[SOLVED] Connected Login Panel to IPS Communite Suite!

[FlyingSpoon]

mta::doReturn(true, 0);  // Password correct 

After this?

[Addlibs]

// Edit:  
$sql = "SELECT * FROM `".$table."` WHERE `".$accountColumn."`='".strtolower($input[1])."' LIMIT 1"; 
[…] 
mta::doReturn(true, 0, $row);  // Password correct 

This will send all of the row data as the 3rd parameters of the callback function, as a Lua table (you don't have to convert from JSON).

Example:

callRemote("[Link]", function(success, extra, data) 
  if success == true then -- if passwords match (the 3rd parameter “data” isn't sent over otherwise) 
    outputDebugString(data['email'])) --this will output the data under column 'email' in that database table 
  end 
end, "verifyPasswords", username, password) 

Edited January 2, 2016 by Guest

[FlyingSpoon]

You said something to me like dont use 'name' instead use 'members_seo_name' ?

[Addlibs]

You said something to me like dont use 'name' instead use 'members_seo_name' ?

Yeah, OR use this query:

$sql = "SELECT * FROM `".$table."` WHERE `".$accountColumn."`='".$input[1]."' LIMIT 1"; 
// instead of  
$sql = "SELECT * FROM `".$table."` WHERE `".$accountColumn."`='".strtolower($input[1])."' LIMIT 1"; 

[FlyingSpoon]

Also, one more thing, what if I want to update tables in the Database, how would I go about doing that?

[Addlibs]

You'd probably want to add

... 
        mta::doReturn(false, 2);  // Account not found 
    } 
} // previous code ends here 
elseif (isset($input[0]) && isset($input[1]) && $input[0] == "databaseExec") { // this is the first line of the addition 
    mta::doReturn(mysqli_query($conn, $input[1])); 
} 

In this case, you'll be able to specify your own SQL statement, such as

UPDATE `mvp_core_members` SET `somecolumn`='somedata'

. This code would be called in the following way:

callRemote("[Link]", callbackFunction, "databaseExec", yourSQLstatement) 

However, I'm not very sure about the security of this. If someone found out the PHP link, they'd be able to run any query on your database schema without logging in (since the PHP does that for you)

EDIT: If you use

if ($_SERVER['REMOTE_ADDR'] == "IP of the server on which MTA is running") {    // code}

then only your server will be able to execute the PHP.

Edited January 2, 2016 by Guest

[FlyingSpoon]

What if I was to change the file name completely so it's not guessable.

e.g.

login_x9204949dlg.php

[Addlibs]

It might be unguessable, but I think it is somehow possible for a ‘Man in the Middle’ to sniff out traffic and see where your server may be connecting to, and get the URL. I have no idea how easy it might be to do and if it's even possible without control over the network of either remote machine.

Regardless, it's always safer to verify the IP which is connecting. (Check the edit on my previous post)

[FlyingSpoon]

Where would I put that?

UPDATE:

Like this?

if ($_SERVER['REMOTE_ADDR'] == "IP of the server on which MTA is running") { 
    else if (isset($input[0]) && isset($input[1]) && $input[0] == "databaseExec") { // this is the first line of the addition 
    mta::doReturn(mysqli_query($conn, $input[1])); 
} 
} 

[Addlibs]

Depends if you want to secure the whole code from external IPs or just the update database queries. I'd put it around the whole code, that is, just after <?php and ending just before ?>, just for safety.

[Addlibs]

else if (isset($input[0]) && isset($input[1]) && $input[0] == "databaseExec") { // this is the first line of the addition 

Oh whoops - auto-corrector mistake, it should be 'elseif' not 'else if'

[FlyingSpoon]

Okay, so I have done that, now I can do this right?

callRemote("[Link]", callbackFunction, "databaseExec", UPDATE `mvp_core_members` SET `somecolumn`='somedata') 

[Addlibs]

callRemote("[Link]", callbackFunction, "databaseExec", "UPDATE `mvp_core_members` SET `somecolumn`='somedata'") 

[FlyingSpoon]

Thank you ! You're amazing!

[FlyingSpoon]

I know I haven't used callRemote before, but like how would I get data for each separate account?

Say if I did this,

function getPlayerMoney() 
callRemote("[LINK]", callbackFunction, "databaseExec", "SELECT `money` FROM `mvp_core_members`") 
end 

('I created the column already')

How would I actually like do it for the actual accounts in the database?

[Addlibs]

To use this as a standard function, you'd most likely need to use coroutines. I know for sure that it is possible but I don't know how to do that myself. Because requests through callRemote aren't instant, a callback function is called when the result it ready (a bit like dbQuery). Thus, your custom getPlayerMoney() would trigger the query but the actual result will come at a later stage. A coroutine would allow you to pause the execution of the function until the result is ready, but I do not know how to do it technically.

I'd stick to the internal money system, and extend it with functions like setMoneyFromDatabaseForAllPlayers (or preferably a shorter function name) which would request money for every online account and set it when the results arrive.

[FlyingSpoon]

Exactly,

I know the internal money system, but I was worried.. that how would I save the actual money and then get it again, because we're using remote's here.

[FlyingSpoon]

Say if I was to use givePlayerMoney(source, 500)

Would I be able to use the callRemote to save data and fetch data from the database?

If yes, can I have an example?

UPDATE:

Say if I was to do this for each account, would this work?

function getPlayerGroup(username) 
    local groupID = callRemote("[LINK]", callbackFunction, "databaseExec", "SELECT `member_group_id` FROM `mvp_core_members` WHERE `name`= ?",username) 
    outputChatBox(groupID, source, 209, 125, 0) 
end 
addEvent("getPlayerGroup",true) 
addEventHandler("getPlayerGroup",getRootElement(),getPlayerGroup) 

Bad argument @ 'callRemote' [Expected string at argument 2, got nil] 
Bad argument @ 'outputChatBox' [Expected string at argument 1, got boolean]