if(target_ckey)
target_ckey = sanitizeSQL(target_ckey)
var/target_key
var/datum/DBQuery/query_get_messages = SSdbcore.NewQuery("SELECT type, secret, id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, server, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), DATEDIFF(NOW(), timestamp), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), expire_timestamp, severity FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey = '[target_ckey]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY timestamp DESC")
var/datum/DBQuery/query_get_messages = SSdbcore.NewQuery({"
SELECT
type,
secret,
id,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
text,
timestamp,
server,
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor),
DATEDIFF(NOW(), timestamp),
IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
expire_timestamp, severity
FROM [format_table_name("messages")]
WHERE type <> 'memo' AND targetckey = :targetckey AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
ORDER BY timestamp DESC
"}, list("targetckey" = target_ckey))
if(!query_get_messages.warn_execute())
qdel(query_get_messages)
return
@@ -441,7 +541,9 @@
notedata += data
qdel(query_get_messages)
if(!target_key)
var/datum/DBQuery/query_get_message_key = SSdbcore.NewQuery("SELECT byond_key FROM [format_table_name("player")] WHERE ckey = '[target_ckey]'")
var/datum/DBQuery/query_get_message_key = SSdbcore.NewQuery({"
SELECT byond_key FROM [format_table_name("player")] WHERE ckey = :ckey
"}, list("ckey" = target_ckey))
if(!query_get_message_key.warn_execute())
qdel(query_get_message_key)
return
@@ -478,8 +580,6 @@
var/search
output += "<center><a href='?_src_=holder;[HrefToken()];addmessageempty=1'>Add message</a><a href='?_src_=holder;[HrefToken()];addwatchempty=1'>Add watchlist entry</a><a href='?_src_=holder;[HrefToken()];addnoteempty=1'>Add note</a></center>"
output += ruler
if(!isnum(index))
index = sanitizeSQL(index)
switch(index)
if(1)
search = "^."
@@ -487,7 +587,17 @@
search = "^\[^\[:alpha:\]\]"
else
search = "^[index]"
var/datum/DBQuery/query_list_messages = SSdbcore.NewQuery("SELECT DISTINCT targetckey, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey) FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey REGEXP '[search]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY targetckey")
var/datum/DBQuery/query_list_messages = SSdbcore.NewQuery({"
SELECT DISTINCT
targetckey,
(SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey)
FROM [format_table_name("messages")]
WHERE type <> 'memo'
AND targetckey REGEXP :search
AND deleted = 0
AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
ORDER BY targetckey
"}, list("search" = search))
if(!query_list_messages.warn_execute())
qdel(query_list_messages)
return
@@ -514,12 +624,19 @@
if(!type)
return
var/output
if(target_ckey)
target_ckey = sanitizeSQL(target_ckey)
var/query = "SELECT id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor) FROM [format_table_name("messages")] WHERE type = '[type]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)"
if(type == "message" || type == "watchlist entry")
query += " AND targetckey = '[target_ckey]'"
var/datum/DBQuery/query_get_message_output = SSdbcore.NewQuery(query)
var/datum/DBQuery/query_get_message_output = SSdbcore.NewQuery({"
SELECT
id,
(SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey),
text,
timestamp,
(SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor)
FROM [format_table_name("messages")]
WHERE type = :type
AND deleted = 0
AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
AND ((type != 'message' AND type != 'watchlist entry') OR targetckey = :targetckey)
"}, list("targetckey" = target_ckey, "type" = type))
if(!query_get_message_output.warn_execute())
qdel(query_get_message_output)
return
@@ -533,7 +650,10 @@
if("message")
output += "<font color='red' size='3'><b>Admin message left by <span class='prefix'>[admin_key]</span> on [timestamp]</b></font>"
output += "<br><font color='red'>[text]</font><br>"
var/datum/DBQuery/query_message_read = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET type = 'message sent' WHERE id = [message_id]")
var/datum/DBQuery/query_message_read = SSdbcore.NewQuery(
"UPDATE [format_table_name("messages")] SET type = 'message sent' WHERE id = :id",
list("id" = message_id)
)
if(!query_message_read.warn_execute())
qdel(query_get_message_output)
qdel(query_message_read)
@@ -573,7 +693,7 @@
var/timestamp = note.group[1]
notetext = note.group[2]
var/admin_ckey = note.group[3]
var/datum/DBQuery/query_convert_time = SSdbcore.NewQuery("SELECT ADDTIME(STR_TO_DATE('[timestamp]','%d-%b-%Y'), '0')")
var/datum/DBQuery/query_convert_time = SSdbcore.NewQuery("SELECT ADDTIME(STR_TO_DATE(:timestamp,'%d-%b-%Y'), '0')", list("timestamp" = timestamp))
if(!query_convert_time.Execute())
qdel(query_convert_time)
return

33
code/modules/admin/stickyban.dm
View File

@@ -33,7 +33,10 @@
ban["message"] = "[reason]"
if(SSdbcore.Connect())
var/datum/DBQuery/query_create_stickyban = SSdbcore.NewQuery("INSERT INTO [format_table_name("stickyban")] (ckey, reason, banning_admin) VALUES ('[sanitizeSQL(ckey)]', '[sanitizeSQL(ban["message"])]', '[sanitizeSQL(usr.ckey)]')")
var/datum/DBQuery/query_create_stickyban = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("stickyban")] (ckey, reason, banning_admin)
VALUES (:ckey, :message, :banning_admin)
"}, list("ckey" = ckey, "message" = ban["message"], "banning_admin" = usr.ckey))
if (query_create_stickyban.warn_execute())
ban["fromdb"] = TRUE
qdel(query_create_stickyban)
@@ -68,10 +71,10 @@
if (SSdbcore.Connect())
SSdbcore.QuerySelect(list(
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban")] WHERE ckey = '[sanitizeSQL(ckey)]'"),
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = '[sanitizeSQL(ckey)]'"),
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_cid")] WHERE stickyban = '[sanitizeSQL(ckey)]'"),
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ip")] WHERE stickyban = '[sanitizeSQL(ckey)]'")
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban")] WHERE ckey = :ckey", list("ckey" = ckey)),
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = :ckey", list("ckey" = ckey)),
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_cid")] WHERE stickyban = :ckey", list("ckey" = ckey)),
SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ip")] WHERE stickyban = :ckey", list("ckey" = ckey))
), warn = TRUE, qdel = TRUE)
@@ -116,7 +119,10 @@
SSstickyban.cache[ckey] = ban
if (SSdbcore.Connect())
var/datum/DBQuery/query_remove_stickyban_alt = SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = '[sanitizeSQL(ckey)]' AND matched_ckey = '[sanitizeSQL(alt)]'")
var/datum/DBQuery/query_remove_stickyban_alt = SSdbcore.NewQuery(
"DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = :ckey AND matched_ckey = :alt",
list("ckey" = ckey, "alt" = alt)
)
query_remove_stickyban_alt.warn_execute()
qdel(query_remove_stickyban_alt)
@@ -147,7 +153,10 @@
SSstickyban.cache[ckey] = ban
if (SSdbcore.Connect())
var/datum/DBQuery/query_edit_stickyban = SSdbcore.NewQuery("UPDATE [format_table_name("stickyban")] SET reason = '[sanitizeSQL(reason)]' WHERE ckey = '[sanitizeSQL(ckey)]'")
var/datum/DBQuery/query_edit_stickyban = SSdbcore.NewQuery(
"UPDATE [format_table_name("stickyban")] SET reason = :reason WHERE ckey = :ckey",
list("reason" = reason, "ckey" = ckey)
)
query_edit_stickyban.warn_execute()
qdel(query_edit_stickyban)
@@ -194,7 +203,10 @@
SSstickyban.cache[ckey] = ban
if (SSdbcore.Connect())
var/datum/DBQuery/query_exempt_stickyban_alt = SSdbcore.NewQuery("UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 1 WHERE stickyban = '[sanitizeSQL(ckey)]' AND matched_ckey = '[sanitizeSQL(alt)]'")
var/datum/DBQuery/query_exempt_stickyban_alt = SSdbcore.NewQuery(
"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 1 WHERE stickyban = :ckey AND matched_ckey = :alt",
list("ckey" = ckey, "alt" = alt)
)
query_exempt_stickyban_alt.warn_execute()
qdel(query_exempt_stickyban_alt)
@@ -241,7 +253,10 @@
SSstickyban.cache[ckey] = ban
if (SSdbcore.Connect())
var/datum/DBQuery/query_unexempt_stickyban_alt = SSdbcore.NewQuery("UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 0 WHERE stickyban = '[sanitizeSQL(ckey)]' AND matched_ckey = '[sanitizeSQL(alt)]'")
var/datum/DBQuery/query_unexempt_stickyban_alt = SSdbcore.NewQuery(
"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 0 WHERE stickyban = :ckey AND matched_ckey = :alt",
list("ckey" = ckey, "alt" = alt)
)
query_unexempt_stickyban_alt.warn_execute()
qdel(query_unexempt_stickyban_alt)

7
code/modules/admin/topic.dm
View File

@@ -897,8 +897,11 @@
else if(href_list["messageedits"])
if(!check_rights(R_ADMIN))
return
var/message_id = sanitizeSQL("[href_list["messageedits"]]")
var/datum/DBQuery/query_get_message_edits = SSdbcore.NewQuery("SELECT edits FROM [format_table_name("messages")] WHERE id = '[message_id]'")
var/datum/DBQuery/query_get_message_edits = SSdbcore.NewQuery(
"SELECT edits FROM [format_table_name("messages")] WHERE id = :message_id",
list("message_id" = href_list["messageedits"])
)
if(!query_get_message_edits.warn_execute())
qdel(query_get_message_edits)
return

7
code/modules/bsql/LICENSE
View File

@@ -1,7 +0,0 @@
Copyright 2018 Jordan Brown
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

68
code/modules/bsql/core/connection.dm
View File

@@ -1,68 +0,0 @@
/datum/BSQL_Connection
var/id
var/connection_type
BSQL_PROTECT_DATUM(/datum/BSQL_Connection)
/datum/BSQL_Connection/New(connection_type, asyncTimeout, blockingTimeout, threadLimit)
if(asyncTimeout == null)
asyncTimeout = BSQL_DEFAULT_TIMEOUT
if(blockingTimeout == null)
blockingTimeout = asyncTimeout
if(threadLimit == null)
threadLimit = BSQL_DEFAULT_THREAD_LIMIT
src.connection_type = connection_type
world._BSQL_InitCheck(src)
var/error = world._BSQL_Internal_Call("CreateConnection", connection_type, "[asyncTimeout]", "[blockingTimeout]", "[threadLimit]")
if(error)
BSQL_ERROR(error)
return
id = world._BSQL_Internal_Call("GetConnection")
if(!id)
BSQL_ERROR("BSQL library failed to provide connect operation for connection id [id]([connection_type])!")
BSQL_DEL_PROC(/datum/BSQL_Connection)
var/error
if(id)
error = world._BSQL_Internal_Call("ReleaseConnection", id)
. = ..()
if(error)
BSQL_ERROR(error)
/datum/BSQL_Connection/BeginConnect(ipaddress, port, username, password, database)
var/error = world._BSQL_Internal_Call("OpenConnection", id, ipaddress, "[port]", username, password, database)
if(error)
BSQL_ERROR(error)
return
var/op_id = world._BSQL_Internal_Call("GetOperation")
if(!op_id)
BSQL_ERROR("Library failed to provide connect operation for connection id [id]([connection_type])!")
return
return new /datum/BSQL_Operation(src, op_id)
/datum/BSQL_Connection/BeginQuery(query)
var/error = world._BSQL_Internal_Call("NewQuery", id, query)
if(error)
BSQL_ERROR(error)
return
var/op_id = world._BSQL_Internal_Call("GetOperation")
if(!op_id)
BSQL_ERROR("Library failed to provide query operation for connection id [id]([connection_type])!")
return
return new /datum/BSQL_Operation/Query(src, op_id)
/datum/BSQL_Connection/Quote(str)
if(!str)
return null;
. = world._BSQL_Internal_Call("QuoteString", id, "[str]")
if(!.)
BSQL_ERROR("Library failed to provide quote for [str]!")

