From e402a9f15b5869c28076046f13b0123f9d30b5bd Mon Sep 17 00:00:00 2001 From: UnknownShadow200 Date: Wed, 17 Aug 2016 16:22:47 +1000 Subject: [PATCH] Don't let you use /infoswap on same or higher ranked players. --- Commands/Chat/CmdSend.cs | 20 +++++++++----------- Commands/Moderation/CmdInfoSwap.cs | 16 +++++++++++----- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/Commands/Chat/CmdSend.cs b/Commands/Chat/CmdSend.cs index 815ea84fc..20f18fae6 100644 --- a/Commands/Chat/CmdSend.cs +++ b/Commands/Chat/CmdSend.cs @@ -32,12 +32,10 @@ namespace MCGalaxy.Commands { string[] parts = message.SplitSpaces(2); if (message == "" || parts.Length == 1) { Help(p); return; } - Player who = PlayerInfo.Find(parts[0]); - string whoTo = who == null ? parts[0] : who.name; - string fromname = p == null ? "(console)" : p.name; - if (!Player.ValidName(whoTo)) { - Player.Message(p, "%cIllegal name!"); return; - } + Player receiver = PlayerInfo.Find(parts[0]); + string receiverName = receiver == null ? parts[0] : receiver.name; + string senderName = p == null ? "(console)" : p.name; + if (!ValidName(p, receiverName, "player")) return; message = parts[1]; //DB @@ -47,13 +45,13 @@ namespace MCGalaxy.Commands { message = message.Substring(0, 255); } //safe against SQL injections because whoTo is checked for illegal characters - Database.Execute("CREATE TABLE if not exists `Inbox" + whoTo + + Database.Execute("CREATE TABLE if not exists `Inbox" + receiverName + "` (PlayerFrom CHAR(20), TimeSent DATETIME, Contents VARCHAR(255));"); - Database.Execute("INSERT INTO `Inbox" + whoTo + "` (PlayerFrom, TimeSent, Contents) VALUES (@0, @1, @2)", - fromname, DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), message); + Database.Execute("INSERT INTO `Inbox" + receiverName + "` (PlayerFrom, TimeSent, Contents) VALUES (@0, @1, @2)", + senderName, DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), message); - Player.Message(p, "Message sent to &5" + whoTo + "."); - if (who != null) who.SendMessage("Message recieved from &5" + fromname + "%S."); + Player.Message(p, "Message sent to &5" + receiverName + "."); + if (receiver != null) receiver.SendMessage("Message recieved from &5" + senderName + "%S."); } public override void Help(Player p) { diff --git a/Commands/Moderation/CmdInfoSwap.cs b/Commands/Moderation/CmdInfoSwap.cs index 7bc35a5a6..d182a84bd 100644 --- a/Commands/Moderation/CmdInfoSwap.cs +++ b/Commands/Moderation/CmdInfoSwap.cs @@ -49,9 +49,18 @@ namespace MCGalaxy.Commands { if (dst == null) { Player.Message(p, "\"{0}\" was not found in the database.", args[1]); return; } + + Group srcGroup = Group.findPlayerGroup(src.Name); + Group dstGroup = Group.findPlayerGroup(dst.Name); + if (p != null && srcGroup.Permission > p.Rank) { + Player.Message(p, "Cannot /infoswap for a player ranked equal or higher to yours."); return; + } + if (p != null && dstGroup.Permission > p.Rank) { + Player.Message(p, "Cannot /infoswap for a player ranked equal or higher to yours."); return; + } Swap(src, dst); Swap(dst, src); - SwapGroups(src, dst); + SwapGroups(src, dst, srcGroup, dstGroup); } const string format = "yyyy-MM-dd HH:mm:ss"; @@ -69,10 +78,7 @@ namespace MCGalaxy.Commands { src.Money, src.Title, src.TitleColor, src.TotalTime, dst.Name); } - void SwapGroups(PlayerData src, PlayerData dst) { - Group srcGroup = Group.findPlayerGroup(src.Name); - Group dstGroup = Group.findPlayerGroup(dst.Name); - + void SwapGroups(PlayerData src, PlayerData dst, Group srcGroup, Group dstGroup) { srcGroup.playerList.Remove(src.Name); srcGroup.playerList.Add(dst.Name); srcGroup.playerList.Save();