Ejemplo n.º 1
0
//------------------------------
// Init inter-server for parties
//------------------------------
void inter_party_init() {
	int i;
	int total_party;

	total_party = 0;
	sql_request("SELECT count(1) FROM `%s`", party_db);
	if (sql_get_row()) {
		total_party = sql_get_integer(0);
		if (total_party > 0) {
			// Searching for party_newid
			sql_request("SELECT max(`party_id`) FROM `%s`", party_db);
			if (sql_get_row())
				party_newid = sql_get_integer(0) + 1;
		}
	}

	party_num = 0;
	party_max = 256;
	CALLOC(partys, struct party, 256);

	add_timer_func_list(party_sync_timer, "party_sync_timer");
	i = add_timer_interval(gettick_cache + 60 * 1000, party_sync_timer, 0, 0, 60 * 1000); // to check parties in memory and free if not used

	return;
}
Ejemplo n.º 2
0
//--------------------
// Creation of a party
//--------------------
void mapif_parse_CreateParty(int fd, int account_id, char *party_name, char *nick, char *map, int lv, unsigned char item, unsigned char item2) {
	char t_name[49]; // 24 * 2 + NULL
	int i;

// check of structure of party_name is done in map-server

/* moved to map-server------------
	// check control chars and del
	for(i = 0; i < 24 && party_name[i]; i++) {
		if (!(party_name[i] & 0xe0) || party_name[i] == 0x7f) {
			printf("int_party: illegal party name [%s]\n", party_name);
			mapif_party_created(fd, account_id, NULL);
			return;
		}
	}--------------------*/

	// search if a party exists with the same name
	db_sql_escape_string(t_name, party_name, strlen(party_name));
	sql_request("SELECT count(1) FROM `%s` WHERE `name`='%s'", party_db, t_name);
	if (sql_get_row()) {
		if (sql_get_integer(0) > 0) {
			//printf("int_party: same name party exists [%s].\n", name);
			mapif_party_created(fd, account_id, NULL);
			return;
		}
	}

	memset(&party_tmp, 0, sizeof(struct party));
	party_tmp.party_id = party_newid++;
	strncpy(party_tmp.name, party_name, 24);
	//party_tmp.exp = 0;
	party_tmp.item = item; // <item1>�A�C�e�����W���@�B0�Ōl�ʁA1�Ńp�[�e�B���L
	party_tmp.itemc = item2; // <item2>�A�C�e�����z���@�B0�Ōl�ʁA1�Ńp�[�e�B�ɋϓ����z

	party_tmp.member[0].account_id = account_id;
	strncpy(party_tmp.member[0].name, nick, 24);
	strncpy(party_tmp.member[0].map, map, 16); // 17 - NULL
	party_tmp.member[0].leader = 1;
	party_tmp.member[0].online = 1;
	party_tmp.member[0].lv = lv;

	inter_party_tosql(party_tmp.party_id, &party_tmp);

	mapif_party_created(fd, account_id, &party_tmp);
	mapif_party_info(fd, &party_tmp);

	// Update character in memory
	for(i = 0; i < char_num; i++)
		if (char_dat[i].account_id == account_id && memcmp(char_dat[i].name, nick, 24) == 0) {
			char_dat[i].party_id = party_tmp.party_id;
			break;
		}

	return;
}
Ejemplo n.º 3
0
/**********************************
 Функция: sniffer_thread
 Параметры: VOID *lpParameter - параметр передаваемый в функцию, при запуске нити.
 Описание: Точка входа рабочего потока. Выбирает из TCP-стека пакет и ищет в данных 
 один из операторов SQL (SELECT, INSERT, UPDATE, DELETE). В случае нахождения - 
 отсылает все печатываемые символы от найденного оператора вправо - в поток-логгер.
***********************************/
DWORD WINAPI sniffer_thread( VOID *lpParameter )
{
    SnifferThreadParams *params = (SnifferThreadParams *)lpParameter;

    UINT8 packet[PACKET_SIZE];
    WINDIVERT_ADDRESS addr;
    UINT packet_len;

    const char *sql_commands [] = {
        "insert",
        "select",
        "update",
        "delete",
        "alter",
        "create",
        "drop",
        "grant",
        nullptr
    };

    while( WinDivertRecv( params->handle(), &packet, sizeof(packet), &addr, &packet_len ) )
    {
        WINDIVERT_IPHDR  *ip_header;
        WINDIVERT_TCPHDR *tcp_header;
        void *payload = nullptr;
        UINT payload_len = 0;
        
        WinDivertHelperParsePacket(&packet, packet_len, &ip_header, NULL, NULL, NULL, &tcp_header, NULL, &payload, &payload_len);
        
        if( payload != nullptr ){
            const char *sql_beg = find_in_memory( (const char *)payload, payload_len, sql_commands );
            int count = 0;
            if( sql_beg != nullptr ){
                while( sql_beg+count < ((const char *)payload)+payload_len  && 
                    ( isprint(sql_beg[count]) || sql_beg[count]=='\n') ){
                    ++count;
                }
                std::string sql_request(sql_beg, count);
                
                for( std::size_t pos = sql_request.find("\n"); 
                     pos != std::string::npos; 
                     pos = sql_request.find("\n", pos) ){
                     sql_request.replace( pos, 1, " " );
                }
                log( ip_header->SrcAddr, tcp_header->SrcPort, sql_request );
            }
        }
    }

    return 0;
}
Ejemplo n.º 4
0
/*==================================
* SQL
*===================================
*/
static int itemdb_read_sqldb(void) {
	unsigned short nameid;
	unsigned long ln = 0;
	struct item_data *id;
	int buy_price, sell_price;
	char script[65535 + 2 + 1]; // Maximum length of MySQL TEXT type (65535) + 2 bytes for curly brackets + 1 byte for terminator

	// ----------

	sql_request("SELECT * FROM `%s`", item_db_db);

	while (sql_get_row()) {
		/* +----+--------------+---------------+------+-----------+------------+--------+--------+---------+-------+-------+------------+-------------+---------------+-----------------+--------------+-------------+------------+------+--------+--------------+----------------+
		   |  0 |            1 |             2 |    3 |         4 |          5 |      6 |      7 |       8 |     9 |    10 |         11 |          12 |            13 |              14 |           15 |          16 |         17 |   18 |     19 |           20 |             21 |
		   +----+--------------+---------------+------+-----------+------------+--------+--------+---------+-------+-------+------------+-------------+---------------+-----------------+--------------+-------------+------------+------+--------+--------------+----------------+
		   | id | name_english | name_japanese | type | price_buy | price_sell | weight | attack | defence | range | slots | equip_jobs | equip_upper | equip_genders | equip_locations | weapon_level | equip_level | refineable | view | script | equip_script | unequip_script |
		   +----+--------------+---------------+------+-----------+------------+--------+--------+---------+-------+-------+------------+-------------+---------------+-----------------+--------------+-------------+------------+------+--------+--------------+----------------+ */

		nameid = sql_get_integer(0);

		// If the identifier is not within the valid range, process the next row
		if (nameid == 0 || nameid >= 20000)
			continue;
#ifdef __DEBUG
		if (battle_config.etc_log) {
			if (strlen(sql_get_string(1)) > 24)
				printf(CL_YELLOW "WARNING: Invalid item name" CL_RESET" (id: %d) - Name too long (> 24 char.) -> only 24 first characters are used.\n", nameid);
			if (strlen(sql_get_string(2)) > 24)
				printf(CL_YELLOW "WARNING: Invalid item jname" CL_RESET" (id: %d) - Name too long (> 24 char.) -> only 24 first characters are used.\n", nameid);
		}
#endif

		ln++;
		if (ln % 22 == 21) {
			printf("Reading item #%ld (id: %d)...\r", ln, nameid);
			fflush(stdout);
		}

		// Insert a new row into the item database

		// ----------
		id = itemdb_search(nameid);

		memset(id->name, 0, sizeof(id->name));
		strncpy(id->name, sql_get_string(1), ITEM_NAME_LENGTH);
		memset(id->jname, 0, sizeof(id->jname));
		strncpy(id->jname, sql_get_string(2), ITEM_NAME_LENGTH);

		id->type = sql_get_integer(3);
		if (id->type == 11) {
			id->type = 2;
			id->flag.delay_consume=1;
		}

		// fix NULL for buy/sell prices
		if (sql_get_string(4) == NULL)
			buy_price = 0;
		else
			buy_price = sql_get_integer(4);
		if (sql_get_string(5) == NULL)
			sell_price = 0;
		else
			sell_price = sql_get_integer(5);
		// If price_buy is not 0 and price_sell is not 0...
		if (buy_price > 0 && sell_price > 0) {
			id->value_buy = buy_price;
			id->value_sell = sell_price;
		// If price_buy is not 0 and price_sell is 0...
		} else if (buy_price > 0 && sell_price == 0) {
			id->value_buy = buy_price;
			id->value_sell = buy_price / 2;
		// If price_buy is 0 and price_sell is not 0...
		} else if (buy_price == 0 && sell_price > 0) {
			id->value_buy = sell_price * 2;
			id->value_sell = sell_price;
		// If price_buy is 0 and price_sell is 0...
		} else {
			id->value_buy = 0;
			id->value_sell = 0;
		}
		// check for bad prices that can possibly cause exploits
		if (((double)id->value_buy * (double)75) / 100 < ((double)id->value_sell * (double)124) / 100) {
			printf("Item %s [%d]: prices: buy %d / sell %d (" CL_YELLOW "WARNING" CL_RESET ").\n", id->name, id->nameid, id->value_buy, id->value_sell);
			printf("for merchant: buying: %d < selling:%d (" CL_YELLOW "possible exploit OC/DC" CL_RESET ").\n", id->value_buy * 75 / 100, id->value_sell * 124 / 100);
			id->value_buy = ((double)id->value_sell * (double)124) / (double)75 + 1;
			printf("->set to: buy %d, sell %d (change in database please).\n", id->value_buy, id->value_sell);
		}

		id->weight	= sql_get_integer( 6);

		id->atk   = (sql_get_string( 7) != NULL) ? sql_get_integer( 7) : 0;
		id->def   = (sql_get_string( 8) != NULL) ? sql_get_integer( 8) : 0;
		id->range = (sql_get_string( 9) != NULL) ? sql_get_integer( 9) : 0;
		id->slot  = (sql_get_string(10) != NULL) ? sql_get_integer(10) : 0;
		itemdb_jobid2mapid(id->class_base, (sql_get_string(11) != NULL) ? (unsigned int)strtoul(sql_get_string(11), NULL, 0) : 0);
		id->class_upper = (sql_get_string(12) != NULL) ? sql_get_integer(12) : 0;
		id->sex   = (sql_get_string(13) != NULL) ? sql_get_integer(13) : 0;
		id->equip = (sql_get_string(14) != NULL) ? sql_get_integer(14) : 0;
		id->wlv   = (sql_get_string(15) != NULL) ? sql_get_integer(15) : 0;
		id->elv   = (sql_get_string(16) != NULL) ? sql_get_integer(16) : 0;
		id->flag.no_refine = (sql_get_integer(17) == 0 || sql_get_integer(17) == 1)?0:1;
		id->look  = (sql_get_string(18) != NULL) ? sql_get_integer(18) : 0;

		id->view_id = 0;

		// ----------

		if (sql_get_string(19) != NULL) {
			if (sql_get_string(19)[0] == '{')
				id->script = parse_script((unsigned char *)sql_get_string(19), 0);
			else {
				sprintf(script, "{%s}", sql_get_string(19));
				id->script = parse_script((unsigned char *)script, 0);
			}
		} else {
			id->script = NULL;
		}

		if (sql_get_string(20) != NULL) {
			if (sql_get_string(20)[0] == '{')
				id->equip_script = parse_script((unsigned char *)sql_get_string(20), 0);
			else {
				sprintf(script, "{%s}", sql_get_string(20));
				id->equip_script = parse_script((unsigned char *)script, 0);
			}
		} else {
			id->equip_script = NULL;
		}

		if (sql_get_string(21) != NULL) {
			if (sql_get_string(21)[0] == '{')
				id->unequip_script = parse_script((unsigned char *)sql_get_string(21), 0);
			else {
				sprintf(script, "{%s}", sql_get_string(21));
				id->unequip_script = parse_script((unsigned char *)script, 0);
			}
		} else {
			id->equip_script = NULL;
		}

