egghelp.org community Forum Index
[ egghelp.org home | forum home ]		 egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

store user in db to get access to chan

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests
View previous topic :: View next topic  
Author Message
Fire-Fox
Master


Joined: 23 Sep 2006
Posts: 270
Location: /dev/null
PostPosted: Fri Mar 09, 2012 8:27 pm    Post subject: store user in db to get access to chan Reply with quote
Hey!

I belive i did see a script here on the site, that did. add user to db and the user gained access to a channel is that right?

if not does someone have one ?
_________________
GreatZ
Fire-Fox | Denmark

Scripts: Relay | Store Text | TvMaze
Back to top
View user's profile Send private message MSN Messenger
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3741
Location: Mint Factory
PostPosted: Sat Mar 10, 2012 7:27 am    Post subject: Reply with quote
Code:

namespace eval dbCheck {
  set dbInfo "host user pass database"

  bind join - "#channel *" [namespace current]::dbJoin

  proc dbJoin {nick uhost handle chan} {
    if {[isbotnick $nick]} return
    variable dbInfo
    if {[scan $dbInfo %s%s%s%s hostname username password database] != 4} return
    set con [::mysql::connect -host $hostname -user $username -password $password -db $database]
    set results [::mysql::query $con "INSERT YOUR SELECT STATEMENT"]
    if {![::mysql::moreresult $results]} {
      # kick, ban or whatever
    }
    ::mysql::endquery $results
    ::mysql::close $con
  }
}

Something like this? Don't forget to add an actual select statement and a punishment or whatever you wish. Haven't tested it, but should do what you where looking for.

I would use a statement like:
Code:

set user [::mysql::escape $nick]
set results [::mysql::query $con "SELECT 1 from access WHERE nick = '$user' AND uhost = '$uhost'"]

Don't know if $nick should be escaped but will throw that in anyway.

If you wish to make this to work for multiple channels, or be able to turn this on/off then you should use something like:
Code:

  setudef flag dbCheck
  bind join - * [namespace current]::dbJoin

  proc dbJoin {nick uhost handle chan} {
    if {[isbotnick $nick]} return
    if {![channel get $chan dbCheck]} return

instead of the:
Code:

  bind join - "#channel *" [namespace current]::dbJoin

  proc dbJoin {nick uhost handle chan} {
    if {[isbotnick $nick]} return

If you do then don't forget to .chanset #channel +dbCheck to activate it. Smile
_________________
Once the game is over, the king and the pawn go back in the same box.
Back to top
View user's profile Send private message
nml375
Revered One


Joined: 04 Aug 2006
Posts: 2857
PostPosted: Sat Mar 10, 2012 8:54 am    Post subject: Reply with quote
caesar,
Whenever you inject data from an untrusted source, you should use mysql_real_escape_string (::mysql::escape in mysqltcl) in order to avoid SQL injection exploits. Although the MySQL driver does not enable the multiple statement extension by default, you could still bypass the WHERE-clause of your query (generally speaking, irc nicknames and hostnames do not support spaces making it rather difficult to exploit "OR 1" here).

As such, escaping the nickname is correct, though you should do the very same for the hostname.
_________________
NML_375, idling at #eggdrop@IrcNET
Back to top
View user's profile Send private message
Fire-Fox
Master


Joined: 23 Sep 2006
Posts: 270
Location: /dev/null
PostPosted: Sat Mar 10, 2012 9:29 am    Post subject: Reply with quote
Thanks caesar!

Sure think i can use it Smile just need to figure out to put in a admin trigger to add users Smile with user and hostname Smile
_________________
GreatZ
Fire-Fox | Denmark

Scripts: Relay | Store Text | TvMaze
Back to top
View user's profile Send private message MSN Messenger
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3741
Location: Mint Factory
PostPosted: Sat Mar 10, 2012 11:33 am    Post subject: Reply with quote
Just add this:
Code:

  bind pub o|o .dbadd [namespace current]::dbAdd

  # add
  proc dbAdd {nick uhost handle chan text} {
    if {[scan $text {%s%[^!]!%[^@]@%s} user n u h] != 4} {
      putserv "NOTICE $nick :Usage: .dbadd <user> <maskhost>"
    } else {
      set user [::mysql::escape $user]
      set maskHost [::mysql::escape "$n!$u@$h"]
      set con [::mysql::connect -host $hostname -user $username -password $password -db $database]
      set query [::mysql::query $con "INSERT INTO access VALUES ('$user', '$maskHost')"]
      ::mysql::endquery $query
      ::mysql::close $con
    }
  }

to the other code just before the last }, so in the end it would be something like:
Code:

namespace eval dbCheck {

# and so on..

# this new code
}

Haven't tested anything but in theory should do what you need. Razz

PS: You should take in to consideration nml375's comment (on escaping) when you will insert a valid select statement for the first code.
_________________
Once the game is over, the king and the pawn go back in the same box.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber