| View previous topic :: View next topic |
| Author |
Message |
Timy
Voice
Joined: 15 Oct 2006
Posts: 2
Location: Lebanon
|
 Posted: Tue Apr 21, 2009 9:19 am Post subject: Calculation Tcl |
 |
|
Dear All;
Need support to have Tcl as follow :
to define those strength as follow
Attack = input number * 2
Defense = input number * 3
Spy = input number * 4
so when user make on main input as : Attack 200
so i need out to be as follow : username 400
so automatice it will multiply the input number which is related for Attack mean it need to multiply by 2 and give the answer to user.
so please need such tsl, for who can help me about it
_________________
Gain Is The Edge Of Loss.. Loss Is The Heart Of Gain |
|
| Back to top |
|
 |
raider2k
Op
Joined: 01 Jan 2008
Posts: 140
|
| Posted: Tue Apr 21, 2009 1:23 pm Post subject: |
|
|
since i dont know what defense and spy exactly are going to do, heres the half-done code containing fully working attack code.
if i got something wrong please tell me about it and i will try to fix it asap 
| Code: |
bind pub - !attack attack
bind pub - !defense defend
bind pub - !spy spy
proc attack { nick uhost handle chan text } {
set user [lindex $text 0]
set strength [lindex $text 1]
### MAKES SURE THAT BOTH USERNAME AND STRENGTH GET FILLED
if { [string equal $strength ""] } {
putserv "PRIVMSG $chan :syntax: !attack \$username \$strength-to-attack-with"
return 0
}
if { ![regexp -all -nocase -- {[0-9]} $strength] } {
### MAKES SURE THAT STRENGTH IS NUMERIC CHARS ONLY
putserv "PRIVMSG $chan :please supply numerical characters only"
return 0
}
### CALCULATION OF STRENGTH * 2 BELOW
set newstrength [expr $strength * 2]
### OUTPUT TO CHANNEL WHAT HAS HAPPENED BELOW
putserv "PRIVMSG $chan :$nick attacks $user with $newstrength hitpoints"
}
proc defend { nick uhost handle chan text } {
#### CODE HERE
}
proc spy { nick uhost handle chan text } {
#### CODE HERE
}
|
not tested, but should work though |
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Tue Apr 21, 2009 3:45 pm Post subject: |
|
|
Please don't use lindex on strings. Atleast use split to convert it into a list first.
Also, your regular expression is flawed, as it will let non-digit characters pass through..
A proper regular expression would look like this:
| Code: | set strength [lindex [split $text] 1]
if {![regexp -- {^[[:digit:]]+$} $strength} {
... |
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
Timy
Voice
Joined: 15 Oct 2006
Posts: 2
Location: Lebanon
|
| Posted: Sat Apr 25, 2009 11:28 am Post subject: |
|
|
| raider2k wrote: | since i dont know what defense and spy exactly are going to do, heres the half-done code containing fully working attack code.
if i got something wrong please tell me about it and i will try to fix it asap
| Code: |
bind pub - !attack attack
bind pub - !defense defend
bind pub - !spy spy
proc attack { nick uhost handle chan text } {
set user [lindex $text 0]
set strength [lindex $text 1]
### MAKES SURE THAT BOTH USERNAME AND STRENGTH GET FILLED
if { [string equal $strength ""] } {
putserv "PRIVMSG $chan :syntax: !attack \$username \$strength-to-attack-with"
return 0
}
if { ![regexp -all -nocase -- {[0-9]} $strength] } {
### MAKES SURE THAT STRENGTH IS NUMERIC CHARS ONLY
putserv "PRIVMSG $chan :please supply numerical characters only"
return 0
}
### CALCULATION OF STRENGTH * 2 BELOW
set newstrength [expr $strength * 2]
### OUTPUT TO CHANNEL WHAT HAS HAPPENED BELOW
putserv "PRIVMSG $chan :$nick attacks $user with $newstrength hitpoints"
}
proc defend { nick uhost handle chan text } {
#### CODE HERE
}
proc spy { nick uhost handle chan text } {
#### CODE HERE
}
|
not tested, but should work though |
that wok with me vry fine, but i have on poblem.
but when i change number to multiply with from 2 to 3500, it work with ight out put whn i ntr number less than 6 digits, but when i nter number more than 6 digits it will give me wrong out put, but when i make it as 3000 instead of 3500 its wok normal evn if input moe than 6 digits, so what i need to change to let it work ?
_________________
Gain Is The Edge Of Loss.. Loss Is The Heart Of Gain |
|
| Back to top |
|
|
raider2k
Op
Joined: 01 Jan 2008
Posts: 140
|
| Posted: Mon Apr 27, 2009 12:11 am Post subject: |
|
|
| please re-try describing what the problem is because i was not able to understand it. and maybe put some examples |
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Mon Apr 27, 2009 12:31 pm Post subject: |
|
|
raider2k: Me or Timy?
Regarding my post, try "!attack foo [die]", and you'll see what I'm saying...
Regarding Timy's post, this sounds like a side-effect of the issue in my post. Most likely, some kind of garbage makes it through, causing expr to bark...
In any case, whenever you are passing data from an untrusted source to expr, extreme care must be taken to validate the data. Sloppy coding could very well result in a remote execution exploit.
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
raider2k
Op
Joined: 01 Jan 2008
Posts: 140
|
| Posted: Tue Apr 28, 2009 12:40 am Post subject: |
|
|
| nml375: was refering to timy but go on and speak more about possible "leaks" or exploits and how to prevent them as i am interested in it |
|
| Back to top |
|
|
nml375
Revered One
Joined: 04 Aug 2006
Posts: 2857
|
| Posted: Tue Apr 28, 2009 11:43 am Post subject: |
|
|
Well, first off, your regular expression is flawed. It will check if there is atleast one digit in strength, but won't care if there's any non-digit in it.
My example is slightly flawed, as it did not contain a digit, but do try "!attack foo 0[die]".
In this case, our regexp checks the value of strength (0[die]) against the pattern [0-9]. Since there is atleast one digit in there, there will be a match, and accepted.
Next, we preprocess this line:
| Code: | set newstrength [expr $strength * 2]
#Command substitution:
expr $strength * 2
#Variable substitution
expr {0[die]} * 2 |
Unfortunately, expr will do it's own set of command and variable substitutions:
| Code: | expr {0[die]} * 2 => "0[die] * 2"
#command substitution
die
#Oops, our bot died |
There is no option to tell expr not to do variable substitutions, but just as with eval, you can use proper list structures (if you are careful) to prevent remote code injection. Hence, it is very very important to make sure whatever you pass to expr is safe.
If you'll check one of my earlier posts, you'll find a replacement regexp with proper regular expression. It makes use of the special tokens ^ (start of line) and $ (end of line), and inbetween these, one or more digits.
Next, not a major security issue, but it's bad coding, and will break on more complex input. Don't use lindex, lrange, etc on strings. They're supposed to be used on list, and nothing else. If you need to convert a string into a list, there's the split command.
| Code: | proc attack {nick uhost handle chan text} {
set arg [split $text]
set user [lindex $arg 0]
set strength [lindex $arg 1] |
_________________
NML_375, idling at #eggdrop@IrcNET |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
