egghelp/eggheads community

store user in db to get access to chan

2012-03-10T11:33:08-04:00

Just add this:

Code:

  bind pub o|o .dbadd [namespace current]::dbAdd  # add  proc dbAdd {nick uhost handle chan text} {    if {[scan $text {%s%[^!]!%[^@]@%s} user n u h] != 4} {      putserv "NOTICE $nick :Usage: .dbadd  "    } else {      set user [::mysql::escape $user]      set maskHost [::mysql::escape "$n!$u@$h"]      set con [::mysql::connect -host $hostname -user $username -password $password -db $database]      set query [::mysql::query $con "INSERT INTO access VALUES ('$user', '$maskHost')"]      ::mysql::endquery $query      ::mysql::close $con     }  }

to the other code just before the last }, so in the end it would be something like:

Code:

namespace eval dbCheck {# and so on..# this new code}

Haven't tested anything but in theory should do what you need.

PS: You should take in to consideration nml375's comment (on escaping) when you will insert a valid select statement for the first code.

Statistics: Posted by caesar — Sat Mar 10, 2012 11:33 am

store user in db to get access to chan

2012-03-10T09:29:49-04:00

Thanks caesar!

Sure think i can use it just need to figure out to put in a admin trigger to add users with user and hostname

Statistics: Posted by Fire-Fox — Sat Mar 10, 2012 9:29 am

store user in db to get access to chan

2012-03-10T08:54:10-04:00

caesar,
Whenever you inject data from an untrusted source, you should use mysql_real_escape_string (::mysql::escape in mysqltcl) in order to avoid SQL injection exploits. Although the MySQL driver does not enable the multiple statement extension by default, you could still bypass the WHERE-clause of your query (generally speaking, irc nicknames and hostnames do not support spaces making it rather difficult to exploit "OR 1" here).

As such, escaping the nickname is correct, though you should do the very same for the hostname.

Statistics: Posted by nml375 — Sat Mar 10, 2012 8:54 am

store user in db to get access to chan

2012-03-10T07:27:27-04:00

Code:

namespace eval dbCheck {  set dbInfo "host user pass database"  bind join - "#channel *" [namespace current]::dbJoin  proc dbJoin {nick uhost handle chan} {    if {[isbotnick $nick]} return    variable dbInfo    if {[scan $dbInfo %s%s%s%s hostname username password database] != 4} return    set con [::mysql::connect -host $hostname -user $username -password $password -db $database]    set results [::mysql::query $con "INSERT YOUR SELECT STATEMENT"]    if {![::mysql::moreresult $results]} {      # kick, ban or whatever    }    ::mysql::endquery $results    ::mysql::close $con  }}

Something like this? Don't forget to add an actual select statement and a punishment or whatever you wish. Haven't tested it, but should do what you where looking for.

I would use a statement like:

Code:

set user [::mysql::escape $nick]set results [::mysql::query $con "SELECT 1 from access WHERE nick = '$user' AND uhost = '$uhost'"]

Don't know if $nick should be escaped but will throw that in anyway.

If you wish to make this to work for multiple channels, or be able to turn this on/off then you should use something like:

Code:

  setudef flag dbCheck  bind join - * [namespace current]::dbJoin  proc dbJoin {nick uhost handle chan} {    if {[isbotnick $nick]} return    if {![channel get $chan dbCheck]} return

instead of the:

Code:

  bind join - "#channel *" [namespace current]::dbJoin  proc dbJoin {nick uhost handle chan} {    if {[isbotnick $nick]} return

If you do then don't forget to .chanset #channel +dbCheck to activate it.

Statistics: Posted by caesar — Sat Mar 10, 2012 7:27 am

store user in db to get access to chan

2012-03-09T20:27:51-04:00

Hey!

I belive i did see a script here on the site, that did. add user to db and the user gained access to a channel is that right?

if not does someone have one ?

Statistics: Posted by Fire-Fox — Fri Mar 09, 2012 8:27 pm