-
Content Count
148 -
Joined
-
Last visited
-
Days Won
7
Reputation Activity
-
Rebel reacted to AnnieRuru in Advance SQL commands
2. How to build a case-sensitive table
this is the answer I found
http://dba.stackexchange.com/questions/15250/how-to-do-a-case-sensitive-search-in-where-clause
by default, the table creation use charset = latin1;
means it couldn't do a case-sensitive search
if you want to do a case-sensitive in a query, use BINARY
SELECT * FROM `char` WHERE `name` = BINARY('AnnieRuru'); however using BINARY might have performance hit if it is a big table
so its more recommend to convert your SQL table to collate with latin1_general_cs
let's say this is a sample table
CREATE TABLE `test` ( `id` INT(11) PRIMARY KEY AUTO_INCREMENT, `name` VARCHAR(23) )ENGINE = InnoDB; do an ALTER table syntax
ALTER TABLE `test` MODIFY COLUMN `name` VARCHAR(23) COLLATE latin1_general_cs; or just put it into the table creation
CREATE TABLE `test` ( `id` INT(11) PRIMARY KEY AUTO_INCREMENT, `name` VARCHAR(23) )ENGINE = InnoDB DEFAULT CHARSET = latin1 COLLATE latin1_general_cs;
-
Rebel reacted to AnnieRuru in Advance SQL commands
1. When to use escape_sql script command
.
input .@haha$; dispbottom .@haha$; dispbottom escape_sql(.@haha$); it doesn't has much differences, because it only affect 3 special characters
' <- single quotation mark
" <- double quotation mark
\ <- left slash
if I input -> haha"lala'hehe <-
it will return -> haha\"lala\'hehe <-
this is what we call, Escape a character
in hercules script, we also know we can use " symbol in any string input
mes "Susan says :\" Today I ate 3 eggs \"."; where in the game client, you can see the " symbol in the npc msg box
let's say I have a sql script like this
prontera,153,171,5 script Show Characters 1_F_MARIA,{ mes "input name, I'll show you all characters name it has on that player's account"; input .@name$; .@nb = query_sql("SELECT `char_id`, `name` FROM `char` WHERE `name` LIKE '"+ .@name$ +"'", .@cid, .@name$); if ( !.@nb ) { mes "no result"; close; } for ( .@i = 0; .@i < .@nb; ++.@i ) mes .@cid[.@i] +" "+ .@name$[.@i]; close; } this script has a possibility to be hacked
because to perform sql injection, I can enclose the string with quotation mark, then use another sql command to hack
BUT with an escape_sql command, if the user want to enclose the string with quotation mark to hack the script
the escape_sql command escaped the string, the quotation mark the user input will be escaped
thus the script will become impossible to hack
just now that script was for string input
prontera,153,171,5 script Show Characters 1_F_MARIA,{ mes "input account ID, I'll show you all characters name it has on that player's account"; input .@aid$; .@nb = query_sql("SELECT `char_id`, `name` FROM `char` WHERE `account_id` = "+ escape_sql(.@aid$), .@cid, .@name$); if ( !.@nb ) { mes "no result"; close; } for ( .@i = 0; .@i < .@nb; ++.@i ) mes .@cid[.@i] +" "+ .@name$[.@i]; close; } this is another stupid case.
1. the scripter use string input while the script just needed a number
2. even with escape_sql command over there, there is no quotation mark at all
yes this script also has a risk to be hack
because escape_sql only escape quotation mark.
that hacker don't even have to input quotation mark because it is a number
and an injection query can be sent without any quotation mark input
there are 2 ways to solve this
either use numeric variable for the input command
or enclose that ....
..... WHERE `account_id` = '"+ escape_sql(.@aid$) +"'", .... with single quotation mark, when the hacker input a quotation mark will be escaped by escape_sql command
Reference : https://www.w3schools.com/sql/sql_injection.asp
escape_sql command for another thing is
if the player register their names containing ' or ", these characters are escaped
only happens when the server have no restriction on the creation of players name
hercules\conf\char\char-server.conf
// Manage possible letters/symbol in the name of charater. Control character (0x00-0x1f) are never accepted. Possible values are: // NOTE: Applies to character, party and guild names. // 0: no restriction (default) // 1: only letters/symbols in 'name_letters' option. // 2: Letters/symbols in 'name_letters' option are forbidden. All others are possibles. name_option: 1
and this was what happened to my SQL dota pvpladder script
Silo's Babies <-- this is a guild name
you can see the 5th string has a single quotation mark
with escape_sql command, that string will turn into
Silo\'s Babies <-- the quotation mark is escaped when send to sql query
-
Rebel reacted to AnnieRuru in Advance SQL commands
As usual, I only write advance guides
This guide is a compilation of SQL commands that I have used, or Questions answered on the forum
every single subject here are related to Hercules/Ragnarok Online in some ways, so you won't feel bored reading them XD
