Player problem

[dugasz1]

Hello! I have got some problem to define the player:

So there is a button when i click on it its trigger to server the login data (there is the player yet).

But when i make a query and its call back how can i call the player who click the button?

addEvent( "clientRequestLogin", true ) 
addEventHandler( "clientRequestLogin", getRootElement(),  
function ( username, password ) 
    --dbExec( theConnection,"SET NAMES utf8" )   
    dbQuery( loginCallback, theConnection, "SELECT * FROM users WHERE username = '"..username.."' AND password = '"..md5(password).."'" ) 
end ) 
  
function loginCallback ( qh ) 
    local result = dbPoll( qh, 0 ) 
    if #result == 1 then 
        outputChatBox ( "Üdvözlünk ".. result[1]['username'].." a szerveren!", --Here comes the player  ) 
        dbQuery( characterCallback, theConnection, "SELECT * FROM characters WHERE owner = '"..result[1]['username'].."'" ) 
    elseif #result == 0 then 
        outputChatBox ( "Hibás felhasználónév vagy jelszó!", --Here comes the player ) 
    end 
end 

[WhoAmI]

Add parameter to loginCallback function ('player'). And then call this function giving player.

loginCallback ( player, qh ) 

and then

dbQuery ( loginCallback, source, ... ) 

[Castillo]

That query isn't really secure, it can lead to SQL injections.

[dugasz1]

Add parameter to loginCallback function ('player'). And then call this function giving player.

loginCallback ( player, qh ) 

and then

dbQuery ( loginCallback, source, ... ) 

Thank you

That query isn't really secure, it can lead to SQL injections.

You mean it's can be simply hacked?

Edited March 18, 2014 by Guest

[Castillo]

Read about SQL injections, you should make your queries like this:

dbQuery ( "SELECT * FROM myTable WHERE account = ?", "Castillo" ) 

[dugasz1]

I will check it. Thank you

[dugasz1]

addEvent( "clientRequestLogin", true ) 
addEventHandler( "clientRequestLogin", getRootElement(),  
function ( username, password ) 
    dbQuery( loginCallback, source, theConnection, "SELECT * FROM users WHERE username = ? AND password = ?", username, md5(password) ) 
end ) 
  
function loginCallback ( thePlayer, qh ) 
    local result = dbPoll( qh, 0 ) 
    if #result == 1 then 
        outputChatBox ( "Üdvözlünk ".. result[1]['username'].." a szerveren!", thePlayer ) 
        dbQuery( characterCallback, thePlayer, theConnection, "SELECT * FROM characters WHERE owner = ?", result[1]['username'] ) 
    elseif #result == 0 then 
        outputChatBox ( "Hibás felhasználónév vagy jelszó!",  ) 
    end 
end 

WhoAmI, do you see the problem? Because it isnt work and the console write "expected db-connection at arg 2.. ".

Or do somebody know the solution?

[WhoAmI]

Check this

addEvent( "clientRequestLogin", true ) 
addEventHandler( "clientRequestLogin", getRootElement(), 
function ( username, password ) 
    dbQuery( loginCallback ( source ), theConnection, "SELECT * FROM users WHERE username = ? AND password = ?", username, md5(password) ) 
end ) 
  
function loginCallback ( thePlayer, qh ) 
    local result = dbPoll( qh, 0 ) 
    if #result == 1 then 
        outputChatBox ( "Üdvözlünk ".. result[1]['username'].." a szerveren!", thePlayer ) 
        dbQuery( characterCallback, thePlayer, theConnection, "SELECT * FROM characters WHERE owner = ?", result[1]['username'] ) 
    elseif #result == 0 then 
        outputChatBox ( "Hibás felhasználónév vagy jelszó!",  ) 
    end 
end 

[dugasz1]

I asked another hungarian scripter (image) he point on the problem :

dbQuery( loginCallback , { arg1, arg2,..}, theConnection, .... 

Only the {} miss

Thank you the help too!