Browse Source

Fixed create_player overwriting mem

  Thank you bugz for figuring out this bug...

  Solution is make 2 temp strings so our memory doesn't get wacked, and
thus player's nick and realname are correct.
david 4 years ago
parent
commit
03de3ba499
1 changed files with 26 additions and 18 deletions
  1. 26 18
      main.cpp

+ 26 - 18
main.cpp

@@ -286,7 +286,7 @@ int locate_player(char name[]) {
   //od_printf("realname = '%s'\r\n", name);
 
   // Locating user with given name
-  strcpy(sqlbuffer, "SELECT * from user where real=? COLLATE NOCASE;");
+  strcpy(sqlbuffer, "SELECT uid from user where real=? COLLATE NOCASE;");
   sqlite3_prepare_v2(db, sqlbuffer, strlen(sqlbuffer) + 1, &stmt, NULL);
   sqlite3_bind_text(stmt, 1, name, strlen(name), SQLITE_STATIC);
   rc = sqlite3_step(stmt);
@@ -402,22 +402,25 @@ void update_player(User data) {
   // Bad, don't do this... opens to SQL injection!
   //snprintf(sqlbuffer, 1024, "UPDATE user SET nick = '%s', experience = %d, metal = %d, fuel = %d, guns = %d, armors = %d, shields = %d, armorpoints = %d, shieldpoints = %d, hitpoints = %d WHERE uid=%d;",
   //  data.nick, data.experience, data.metal, data.fuel, data.guns, data.armors, data.shields, data.armorpoints, data.shieldpoints, data.hitpoints, data.uid);
-  strcpy(sqlbuffer, "UPDATE user SET nick=?, experience=?, metal=?, fuel=?, gun=?, armor=?, shield=?, armorpoints=?, shieldpoints=?, hitpoints=?, shieldsup=?, laston=? WHERE uid=?;");
+  // strcpy(sqlbuffer, "UPDATE user SET nick=?, experience=?, metal=?, fuel=?, gun=?, armor=?, shield=?, armorpoints=?, shieldpoints=?, hitpoints=?, shieldsup=?, laston=? WHERE uid=?;");
+  // Are they actually going to be changing their nicks??
+  strcpy(sqlbuffer, "UPDATE user SET experience=?, metal=?, fuel=?, gun=?, armor=?, shield=?, armorpoints=?, shieldpoints=?, hitpoints=?, shieldsup=?, laston=? WHERE uid=?;");  
   sqlite3_prepare_v2(db, sqlbuffer, strlen(sqlbuffer) + 1, &stmt, NULL);
   // Bind All data values
-  sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
-  sqlite3_bind_int(stmt, 2, data.get_experience());
-  sqlite3_bind_int(stmt, 3, data.get_metal());
-  sqlite3_bind_int(stmt, 4, data.get_fuel());
-  sqlite3_bind_int(stmt, 5, data.get_gun());
-  sqlite3_bind_int(stmt, 6, data.get_armor());
-  sqlite3_bind_int(stmt, 7, data.get_shield());
-  sqlite3_bind_int(stmt, 8, data.get_armorpoints());
-  sqlite3_bind_int(stmt, 9, data.get_shieldpoints());
-  sqlite3_bind_int(stmt, 10, data.get_hitpoints());
-  sqlite3_bind_int(stmt, 11, data.get_shieldsup());
-  sqlite3_bind_int(stmt, 12, data.get_laston());
-  sqlite3_bind_int(stmt, 13, data.get_uid());
+  // sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
+
+  sqlite3_bind_int(stmt, 1, data.get_experience());
+  sqlite3_bind_int(stmt, 2, data.get_metal());
+  sqlite3_bind_int(stmt, 3, data.get_fuel());
+  sqlite3_bind_int(stmt, 4, data.get_gun());
+  sqlite3_bind_int(stmt, 5, data.get_armor());
+  sqlite3_bind_int(stmt, 6, data.get_shield());
+  sqlite3_bind_int(stmt, 7, data.get_armorpoints());
+  sqlite3_bind_int(stmt, 8, data.get_shieldpoints());
+  sqlite3_bind_int(stmt, 9, data.get_hitpoints());
+  sqlite3_bind_int(stmt, 10, data.get_shieldsup());
+  sqlite3_bind_int(stmt, 11, data.get_laston());
+  sqlite3_bind_int(stmt, 12, data.get_uid());
   // Execute
   rc = sqlite3_step(stmt);
   if(rc != SQLITE_DONE) {
@@ -443,8 +446,12 @@ int create_player(User data) {
   sqlite3_busy_timeout(db, 5000);
   strcpy(sqlbuffer, "INSERT INTO user (nick, real, experience, metal, fuel, gun, armor, shield, armorpoints, shieldpoints, hitpoints, shieldsup, laston) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
   sqlite3_prepare_v2(db, sqlbuffer, strlen(sqlbuffer) + 1, &stmt, NULL);
-  sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
-  sqlite3_bind_text(stmt, 2, data.get_real().c_str(), data.get_real().length(), SQLITE_STATIC);
+  std::string temp = data.get_nick();
+  sqlite3_bind_text(stmt, 1, temp.c_str(), temp.length(), SQLITE_STATIC);
+  std::string temp2 = data.get_real();
+  sqlite3_bind_text(stmt, 2, temp2.c_str(), temp2.length(), SQLITE_STATIC);
+  //sqlite3_bind_text(stmt, 1, data.get_nick().c_str(), data.get_nick().length(), SQLITE_STATIC);
+  //sqlite3_bind_text(stmt, 2, data.get_real().c_str(), data.get_real().length(), SQLITE_STATIC);
   sqlite3_bind_int(stmt, 3, data.get_experience());
   sqlite3_bind_int(stmt, 4, data.get_metal());
   sqlite3_bind_int(stmt, 5, data.get_fuel());
@@ -1173,13 +1180,14 @@ void play_game() {
         paws();
       }
       if(abort == 0) {
-        od_printf("`bright white`Are you sure you want to be called `bright green`%s\r\n");
+        od_printf("`bright white`Are you sure you want to be called `bright green`%s\r\n", myself.get_nick().c_str());
         done = yesNo();
         if(done) {
           if(reset) { // So we are reseting the user, this wipes all values and uses update instead of create
             User myself(myself.get_uid(), myself.get_nick().c_str(), myself.get_real(), 0, dateStamp(), 1, 8, 0, 0, 0, 4, 1, 0, 10);
             update_player(myself);
           } else { // Brand new user
+            ZF_LOGI("Creating user");
             User myself2(myself.get_nick().c_str(), od_control.user_name);
             create_player(myself2);
             myself = load_player(locate_player(od_control.user_name));