Table of Content
1. When to use *escape_sql script command
2. How to build a case-sensitive table
3. Choose a table type, MyISAM or InnoDB ?
3a. How to index a table properly
3b. Why you shouldn't use `char_reg_num_db` table
4. AUTO_INCREMENT
5. How to do IF-ELSE in SQL query ?
5a. How to update multiple rows on different conditions in a single query
6. How to show the current rank of the player
7. INSERT INTO ... SELECT ...
8. Table JOIN vs AS
9. What is the maximum string limit for *query_sql
9a. UNION
This topic is now open to Suggestions, Ideas, Improvements, and Questions ~
I'm sure many of you have some questions since the creation of this topic
You may also post up your tricks if you want to share with us
-
-
-
Rebel reacted to Beret in New fields in skill db
I was looking at Aegis and decided to create this suggestion to add more fields to the skill database.
The intent of this posting is to facilitate the use of modifications of the skills.
That way we can only use one @reloadskilldb and all modifications come into operation.
SkillHitPer is the accuracy by level
SkillHitPer = [200,200,200,200,200,200,200,200,200,200]
SkillAtkPer is the attack value by level
SkillAtkPer = [300,500,600,800,1000,1200,1300,1500,1600,1800]
SkillHandicap applies a chance for the player to receive the effect. The level of the status is according to the skill level
OnSuccess: SkillHandicap = [SC_BLIND,50,100,150,200,250,300,350,400,450,500]
SkillResetHandicap allows you to remove an effect when you use the skill
OnUse: SkillResetHandicap = [SC_SLEEP,SC_STUN]
SkillDrainHP allows absorbing the resulting damage dealt as HP.
SkillDrainHP = [100,100,100,100,100,100,100,100,100,100]
SkillDrainSP Drains SP from all players around the user based on the amount of damage they would take from a normal attack.
SkillDrainSP = [20,40,60,80,100,20,40,60,80,100]
SkillDataString allows input of a string used by teleport skills, or message when using some skill
SkillDataString = ["dicastes01.gat"]
I think these implementations would help a lot to make modifications to the abilities without shutting down the server for the modifications to come into operation
-
Rebel reacted to Gepard in Flux Control Panel for Hercules
Flux Control Panel for Hercules
Flux CP is now officialy available for Hercules!
It is fully working with both pre-Renewal and Renewal Hercules servers. We will continue developing it, so it is always up-to-date and compatible with latest Hercules.
New theme
Hercules' Flux CP comes with a brand new theme. It's a grey-ish modern and clean HTML5 theme, called Emphaino.
It has a nice dropdown menu located on top of the screen, and a customizable footer area, where you can put some stuff that should be visible all the time (like links to social media, forums etc.).
A picture is worth a thousand words:
It's a HTML5 theme, so it requires a decent browser, or IE9+ (if you insist on using that).
Theme selection
Having two themes is great, but until now it was impossible to make use of them both. That's why theme selector has been added to both themes, so your users can pick whichever theme they like more.
Again, preview:
Extra credits
Authors of original FluxCP & FluxCP-rA. Authors of Emphaino theme (originally for Wordpress).
Download
Hercules' FluxCP Github repository: https://github.com/HerculesWS/FluxCP
Issues
Bug reports, questions and suggestions are all welcome directly on GitHub: https://github.com/HerculesWS/FluxCP/issues
Enjoy~
-
Rebel reacted to Aeromesi in Returning back
Hello everyone. I've returned and I'll be getting back into RO. I don't want to talk about why I left but I'm here and sorry for the random disappearance. Nice to see the new design on Hercules, finally the new ipb!
-
Rebel reacted to Dastgir in Plugin Collections
Hello Community,
I am feeling like, there's many plugin on forum, but not been actively used, due to out-of-date plugin
I have updated Shikazu's Plugin first(as it was requested on the thread from 25th April), maybe Shikazu busy on his rl.
Also I have included My Plugins there.
I would like to add more plugins there(which are not updated on hercules forum <- please suggest if you find some outdated plugin and want me to update it )
List of Plugins and Owners:
https://github.com/dastgir/HPM-Plugins/blob/master/README.md
Repository: https://github.com/dastgir/HPM-Plugins
Thanks.
-
Rebel reacted to bWolfie in R>Plugin Hooks Guide
Requesting someone to make a guide on plugins. It's really confusing trying to make pre-hooks work just for a small part of the function you want to change. It's annoying for everyone having to ask over and over again why my plugin is not working the way it is intended.
Example, I made a pre-hook, but it ends up ignoring everything that follows this part of the function. Instead of asking somebody the reason behind this, it's good if we can learn ourselves. With the documents and resources available, trial and error is my only option.
Existing plugin examples is NOT great because there are not examples which cover every aspect of source.
Will have to go back to editing source if this continues to be a pain -_-
If I can quote AnnieRuru..,
-
Rebel reacted to Sephus in Hercules Battlegrounds
Hercules Battlegrounds
A full conversion and enhancement of eAmod's Battlegrounds system into a easy-to-install Hercules plugin library.
Version: 1.0a (alpha)
Repository @ https://github.com/Smokexyz/HerculesBG
Installation
1) Place plugin files in plugin directory. (If you wish to re-compile the code, please do so the standard way.)
2) Place all script files in the default directory provided in the repository (or your own).
3) Place all database and config parts in their respective files.
4) in conf/plugins.conf add "hBG".
Instructions on installing Plugins - http://herc.ws/wiki/HPM#Building_a_plugin
Battleground Modes
Capture the Flag Eye of Storm Triple Inferno Team DeathMatch Bossnia Conquest Stone Control Domination Rush Free For All Why use it?
1) Prevents conflicts when updating Hercules.
2) Easy to install.
3) Can be easily modified for more functions/features in the future.
For contributors
If you wish to add a free BG script to the list of available battleground modes, please contact me.
Bug Reporting
Please feel free to open an issue on the repository and I'll get to it as soon as I can.
Donate to support the project and motivate updates.
-
Rebel reacted to karazu in Daily Top 10 with Aura [MVP]
Hello, I just want to request another script script. same:(http://herc.ws/board/topic/5423-daily-top-10-with-aura-pvp/)
This is a TOP 10 MVP Rankings (Daily)
-Will show you the top 10 Players Kills
-Will give an Aura to the top 1 (Base on this: http://herc.ws/board/topic/5057-auraset/)
-Will Reset every 24 hours (Aura of the top 1 will gone also)
-Will give a prize to the top 1 (can be claim every after reset)
Thank you!
Edit:
My first post was remove, It was supposed to be a PVP type for this.
anyways I will just add it here:
This is a TOP 10 PVP Rankings (Daily)
-Will show you the top 10 Players Kills/Death
-Will give an Aura to the top 1 (Base on this: http://herc.ws/board/topic/5057-auraset/)
-Will Reset every 24 hours (Aura of the top 1 will gone also)
-Will give a prize to the top 1 (can be claim every after reset)
-
Rebel reacted to schan in Search itemid/incomplete item name in Searchstore
Hi,
Searchstore - http://herc.ws/wiki/Searchstores
Currently, searchstore will only return a query if the item name matches a complete item name and is case sensitive.
What I want is to modify this that will let me search for ItemID, incomplete item name and remove case sensitivity.
I think it is better this way.
How can I do this?
Thanks!
-
Rebel reacted to malufett in Aspd penalty
well if just weapon aspd penalty then its easy if someone could gather all data in iRO..but if we are talking about the current aspd formula of iRO then we need someone that could give the accurate formula and let the devs talks/decide and implement it..
-
Rebel got a reaction from WireShark in Epoque Expansion Pack
I hope someone can make this compatible with hercules.. converting it to a plugin would be awesome awesome..
-
Rebel reacted to nanakiwurtz in Need more examples
There's not much discussion about this Plugin system, and it means not many people understands how it work and even made a plugin itself.
I can see that this feature is very useful and versatile, but there's lack of information about this feature.
And also, there're not much people who understand to write in C, so I guess we need help, by writing more examples maybe?
-
Rebel reacted to Shikazu in [Atcommand]afk
The plugin is working but has no timeout and you can sit wherever you want.
It is being reworked, when i have found out how to access the config's from a plugin.
Here it is: https://github.com/shikazu/hpm-plugins/blob/master/src/plugins/afk.c
just compile it, add it to your plugins.conf and type @afk ingame
A little screenshot how it looks ingame, since you can't see it (afk logs you out, but you are still sitting there )
~Shikazu
-
Rebel reacted to Ind in About adjust skill damage mapflag
ahh ooh i already had agreed on that here http://herc.ws/board/topic/302-introducing-hercules-map-zone-database/?p=3646 but i forgot to do it xd I'll do this within the next few minutes
-
Rebel reacted to Yommy in Someone know why rAthena is offline since 14 day
what a fine idea.
any other topics or questions regarding rAthena downtime will result in bad things
they already stated they are restoring from some backup, and are posting updates at http://bit.ly/10FLL14
after this whole episode, their admin abilities should be regarded as questionable.