43
code/modules/bsql/core/library.dm
View File

@@ -1,43 +0,0 @@
/world/proc/_BSQL_Internal_Call(func, ...)
var/list/call_args = args.Copy(2)
BSQL_Debug("_BSQL_Internal_Call: [args[1]]([call_args.Join(", ")])")
. = call(_BSQL_Library_Path(), func)(arglist(call_args))
BSQL_Debug("Result: [. == null ? "NULL" : "\"[.]\""]")
/world/proc/_BSQL_Library_Path()
return system_type == MS_WINDOWS ? "BSQL.dll" : "libBSQL.so"
/world/proc/_BSQL_InitCheck(datum/BSQL_Connection/caller)
var/static/library_initialized = FALSE
if(_BSQL_Initialized())
return
var/libPath = _BSQL_Library_Path()
if(!fexists(libPath))
BSQL_DEL_CALL(caller)
BSQL_ERROR("Could not find [libPath]!")
return
var/version = _BSQL_Internal_Call("Version")
if(version != BSQL_VERSION)
BSQL_DEL_CALL(caller)
BSQL_ERROR("BSQL DMAPI version mismatch! Expected [BSQL_VERSION], got [version == null ? "NULL" : version]!")
return
var/result = _BSQL_Internal_Call("Initialize")
if(result)
BSQL_DEL_CALL(caller)
BSQL_ERROR(result)
return
_BSQL_Initialized(TRUE)
/world/proc/_BSQL_Initialized(new_val)
var/static/bsql_library_initialized = FALSE
if(new_val != null)
bsql_library_initialized = new_val
return bsql_library_initialized
/world/BSQL_Shutdown()
if(!_BSQL_Initialized())
return
_BSQL_Internal_Call("Shutdown")
_BSQL_Initialized(FALSE)

47
code/modules/bsql/core/operation.dm
View File

@@ -1,47 +0,0 @@
/datum/BSQL_Operation
var/datum/BSQL_Connection/connection
var/id
BSQL_PROTECT_DATUM(/datum/BSQL_Operation)
/datum/BSQL_Operation/New(datum/BSQL_Connection/connection, id)
src.connection = connection
src.id = id
BSQL_DEL_PROC(/datum/BSQL_Operation)
var/error
if(!BSQL_IS_DELETED(connection))
error = world._BSQL_Internal_Call("ReleaseOperation", connection.id, id)
. = ..()
if(error)
BSQL_ERROR(error)
/datum/BSQL_Operation/IsComplete()
if(BSQL_IS_DELETED(connection))
return TRUE
var/result = world._BSQL_Internal_Call("OpComplete", connection.id, id)
if(!result)
BSQL_ERROR("Error fetching operation [id] for connection [connection.id]!")
return
return result == "DONE"
/datum/BSQL_Operation/GetError()
if(BSQL_IS_DELETED(connection))
return "Connection deleted!"
return world._BSQL_Internal_Call("GetError", connection.id, id)
/datum/BSQL_Operation/GetErrorCode()
if(BSQL_IS_DELETED(connection))
return -2
return text2num(world._BSQL_Internal_Call("GetErrorCode", connection.id, id))
/datum/BSQL_Operation/WaitForCompletion()
if(BSQL_IS_DELETED(connection))
return
var/error = world._BSQL_Internal_Call("BlockOnOperation", connection.id, id)
if(error)
if(error == "Operation timed out!") //match this with the implementation
return FALSE
BSQL_ERROR("Error waiting for operation [id] for connection [connection.id]! [error]")
return
return TRUE

35
code/modules/bsql/core/query.dm
View File

@@ -1,35 +0,0 @@
/datum/BSQL_Operation/Query
var/last_result_json
var/list/last_result
BSQL_PROTECT_DATUM(/datum/BSQL_Operation/Query)
/datum/BSQL_Operation/Query/CurrentRow()
return last_result
/datum/BSQL_Operation/Query/IsComplete()
//whole different ballgame here
if(BSQL_IS_DELETED(connection))
return TRUE
var/result = world._BSQL_Internal_Call("ReadyRow", connection.id, id)
switch(result)
if("DONE")
//load the data
LoadQueryResult()
return TRUE
if("NOTDONE")
return FALSE
else
BSQL_ERROR(result)
/datum/BSQL_Operation/Query/WaitForCompletion()
. = ..()
if(.)
LoadQueryResult()
/datum/BSQL_Operation/Query/proc/LoadQueryResult()
last_result_json = world._BSQL_Internal_Call("GetRow", connection.id, id)
if(last_result_json)
last_result = json_decode(last_result_json)
else
last_result = null

4
code/modules/bsql/includes.dm
View File

@@ -1,4 +0,0 @@
#include "core\connection.dm"
#include "core\library.dm"
#include "core\operation.dm"
#include "core\query.dm"

75
code/modules/client/client_procs.dm
View File

@@ -520,8 +520,10 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
return
if(!SSdbcore.Connect())
return
var/sql_ckey = sanitizeSQL(src.ckey)
var/datum/DBQuery/query_get_related_ip = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE ip = INET_ATON('[address]') AND ckey != '[sql_ckey]'")
var/datum/DBQuery/query_get_related_ip = SSdbcore.NewQuery(
"SELECT ckey FROM [format_table_name("player")] WHERE ip = INET_ATON(:address) AND ckey != :ckey",
list("address" = address, "ckey" = ckey)
)
if(!query_get_related_ip.Execute())
qdel(query_get_related_ip)
return
@@ -529,7 +531,10 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
while(query_get_related_ip.NextRow())
related_accounts_ip += "[query_get_related_ip.item[1]], "
qdel(query_get_related_ip)
var/datum/DBQuery/query_get_related_cid = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE computerid = '[computer_id]' AND ckey != '[sql_ckey]'")
var/datum/DBQuery/query_get_related_cid = SSdbcore.NewQuery(
"SELECT ckey FROM [format_table_name("player")] WHERE computerid = :computerid AND ckey != :ckey",
list("computerid" = computer_id, "ckey" = ckey)
)
if(!query_get_related_cid.Execute())
qdel(query_get_related_cid)
return
@@ -543,11 +548,11 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
else
if (!GLOB.deadmins[ckey] && check_randomizer(connectiontopic))
return
var/sql_ip = sanitizeSQL(address)
var/sql_computerid = sanitizeSQL(computer_id)
var/sql_admin_rank = sanitizeSQL(admin_rank)
var/new_player
var/datum/DBQuery/query_client_in_db = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'")
var/datum/DBQuery/query_client_in_db = SSdbcore.NewQuery(
"SELECT 1 FROM [format_table_name("player")] WHERE ckey = :ckey",
list("ckey" = ckey)
)
if(!query_client_in_db.Execute())
qdel(query_client_in_db)
return
@@ -568,9 +573,11 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
return
new_player = 1
account_join_date = sanitizeSQL(findJoinDate())
var/sql_key = sanitizeSQL(key)
var/datum/DBQuery/query_add_player = SSdbcore.NewQuery("INSERT INTO [format_table_name("player")] (`ckey`, `byond_key`, `firstseen`, `firstseen_round_id`, `lastseen`, `lastseen_round_id`, `ip`, `computerid`, `lastadminrank`, `accountjoindate`) VALUES ('[sql_ckey]', '[sql_key]', Now(), '[GLOB.round_id]', Now(), '[GLOB.round_id]', INET_ATON('[sql_ip]'), '[sql_computerid]', '[sql_admin_rank]', [account_join_date ? "'[account_join_date]'" : "NULL"])")
account_join_date = findJoinDate()
var/datum/DBQuery/query_add_player = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("player")] (`ckey`, `byond_key`, `firstseen`, `firstseen_round_id`, `lastseen`, `lastseen_round_id`, `ip`, `computerid`, `lastadminrank`, `accountjoindate`)
VALUES (:ckey, :key, Now(), :round_id, Now(), :round_id, INET_ATON(:ip), :computerid, :adminrank, :account_join_date)
"}, list("ckey" = ckey, "key" = key, "round_id" = GLOB.round_id, "ip" = address, "computerid" = computer_id, "adminrank" = admin_rank, "account_join_date" = account_join_date || null))
if(!query_add_player.Execute())
qdel(query_client_in_db)
qdel(query_add_player)
@@ -580,7 +587,10 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
account_join_date = "Error"
account_age = -1
qdel(query_client_in_db)
var/datum/DBQuery/query_get_client_age = SSdbcore.NewQuery("SELECT firstseen, DATEDIFF(Now(),firstseen), accountjoindate, DATEDIFF(Now(),accountjoindate) FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'")
var/datum/DBQuery/query_get_client_age = SSdbcore.NewQuery(
"SELECT firstseen, DATEDIFF(Now(),firstseen), accountjoindate, DATEDIFF(Now(),accountjoindate) FROM [format_table_name("player")] WHERE ckey = :ckey",
list("ckey" = ckey)
)
if(!query_get_client_age.Execute())
qdel(query_get_client_age)
return
@@ -591,11 +601,14 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
account_join_date = query_get_client_age.item[3]
account_age = text2num(query_get_client_age.item[4])
if(!account_age)
account_join_date = sanitizeSQL(findJoinDate())
account_join_date = findJoinDate()
if(!account_join_date)
account_age = -1
else
var/datum/DBQuery/query_datediff = SSdbcore.NewQuery("SELECT DATEDIFF(Now(),'[account_join_date]')")
var/datum/DBQuery/query_datediff = SSdbcore.NewQuery(
"SELECT DATEDIFF(Now(), :account_join_date)",
list("account_join_date" = account_join_date)
)
if(!query_datediff.Execute())
qdel(query_datediff)
return
@@ -604,7 +617,10 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
qdel(query_datediff)
qdel(query_get_client_age)
if(!new_player)
var/datum/DBQuery/query_log_player = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET lastseen = Now(), lastseen_round_id = '[GLOB.round_id]', ip = INET_ATON('[sql_ip]'), computerid = '[sql_computerid]', lastadminrank = '[sql_admin_rank]', accountjoindate = [account_join_date ? "'[account_join_date]'" : "NULL"] WHERE ckey = '[sql_ckey]'")
var/datum/DBQuery/query_log_player = SSdbcore.NewQuery(
"UPDATE [format_table_name("player")] SET lastseen = Now(), lastseen_round_id = :round_id, ip = INET_ATON(:ip), computerid = :computerid, lastadminrank = :admin_rank, accountjoindate = :account_join_date WHERE ckey = :ckey",
list("round_id" = GLOB.round_id, "ip" = address, "computerid" = computer_id, "admin_rank" = admin_rank, "account_join_date" = account_join_date || null, "ckey" = ckey)
)
if(!query_log_player.Execute())
qdel(query_log_player)
return
@@ -631,9 +647,11 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
CRASH("Age check regex failed for [src.ckey]")
/client/proc/validate_key_in_db()
var/sql_ckey = sanitizeSQL(ckey)
var/sql_key
var/datum/DBQuery/query_check_byond_key = SSdbcore.NewQuery("SELECT byond_key FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'")
var/datum/DBQuery/query_check_byond_key = SSdbcore.NewQuery(
"SELECT byond_key FROM [format_table_name("player")] WHERE ckey = :ckey",
list("ckey" = ckey)
)
if(!query_check_byond_key.Execute())
qdel(query_check_byond_key)
return
@@ -649,8 +667,11 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
if(F)
var/regex/R = regex("\\tkey = \"(.+)\"")
if(R.Find(F))
var/web_key = sanitizeSQL(R.group[1])
var/datum/DBQuery/query_update_byond_key = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET byond_key = '[web_key]' WHERE ckey = '[sql_ckey]'")
var/web_key = R.group[1]
var/datum/DBQuery/query_update_byond_key = SSdbcore.NewQuery(
"UPDATE [format_table_name("player")] SET byond_key = :byond_key WHERE ckey = :ckey",
list("byond_key" = web_key, "ckey" = ckey)
)
query_update_byond_key.Execute()
qdel(query_update_byond_key)
else
@@ -667,8 +688,10 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
var/static/tokens = list()
var/static/cidcheck_failedckeys = list() //to avoid spamming the admins if the same guy keeps trying.
var/static/cidcheck_spoofckeys = list()
var/sql_ckey = sanitizeSQL(ckey)
var/datum/DBQuery/query_cidcheck = SSdbcore.NewQuery("SELECT computerid FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'")
var/datum/DBQuery/query_cidcheck = SSdbcore.NewQuery(
"SELECT computerid FROM [format_table_name("player")] WHERE ckey = :ckey",
list("ckey" = ckey)
)
query_cidcheck.Execute()
var/lastcid
@@ -743,10 +766,11 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
add_system_note("CID-Error", "Detected as using a cid randomizer.")
/client/proc/add_system_note(system_ckey, message)
var/sql_system_ckey = sanitizeSQL(system_ckey)
var/sql_ckey = sanitizeSQL(ckey)
//check to see if we noted them in the last day.
var/datum/DBQuery/query_get_notes = SSdbcore.NewQuery("SELECT id FROM [format_table_name("messages")] WHERE type = 'note' AND targetckey = '[sql_ckey]' AND adminckey = '[sql_system_ckey]' AND timestamp + INTERVAL 1 DAY < NOW() AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)")
var/datum/DBQuery/query_get_notes = SSdbcore.NewQuery(
"SELECT id FROM [format_table_name("messages")] WHERE type = 'note' AND targetckey = :targetckey AND adminckey = :adminckey AND timestamp + INTERVAL 1 DAY < NOW() AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)",
list("targetckey" = ckey, "adminckey" = system_ckey)
)
if(!query_get_notes.Execute())
qdel(query_get_notes)
return
@@ -755,7 +779,10 @@ GLOBAL_LIST_EMPTY(external_rsc_urls)
return
qdel(query_get_notes)
//regardless of above, make sure their last note is not from us, as no point in repeating the same note over and over.
query_get_notes = SSdbcore.NewQuery("SELECT adminckey FROM [format_table_name("messages")] WHERE targetckey = '[sql_ckey]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY timestamp DESC LIMIT 1")
query_get_notes = SSdbcore.NewQuery(
"SELECT adminckey FROM [format_table_name("messages")] WHERE targetckey = :targetckey AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY timestamp DESC LIMIT 1",
list("targetckey" = ckey)
)
if(!query_get_notes.Execute())
qdel(query_get_notes)
return

21
code/modules/jobs/job_exp.dm
View File

@@ -148,7 +148,7 @@ GLOBAL_PROTECT(exp_to_update)
set waitfor = FALSE
var/list/old_minutes = GLOB.exp_to_update
GLOB.exp_to_update = null
SSdbcore.MassInsert(format_table_name("role_time"), old_minutes, "ON DUPLICATE KEY UPDATE minutes = minutes + VALUES(minutes)")
SSdbcore.MassInsert(format_table_name("role_time"), old_minutes, duplicate_key = "ON DUPLICATE KEY UPDATE minutes = minutes + VALUES(minutes)")
//resets a client's exp to what was in the db.
/client/proc/set_exp_from_db()
@@ -156,7 +156,10 @@ GLOBAL_PROTECT(exp_to_update)
return -1
if(!SSdbcore.Connect())
return -1
var/datum/DBQuery/exp_read = SSdbcore.NewQuery("SELECT job, minutes FROM [format_table_name("role_time")] WHERE ckey = '[sanitizeSQL(ckey)]'")
var/datum/DBQuery/exp_read = SSdbcore.NewQuery(
"SELECT job, minutes FROM [format_table_name("role_time")] WHERE ckey = :ckey",
list("ckey" = ckey)
)
if(!exp_read.Execute(async = TRUE))
qdel(exp_read)
return -1
@@ -188,7 +191,10 @@ GLOBAL_PROTECT(exp_to_update)
else
prefs.db_flags |= newflag
var/datum/DBQuery/flag_update = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET flags = '[prefs.db_flags]' WHERE ckey='[sanitizeSQL(ckey)]'")
var/datum/DBQuery/flag_update = SSdbcore.NewQuery(
"UPDATE [format_table_name("player")] SET flags=:flags WHERE ckey=:ckey",
list("flags" = "[prefs.db_flags]", "ckey" = ckey)
)
if(!flag_update.Execute())
qdel(flag_update)
@@ -256,8 +262,8 @@ GLOBAL_PROTECT(exp_to_update)
CRASH("invalid job value [jtype]:[jvalue]")
LAZYINITLIST(GLOB.exp_to_update)
GLOB.exp_to_update.Add(list(list(
"job" = "'[sanitizeSQL(jtype)]'",
"ckey" = "'[sanitizeSQL(ckey)]'",
"job" = jtype,
"ckey" = ckey,
"minutes" = jvalue)))
prefs.exp[jtype] += jvalue
addtimer(CALLBACK(SSblackbox,/datum/controller/subsystem/blackbox/proc/update_exp_db),20,TIMER_OVERRIDE|TIMER_UNIQUE)
@@ -268,7 +274,10 @@ GLOBAL_PROTECT(exp_to_update)
if(!SSdbcore.Connect())
return FALSE
var/datum/DBQuery/flags_read = SSdbcore.NewQuery("SELECT flags FROM [format_table_name("player")] WHERE ckey='[ckey]'")
var/datum/DBQuery/flags_read = SSdbcore.NewQuery(
"SELECT flags FROM [format_table_name("player")] WHERE ckey=:ckey",
list("ckey" = ckey)
)
if(!flags_read.Execute(async = TRUE))
qdel(flags_read)

31
code/modules/library/lib_machines.dm
View File

@@ -48,8 +48,14 @@
else
dat += "<table>"
dat += "<tr><td>AUTHOR</td><td>TITLE</td><td>CATEGORY</td><td>SS<sup>13</sup>BN</td></tr>"
var/datum/DBQuery/query_library_list_books = SSdbcore.NewQuery(SQLquery)
var/datum/DBQuery/query_library_list_books = SSdbcore.NewQuery({"
SELECT author, title, category, id
FROM [format_table_name("library")]
WHERE isnull(deleted)
AND author LIKE :like_author
AND title LIKE :like_title
AND (:category = 'Any' OR category = :category)
"}, list("author" = author, "title" = title, "category" = category, "like_author" = "%[author]%", "like_title" = "%[title]%"))
if(!query_library_list_books.Execute())
dat += "<font color=red><b>ERROR</b>: Unable to retrieve book listings. Please contact your system administrator for assistance.</font><BR>"
else
@@ -82,21 +88,18 @@
title = sanitize(newtitle)
else
title = null
title = sanitizeSQL(title)
if(href_list["setcategory"])
var/newcategory = input("Choose a category to search for:") in list("Any", "Fiction", "Non-Fiction", "Adult", "Reference", "Religion")
if(newcategory)
category = sanitize(newcategory)
else
category = "Any"
category = sanitizeSQL(category)
if(href_list["setauthor"])
var/newauthor = input("Enter an author to search for:") as text|null
if(newauthor)
author = sanitize(newauthor)
else
author = null
author = sanitizeSQL(author)
if(href_list["search"])
SQLquery = "SELECT author, title, category, id FROM [format_table_name("library")] WHERE isnull(deleted) AND "
if(category == "Any")
@@ -418,13 +421,12 @@ GLOBAL_LIST(cachedbooks) // List of our cached book datums
alert("Connection to Archive has been severed. Aborting.")
else
var/sqltitle = sanitizeSQL(scanner.cache.name)
var/sqlauthor = sanitizeSQL(scanner.cache.author)
var/sqlcontent = sanitizeSQL(scanner.cache.dat)
var/sqlcategory = sanitizeSQL(upload_category)
var/sqlckey = sanitizeSQL(usr.ckey)
var/msg = "[key_name(usr)] has uploaded the book titled [scanner.cache.name], [length(scanner.cache.dat)] signs"
var/datum/DBQuery/query_library_upload = SSdbcore.NewQuery("INSERT INTO [format_table_name("library")] (author, title, content, category, ckey, datetime, round_id_created) VALUES ('[sqlauthor]', '[sqltitle]', '[sqlcontent]', '[sqlcategory]', '[sqlckey]', Now(), '[GLOB.round_id]')")
var/datum/DBQuery/query_library_upload = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("library")] (author, title, content, category, ckey, datetime, round_id_created)
VALUES (:author, :title, :content, :category, :ckey, Now(), :round_id)
"}, list("title" = scanner.cache.name, "author" = scanner.cache.author, "content" = scanner.cache.dat, "category" = upload_category, "ckey" = usr.ckey, "round_id" = GLOB.round_id))
if(!query_library_upload.Execute())
qdel(query_library_upload)
alert("Database error encountered uploading to Archive")
@@ -455,14 +457,17 @@ GLOBAL_LIST(cachedbooks) // List of our cached book datums
href_list["targetid"] = num2text(orderid)
if(href_list["targetid"])
var/sqlid = sanitizeSQL(href_list["targetid"])
var/id = href_list["targetid"]
if (!SSdbcore.Connect())
alert("Connection to Archive has been severed. Aborting.")
if(cooldown > world.time)
say("Printer unavailable. Please allow a short time before attempting to print.")
else
cooldown = world.time + PRINTER_COOLDOWN
var/datum/DBQuery/query_library_print = SSdbcore.NewQuery("SELECT * FROM [format_table_name("library")] WHERE id=[sqlid] AND isnull(deleted)")
var/datum/DBQuery/query_library_print = SSdbcore.NewQuery(
"SELECT * FROM [format_table_name("library")] WHERE id=:id AND isnull(deleted)",
list("id" = id)
)
if(!query_library_print.Execute())
qdel(query_library_print)
say("PRINTER ERROR! Failed to print document (0x0000000F)")

