[C#, ION/Deltar] Ion16 - [Habbo Hotel V16 Framework]

[Quackster]

Stealing Ion26 name idea? :P

Yeahh sounded sexy :)

---------- Post added at 07:29 AM ---------- Previous post was at 07:26 AM ----------

Thanks alex.

Not a problem :)

Not really. Just cache common info like item definitions, room categories, room models, navigator, etc, etc. Simple primary-key based lookups like this are fine.

However, about that snippet... please use prepared statements / parameters / whatever for your database queries to make your code immune to SQL exploits. People can now supply a name containing one or more SQL queries as the name, and the server will happily run them.

Anyway, good initiative && good luck!

Ohh really? How would I stop that? :(

Nillus, you dont know what i mean? I mean he dont cache anything!?

Actually the whole server has a small plugin system that Nillus already made and users are cached... :)

its a fucking framework calm down.

;D

---------- Post added at 07:38 AM ---------- Previous post was at 07:29 AM ----------

yea yea ok =)

People why are we busy with Oldskool?! R63 is the Version now. Dont waste your time @ oldskool, get higher to BETA! If you got a nice server: Everybody like ya! :D

You can shut-up (:

No one cares about your opinion :D

[AWA]

To fix SQL exploit, simply put: (I think, maybe wrong method name)

PHP Code:

dbClient.AddParamsWithValue("name", name); 


under:

PHP Code:

            using (Ion.Storage.DatabaseClient dbClient = IonEnvironment.GetDatabase().GetClient())
            { 


and replace:

PHP Code:

                if (dbClient.ReadBoolean("SELECT * FROM users WHERE username = '" + name + "'") == true) 


with:

PHP Code:

                if (dbClient.ReadBoolean("SELECT * FROM users WHERE username = @name") == true) 


[Mithex]

What a gay hotel view

[HabboCOIN]

What a gay hotel view

If Alex wanted to customize it he would but as a developer you have better things to do with time instead of using MX 2004.

However, Alex; you are really loving the ION framework.

Good work!

[Quackster]

To fix SQL exploit, simply put: (I think, maybe wrong method name)

PHP Code:

dbClient.AddParamsWithValue("name", name); 


under:

PHP Code:

            using (Ion.Storage.DatabaseClient dbClient = IonEnvironment.GetDatabase().GetClient())
            { 


and replace:

PHP Code:

                if (dbClient.ReadBoolean("SELECT * FROM users WHERE username = '" + name + "'") == true) 


with:

PHP Code:

                if (dbClient.ReadBoolean("SELECT * FROM users WHERE username = @name") == true) 


Ahh yes, I have used AddParamsWithValue in Aleeda :)
I never knew they blocked SQL injections

@HabboCOIN - Yes I do love the Ion framework :)

[Eronisch]

[QUOTE=WizardKing;6303790]@Eronisch so you say nillus will code anything again and you think he's going to code V14?
QUOTE]
So you say?

Seriously, learn to fkng read english?
That's not even close what i wrote..

[Quackster]

Hey has anyone actually done anything from this? (: