· 5 years ago · Jul 03, 2020, 12:06 AM
1//===== rAthena Script =======================================
2//= Security System - SQL
3//===== By ===================================================
4//= llchrisll
5//===== Version ==============================================
6//= 1.0 - Initial Version
7//= 1.1 - Fixed SQL Bug (SQL Injection) - Thanks to ToastofDoom
8//= 2.0 - Shortened a bit and made it more dynamically
9// - Removed OnWhisperGlobal
10// - Renamed variables (always temp character variables ....)
11// - Added prevention to use "ALT+M" shortcuts and dying via
12// Attacks like Mob or PvP Maps after Login until the security password has been put
13//= 2.1 - Script Optimization
14// - Removed Server Mode Selection - only SQL now
15//===== Tested With =========================================
16//= rAthena SQL 07/16-2017 Revision
17//===== Description ==========================================
18//= Security System - Simple
19//===== Comments =============================================
20//= None....
21//============================================================
22prontera.gat,150,180,4 script Security Manager 109,{
23
24if (getgmlevel() >= 80) {
25 mes .n$;
26 mes "Which Menu?";
27 if(select("- Player Menu:- GM Menu") - 1) goto M_GM;
28 next;
29}
30mes .n$;
31mes "Hello, "+strcharinfo(0)+".";
32mes "What do you wanna do?";
33next;
34if(select("- Add/Change my Password:- Nothing") - 1) close;
35
36if($security_pass == 0) {
37 set #security_pass, 0;
38 mes .n$;
39 mes "The System isn't enabled.";
40 close;
41
42} else if($security_pass == 1 && #security_pass == 0) {
43 mes .n$;
44 mes "Hello, "+strcharinfo(0)+"";
45 mes "So you want to set your Password?";
46 next;
47 if(select("- Yes, please:- Naa, not now.") - 1) {
48 mes .n$;
49 mes "Okay, please come back as soon as possible.";
50 close;
51 }
52 mes .n$;
53 // In case the database has not been cleaned before the script has been removed, extra check....
54 query_sql "SELECT `pass` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",.@sec_pass$;
55 if(.@sec_pass$ != "") {
56 mes "It seems like that the database hasn't been cleared before removing the script.";
57 mes "I will use your password from before, which is "+.@sec_pass$+".";
58 set #security_pass,1;
59 close;
60 }
61 mes "Okay, type the password you want.";
62 input .@sec_pass$;
63 next;
64 mes .n$;
65 mes "The Password is:";
66 mes .@sec_pass$;
67 mes "Is that correct?";
68 if(select("- Yes, it is:- No,repeat please") - 1) close;
69 next;
70 set #security_pass, 1;
71 callfunc "SS_PW",2,3,.@sec_pass$;
72 mes .n$;
73 mes "Thank you for your time.";
74 mes "Your Password and IP got saved.";
75 mes "Remember it carefully.";
76 close;
77
78} else if($security_pass == 1 && #security_pass == 1) {
79 mes .n$;
80 mes "So you want to change your Password?";
81 if(select("- Yes:- No") - 1) close;
82 next;
83 mes .n$;
84 mes "Please insert the new Password.";
85 mes "^FF2200 Note: Type \"Cancel\" into the box to cancel your attempt.^000000";
86 next;
87 input .@ch_pass$;
88 mes .n$;
89 if(.@ch_pass$ == "Cancel") close;
90 if( callfunc("SS_PW",1,1,.@ch_pass$) == 1) {