6
code/modules/library/random_books.dm
View File

@@ -49,8 +49,10 @@
return
if(prob(25))
category = null
var/c = category? " AND category='[sanitizeSQL(category)]'" :""
var/datum/DBQuery/query_get_random_books = SSdbcore.NewQuery("SELECT * FROM [format_table_name("library")] WHERE isnull(deleted)[c] GROUP BY title ORDER BY rand() LIMIT [amount];") // isdeleted copyright (c) not me
var/datum/DBQuery/query_get_random_books = SSdbcore.NewQuery(
"SELECT * FROM [format_table_name("library")] WHERE isnull(deleted) AND :category IS NULL OR category = :category ORDER BY rand() LIMIT :limit",
list("category" = category, "limit" = amount)
)
if(query_get_random_books.Execute())
while(query_get_random_books.NextRow())
var/obj/item/book/B = new(location)

14
code/modules/mob/dead/new_player/new_player.dm
View File

@@ -54,7 +54,19 @@
var/isadmin = 0
if(src.client && src.client.holder)
isadmin = 1
var/datum/DBQuery/query_get_new_polls = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_question")] WHERE [(isadmin ? "" : "adminonly = false AND")] Now() BETWEEN starttime AND endtime AND id NOT IN (SELECT pollid FROM [format_table_name("poll_vote")] WHERE ckey = \"[sanitizeSQL(ckey)]\") AND id NOT IN (SELECT pollid FROM [format_table_name("poll_textreply")] WHERE ckey = \"[sanitizeSQL(ckey)]\")")
var/datum/DBQuery/query_get_new_polls = SSdbcore.NewQuery({"
SELECT id FROM [format_table_name("poll_question")]
WHERE (adminonly = 0 OR :isadmin = 1)
AND Now() BETWEEN starttime AND endtime
AND id NOT IN (
SELECT pollid FROM [format_table_name("poll_vote")]
WHERE ckey = :ckey
)
AND id NOT IN (
SELECT pollid FROM [format_table_name("poll_textreply")]
WHERE ckey = :ckey
)
"}, list("isadmin" = isadmin, "ckey" = ckey))
var/rs = REF(src)
if(query_get_new_polls.Execute())
var/newpoll = 0

62
code/modules/mob/dead/new_player/poll.dm
View File

@@ -6,7 +6,10 @@
if(!SSdbcore.IsConnected())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
return
var/datum/DBQuery/query_poll_get = SSdbcore.NewQuery("SELECT id, question FROM [format_table_name("poll_question")] WHERE Now() BETWEEN starttime AND endtime [(client.holder ? "" : "AND adminonly = false")]")
var/datum/DBQuery/query_poll_get = SSdbcore.NewQuery("SELECT id, question FROM [format_table_name("poll_question")] WHERE Now() BETWEEN starttime AND endtime AND (:holder = '' OR adminonly = false)",
list("holder" = client.holder))
if(!query_poll_get.warn_execute())
qdel(query_poll_get)
return
@@ -29,7 +32,7 @@
if (!SSdbcore.Connect())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
return
var/datum/DBQuery/query_poll_get_details = SSdbcore.NewQuery("SELECT starttime, endtime, question, polltype, multiplechoiceoptions FROM [format_table_name("poll_question")] WHERE id = [pollid]")
var/datum/DBQuery/query_poll_get_details = SSdbcore.NewQuery("SELECT starttime, endtime, question, polltype, multiplechoiceoptions FROM [format_table_name("poll_question")] WHERE id = :pollid", list("pollid" = pollid))
if(!query_poll_get_details.warn_execute())
qdel(query_poll_get_details)
return
@@ -47,7 +50,7 @@
qdel(query_poll_get_details)
switch(polltype)
if(POLLTYPE_OPTION)
var/datum/DBQuery/query_option_get_votes = SSdbcore.NewQuery("SELECT optionid FROM [format_table_name("poll_vote")] WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_option_get_votes = SSdbcore.NewQuery("SELECT optionid FROM [format_table_name("poll_vote")] WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_option_get_votes.warn_execute())
qdel(query_option_get_votes)
return
@@ -56,7 +59,7 @@
votedoptionid = text2num(query_option_get_votes.item[1])
qdel(query_option_get_votes)
var/list/datum/polloption/options = list()
var/datum/DBQuery/query_option_options = SSdbcore.NewQuery("SELECT id, text FROM [format_table_name("poll_option")] WHERE pollid = [pollid]")
var/datum/DBQuery/query_option_options = SSdbcore.NewQuery("SELECT id, text FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid))
if(!query_option_options.warn_execute())
qdel(query_option_options)
return
@@ -91,7 +94,7 @@
output += "</div></BODY></HTML>"
src << browse(output,"window=playerpoll;size=500x250")
if(POLLTYPE_TEXT)
var/datum/DBQuery/query_text_get_votes = SSdbcore.NewQuery("SELECT replytext FROM [format_table_name("poll_textreply")] WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_text_get_votes = SSdbcore.NewQuery("SELECT replytext FROM [format_table_name("poll_textreply")] WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_text_get_votes.warn_execute())
qdel(query_text_get_votes)
return
@@ -119,7 +122,7 @@
src << browse(null ,"window=playerpolllist")
src << browse(output,"window=playerpoll;size=500x500")
if(POLLTYPE_RATING)
var/datum/DBQuery/query_rating_get_votes = SSdbcore.NewQuery("SELECT o.text, v.rating FROM [format_table_name("poll_option")] o, [format_table_name("poll_vote")] v WHERE o.pollid = [pollid] AND v.ckey = '[ckey]' AND o.id = v.optionid")
var/datum/DBQuery/query_rating_get_votes = SSdbcore.NewQuery("SELECT o.text, v.rating FROM [format_table_name("poll_option")] o, [format_table_name("poll_vote")] v WHERE o.pollid = :pollid AND v.ckey = :ckey AND o.id = v.optionid", list("pollid" = pollid, "ckey" = ckey))
if(!query_rating_get_votes.warn_execute())
qdel(query_rating_get_votes)
return
@@ -139,7 +142,7 @@
output += "<input type='hidden' name='votetype' value=[POLLTYPE_RATING]>"
var/minid = 999999
var/maxid = 0
var/datum/DBQuery/query_rating_options = SSdbcore.NewQuery("SELECT id, text, minval, maxval, descmin, descmid, descmax FROM [format_table_name("poll_option")] WHERE pollid = [pollid]")
var/datum/DBQuery/query_rating_options = SSdbcore.NewQuery("SELECT id, text, minval, maxval, descmin, descmid, descmax FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid))
if(!query_rating_options.warn_execute())
qdel(query_rating_options)
return
@@ -177,7 +180,7 @@
src << browse(null ,"window=playerpolllist")
src << browse(output,"window=playerpoll;size=500x500")
if(POLLTYPE_MULTI)
var/datum/DBQuery/query_multi_get_votes = SSdbcore.NewQuery("SELECT optionid FROM [format_table_name("poll_vote")] WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_multi_get_votes = SSdbcore.NewQuery("SELECT optionid FROM [format_table_name("poll_vote")] WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_multi_get_votes.warn_execute())
qdel(query_multi_get_votes)
return
@@ -188,7 +191,7 @@
var/list/datum/polloption/options = list()
var/maxoptionid = 0
var/minoptionid = 0
var/datum/DBQuery/query_multi_options = SSdbcore.NewQuery("SELECT id, text FROM [format_table_name("poll_option")] WHERE pollid = [pollid]")
var/datum/DBQuery/query_multi_options = SSdbcore.NewQuery("SELECT id, text FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid))
if(!query_multi_options.warn_execute())
qdel(query_multi_options)
return
@@ -232,7 +235,7 @@
var/datum/asset/irv_assets = get_asset_datum(/datum/asset/group/IRV)
irv_assets.send(src)
var/datum/DBQuery/query_irv_get_votes = SSdbcore.NewQuery("SELECT optionid FROM [format_table_name("poll_vote")] WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_irv_get_votes = SSdbcore.NewQuery("SELECT optionid FROM [format_table_name("poll_vote")] WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_irv_get_votes.warn_execute())
qdel(query_irv_get_votes)
return
@@ -244,7 +247,7 @@
var/list/datum/polloption/options = list()
var/datum/DBQuery/query_irv_options = SSdbcore.NewQuery("SELECT id, text FROM [format_table_name("poll_option")] WHERE pollid = [pollid]")
var/datum/DBQuery/query_irv_options = SSdbcore.NewQuery("SELECT id, text FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid))
if(!query_irv_options.warn_execute())
qdel(query_irv_options)
return
@@ -355,7 +358,7 @@
if (!SSdbcore.Connect())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
return
var/datum/DBQuery/query_hasvoted = SSdbcore.NewQuery("SELECT id FROM `[format_table_name(table)]` WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_hasvoted = SSdbcore.NewQuery("SELECT id FROM `[format_table_name(table)]` WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_hasvoted.warn_execute())
qdel(query_hasvoted)
return
@@ -394,7 +397,7 @@
if (!pollid || pollid < 0)
return 0
//validate the poll is actually the right type of poll and its still active
var/datum/DBQuery/query_validate_poll = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_question")] WHERE id = [pollid] AND Now() BETWEEN starttime AND endtime AND polltype = '[type]' [(holder ? "" : "AND adminonly = false")]")
var/datum/DBQuery/query_validate_poll = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_question")] WHERE id = :pollid AND Now() BETWEEN starttime AND endtime AND polltype = :type AND (:holder = '' OR adminonly = false)", list("pollid" = pollid, "type" = type, "holder" = holder))
if(!query_validate_poll.warn_execute())
qdel(query_validate_poll)
return 0
@@ -430,7 +433,7 @@
return 0
//lets collect the options
var/datum/DBQuery/query_irv_id = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_option")] WHERE pollid = [pollid]")
var/datum/DBQuery/query_irv_id = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid))
if(!query_irv_id.warn_execute())
qdel(query_irv_id)
return 0
@@ -460,17 +463,17 @@
for (var/vote in numberedvotelist)
if (sqlrowlist != "")
sqlrowlist += ", " //a comma (,) at the start of the first row to insert will trigger a SQL error
sqlrowlist += "(Now(), [pollid], [vote], '[sanitizeSQL(ckey)]', INET_ATON('[sanitizeSQL(address)]'), '[sanitizeSQL(rank)]')"
sqlrowlist += "(Now(), [pollid], [vote], '[ckey]', INET_ATON('[address]'), '[rank]')"
//now lets delete their old votes (if any)
var/datum/DBQuery/query_irv_del_old = SSdbcore.NewQuery("DELETE FROM [format_table_name("poll_vote")] WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_irv_del_old = SSdbcore.NewQuery("DELETE FROM [format_table_name("poll_vote")] WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_irv_del_old.warn_execute())
qdel(query_irv_del_old)
return 0
qdel(query_irv_del_old)
//now to add the new ones.
var/datum/DBQuery/query_irv_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime, pollid, optionid, ckey, ip, adminrank) VALUES [sqlrowlist]")
var/datum/DBQuery/query_irv_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime, pollid, optionid, ckey, ip, adminrank) VALUES :sqlrowlist", list("sqlrowlist" = sqlrowlist))
if(!query_irv_vote.warn_execute())
qdel(query_irv_vote)
return 0
@@ -494,10 +497,10 @@
var/voted = poll_check_voted(pollid)
if(isnull(voted) || voted) //Failed or already voted.
return
var/adminrank = sanitizeSQL(poll_rank())
var/adminrank = poll_rank()
if(!adminrank)
return
var/datum/DBQuery/query_option_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime, pollid, optionid, ckey, ip, adminrank) VALUES (Now(), [pollid], [optionid], '[ckey]', INET_ATON('[client.address]'), '[adminrank]')")
var/datum/DBQuery/query_option_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime, pollid, optionid, ckey, ip, adminrank) VALUES (Now(), :pollid, :optionid, :ckey, INET_ATON(:address), :adminrank)", list("pollid" = pollid, "optionid" = optionid, "ckey" = ckey, "address" = client.address, "adminrank" = adminrank))
if(!query_option_vote.warn_execute())
qdel(query_option_vote)
return
@@ -523,18 +526,17 @@
var/voted = poll_check_voted(pollid, text = TRUE, silent = TRUE)
if(isnull(voted))
return
var/adminrank = sanitizeSQL(poll_rank())
var/adminrank = poll_rank()
if(!adminrank)
return
replytext = sanitizeSQL(replytext)
if(!(length(replytext) > 0) || !(length(replytext) <= 8000))
to_chat(usr, "The text you entered was invalid or too long. Please correct the text and submit again.")
return
var/datum/DBQuery/query_text_vote
if(!voted)
query_text_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_textreply")] (datetime ,pollid ,ckey ,ip ,replytext ,adminrank) VALUES (Now(), [pollid], '[ckey]', INET_ATON('[client.address]'), '[replytext]', '[adminrank]')")
query_text_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_textreply")] (datetime ,pollid ,ckey ,ip ,replytext ,adminrank) VALUES (Now(), :pollid, :ckey, INET_ATON(:address), :replytext, :adminrank)", list("pollid" = pollid, "ckey" = ckey, "address" = client.address, "replytext" = replytext, "adminrank" = adminrank))
else
query_text_vote = SSdbcore.NewQuery("UPDATE [format_table_name("poll_textreply")] SET datetime = Now(), ip = INET_ATON('[client.address]'), replytext = '[replytext]' WHERE pollid = '[pollid]' AND ckey = '[ckey]'")
query_text_vote = SSdbcore.NewQuery("UPDATE [format_table_name("poll_textreply")] SET datetime = Now(), ip = INET_ATON(:address), replytext = :replytext WHERE pollid = :pollid AND ckey = :ckey", list("address" = client.address, "replytext" = replytext, "pollid" = pollid, "ckey" = ckey))
if(!query_text_vote.warn_execute())
qdel(query_text_vote)
return
@@ -554,7 +556,7 @@
//validate the poll
if (!vote_valid_check(pollid, client.holder, POLLTYPE_RATING))
return 0
var/datum/DBQuery/query_numval_hasvoted = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_vote")] WHERE optionid = [optionid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_numval_hasvoted = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_vote")] WHERE optionid = :optionid AND ckey = :ckey", list("optionid" = optionid, "ckey" = ckey))
if(!query_numval_hasvoted.warn_execute())
qdel(query_numval_hasvoted)
return
@@ -566,8 +568,9 @@
var/adminrank = "Player"
if(client.holder)
adminrank = client.holder.rank.name
adminrank = sanitizeSQL(adminrank)
var/datum/DBQuery/query_numval_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime ,pollid ,optionid ,ckey ,ip ,adminrank, rating) VALUES (Now(), [pollid], [optionid], '[ckey]', INET_ATON('[client.address]'), '[adminrank]', [(isnull(rating)) ? "null" : rating])")
if(isnull(rating))
rating = "null"
var/datum/DBQuery/query_numval_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime ,pollid ,optionid ,ckey ,ip ,adminrank, rating) VALUES (Now(), :pollid, :optionid, :ckey, INET_ATON(:address), :adminrank, :rating", list("pollid" = pollid, "optionid" = optionid, "ckey" = ckey, "address" = client.address, "adminrank" = adminrank, "rating" = rating))
if(!query_numval_vote.warn_execute())
qdel(query_numval_vote)
return
@@ -587,7 +590,7 @@
//validate the poll
if (!vote_valid_check(pollid, client.holder, POLLTYPE_MULTI))
return 0
var/datum/DBQuery/query_multi_choicelen = SSdbcore.NewQuery("SELECT multiplechoiceoptions FROM [format_table_name("poll_question")] WHERE id = [pollid]")
var/datum/DBQuery/query_multi_choicelen = SSdbcore.NewQuery("SELECT multiplechoiceoptions FROM [format_table_name("poll_question")] WHERE id = :pollid", list("pollid" = pollid))
if(!query_multi_choicelen.warn_execute())
qdel(query_multi_choicelen)
return 1
@@ -595,7 +598,7 @@
if(query_multi_choicelen.NextRow())
i = text2num(query_multi_choicelen.item[1])
qdel(query_multi_choicelen)
var/datum/DBQuery/query_multi_hasvoted = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_vote")] WHERE pollid = [pollid] AND ckey = '[ckey]'")
var/datum/DBQuery/query_multi_hasvoted = SSdbcore.NewQuery("SELECT id FROM [format_table_name("poll_vote")] WHERE pollid = :pollid AND ckey = :ckey", list("pollid" = pollid, "ckey" = ckey))
if(!query_multi_hasvoted.warn_execute())
qdel(query_multi_hasvoted)
return 1
@@ -610,8 +613,7 @@
var/adminrank = "Player"
if(!QDELETED(client) && client.holder)
adminrank = client.holder.rank.name
adminrank = sanitizeSQL(adminrank)
var/datum/DBQuery/query_multi_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime, pollid, optionid, ckey, ip, adminrank) VALUES (Now(), [pollid], [optionid], '[ckey]', INET_ATON('[client.address]'), '[adminrank]')")
var/datum/DBQuery/query_multi_vote = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_vote")] (datetime, pollid, optionid, ckey, ip, adminrank) VALUES (Now(), :pollid, :optionid, :ckey, INET_ATON(:address), :adminrank)", list("pollid" = pollid, "optionid" = optionid, "ckey" = ckey, "address" = client.address, "adminrank" = adminrank))
if(!query_multi_vote.warn_execute())
qdel(query_multi_vote)
return 1

