Help needed for dropcalc testing.

law · Post by **law** » Tue Sep 05, 2006 4:26 pm

i think most damage is done through misconfigurating the server (the machine).

Example.
Someone hacks your Website and gets your admin name and pw, he trys this pw on your mysql frontend , and when he has success he can change everything in thoose tables.

Another Method is DDosing the server.
And another one is maybe bruteforcing the telnet pw.

Post by **msknight** » Tue Sep 05, 2006 4:32 pm

Exactly. That was one aim with the drop calc. If more can be done through the web interface, then the SQL and telnet ports can be tied right down. Can't connect through a port that isn't open

Post by **msknight** » Tue Sep 05, 2006 5:01 pm

Law,

I'm going to hit a problem with the count(*) function in the dbutils file.

The problem is this ... I can't replace count(*) because I don't know a column to replace it with.

The dbutils is designed to be flexible. You can throw it at many different tables and it shouldn't bat an eyelid, because the code doesn't depend on knowing a firm table structure.

Leave it with me ... I'm working on it.

Post by **msknight** » Tue Sep 05, 2006 5:39 pm

O.K. - You win.

New version has just gone up to the site.

With luck ... it contains ...

a "paranoia" setting at the bottom of the config.php file, which should stop the map showing the position to non-gm's and also hiding the account name to non-gm's.

the local setting for the telnet (I'll have to find out how to code that for future compatability)

removal of all count(*) references ... I just hope that the database utilities still work as a result.

It's over to you guys to download and test to destruction!!!

... well, not literally, of course

Post by **ThePhoenixBird** » Tue Sep 05, 2006 10:25 pm

Hummmmm

msknight i had some issues with Mysql when installing your tables.

For example this one:

Code: Select all

insert into `knightloc` (`name`,`x`,`y`) values ('Breka\'s Stronghold',81266,128030);

The error its here:

'Breka\'s Stronghold'

As you can see there are three '

So, mysql takes the first one as the begginin of the string and the next one as the end of the string.

So, the sintax its like this 'Breka\'

The third one was taken as another string.

I had this problem with MySQL Query Browser.

In navicat i dont get that problem, but it's slower than Query Browser.

Well, look at this:

http://img380.imageshack.us/img380/456/dibujo2nu9.jpg

Post by **msknight** » Wed Sep 06, 2006 5:38 am

ThePhoenixBird wrote:Hummmmm

msknight i had some issues with Mysql when installing your tables.

For example this one:
Code: Select all
insert into `knightloc` (`name`,`x`,`y`) values ('Breka\'s Stronghold',81266,128030);

Thanks,

I see the problem. Different systems handle apostrophies in different ways. SQLyog, for example, uses a backslash to escape the apostrophy.

The common way others seem to handle it is to replace the apostrophy with a back tick, as are used to surround the field names. You could run a search to replace all the \' with ` and that should get you around the issue for the installation. It shouldn't cause you grief after that as they are display texts only.

Anyone know the universal way to escape apostrophies that all systems should recognise, please?

I'll also do some digging.

Post by **msknight** » Wed Sep 06, 2006 6:13 am

It is apparently not an unknown situation. MySQL's forum pages all recomend using the backslash apostrophe, as contained in my sql code.

I'll have to make a post on their forums and see what comes back.

Post by **msknight** » Wed Sep 06, 2006 6:28 am

\' is supposed to be the right way to insert an apostrophe in to strings, but I have nevertheless replaced them with back ticks and I've uploaded the updated sql for you.

It is the easiest solution I can see, otherwise I've got to re-edit the SQL every time I do an export with new data; and with C5 around the corner...

Let me know if that gives you problems.

Paul_Atrides · Post by **Paul_Atrides** » Wed Sep 06, 2006 11:17 am

In my city there are 5 commerts and no commerts servers, and 60-70% users of 12-16 years, and this users uzed very simple passwords, for examplee 123456qwerty

, therefore I also ask to make it.

Thanks for fixed, map position visible to "Paranoia" setting

, however account name its still visible.

Post by **msknight** » Thu Sep 07, 2006 7:51 am

Paul_Atrides wrote: however account name its still visible.

Account name still visible where?

If it is in the "Welcome..." then I am not removing that, as it is the account name of the person currently logged in to the drop calc and is anyway transmitted with every transaction and is visible in the url bar. You can, however, remove it yourself. It is located in the common.php file, in the wrap_start function. Just do a search for the word "Welcome" and remove the variable after it.

If it is elsewhere, please throw up and screen shot and I'll get rid of it.

Also, in 48 hours, I go on four days holiday, so anything urgent that needs to be sorted, please let me know soon, otherwise it will have to wait until I get back.

Paul_Atrides · Post by **Paul_Atrides** » Thu Sep 07, 2006 8:22 am

Post by **msknight** » Thu Sep 07, 2006 12:03 pm

Hi Paul,

Thanks, I'll check that out again tonight. Looks like I missed something.

Does it hide it for standard users who aren't GM's?

Michelle

Post by **msknight** » Thu Sep 07, 2006 12:16 pm

I understand how the guest is seeing the account, and I'll get that fixed.

What I don't understand is how the map is showing wrong.

It should show like this ...

Can you PM me, or e-mail me the source code behind that page please, so I can check where the table structure is going wrong? ie. the page source from the browser

I'm also going to get hold of Opera to see if it can shed light on what is happening.

Paul_Atrides · Post by **Paul_Atrides** » Thu Sep 07, 2006 1:54 pm

I want that names of accounts were visible only to administration (GMs and Admins).

Post by **Fulminus** » Thu Sep 07, 2006 2:30 pm

I see the problem. Different systems handle apostrophies in different ways. SQLyog, for example, uses a backslash to escape the apostrophy.

I only now saw this...it's been a while since the problem was posted, but better late than never

There are 2 default ways to escape the apostrophe. One is with a backslash. The other is with an apostrophe! For example:
'Breka''s Stronghold'
NOTE this is not a double-quote ( " ) sign. It is 2 single quote signs next to each other.
Usually, if one doesn't work, the other does, while in many systems both work! However, if you don't like guesswork, MYSQL provides another method. You can assign the job of an escape key to ANY character you wish! If I remember correctly, the syntax is like this:

Code: Select all

insert into `knightloc` (`name`,`x`,`y`) values ('Breka\'s Stronghold',81266,128030) ESCAPE '\';

Basically, the ESCAPE keyword allows you to choose any character you wish to act as an escape character. Similarly, you could do:

Code: Select all

insert into `knightloc` (`name`,`x`,`y`) values ('Breka#'s Stronghold',81266,128030) ESCAPE '#';