|
@@ -286,7 +286,7 @@ int locate_player(char name[]) {
|
|
|
//od_printf("realname = '%s'\r\n", name);
|
|
|
|
|
|
// Locating user with given name
|
|
|
- strcpy(sqlbuffer, "SELECT * from user where real=? COLLATE NOCASE;");
|
|
|
+ strcpy(sqlbuffer, "SELECT uid from user where real=? COLLATE NOCASE;");
|
|
|
sqlite3_prepare_v2(db, sqlbuffer, strlen(sqlbuffer) + 1, &stmt, NULL);
|
|
|
sqlite3_bind_text(stmt, 1, name, strlen(name), SQLITE_STATIC);
|
|
|
rc = sqlite3_step(stmt);
|
|
@@ -402,22 +402,25 @@ void update_player(User data) {
|
|
|
// Bad, don't do this... opens to SQL injection!
|
|
|
//snprintf(sqlbuffer, 1024, "UPDATE user SET nick = '%s', experience = %d, metal = %d, fuel = %d, guns = %d, armors = %d, shields = %d, armorpoints = %d, shieldpoints = %d, hitpoints = %d WHERE uid=%d;",
|
|
|
// data.nick, data.experience, data.metal, data.fuel, data.guns, data.armors, data.shields, data.armorpoints, data.shieldpoints, data.hitpoints, data.uid);
|
|
|
- strcpy(sqlbuffer, "UPDATE user SET nick=?, experience=?, metal=?, fuel=?, gun=?, armor=?, shield=?, armorpoints=?, shieldpoints=?, hitpoints=?, shieldsup=?, laston=? WHERE uid=?;");
|
|
|
+ // strcpy(sqlbuffer, "UPDATE user SET nick=?, experience=?, metal=?, fuel=?, gun=?, armor=?, shield=?, armorpoints=?, shieldpoints=?, hitpoints=?, shieldsup=?, laston=? WHERE uid=?;");
|
|
|
+ // Are they actually going to be changing their nicks??
|
|
|
+ strcpy(sqlbuffer, "UPDATE user SET experience=?, metal=?, fuel=?, gun=?, armor=?, shield=?, armorpoints=?, shieldpoints=?, hitpoints=?, shieldsup=?, laston=? WHERE uid=?;");
|
|
|
sqlite3_prepare_v2(db, sqlbuffer, strlen(sqlbuffer) + 1, &stmt, NULL);
|
|
|
// Bind All data values
|
|
|
- sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
|
|
|
- sqlite3_bind_int(stmt, 2, data.get_experience());
|
|
|
- sqlite3_bind_int(stmt, 3, data.get_metal());
|
|
|
- sqlite3_bind_int(stmt, 4, data.get_fuel());
|
|
|
- sqlite3_bind_int(stmt, 5, data.get_gun());
|
|
|
- sqlite3_bind_int(stmt, 6, data.get_armor());
|
|
|
- sqlite3_bind_int(stmt, 7, data.get_shield());
|
|
|
- sqlite3_bind_int(stmt, 8, data.get_armorpoints());
|
|
|
- sqlite3_bind_int(stmt, 9, data.get_shieldpoints());
|
|
|
- sqlite3_bind_int(stmt, 10, data.get_hitpoints());
|
|
|
- sqlite3_bind_int(stmt, 11, data.get_shieldsup());
|
|
|
- sqlite3_bind_int(stmt, 12, data.get_laston());
|
|
|
- sqlite3_bind_int(stmt, 13, data.get_uid());
|
|
|
+ // sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
|
|
|
+
|
|
|
+ sqlite3_bind_int(stmt, 1, data.get_experience());
|
|
|
+ sqlite3_bind_int(stmt, 2, data.get_metal());
|
|
|
+ sqlite3_bind_int(stmt, 3, data.get_fuel());
|
|
|
+ sqlite3_bind_int(stmt, 4, data.get_gun());
|
|
|
+ sqlite3_bind_int(stmt, 5, data.get_armor());
|
|
|
+ sqlite3_bind_int(stmt, 6, data.get_shield());
|
|
|
+ sqlite3_bind_int(stmt, 7, data.get_armorpoints());
|
|
|
+ sqlite3_bind_int(stmt, 8, data.get_shieldpoints());
|
|
|
+ sqlite3_bind_int(stmt, 9, data.get_hitpoints());
|
|
|
+ sqlite3_bind_int(stmt, 10, data.get_shieldsup());
|
|
|
+ sqlite3_bind_int(stmt, 11, data.get_laston());
|
|
|
+ sqlite3_bind_int(stmt, 12, data.get_uid());
|
|
|
// Execute
|
|
|
rc = sqlite3_step(stmt);
|
|
|
if(rc != SQLITE_DONE) {
|
|
@@ -443,8 +446,12 @@ int create_player(User data) {
|
|
|
sqlite3_busy_timeout(db, 5000);
|
|
|
strcpy(sqlbuffer, "INSERT INTO user (nick, real, experience, metal, fuel, gun, armor, shield, armorpoints, shieldpoints, hitpoints, shieldsup, laston) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
|
|
|
sqlite3_prepare_v2(db, sqlbuffer, strlen(sqlbuffer) + 1, &stmt, NULL);
|
|
|
- sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
|
|
|
- sqlite3_bind_text(stmt, 2, data.get_real().c_str(), data.get_real().length(), SQLITE_STATIC);
|
|
|
+ std::string temp = data.get_nick();
|
|
|
+ sqlite3_bind_text(stmt, 1, temp.c_str(), temp.length(), SQLITE_STATIC);
|
|
|
+ std::string temp2 = data.get_real();
|
|
|
+ sqlite3_bind_text(stmt, 2, temp2.c_str(), temp2.length(), SQLITE_STATIC);
|
|
|
+ //sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
|
|
|
+ //sqlite3_bind_text(stmt, 2, data.get_real().c_str(), data.get_real().length(), SQLITE_STATIC);
|
|
|
sqlite3_bind_int(stmt, 3, data.get_experience());
|
|
|
sqlite3_bind_int(stmt, 4, data.get_metal());
|
|
|
sqlite3_bind_int(stmt, 5, data.get_fuel());
|
|
@@ -1173,13 +1180,14 @@ void play_game() {
|
|
|
paws();
|
|
|
}
|
|
|
if(abort == 0) {
|
|
|
- od_printf("`bright white`Are you sure you want to be called `bright green`%s\r\n");
|
|
|
+ od_printf("`bright white`Are you sure you want to be called `bright green`%s\r\n", myself.get_nick().c_str());
|
|
|
done = yesNo();
|
|
|
if(done) {
|
|
|
if(reset) { // So we are reseting the user, this wipes all values and uses update instead of create
|
|
|
User myself(myself.get_uid(), myself.get_nick().c_str(), myself.get_real(), 0, dateStamp(), 1, 8, 0, 0, 0, 4, 1, 0, 10);
|
|
|
update_player(myself);
|
|
|
} else { // Brand new user
|
|
|
+ ZF_LOGI("Creating user");
|
|
|
User myself2(myself.get_nick().c_str(), od_control.user_name);
|
|
|
create_player(myself2);
|
|
|
myself = load_player(locate_player(od_control.user_name));
|