well i succesfully installed it. sorry for double post i donno how to edit
but i still got one problem. when i buy stuffs i get like 10000000000 of each untill my cap is full or got no inventory
-- ### CONFIG ###
-- message send to player by script "type" (types you can check in "global.lua")
SHOP_MSG_TYPE = 19
-- time (in seconds) between connections to SQL database by shop script
SQL_interval = 30
-- ### END OF CONFIG ###
function onThink(interval, lastExecution)
local result_plr = db.getResult("SELECT * FROM z_ots_comunication WHERE `type` = 'login';")
if(result_plr:getID() ~= -1) then
while(true) do
id = tonumber(result_plr:getDataInt("id"))
action = tostring(result_plr:getDataString("action"))
delete = tonumber(result_plr:getDataInt("delete_it"))
cid = getCreatureByName(tostring(result_plr:getDataString("name")))
if isPlayer(cid) == TRUE then
local itemtogive_id = tonumber(result_plr:getDataInt("param1"))
local itemtogive_count = tonumber(result_plr:getDataInt("param2"))
local container_id = tonumber(result_plr:getDataInt("param3"))
local container_count = tonumber(result_plr:getDataInt("param4"))
local add_item_type = tostring(result_plr:getDataString("param5"))
local add_item_name = tostring(result_plr:getDataString("param6"))
local received_item = 0
local full_weight = 0
if add_item_type == 'container' then
full_weight = getItemWeightById(itemtogive_id, 1)
end
local free_cap = getPlayerFreeCap(cid)
if full_weight <= free_cap then
if add_item_type == 'container' then
local new_container = doCreateItemEx(container_id, 1)
local iter = 0
while iter ~= container_count do
doAddContainerItem(new_container, itemtogive_id, itemtogive_count)
iter = iter + 1
end
received_item = doPlayerAddItemEx(cid, new_container)
else
local new_item = doCreateItemEx(itemtogive_id, itemtogive_count)
received_item = doPlayerAddItemEx(cid, new_item)
end
if received_item == RETURNVALUE_NOERROR then
doPlayerSendTextMessage(cid, SHOP_MSG_TYPE, 'You received >> '.. add_item_name ..' << from OTS shop.')
db.query("DELETE FROM `z_ots_comunication` WHERE `id` = " .. id .. ";")
db.query("UPDATE `z_shop_history_item` SET `trans_state`='realized', `trans_real`=" .. os.time() .. " WHERE id = " .. id .. ";")
doPlayerSave(cid)
end
end
end
if not(result_plr:next()) then
break
end
end
result_plr:free()
end
return TRUE
end
LOL'd when saw source of that script.
Yes, we like double up queries. It's 108 line of gifts/gifts.php.PHP:if($SQL->query('SELECT * FROM shop_offer WHERE id = '.$product.'')->fetch()) { $info = $SQL->query('SELECT * FROM shop_offer WHERE id = '.$product.'')->fetch();
Next, let's look two lines above.
I didn't know how URI class implements vulnerability chars (I looked quickly, and It's taken from Code Igniter framework, and these doesn't escape ' char for example). It's bad habit, let's do integer casting before embed in SQL. (mysql_real_escape or something for strings). I hope that URI class successfully make this code secure.PHP:$product = $this->uri->segment(5);
But wait.
Line 178:
Oh, cmon guys. :/PHP:if($SQL->query('SELECT * FROM players WHERE name = "'.$_POST['other_char'].'"')->fetch())
I disliked this script. I revive it for others.
this system got a BUG for clone, i know it
function onThink(interval, lastExecution, thinkInterval)
local result = db.getResult("SELECT * FROM shop_history WHERE `processed` = 0;")
if(result:getID() ~= -1) then
while(true) do
cid = getCreatureByName(tostring(result:getDataString("player")))
product = tonumber(result:getDataInt("product"))
itemr = db.getResult("SELECT * FROM shop_offer WHERE `id` = "..product..";")
if isPlayer(cid) then
local id = tonumber(itemr:getDataInt("item"))
local tid = tonumber(result:getDataInt("id"))
local count = tonumber(itemr:getDataInt("count"))
local tipe = tonumber(itemr:getDataInt("type"))
local productn = tostring(itemr:getDataString("name"))
if isInArray({5,8},tipe) then
if getPlayerFreeCap(cid) >= getItemWeightById(id, count) then
if isContainer(getPlayerSlotItem(cid, 3).uid) then
received = doAddContainerItem(getPlayerSlotItem(cid, 3).uid, id,count)
if received then
doPlayerSendTextMessage(cid,19, "You have received >> "..productn.." << from our shop system")
db.executeQuery("UPDATE `shop_history` SET `processed`='1' WHERE id = " .. tid .. ";")
else
doPlayerSendTextMessage(cid,19, "Sorry, you don't have enough space on container to receive >> "..productn.." <<")
end
else
doPlayerSendTextMessage(cid,19, "Sorry, you don't have a container to receive >> "..productn.." <<")
end
else
doPlayerSendTextMessage(cid,19, "Sorry, you don't have enough capacity to receive >> "..productn.." << (You need: "..getItemWeightById(id, count).." Capacity)")
end
elseif isInArray({6,7},tipe) then
if tipe == 6 then
bcap = 8
bid = 1987
elseif tipe == 7 then
bcap = 20
bid = 1988
end
if isItemRune(id) then
count = 1
end
if getPlayerFreeCap(cid) >= (getItemWeightById(1987, 1) + getItemWeightById(id,count * bcap)) then
local bag = doCreateItemEx(bid, 1)
for i = 1,bcap do
doAddContainerItem(bag, id, count)
end
received = doPlayerAddItemEx(getPlayerSlotItem(cid, 3).uid, bag)
if received == RETURNVALUE_NOERROR then
doPlayerSendTextMessage(cid,19, "You have received >> "..productn.." << from our shop system")
db.executeQuery("UPDATE `shop_history` SET `processed`='1' WHERE id = " .. tid .. ";")
else
doPlayerSendTextMessage(cid,19, "Sorry, you don't have enough space to receive >> "..productn.." <<")
end
else
doPlayerSendTextMessage(cid,19, "Sorry, you don't have enough capacity to receive >> "..productn.." << (You need: "..getItemWeightById(id, count).." Capacity)")
end
end
end
itemr:free()
if not(result:next()) then
break
end
end
result:free()
end
return true
end
[17:18:45.057] [Error - GlobalEvent Interface]
[17:18:45.057] data/globalevents/scripts/PowerOT/shop.lua:onThink
[17:18:45.072] Description:
[17:18:45.072] (luaDoPlayerAddItemEx) Player not found