4
code/modules/shuttle/emergency.dm
View File

@@ -318,7 +318,9 @@
set waitfor = FALSE
if(!SSdbcore.Connect())
return
var/datum/DBQuery/query_round_shuttle_name = SSdbcore.NewQuery("UPDATE [format_table_name("round")] SET shuttle_name = '[name]' WHERE id = [GLOB.round_id]")
var/datum/DBQuery/query_round_shuttle_name = SSdbcore.NewQuery({"
UPDATE [format_table_name("round")] SET shuttle_name = :name WHERE id = :round_id
"}, list("name" = name, "round_id" = GLOB.round_id))
query_round_shuttle_name.Execute()
qdel(query_round_shuttle_name)

7
dependencies.sh
View File

@@ -11,16 +11,13 @@ export BYOND_MINOR=${LIST[1]}
unset LIST
#rust_g git tag
export RUST_G_VERSION=0.4.4
#bsql git tag
export BSQL_VERSION=v1.4.0.0
export RUST_G_VERSION=0.4.5
#node version
export NODE_VERSION=12
# PHP version
export PHP_VERSION=5.6
export PHP_VERSION=7.2
# SpacemanDMM git tag
export SPACEMAN_DMM_VERSION=suite-1.4

BIN
libmariadb.dll
View File

Binary file not shown.

1
tools/deploy.sh
View File

@@ -37,5 +37,4 @@ cp -r strings/* $1/strings/
#dlls on windows
cp rust_g* $1/ || true
cp *BSQL.* $1/ || true
cp *byond-extools.* $1/ || true

21
tools/travis/build_bsql.sh
View File

@@ -1,21 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
source dependencies.sh
mkdir -p BSQL
cd BSQL
git init
git remote add origin https://github.com/tgstation/BSQL
git fetch --depth 1 origin $BSQL_VERSION
git checkout FETCH_HEAD
mkdir -p artifacts
cd artifacts
export CXX=g++-7
# The -D will be unnecessary past BSQL v1.4.0.0
cmake .. -DMARIA_LIBRARY=/usr/lib/i386-linux-gnu/libmariadb.so
make
mkdir -p ~/.byond/bin
ln -s $PWD/src/BSQL/libBSQL.so ../../libBSQL.so

1
tools/travis/install_build_tools.sh
View File

@@ -11,7 +11,6 @@ npm install --global yarn
pip3 install --user PyYaml
pip3 install --user beautifulsoup4
if ! hash php 2>/dev/null
then
phpenv global $PHP_VERSION

15
tools/travis/install_libmariadb.sh
View File

@@ -1,15 +0,0 @@
#!/bin/bash
set -euo pipefail
# get libmariadb, cache it so limmex doesn't get angery
if [ -f $HOME/libmariadb ]; then
#travis likes to interpret the cache command as it being a file for some reason
rm $HOME/libmariadb
fi
mkdir -p $HOME/libmariadb
if [ ! -f $HOME/libmariadb/libmariadb.so ]; then
wget http://www.byond.com/download/db/mariadb_client-2.0.0-linux.tgz
tar -xvf mariadb_client-2.0.0-linux.tgz
mv mariadb_client-2.0.0-linux/libmariadb.so $HOME/libmariadb/libmariadb.so
rm -rf mariadb_client-2.0.0-linux.tgz mariadb_client-2.0.0-linux
fi

5
tools/travis/install_rust_g.sh
View File

@@ -4,5 +4,6 @@ set -euo pipefail
source dependencies.sh
mkdir -p ~/.byond/bin
wget -O ~/.byond/bin/rust_g "https://github.com/tgstation/rust-g/releases/download/$RUST_G_VERSION/librust_g.so"
chmod +x ~/.byond/bin/rust_g
wget -O ~/.byond/bin/librust_g.so "https://github.com/tgstation/rust-g/releases/download/$RUST_G_VERSION/librust_g.so"
chmod +x ~/.byond/bin/librust_g.so
ldd ~/.byond/bin/librust_g.so

3
yogstation.dme
View File

@@ -24,8 +24,6 @@
#include "code\__DEFINES\antagonists.dm"
#include "code\__DEFINES\atmospherics.dm"
#include "code\__DEFINES\atom_hud.dm"
#include "code\__DEFINES\bsql.config.dm"
#include "code\__DEFINES\bsql.dm"
#include "code\__DEFINES\callbacks.dm"
#include "code\__DEFINES\cargo.dm"
#include "code\__DEFINES\cinematics.dm"
@@ -1543,7 +1541,6 @@
#include "code\modules\awaymissions\mission_code\undergroundoutpost45.dm"
#include "code\modules\awaymissions\mission_code\vrhub.dm"
#include "code\modules\awaymissions\mission_code\wildwest.dm"
#include "code\modules\bsql\includes.dm"
#include "code\modules\buildmode\bm_mode.dm"
#include "code\modules\buildmode\buildmode.dm"
#include "code\modules\buildmode\buttons.dm"