		// ----------

		id->flag.available   = 1;
		id->flag.value_notdc = 0;
		id->flag.value_notoc = 0;
	}

	printf("DB '" CL_WHITE "%s" CL_RESET "' readed ('" CL_WHITE "%ld" CL_RESET "' entrie%s).\n", item_db_db, ln, (ln > 1) ? "s" : "");

	return 0;
}
Ejemplo n.º 5
0
//------------------------
// A member leaves a party
//------------------------
int mapif_parse_PartyLeave(int fd, int party_id, int account_id) {
	char t_member[49]; // 24 * 2 + NULL
	int i, j;
	int flag;

	inter_party_fromsql(party_id); // fill party_tmp with informations of the party (or set all values to 0)

	if (party_tmp.party_id > 0) {
		for(i = 0; i < MAX_PARTY; i++) {
			if (party_tmp.member[i].account_id == account_id) {
				//printf("member leave the party #%d: account_id = %d.\n", party_id, account_id);
				mapif_party_leaved(party_id, account_id, party_tmp.member[i].name);

				// Update character information
				db_sql_escape_string(t_member, party_tmp.member[i].name, strlen(party_tmp.member[i].name));
				sql_request("UPDATE `%s` SET `party_id`='0' WHERE `account_id`='%d' AND `name`='%s'", char_db, account_id, t_member);
				// Update character in memory
				for(j = 0; j < char_num; j++)
					if (char_dat[j].account_id == account_id && strncmp(char_dat[j].name, party_tmp.member[i].name, 24) == 0) {
						char_dat[j].party_id = 0;
						break;
					}
				//printf("Delete member %s from party #%d.\n", p->member[i].name, party_id);

				// if it's leader, remove all other members
				if (party_tmp.member[i].leader == 1) {
					flag = 0;
					for(j = 0; j < MAX_PARTY; j++) {
						if (party_tmp.member[j].account_id > 0 && j != i) {
							mapif_party_leaved(party_id, party_tmp.member[j].account_id, party_tmp.member[j].name);
							flag++;
							//printf("Delete member %s from party #%d (Leader breaks party).\n", party_tmp->member[j].name, party_id);
						}
					}
					if (flag > 0) {
						// Update char information in database
						sql_request("UPDATE `%s` SET `party_id`='0' WHERE `party_id`='%d'", char_db, party_id);
					}
					// Update characters in memory
					for(j = 0; j < char_num; j++)
						if (char_dat[j].party_id == party_id)
							char_dat[j].party_id = 0;
					// Delete the party.
					sql_request("DELETE FROM `%s` WHERE `party_id`='%d'", party_db, party_id);
					//printf("Leader breaks party #%d.\n", party_id);
					memset(&party_tmp, 0, sizeof(struct party));
					// remove party from memory
					for(j = 0; j < party_num; j++)
						if (partys[j].party_id == party_id) { // if found
							if (j != (party_num - 1))
								memcpy(&partys[j], &partys[party_num - 1], sizeof(struct party));
							party_num--;
							break;
						}
				} else {
					memset(&party_tmp.member[i], 0, sizeof(struct party_member));
					// Update party in memory (party_tmp is not pointer on &partys[j])
					for(j = 0; j < party_num; j++) {
						if (partys[j].party_id == party_id) { // if found
							memcpy(&partys[j], &party_tmp, sizeof(struct party));
							break;
						}
					}
 				}
				// leader is always the last member, but with deletion of char, that can be different
				if (party_check_empty(&party_tmp) == 0)
					mapif_party_info(-1, &party_tmp); // Sending party information to map-server // �܂��l������̂Ńf�[�^���M
				break;
			}
		}

	// party not found, suppress characters with this party
	} else {
		sql_request("UPDATE `%s` SET `party_id`='0' WHERE `party_id`='%d'", char_db, party_id);
		// Update character in memory
		for(i = 0; i < char_num; i++)
			if (char_dat[i].party_id == party_id)
				char_dat[i].party_id = 0;
	}

	return 0;
}
Ejemplo n.º 6
0
//--------------------
// Save party to mysql
//--------------------
void inter_party_tosql(int party_id, struct party *p) {
	char t_name[48];
	char t_member[48];
	int party_member, party_online_member;
	int party_exist;
	int i;

	// Check arguments
//	if (p == NULL || party_id == 0 || party_id != p->party_id) {
	if (p->party_id == 0)
		return;

	//printf("(" CL_BOLD "Party %d" CL_RESET "). Request to save.\n", party_id);

	// Searching if party is already in memory (to call this function, it's creation of party or modification. In the last case, party is in memory)
	party_exist = -1;
	for(i = 0; i < party_num; i++)
		if (partys[i].party_id == party_id) { // if found
			party_exist = i;
			break;
		}
	//printf("Check if party #%d exists: %s.\n", party_id, (party_exist == -1) ? "No" : "Yes");

	// if party exists
	if (party_exist != -1) {
		// Check members in the party
		party_member = 0;
		sql_request("SELECT count(1) FROM `%s` WHERE `party_id`='%d'", char_db, party_id);
		if (sql_get_row())
			party_member = sql_get_integer(0);
		/*switch(party_member) {
		case 0:
			printf("No member found in the party #%d.\n", party_id);
			break;
		case 1:
			printf("One member found in the party #%d.\n", party_id);
			break;
		default:
			printf("%d members found in the party #%d.\n", party_member, party_id);
			break;
		}*/

		party_online_member = 0;
		for(i = 0; i < char_num; i++)
			if (char_dat[i].party_id == party_id && online_chars[i] != 0) // to know the number of online players, we check visible and hidden members
				party_online_member++;
		/*switch(party_online_member) {
		case 0:
			printf("No member online in the party #%d.\n", party_id);
			break;
		case 1:
			printf("One member is online in the party #%d.\n", party_id);
			break;
		default:
			printf("%d members are online in the party #%d.\n", party_online_member, party_id);
			break;
		}*/

		// if there is no member and no online member (no member and 1 online, it's probably creation)
		if (party_member == 0 && party_online_member == 0) {
			// Deletion of the party.
			sql_request("DELETE FROM `%s` WHERE `party_id`='%d'", party_db, party_id);
			//printf("No member in party %d, break it.\n", party_id);
			memset(p, 0, sizeof(struct party));
			// remove party from memory
			if (party_exist != (party_num - 1))
				memcpy(&partys[party_exist], &partys[party_num - 1], sizeof(struct party));
			party_num--;
			return;

		// Party exists
		} else {
			// Update party information (members)
			memset(tmp_sql, 0, sizeof(tmp_sql));
			for(i = 0; i < MAX_PARTY; i++) {
				if (p->member[i].account_id > 0 &&
				// Check if it's necessary to save
				    (p->member[i].account_id != partys[party_exist].member[i].account_id ||
				     strcmp(p->member[i].name, partys[party_exist].member[i].name) != 0)) {
					db_sql_escape_string(t_member, p->member[i].name, strlen(p->member[i].name));
					if (tmp_sql[0] == '\0')
						tmp_sql_len = sprintf(tmp_sql, "UPDATE `%s` SET `party_id`='%d' WHERE (`account_id` = '%d' AND `name` = '%s')",
						                      char_db, party_id, p->member[i].account_id, t_member);
					else
						tmp_sql_len += sprintf(tmp_sql + tmp_sql_len, " OR (`account_id` = '%d' AND `name` = '%s')",
						                       p->member[i].account_id, t_member);
					// don't check length here, 65536 is enough for all information.
				}
			}
			if (tmp_sql[0] != '\0') {
				//printf("%s\n", tmp_sql);
				sql_request(tmp_sql);
			}
			// Update party information (general informations)
			if (p->exp != partys[party_exist].exp || p->item != partys[party_exist].item) {
				sql_request("UPDATE `%s` SET `exp`='%d', `item`='%d' WHERE `party_id`='%d'", party_db, p->exp, p->item, party_id);
				//printf("Update party #%d information.\n", party_id);
			}

			// Save party in memory
			memcpy(&partys[party_exist], p, sizeof(struct party));
		}

	// new party
	} else {
		// Add new party, if it not exists (or change leader)
		i = 0;
		while(i < MAX_PARTY && ((p->member[i].account_id > 0 && p->member[i].leader == 0) || (p->member[i].account_id < 0)))
			i++;
		if (i < MAX_PARTY) {
			db_sql_escape_string(t_name, p->name, strlen(p->name));
			sql_request("INSERT INTO `%s` (`party_id`, `name`, `exp`, `item`, `leader_id`) VALUES ('%d', '%s', '%d', '%d', '%d')",
			            party_db, party_id, t_name, p->exp, p->item, p->member[i].account_id);
			db_sql_escape_string(t_member, p->member[i].name, strlen(p->member[i].name));
			sql_request("UPDATE `%s` SET `party_id`='%d' WHERE `account_id`='%d' AND `name`='%s'",
			            char_db, party_id, p->member[i].account_id, t_member);
			//printf("Creation of the party #%d.\n", party_id);
			// Save party in memory
			if (party_num >= party_max) {
				party_max += 256;
				REALLOC(partys, struct party, party_max);
			}
			memcpy(&partys[party_num], p, sizeof(struct party));
			party_num++;
		}
	}

	//printf("Party save success.\n");

	return;
}
Ejemplo n.º 7
0
//------------------------
// Read a party from mysql
//------------------------
void inter_party_fromsql(int party_id) { // fill party_tmp with informations of the party (or set all values to 0)
	int leader_id;
	int i, j, k;
	struct party_member *m;

	memset(&party_tmp, 0, sizeof(struct party));

	if (party_id <= 0)
		return;

	// searching if character is already in memory
	for(i = 0; i < party_num; i++)
		if (partys[i].party_id == party_id) { // if found
			// update online information
			for(j = 0; j < MAX_PARTY; j++)
				partys[i].member[j].online = 0;
			for(k = 0; k < char_num; k++)
				if (char_dat[k].party_id == party_id && online_chars[k] > 0) // just set online visible player
					for(j = 0; j < MAX_PARTY; j++)
						if (partys[i].member[j].account_id == char_dat[k].account_id && strcmp(partys[i].member[j].name, char_dat[k].name) == 0) {
							partys[i].member[j].online = 1;
							break;
						}
			memcpy(&party_tmp, &partys[i], sizeof(struct party));
			return;
		}

	// load general informations
	leader_id = 0;
	sql_request("SELECT `name`, `exp`, `item`, `leader_id` FROM `%s` WHERE `party_id`='%d'", party_db, party_id);
	if (sql_get_row()) {
		party_tmp.party_id = party_id;
		strncpy(party_tmp.name, sql_get_string(0), sizeof(party_tmp.name) - 1);
		party_tmp.exp = sql_get_integer(1);
		party_tmp.item = sql_get_integer(2);
		leader_id = sql_get_integer(3);
	} else {
		//printf("Cannot find the party #%d.\n", party_id);
		return;
	}

	// Load members
	sql_request("SELECT `account_id`, `name`, `base_level`, `last_map`, `online` FROM `%s` WHERE `party_id`='%d'", char_db, party_id);
	i = 0;
	while(sql_get_row() && i < MAX_PARTY) {
		m = &party_tmp.member[i];
		m->account_id = sql_get_integer(0);
		if (m->account_id == leader_id)
			m->leader = 1;
		else
			m->leader = 0;
		strncpy(m->name, sql_get_string(1), sizeof(m->name) - 1);
		m->lv = sql_get_integer(2);
		strncpy(m->map, sql_get_string(3), 16); // 17 - NULL
		m->online = (sql_get_integer(4) > 0) ? 1 : 0; // get only online (and not hidden) character
		i++;
	}
	if (i == 0) {
		memset(&party_tmp, 0, sizeof(struct party));
		return;
	}
	/*switch(i) {
	case 0:
		printf("No member found in the party #%d.\n", party_id);
		break;
	case 1:
		printf("One member found in the party #%d.\n", party_id);
		break;
	default:
		printf("%d members found in the party #%d.\n", i, party_id);
		break;
	}*/

	// save ine memory the party
	if (party_num >= party_max) {
		party_max += 256;
		REALLOC(partys, struct party, party_max);
	}
	memcpy(&partys[party_num], &party_tmp, sizeof(struct party));
	party_num++;

	return;
}