91 mes "I'm sorry, but the new Password matches the previous one.";
92 close;
93 }
94 mes "The new password is:";
95 mes .@ch_pass$;
96 mes "Is that correct?";
97 if(select("- Yes, it is correct:- No, I don't want to change it.") - 1) close;
98 next;
99 mes .n$;
100 mes "Thank you for your time.";
101 callfunc("SS_PW",2,1,.@ch_pass$);
102 close;
103}
104
105M_GM:
106next;
107if($sec_table_created == 1) {
108 mes .n$;
109 mes "Hello, "+strcharinfo(0)+"!";
110 mes "What do you want to do?";
111 next;
112 switch(select("- Disable/Enable the System:- Delete Table:- Nothing") ) {
113
114 case 1:
115 mes .n$;
116 mes "The Security System is " + ( ($security_pass) ? "^00BB22Enabled^000000." : "^FF2200Disabled^000000.");
117 mes "Do you want to "+ ( ($security_pass == 0)?"enable":"disable")+" it?";
118 if(select("- Yes, please:- No, thanks") - 1) close;
119 next;
120 mes .n$;
121 mes "The Security System is "+ ( ($security_pass == 0)?"enabled":"disabled")+" now.";
122 announce "The Security Systen has been "+ ( ($security_pass == 0)?"enabled":"disabled")+".",bc_yellow|bc_all;
123 set $security_pass,!$security_pass;
124 close;
125
126 case 2:
127 mes .n$;
128 mes "Do you really want to delete the whole table?";
129 if(select("- Yes, I want!!:- No, I misclicked ya") - 1) close;
130 next;
131 mes .n$;
132 mes "Okay, it's a 'One-Way Ticket'!!!!";
133 query_sql "DROP TABLE `security_sys`";
134 set $sec_table_created,0;
135 set $security_pass,0;
136 close;
137
138 case 3:
139 mes .n$;
140 mes "Goodbye, see ya next time.";
141 close;
142 }
143
144} else {
145 mes .n$;
146 mes "There isn't a table in your database yet.";
147 mes "Want to create it?";
148 if(select("- Yes, I want to create one:- No, don't wanna") - 1) close;
149 next;
150 mes .n$;
151 mes "The Table is created now.";
152 query_sql "CREATE TABLE IF NOT EXISTS `security_sys` ( `last_ip` VARCHAR( 100 ) , `account_id` INT( 11 ) , `pass` VARCHAR( 32 ))";
153 set $sec_table_created, 1;
154 set $security_pass, 1;
155 close;
156}
157
158OnInit:
159set .n$,"[Security Manager]";
160if(query_sql("SHOW TABLES LIKE 'security_sys'",.@tbl) != 0)
161 set $sec_table_created,1;
162end;
163}
164
165- script SS_PW_Login -1,{
166end;
167
168OnPCLoginEvent:
169set .@n$,"[Security Manager]";
170// Server Name
171set .@serv_name$,"<Server Name>";
172// Mail Address
173set .@serv_mail$,"<Server Mail Address>";
174// ========== System is offline =======
175if($security_pass == 0) {
176 // Either Password has not been set or the system was temporarly down
177 if(#security_pass == 0 || #security_pass == 3) end;
178 // Password is set but system offline
179 else if(#security_pass == 1) {
180 announce "The Security System is momentally offline.",bc_red|bc_self;
181 set #security_pass,3;
182 // System Offline but Jail active
183 } else if(#security_pass == 2)
184 set #security_pass,0;
185
186// ============= System is online =============
187} else if($security_pass == 1) {
188 // No Password set yet
189 if(#security_pass == 0) {
190 mes .@n$;
191 mes "Your Security Password hasn't been set yet.";
192 mes "Please come to me and set it.";
193 close;
194
195 // Jail.....