110
yogstation/code/modules/admin/sql_message_system.dm
View File

@@ -9,8 +9,8 @@
var/new_key = input(usr,"Who would you like to create a [type] for?","Enter a key or ckey",null) as null|text
if(!new_key)
return
var/new_ckey = sanitizeSQL(ckey(new_key))
var/datum/DBQuery/query_find_ckey = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE ckey = '[new_ckey]'")
var/new_ckey = ckey(new_key)
var/datum/DBQuery/query_find_ckey = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE ckey = :new_ckey", list("new_key" = new_ckey))
if(!query_find_ckey.warn_execute())
qdel(query_find_ckey)
return
@@ -23,29 +23,24 @@
target_key = new_key
if(QDELETED(usr))
return
if(target_ckey)
target_ckey = sanitizeSQL(target_ckey)
if(!target_key)
target_key = target_ckey
if(!admin_ckey)
admin_ckey = usr.ckey
if(!admin_ckey)
return
admin_ckey = sanitizeSQL(admin_ckey)
if(!target_ckey)
target_ckey = admin_ckey
if(!text)
text = input(usr,"Write your [type]","Create [type]") as null|message
if(!text)
return
text = sanitizeSQL(text)
if(!timestamp)
timestamp = SQLtime()
if(!server)
var/ssqlname = CONFIG_GET(string/serversqlname)
if (ssqlname)
server = ssqlname
server = sanitizeSQL(server)
if(isnull(secret))
switch(alert("Hide note from being viewed by players?", "Secret note?","Yes","No","Cancel"))
if("Yes")
@@ -59,8 +54,7 @@
var/expire_time = input("Set expiry time for [type] as format YYYY-MM-DD HH:MM:SS. All times in server time. HH:MM:SS is optional and 24-hour. Must be later than current time for obvious reasons.", "Set expiry time", SQLtime()) as null|text
if(!expire_time)
return
expire_time = sanitizeSQL(expire_time)
var/datum/DBQuery/query_validate_expire_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[expire_time]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[expire_time]','%Y-%c-%d %T'), 0)")
var/datum/DBQuery/query_validate_expire_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE(:expire_time,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:expire_time,'%Y-%c-%d %T'), 0)", list("expire_time" = expire_time))
if(!query_validate_expire_time.warn_execute())
qdel(query_validate_expire_time)
return
@@ -72,7 +66,24 @@
return
expiry = query_validate_expire_time.item[1]
qdel(query_validate_expire_time)
var/datum/DBQuery/query_create_message = SSdbcore.NewQuery("INSERT INTO [format_table_name("messages")] (type, targetckey, adminckey, text, timestamp, server, server_ip, server_port, round_id, secret, expire_timestamp) VALUES ('[type]', '[target_ckey]', '[admin_ckey]', '[text]', '[timestamp]', '[server]', INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]', '[GLOB.round_id]','[secret]', [expiry ? "'[expiry]'" : "NULL"])")
var/datum/DBQuery/query_create_message = SSdbcore.NewQuery({"
INSERT INTO [format_table_name("messages")] (type, targetckey, adminckey, text, timestamp, server, server_ip, server_port, round_id, secret, expire_timestamp)
VALUES (:type, :target_ckey, :admin_ckey, :text, :timestamp, :server, INET_ATON(:internet_address), :port, :round_id, :secret, :expiry)
"}, list(
"type" = type,
"target_ckey" = target_ckey,
"admin_ckey" = admin_ckey,
"text" = text,
"timestamp" = timestamp,
"server" = server,
"internet_address" = world.internet_address || "0",
"port" = "[world.port]",
"round_id" = GLOB.round_id,
"secret" = secret,
"expiry" = expiry || null,
))
var/pm = "[key_name(usr)] has created a [type][(type == "note" || type == "message" || type == "watchlist entry") ? " for [target_key]" : ""]: [text]"
var/header = "[key_name(usr)] has created a [type][(type == "note" || type == "message" || type == "watchlist entry") ? " for [target_key]" : ""]" // yogs - Yog Tickets
if(!query_create_message.warn_execute())
@@ -101,7 +112,7 @@
var/text
var/user_key_name = key_name(usr)
var/user_name_admin = key_name_admin(usr)
var/datum/DBQuery/query_find_del_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), text FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_del_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), text FROM [format_table_name("messages")] WHERE id = :message_id AND deleted = 0", list("message_id" = message_id))
if(!query_find_del_message.warn_execute())
qdel(query_find_del_message)
return
@@ -110,7 +121,7 @@
target_key = query_find_del_message.item[2]
text = query_find_del_message.item[3]
qdel(query_find_del_message)
var/datum/DBQuery/query_del_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET deleted = 1 WHERE id = [message_id]")
var/datum/DBQuery/query_del_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET deleted = 1 WHERE id = :message_id", list("message_id" = message_id))
if(!query_del_message.warn_execute())
qdel(query_del_message)
return
@@ -132,11 +143,11 @@
message_id = text2num(message_id)
if(!message_id)
return
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = usr.ckey
var/editor_key = usr.key
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_edit_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_edit_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text FROM [format_table_name("messages")] WHERE id = :message_id AND deleted = 0", list("message_id" = message_id))
if(!query_find_edit_message.warn_execute())
qdel(query_find_edit_message)
return
@@ -149,9 +160,8 @@
if(!new_text)
qdel(query_find_edit_message)
return
new_text = sanitizeSQL(new_text)
var/edit_text = sanitizeSQL("Edited by [editor_key] on [SQLtime()] from<br>[old_text]<br>to<br>[new_text]<hr>")
var/datum/DBQuery/query_edit_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET text = '[new_text]', lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
var/edit_text = "Edited by [editor_key] on [SQLtime()] from<br>[old_text]<br>to<br>[new_text]<hr>"
var/datum/DBQuery/query_edit_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET text = :new_text, lasteditor = :editor_ckey, edits = CONCAT(IFNULL(edits,''), :edit_text) WHERE id = :message_id AND deleted = 0", list("new_text" = new_text, "editor_ckey" = editor_ckey, "edit_text" = edit_text, "message_id" = message_id))
if(!query_edit_message.warn_execute())
qdel(query_edit_message)
return
@@ -171,11 +181,11 @@
message_id = text2num(message_id)
if(!message_id)
return
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = usr.ckey
var/editor_key = usr.key
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_edit_expiry_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), expire_timestamp FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_edit_expiry_message = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), expire_timestamp FROM [format_table_name("messages")] WHERE id = :message_id AND deleted = 0", list("message_id" = message_id))
if(!query_find_edit_expiry_message.warn_execute())
qdel(query_find_edit_expiry_message)
return
@@ -192,8 +202,7 @@
if(expire_time == "-1")
new_expiry = "non-expiring"
else
expire_time = sanitizeSQL(expire_time)
var/datum/DBQuery/query_validate_expire_time_edit = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[expire_time]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[expire_time]','%Y-%c-%d %T'), 0)")
var/datum/DBQuery/query_validate_expire_time_edit = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE(:expire_time,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:expire_time,'%Y-%c-%d %T'), 0)", list("expire_time" = expire_time))
if(!query_validate_expire_time_edit.warn_execute())
qdel(query_validate_expire_time_edit)
qdel(query_find_edit_expiry_message)
@@ -207,8 +216,13 @@
return
new_expiry = query_validate_expire_time_edit.item[1]
qdel(query_validate_expire_time_edit)
var/edit_text = sanitizeSQL("Expiration time edited by [editor_key] on [SQLtime()] from [old_expiry] to [new_expiry]<hr>")
var/datum/DBQuery/query_edit_message_expiry = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET expire_timestamp = [expire_time == "-1" ? "NULL" : "'[new_expiry]'"], lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
var/edit_text = "Expiration time edited by [editor_key] on [SQLtime()] from [old_expiry] to [new_expiry]<hr>"
var/expire_timestamp = "NULL"
if(expire_time == "-1")
expire_timestamp = "NULL"
else
expire_timestamp = new_expiry
var/datum/DBQuery/query_edit_message_expiry = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET expire_timestamp = :expire_timestamp, lasteditor = :editor_ckey, edits = CONCAT(IFNULL(edits,''), :edit_text) WHERE id = :message_id AND deleted = 0", list("expire_timestamp" = expire_timestamp, "editor_ckey" = editor_ckey, "edit_text" = edit_text, "message_id" = message_id))
if(!query_edit_message_expiry.warn_execute())
qdel(query_edit_message_expiry)
qdel(query_find_edit_expiry_message)
@@ -229,11 +243,11 @@
message_id = text2num(message_id)
if(!message_id)
return
var/editor_ckey = sanitizeSQL(usr.ckey)
var/editor_key = sanitizeSQL(usr.key)
var/editor_ckey = usr.ckey
var/editor_key = usr.key
var/kn = key_name(usr)
var/kna = key_name_admin(usr)
var/datum/DBQuery/query_find_message_secret = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), secret FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
var/datum/DBQuery/query_find_message_secret = SSdbcore.NewQuery("SELECT type, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), secret FROM [format_table_name("messages")] WHERE id = :message_id AND deleted = 0", list("message_id" = message_id))
if(!query_find_message_secret.warn_execute())
qdel(query_find_message_secret)
return
@@ -243,7 +257,7 @@
var/admin_key = query_find_message_secret.item[3]
var/secret = text2num(query_find_message_secret.item[4])
var/edit_text = "Made [secret ? "not secret" : "secret"] by [editor_key] on [SQLtime()]<hr>"
var/datum/DBQuery/query_message_secret = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET secret = NOT secret, lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id]")
var/datum/DBQuery/query_message_secret = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET secret = NOT secret, lasteditor = :editor_ckey, edits = CONCAT(IFNULL(edits,''), :edit_text) WHERE id = :message_id", list("editor_ckey" = editor_ckey, "edit_text" = edit_text, "message_id" = message_id))
if(!query_message_secret.warn_execute())
qdel(query_find_message_secret)
qdel(query_message_secret)
@@ -283,7 +297,7 @@
else
output += "|<a href='?_src_=holder;[HrefToken()];showwatchfilter=1'>\[Filter offline clients\]</a></center>"
output += ruler
var/datum/DBQuery/query_get_type_messages = SSdbcore.NewQuery("SELECT id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, server, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), expire_timestamp FROM [format_table_name("messages")] WHERE type = '[type]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)")
var/datum/DBQuery/query_get_type_messages = SSdbcore.NewQuery("SELECT id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, server, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), expire_timestamp FROM [format_table_name("messages")] WHERE type = :type AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)", list("type" = type))
if(!query_get_type_messages.warn_execute())
qdel(query_get_type_messages)
return
@@ -316,9 +330,8 @@
output += "<br>[text]<hr style='background:#000000; border:0; height:1px'>"
qdel(query_get_type_messages)
if(target_ckey)
target_ckey = sanitizeSQL(target_ckey)
var/target_key
var/datum/DBQuery/query_get_messages = SSdbcore.NewQuery("SELECT type, secret, id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, server, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), DATEDIFF(NOW(), timestamp), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), expire_timestamp FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey = '[target_ckey]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY timestamp DESC")
var/datum/DBQuery/query_get_messages = SSdbcore.NewQuery("SELECT type, secret, id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, server, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), DATEDIFF(NOW(), timestamp), (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), expire_timestamp FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey = :target_ckey AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY timestamp DESC", list("target_ckey" = target_ckey))
if(!query_get_messages.warn_execute())
qdel(query_get_messages)
return
@@ -387,7 +400,7 @@
notedata += data
qdel(query_get_messages)
if(!target_key)
var/datum/DBQuery/query_get_message_key = SSdbcore.NewQuery("SELECT byond_key FROM [format_table_name("player")] WHERE ckey = '[target_ckey]'")
var/datum/DBQuery/query_get_message_key = SSdbcore.NewQuery("SELECT byond_key FROM [format_table_name("player")] WHERE ckey = :target_ckey", list("target_ckey" = target_ckey))
if(!query_get_message_key.warn_execute())
qdel(query_get_message_key)
return
@@ -425,8 +438,7 @@
var/search
output += "<center><a href='?_src_=holder;[HrefToken()];addmessageempty=1'>\[Add message\]</a><a href='?_src_=holder;[HrefToken()];addwatchempty=1'>\[Add watchlist entry\]</a><a href='?_src_=holder;[HrefToken()];addnoteempty=1'>\[Add note\]</a></center>"
output += ruler
if(!isnum(index))
index = sanitizeSQL(index)
switch(index)
if(1)
search = "^."
@@ -434,7 +446,17 @@
search = "^\[^\[:alpha:\]\]"
else
search = "^[index]"
var/datum/DBQuery/query_list_messages = SSdbcore.NewQuery("SELECT DISTINCT targetckey, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey) FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey REGEXP '[search]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY targetckey")
var/datum/DBQuery/query_list_messages = SSdbcore.NewQuery({"
SELECT DISTINCT
targetckey,
(SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey)
FROM [format_table_name("messages")]
WHERE type <> 'memo'
AND targetckey REGEXP :search
AND deleted = 0
AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
ORDER BY targetckey
"}, list("search" = search))
if(!query_list_messages.warn_execute())
qdel(query_list_messages)
return
@@ -443,6 +465,8 @@
return
var/index_ckey = query_list_messages.item[1]
var/index_key = query_list_messages.item[2]
if(!index_key)
index_key = index_ckey
output += "<a href='?_src_=holder;[HrefToken()];showmessageckey=[index_ckey]'>[index_key]</a><br>"
qdel(query_list_messages)
else if(!type && !target_ckey && !index)
@@ -457,12 +481,12 @@
if(!type)
return
var/output
if(target_ckey)
target_ckey = sanitizeSQL(target_ckey)
var/query = "SELECT id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor) FROM [format_table_name("messages")] WHERE type = '[type]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)"
var/values = list("type" = type)
var/query = "SELECT id, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), text, timestamp, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor) FROM [format_table_name("messages")] WHERE type = :type AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)"
if(type == "message" || type == "watchlist entry")
query += " AND targetckey = '[target_ckey]'"
var/datum/DBQuery/query_get_message_output = SSdbcore.NewQuery(query)
query += " AND targetckey = :target_ckey"
values["target_ckey"] = target_ckey
var/datum/DBQuery/query_get_message_output = SSdbcore.NewQuery(query, values)
if(!query_get_message_output.warn_execute())
qdel(query_get_message_output)
return
@@ -476,7 +500,7 @@
if("message")
output += "<font color='red' size='3'><b>Admin message left by <span class='prefix'>[admin_key]</span> on [timestamp]</b></font>"
output += "<br><font color='red'>[text]</font><br>"
var/datum/DBQuery/query_message_read = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET type = 'message sent' WHERE id = [message_id]")
var/datum/DBQuery/query_message_read = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET type = 'message sent' WHERE id = :message_id", list("message_id" = message_id))
if(!query_message_read.warn_execute())
qdel(query_get_message_output)
qdel(query_message_read)
@@ -513,7 +537,7 @@
var/timestamp = note.group[1]
notetext = note.group[2]
var/admin_ckey = note.group[3]
var/datum/DBQuery/query_convert_time = SSdbcore.NewQuery("SELECT ADDTIME(STR_TO_DATE('[timestamp]','%d-%b-%Y'), '0')")
var/datum/DBQuery/query_convert_time = SSdbcore.NewQuery("SELECT ADDTIME(STR_TO_DATE(:timestamp,'%d-%b-%Y'), '0')", list("timestamp" = timestamp))
if(!query_convert_time.Execute())
qdel(query_convert_time)
return

11
yogstation/code/modules/admin/topic.dm
View File

@@ -8,8 +8,7 @@
//why is this called hippie stop it thats bad
/datum/admins/proc/checkMentorEditList(ckey)
var/sql_key = sanitizeSQL("[ckey]")
var/datum/DBQuery/query_memoedits = SSdbcore.NewQuery("SELECT edits FROM [format_table_name("mentor_memo")] WHERE (ckey = '[sql_key]')")
var/datum/DBQuery/query_memoedits = SSdbcore.NewQuery("SELECT edits FROM [format_table_name("mentor_memo")] WHERE (ckey = :key)", list("key" = ckey))
if(!query_memoedits.warn_execute())
qdel(query_memoedits)
return
@@ -38,7 +37,7 @@
new /datum/mentors(ckey)
if(SSdbcore.Connect())
var/datum/DBQuery/query_get_mentor = SSdbcore.NewQuery("SELECT id FROM `[format_table_name("mentor")]` WHERE `ckey` = '[ckey]'")
var/datum/DBQuery/query_get_mentor = SSdbcore.NewQuery("SELECT id FROM `[format_table_name("mentor")]` WHERE `ckey` = :ckey", list("ckey" = ckey))
query_get_mentor.warn_execute()
if(query_get_mentor.NextRow())
to_chat(usr, "<span class='danger'>[ckey] is already a mentor.</span>", confidential=TRUE)
@@ -46,13 +45,13 @@
return
qdel(query_get_mentor)
var/datum/DBQuery/query_add_mentor = SSdbcore.NewQuery("INSERT INTO `[format_table_name("mentor")]` (`id`, `ckey`) VALUES (null, '[ckey]')")
var/datum/DBQuery/query_add_mentor = SSdbcore.NewQuery("INSERT INTO `[format_table_name("mentor")]` (`id`, `ckey`) VALUES (null, :ckey)", list("ckey" = ckey))
if(!query_add_mentor.warn_execute())
qdel(query_add_mentor)
return
qdel(query_add_mentor)
var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO `[format_table_name("admin_log")]` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Added new mentor [ckey]');")
var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO `[format_table_name("admin_log")]` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , :usrckey, :address, :ckey);", list("usrckey" = usr.ckey, "address" = usr.client.address, "ckey" = "Added new mentor [ckey]"))
if(!query_add_admin_log.warn_execute())
qdel(query_add_admin_log)
return
@@ -87,7 +86,7 @@
GLOB.mentors -= C
if(SSdbcore.Connect())
var/datum/DBQuery/query_remove_mentor = SSdbcore.NewQuery("DELETE FROM `[format_table_name("mentor")]` WHERE `ckey` = '[ckey]'")
var/datum/DBQuery/query_remove_mentor = SSdbcore.NewQuery("DELETE FROM `[format_table_name("mentor")]` WHERE `ckey` = :ckey", list("ckey" = ckey))
query_remove_mentor.warn_execute()
qdel(query_remove_mentor)

24
yogstation/code/modules/client/client_procs.dm
View File

@@ -5,27 +5,27 @@
if(!SSdbcore.Connect())
return
var/datum/DBQuery/query_logout = SSdbcore.NewQuery("UPDATE [format_table_name("connection_log")] SET `left` = Now() WHERE id = [number]")
query_logout.Execute(async = TRUE)
var/datum/DBQuery/query_logout = SSdbcore.NewQuery("UPDATE [format_table_name("connection_log")] SET `[format_table_name("connection_log")]`.`left` = Now() WHERE id = :number", list("number" = number))
if(!query_logout.Execute())
log_sql("Failed: [query_logout.last_error]")
log_sql("SQL: [query_logout.sql]")
var/list/uwu = query_logout.arguments
log_sql("Arguments: [uwu.Join(", ")]")
qdel(query_logout)
/client/proc/sync_login_with_db()
if(!SSdbcore.Connect())
return
var/sql_ckey = sanitizeSQL(ckey)
var/sql_ip = sanitizeSQL(address)
var/sql_computerid = sanitizeSQL(computer_id)
var/serverip = "[world.internet_address]"
var/datum/DBQuery/query_log_connection = SSdbcore.NewQuery("INSERT INTO `[format_table_name("connection_log")]` (`id`, `datetime`, `server_ip`, `server_port`, `round_id`, `ckey`, `ip`, `computerid`) VALUES(null, Now(), INET_ATON('[serverip]'), '[world.port]', '[GLOB.round_id]', '[sql_ckey]', INET_ATON('[sql_ip]'), '[sql_computerid]')")
if(query_log_connection.Execute(async = TRUE))
var/datum/DBQuery/query_log_connection = SSdbcore.NewQuery({"INSERT INTO `[format_table_name("connection_log")]` (`id`, `datetime`, `server_ip`, `server_port`, `round_id`, `ckey`, `ip`, `computerid`)
VALUES(null, Now(), INET_ATON(:serverip), :port, :round_id, :ckey, INET_ATON(:address), :computer_id)"},
list("serverip" = serverip, "port" = world.port, "round_id" = GLOB.round_id, "ckey" = ckey, "address" = address, "computer_id" = computer_id))
if(query_log_connection.Execute())
if(query_log_connection.last_insert_id)
connection_number = "[num2text(query_log_connection.last_insert_id,24)]"
qdel(query_log_connection)
var/datum/DBQuery/query_getid = SSdbcore.NewQuery("SELECT LAST_INSERT_ID();")
query_getid.Execute(async = TRUE)
if(query_getid.NextRow())
connection_number = query_getid.item[1]
qdel(query_getid)
/client/proc/yogs_client_procs(href_list)
if(href_list["mentor_msg"])

8
yogstation/code/modules/client/verbs/antag_token.dm
View File

@@ -18,7 +18,7 @@ GLOBAL_LIST_EMPTY(antag_token_users)
to_chat(usr, "<span class='userdanger'>You cannot use this verb yet! Please wait.</span>")
return
var/datum/DBQuery/query_antag_token_existing = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE ckey = '[sanitizeSQL(ckey(ckey))]' AND redeemed = 0"})
var/datum/DBQuery/query_antag_token_existing = SSdbcore.NewQuery({"SELECT ckey FROM [format_table_name("antag_tokens")] WHERE ckey = :ckey AND redeemed = 0"}, list("ckey" = ckey(ckey)))
if(!query_antag_token_existing.warn_execute())
qdel(query_antag_token_existing)
@@ -68,8 +68,8 @@ GLOBAL_LIST_EMPTY(antag_token_users)
to_chat(C, "<span class='userdanger'>Your antag token has been used!</span>")
var/datum/DBQuery/query_antag_token = SSdbcore.NewQuery({"SELECT id
FROM [format_table_name("antag_tokens")] WHERE ckey = '[sanitizeSQL(ckey(ckey))]' AND redeemed = 0
ORDER BY granted_time DESC"})
FROM [format_table_name("antag_tokens")] WHERE ckey = :ckey AND redeemed = 0
ORDER BY granted_time DESC"}, list("ckey" = ckey(ckey)))
if(!query_antag_token.warn_execute())
message_admins("Failed to use antag token for player '[ckey]'! Please do this manually!")
@@ -79,7 +79,7 @@ GLOBAL_LIST_EMPTY(antag_token_users)
if(query_antag_token.NextRow())
var/id = query_antag_token.item[1]
var/datum/DBQuery/query_antag_token_redeem = SSdbcore.NewQuery({"UPDATE [format_table_name("antag_tokens")] SET redeemed = 1, denying_admin = 'AUTOMATICALLY REDEEMED'
WHERE id = [id]"})
WHERE id = :id"}, list("id" = id))
if(!query_antag_token_redeem.warn_execute())
message_admins("Failed to use antag token for player '[ckey]'! Please do this manually!")
qdel(query_antag_token_redeem)

32
yogstation/code/modules/mentor/mentor_memo.dm
View File

@@ -36,10 +36,9 @@
to_chat(src, "<span class='danger'>Failed to establish database connection.</span>", confidential=TRUE)
return
var/sql_ckey = sanitizeSQL(ckey)
switch(task)
if("Write")
var/datum/DBQuery/query_memocheck = SSdbcore.NewQuery("SELECT ckey FROM `[format_table_name("mentor_memo")]` WHERE `ckey` = '[sql_ckey]'")
var/datum/DBQuery/query_memocheck = SSdbcore.NewQuery("SELECT ckey FROM `[format_table_name("mentor_memo")]` WHERE `ckey` = :ckey", list("ckey" = ckey))
if(!query_memocheck.warn_execute())
qdel(query_memocheck)
return
@@ -54,9 +53,8 @@
if(!memotext)
return
memotext = sanitizeSQL(memotext)
var/timestamp = SQLtime()
var/datum/DBQuery/query_memoadd = SSdbcore.NewQuery("INSERT INTO `[format_table_name("mentor_memo")]` (ckey, memotext, timestamp) VALUES ('[sql_ckey]', '[memotext]', '[timestamp]')")
var/datum/DBQuery/query_memoadd = SSdbcore.NewQuery("INSERT INTO `[format_table_name("mentor_memo")]` (ckey, memotext, timestamp) VALUES (:ckey, :memotext, :timestamp)", list("ckey" = ckey, "memotext" = memotext, "timestamp" = timestamp))
if(!query_memoadd.warn_execute())
qdel(query_memoadd)
return
@@ -85,8 +83,7 @@
if(!target_ckey)
return
var/target_sql_ckey = sanitizeSQL(target_ckey)
var/datum/DBQuery/query_memofind = SSdbcore.NewQuery("SELECT `memotext` FROM `[format_table_name("mentor_memo")]` WHERE `ckey` = '[target_sql_ckey]'")
var/datum/DBQuery/query_memofind = SSdbcore.NewQuery("SELECT `memotext` FROM `[format_table_name("mentor_memo")]` WHERE `ckey` = :target_ckey", list("target_ckey" = target_ckey))
if(!query_memofind.warn_execute())
qdel(query_memofind)
return
@@ -98,22 +95,22 @@
qdel(query_memofind)
return
new_memo = sanitizeSQL(new_memo)
var/edit_text = "Edited by [sql_ckey] on [SQLtime()] from<br>[old_memo]<br>to<br>[new_memo]<hr>"
edit_text = sanitizeSQL(edit_text)
var/datum/DBQuery/update_query = SSdbcore.NewQuery("UPDATE `[format_table_name("mentor_memo")]` SET `memotext` = '[new_memo]', `last_editor` = '[sql_ckey]', `edits` = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE `ckey` = '[target_sql_ckey]'")
var/edit_text = "Edited by [ckey] on [SQLtime()] from<br>[old_memo]<br>to<br>[new_memo]<hr>"
var/datum/DBQuery/update_query = SSdbcore.NewQuery("UPDATE `[format_table_name("mentor_memo")]` SET `memotext` = :new_memo, `last_editor` = :sql_ckey, `edits` = CONCAT(IFNULL(edits,''), :edit_text) WHERE `ckey` = :target_ckey",
list("new_memo" = new_memo, "sql_ckey" = ckey, "edit_text" = edit_text, "target_ckey" = target_ckey))
if(!update_query.warn_execute())
qdel(query_memofind)
qdel(update_query)
return
qdel(update_query)
if(target_sql_ckey == sql_ckey)
if(target_ckey == ckey)
log_admin("[key_name(src)] has edited their mentor memo from [old_memo] to [new_memo]")
message_admins("[key_name_admin(src)] has edited their mentor memo from<br>[old_memo]<br>to<br>[new_memo]")
else
log_admin("[key_name(src)] has edited [target_sql_ckey]'s mentor memo from [old_memo] to [new_memo]")
message_admins("[key_name_admin(src)] has edited [target_sql_ckey]'s mentor memo from<br>[old_memo]<br>to<br>[new_memo]")
log_admin("[key_name(src)] has edited [target_ckey]'s mentor memo from [old_memo] to [new_memo]")
message_admins("[key_name_admin(src)] has edited [target_ckey]'s mentor memo from<br>[old_memo]<br>to<br>[new_memo]")
qdel(query_memofind)
@@ -162,16 +159,15 @@
if(!target_ckey)
return
var/target_sql_ckey = sanitizeSQL(target_ckey)
var/datum/DBQuery/query_memodel = SSdbcore.NewQuery("DELETE FROM `[format_table_name("mentor_memo")]` WHERE `ckey` = '[target_sql_ckey]'")
var/datum/DBQuery/query_memodel = SSdbcore.NewQuery("DELETE FROM `[format_table_name("mentor_memo")]` WHERE `ckey` = :target_ckey", list("target_ckey" = target_ckey))
if(!query_memodel.warn_execute())
qdel(query_memodel)
return
qdel(query_memodel)
if(target_sql_ckey == sql_ckey)
if(target_ckey == ckey)
log_admin("[key_name(src)] has removed their mentor memo.")
message_admins("[key_name_admin(src)] has removed their mentor memo.")
else
log_admin("[key_name(src)] has removed [target_sql_ckey]'s mentor memo.")
message_admins("[key_name_admin(src)] has removed [target_sql_ckey]'s mentor memo.")
log_admin("[key_name(src)] has removed [target_ckey]'s mentor memo.")
message_admins("[key_name_admin(src)] has removed [target_ckey]'s mentor memo.")

10
yogstation/code/modules/mob/new_player/poll.dm
View File

@@ -38,7 +38,7 @@
if(!SSdbcore.IsConnected())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
return
var/datum/DBQuery/select_query = SSdbcore.NewQuery("SELECT polltype, question, adminonly, multiplechoiceoptions, starttime, endtime FROM [format_table_name("poll_question")] WHERE id = [pollid]")
var/datum/DBQuery/select_query = SSdbcore.NewQuery("SELECT polltype, question, adminonly, multiplechoiceoptions, starttime, endtime FROM [format_table_name("poll_question")] WHERE id = :pollid", list("pollid" = pollid))
select_query.Execute()
var/question = ""
var/polltype = ""
@@ -68,7 +68,7 @@
var output = "<!DOCTYPE html><html><HEAD><meta charset='UTF-8'></HEAD><body>"
if(polltype == POLLTYPE_MULTI || polltype == POLLTYPE_OPTION)
select_query = SSdbcore.NewQuery("SELECT text, (SELECT COUNT(optionid) FROM [format_table_name("poll_vote")] WHERE optionid = [format_table_name("poll_option")].id GROUP BY optionid) AS votecount FROM [format_table_name("poll_option")] WHERE pollid = [pollid]");
select_query = SSdbcore.NewQuery("SELECT text, (SELECT COUNT(optionid) FROM [format_table_name("poll_vote")] WHERE optionid = [format_table_name("poll_option")].id GROUP BY optionid) AS votecount FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid));
select_query.Execute()
var/list/options = list()
var/total_votes = 1
@@ -115,7 +115,7 @@
<tr bgcolor='#ddffdd'>
<th colspan='4' align='center'>[question]<br><font size='1'><b>[starttime] - [endtime]</b></font></th>
</tr>"}
select_query = SSdbcore.NewQuery("SELECT id, text, (SELECT AVG(rating) FROM [format_table_name("poll_vote")] WHERE optionid = [format_table_name("poll_option")].id AND rating != 'abstain') AS avgrating, (SELECT COUNT(rating) FROM [format_table_name("poll_vote")] WHERE optionid = [format_table_name("poll_option")].id AND rating != 'abstain') AS countvotes, minval, maxval FROM [format_table_name("poll_option")] WHERE pollid = [pollid]")
select_query = SSdbcore.NewQuery("SELECT id, text, (SELECT AVG(rating) FROM [format_table_name("poll_vote")] WHERE optionid = [format_table_name("poll_option")].id AND rating != 'abstain') AS avgrating, (SELECT COUNT(rating) FROM [format_table_name("poll_vote")] WHERE optionid = [format_table_name("poll_option")].id AND rating != 'abstain') AS countvotes, minval, maxval FROM [format_table_name("poll_option")] WHERE pollid = :pollid", list("pollid" = pollid))
select_query.Execute()
while(select_query.NextRow())
output += {"
@@ -131,7 +131,7 @@
var/maxvote = 1
var/list/votecounts = list()
for(var/I in minval to maxval)
var/datum/DBQuery/rating_query = SSdbcore.NewQuery("SELECT COUNT(rating) AS countrating FROM [format_table_name("poll_vote")] WHERE optionid = [optionid] AND rating = [I] GROUP BY rating")
var/datum/DBQuery/rating_query = SSdbcore.NewQuery("SELECT COUNT(rating) AS countrating FROM [format_table_name("poll_vote")] WHERE optionid = :optionid AND rating = :I GROUP BY rating", list("optionid" = optionid, "I" = I))
rating_query.Execute()
var/votecount = 0
while(rating_query.NextRow())
@@ -154,7 +154,7 @@
output += "</table>"
qdel(select_query)
if(polltype == POLLTYPE_TEXT)
select_query = SSdbcore.NewQuery("SELECT replytext, COUNT(replytext) AS countresponse, GROUP_CONCAT(DISTINCT ckey SEPARATOR ', ') as ckeys FROM [format_table_name("poll_textreply")] WHERE pollid = [pollid] GROUP BY replytext ORDER BY countresponse DESC");
select_query = SSdbcore.NewQuery("SELECT replytext, COUNT(replytext) AS countresponse, GROUP_CONCAT(DISTINCT ckey SEPARATOR ', ') as ckeys FROM [format_table_name("poll_textreply")] WHERE pollid = :pollid GROUP BY replytext ORDER BY countresponse DESC", list("pollid" = pollid));
select_query.Execute()
output += {"
<table width='900' align='center' bgcolor='#eeffee' cellspacing='0' cellpadding='4'>