196 } else if(#security_pass == 2) {
197 sc_start 112,999999,1; //Berserk State, not able to talk/using commands
198 pcblockmove getcharid(3),1; // Preventing from moving
199
200 mes .@n$;
201 mes "Please type the 'correct' Password now or your account will be blocked";
202 mes "and you have to write an e-mail to \""+.@serv_mail$+"\" with the content of the right Password.";
203 next;
204 mes .@n$;
205 mes "Start please:";
206 next;
207 input .@pass$;
208 if( callfunc("SS_PW",1,1,.@pass$) == 1 ) {
209 set #security_pass,1;
210 sc_end 112;
211 pcblockmove getcharid(3),0;
212 percentheal 100,100;
213 atcommand "@unjail "+strcharinfo(0);
214 goto PW_PASS;
215 }
216 mes .@n$;
217 mes "The Password you typed is wrong.";
218 mes "Your Account will be blocked now.";
219 close2;
220 atcommand "@block "+strcharinfo(0);
221 end;
222
223 // System was temporarly offline
224 } else if(#security_pass == 3) {
225 announce "The Security System is back online.",bc_red|bc_self;
226 set #security_pass,1;
227
228 // Password was set
229 } else if(#security_pass == 1) { // Check if Password was set
230 if( callfunc("SS_PW",1,2) == 1) goto PW_PASS; // IP Check
231
232 sc_start 112,999999,1; //Berserk State, not able to talk/using commands
233 pcblockmove getcharid(3),1; // Preventing from moving
234 atcommand "@battleignore"; // Preventing the player from dying from attacks
235 set @lock,1;
236
237 mes .@n$;
238 mes "Please insert the Password for your own Security.";
239 next;
240 input .@pass$;
241 if( callfunc("SS_PW",1,1,.@pass$) == 1) goto PW_PASS; // Inserted Password Check
242 mes .@n$;
243 mes "The Password you typed is wrong.";
244 mes "You got one more chance to login.";
245 next;
246 input .@pass$;
247 if( callfunc("SS_PW",1,1,.@pass$) == 1) goto PW_PASS;
248 mes .@n$;
249 mes "You typed the Password wrong twice.";
250 mes "You will be warped to the Jail now.";
251 mes "After Login in, you have to write the password again and if you are write it";
252 mes "again wrong your account will be blocked.";
253 close2;
254 atcommand "@jail "+strcharinfo(0);
255 set #security_pass,2;
256 sc_end 112;
257 pcblockmove getcharid(3),0;
258 atcommand "@battleignore";
259 set @lock,0;
260 sleep2 1500;
261 atcommand "@kick "+strcharinfo(0);
262 }
263}
264end;
265
266// Password Input Passed
267PW_PASS:
268mes .@n$;
269mes "You have successfully logged in. Have Fun on "+.@serv_name$+".";
270// Checking if the player has a different IP then before and update it accordingly.
271if(@ip_n) {
272 callfunc("SS_PW",2,2,@ip_new$);
273 set @ip_n,0;
274 set @ip_new$,"";
275}
276if(@lock) {
277 sc_end 112;
278 pcblockmove getcharid(3),0;
279 atcommand "@battleignore";
280 percentheal 100,100;
281 set @lock,0;
282}
283end;
284}
285
286function script SS_PW {
287// getarg(0) == Data Type
288// - 1= Read
289// - 2= Write
290// getarg(1) == Read/Write Type
291// - 1=PW
292// - 2=IP
293// - 3=New Entry
294// getarg(2) == Data Value
295 switch(getarg(1)) {
296 case 1:
297 if(getarg(0) == 1) { // Data Type - Read
298 query_sql "SELECT `pass` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",.@sec_pass$;
299 if(getarg(2) == .@sec_pass$) return 1;
300 else return -1;
301
302 } else if(getarg(0) == 2) // Data Type - Write
303 query_sql "UPDATE `security_sys` SET `pass` = '"+escape_sql(getarg(3))+"' WHERE `account_id` = '"+getcharid(3)+"'";
304
305 return;
306
307 case 2:
308 // checks the IP's
309 if(getarg(0) == 1) { // Data Type - Read
310 query_sql "SELECT `last_ip` FROM `login` WHERE `account_id` = '"+getcharid(3)+"'",.@last_ip$;
311 query_sql "SELECT `last_ip` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",.@last_ip2$;
312 if(.@last_ip$ == .@last_ip2$) return 1;
313 else {
314 set @ip_n,1; // Got new IP > Update after Password Check passed
315 set @ip_new$,.@last_ip$; // IP Itself
316 return -1;
317 }
318
319 } else if(getarg(0) == 2) // Data Type - Write
320 query_sql "UPDATE `security_sys` SET `last_ip` = '"+getarg(3)+"' WHERE `account_id` = '"+getcharid(3)+"'";
321
322 case 3:
323 query_sql "SELECT `last_ip` FROM `login` WHERE `account_id` = '"+getcharid(3)+"'",.@last_ip$;
324 query_sql "INSERT INTO `security_sys` (`last_ip` , `account_id` , `pass`) VALUES ('"+.@last_ip$+"' , '"+getcharid(3)+"' , '"+escape_sql(getarg(2))+"')";
325 return;
326 }
327}