From 3c2d658b375f7c268ebf0e0eada99f391ceec376 Mon Sep 17 00:00:00 2001 From: GJ Date: Mon, 9 Jul 2012 11:12:46 -0400 Subject: [PATCH] Protect our database. --- .../nossr50/commands/mc/McremoveCommand.java | 14 ++++--- .../nossr50/commands/mc/MctopCommand.java | 9 ++-- .../nossr50/datatypes/PlayerProfile.java | 41 +++++++++++-------- src/main/java/com/gmail/nossr50/mcMMO.java | 6 ++- .../nossr50/runnables/SQLConversionTask.java | 26 ++++++------ 5 files changed, 57 insertions(+), 39 deletions(-) diff --git a/src/main/java/com/gmail/nossr50/commands/mc/McremoveCommand.java b/src/main/java/com/gmail/nossr50/commands/mc/McremoveCommand.java index 1d105e660..c4aecb02b 100644 --- a/src/main/java/com/gmail/nossr50/commands/mc/McremoveCommand.java +++ b/src/main/java/com/gmail/nossr50/commands/mc/McremoveCommand.java @@ -18,6 +18,7 @@ import com.gmail.nossr50.datatypes.McMMOPlayer; import com.gmail.nossr50.datatypes.SpoutHud; import com.gmail.nossr50.locale.LocaleLoader; import com.gmail.nossr50.spout.SpoutStuff; +import com.gmail.nossr50.util.Database; import com.gmail.nossr50.util.Users; public class McremoveCommand implements CommandExecutor { @@ -54,31 +55,32 @@ public class McremoveCommand implements CommandExecutor { /* MySQL */ if (Config.getInstance().getUseMySQL()) { + Database database = mcMMO.getPlayerDatabase(); int userId = 0; - userId = mcMMO.database.getInt("SELECT id FROM " + tablePrefix + "users WHERE user = '" + playerName + "'"); + userId = database.getInt("SELECT id FROM " + tablePrefix + "users WHERE user = '" + playerName + "'"); if (userId > 0) { - mcMMO.database.write("DELETE FROM " + database.write("DELETE FROM " + databaseName + "." + tablePrefix + "users WHERE " + tablePrefix + "users.id=" + userId); - mcMMO.database.write("DELETE FROM " + database.write("DELETE FROM " + databaseName + "." + tablePrefix + "cooldowns WHERE " + tablePrefix + "cooldowns.user_id=" + userId); - mcMMO.database.write("DELETE FROM " + database.write("DELETE FROM " + databaseName + "." + tablePrefix + "huds WHERE " + tablePrefix + "huds.user_id=" + userId); - mcMMO.database.write("DELETE FROM " + database.write("DELETE FROM " + databaseName + "." + tablePrefix + "skills WHERE " + tablePrefix + "skills.user_id=" + userId); - mcMMO.database.write("DELETE FROM " + database.write("DELETE FROM " + databaseName + "." + tablePrefix + "experience WHERE " + tablePrefix + "experience.user_id=" + userId); diff --git a/src/main/java/com/gmail/nossr50/commands/mc/MctopCommand.java b/src/main/java/com/gmail/nossr50/commands/mc/MctopCommand.java index bde7592a3..ad6fbe07c 100644 --- a/src/main/java/com/gmail/nossr50/commands/mc/MctopCommand.java +++ b/src/main/java/com/gmail/nossr50/commands/mc/MctopCommand.java @@ -11,6 +11,7 @@ import org.bukkit.command.CommandSender; import com.gmail.nossr50.mcMMO; import com.gmail.nossr50.config.Config; import com.gmail.nossr50.locale.LocaleLoader; +import com.gmail.nossr50.util.Database; import com.gmail.nossr50.util.Leaderboard; import com.gmail.nossr50.util.Misc; import com.gmail.nossr50.util.Skills; @@ -134,7 +135,9 @@ public class MctopCommand implements CommandExecutor { private void sqlDisplay(int page, String query, CommandSender sender) { String tablePrefix = Config.getInstance().getMySQLTablePrefix(); - HashMap> userslist = mcMMO.database.read("SELECT " + query + ", user_id FROM " + tablePrefix + "skills WHERE " + query + " > 0 ORDER BY " + query + " DESC "); + Database database = mcMMO.getPlayerDatabase(); + + HashMap> userslist = database.read("SELECT " + query + ", user_id FROM " + tablePrefix + "skills WHERE " + query + " > 0 ORDER BY " + query + " DESC "); if (query.equals("taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing")) { sender.sendMessage(LocaleLoader.getString("Commands.PowerLevel.Leaderboard")); @@ -144,11 +147,11 @@ public class MctopCommand implements CommandExecutor { } for (int i = (page * 10) - 9; i <= (page * 10); i++) { - if (i > userslist.size() || mcMMO.database.read("SELECT user FROM " + tablePrefix + "users WHERE id = '" + Integer.valueOf(userslist.get(i).get(1)) + "'") == null) { + if (i > userslist.size() || database.read("SELECT user FROM " + tablePrefix + "users WHERE id = '" + Integer.valueOf(userslist.get(i).get(1)) + "'") == null) { break; } - HashMap> username = mcMMO.database.read("SELECT user FROM " + tablePrefix + "users WHERE id = '" + Integer.valueOf(userslist.get(i).get(1)) + "'"); + HashMap> username = database.read("SELECT user FROM " + tablePrefix + "users WHERE id = '" + Integer.valueOf(userslist.get(i).get(1)) + "'"); sender.sendMessage(String.valueOf(i) + ". " + ChatColor.GREEN + userslist.get(i).get(0) + " - " + ChatColor.WHITE + username.get(1).get(0)); } } diff --git a/src/main/java/com/gmail/nossr50/datatypes/PlayerProfile.java b/src/main/java/com/gmail/nossr50/datatypes/PlayerProfile.java index 395ebf5e2..6e6c44c65 100644 --- a/src/main/java/com/gmail/nossr50/datatypes/PlayerProfile.java +++ b/src/main/java/com/gmail/nossr50/datatypes/PlayerProfile.java @@ -12,6 +12,7 @@ import com.gmail.nossr50.config.Config; import com.gmail.nossr50.config.SpoutConfig; import com.gmail.nossr50.party.Party; import com.gmail.nossr50.party.PartyManager; +import com.gmail.nossr50.util.Database; import com.gmail.nossr50.util.Misc; public class PlayerProfile { @@ -85,16 +86,18 @@ public class PlayerProfile { } public boolean loadMySQL() { - userId = mcMMO.database.getInt("SELECT id FROM " + Config.getInstance().getMySQLTablePrefix() + "users WHERE user = '" + playerName + "'"); + Database database = mcMMO.getPlayerDatabase(); + + userId = database.getInt("SELECT id FROM " + Config.getInstance().getMySQLTablePrefix() + "users WHERE user = '" + playerName + "'"); if (userId == 0) { return false; } else { - HashMap> huds = mcMMO.database.read("SELECT hudtype FROM " + Config.getInstance().getMySQLTablePrefix() + "huds WHERE user_id = " + userId); + HashMap> huds = database.read("SELECT hudtype FROM " + Config.getInstance().getMySQLTablePrefix() + "huds WHERE user_id = " + userId); if (huds.get(1) == null) { - mcMMO.database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "huds (user_id) VALUES (" + userId + ")"); + database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "huds (user_id) VALUES (" + userId + ")"); } else { for (HudType type : HudType.values()) { @@ -108,10 +111,10 @@ public class PlayerProfile { * I'm still learning MySQL, this is a fix for adding a new table * its not pretty but it works */ - HashMap> cooldowns = mcMMO.database.read("SELECT mining, woodcutting, unarmed, herbalism, excavation, swords, axes, blast_mining FROM " + Config.getInstance().getMySQLTablePrefix() + "cooldowns WHERE user_id = " + userId); + HashMap> cooldowns = database.read("SELECT mining, woodcutting, unarmed, herbalism, excavation, swords, axes, blast_mining FROM " + Config.getInstance().getMySQLTablePrefix() + "cooldowns WHERE user_id = " + userId); if(cooldowns.get(1) == null) { - mcMMO.database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "cooldowns (user_id) VALUES (" + userId + ")"); + database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "cooldowns (user_id) VALUES (" + userId + ")"); } else { skillsDATS.put(AbilityType.SUPER_BREAKER, Integer.valueOf(cooldowns.get(1).get(0))); @@ -124,7 +127,7 @@ public class PlayerProfile { skillsDATS.put(AbilityType.BLAST_MINING, Integer.valueOf(cooldowns.get(1).get(7))); } - HashMap> stats = mcMMO.database.read("SELECT taming, mining, repair, woodcutting, unarmed, herbalism, excavation, archery, swords, axes, acrobatics, fishing FROM "+Config.getInstance().getMySQLTablePrefix()+"skills WHERE user_id = " + userId); + HashMap> stats = database.read("SELECT taming, mining, repair, woodcutting, unarmed, herbalism, excavation, archery, swords, axes, acrobatics, fishing FROM "+Config.getInstance().getMySQLTablePrefix()+"skills WHERE user_id = " + userId); skills.put(SkillType.TAMING, Integer.valueOf(stats.get(1).get(0))); skills.put(SkillType.MINING, Integer.valueOf(stats.get(1).get(1))); skills.put(SkillType.REPAIR, Integer.valueOf(stats.get(1).get(2))); @@ -137,7 +140,7 @@ public class PlayerProfile { skills.put(SkillType.AXES, Integer.valueOf(stats.get(1).get(9))); skills.put(SkillType.ACROBATICS, Integer.valueOf(stats.get(1).get(10))); skills.put(SkillType.FISHING, Integer.valueOf(stats.get(1).get(11))); - HashMap> experience = mcMMO.database.read("SELECT taming, mining, repair, woodcutting, unarmed, herbalism, excavation, archery, swords, axes, acrobatics, fishing FROM "+Config.getInstance().getMySQLTablePrefix()+"experience WHERE user_id = " + userId); + HashMap> experience = database.read("SELECT taming, mining, repair, woodcutting, unarmed, herbalism, excavation, archery, swords, axes, acrobatics, fishing FROM "+Config.getInstance().getMySQLTablePrefix()+"experience WHERE user_id = " + userId); skillsXp.put(SkillType.TAMING, Integer.valueOf(experience.get(1).get(0))); skillsXp.put(SkillType.MINING, Integer.valueOf(experience.get(1).get(1))); skillsXp.put(SkillType.REPAIR, Integer.valueOf(experience.get(1).get(2))); @@ -156,11 +159,13 @@ public class PlayerProfile { } public void addMySQLPlayer() { - mcMMO.database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "users (user, lastlogin) VALUES ('" + playerName + "'," + System.currentTimeMillis() / 1000 + ")"); - userId = mcMMO.database.getInt("SELECT id FROM "+Config.getInstance().getMySQLTablePrefix() + "users WHERE user = '" + playerName + "'"); - mcMMO.database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "cooldowns (user_id) VALUES (" + userId + ")"); - mcMMO.database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "skills (user_id) VALUES (" + userId + ")"); - mcMMO.database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "experience (user_id) VALUES (" + userId + ")"); + Database database = mcMMO.getPlayerDatabase(); + + database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "users (user, lastlogin) VALUES ('" + playerName + "'," + System.currentTimeMillis() / 1000 + ")"); + userId = database.getInt("SELECT id FROM "+Config.getInstance().getMySQLTablePrefix() + "users WHERE user = '" + playerName + "'"); + database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "cooldowns (user_id) VALUES (" + userId + ")"); + database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "skills (user_id) VALUES (" + userId + ")"); + database.write("INSERT INTO " + Config.getInstance().getMySQLTablePrefix() + "experience (user_id) VALUES (" + userId + ")"); } public boolean load() { @@ -268,9 +273,11 @@ public class PlayerProfile { // if we are using mysql save to database if (Config.getInstance().getUseMySQL()) { - mcMMO.database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "huds SET hudtype = '" + hudType.toString() + "' WHERE user_id = " + userId); - mcMMO.database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "users SET lastlogin = " + timestamp.intValue() + " WHERE id = " + userId); - mcMMO.database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "cooldowns SET " + Database database = mcMMO.getPlayerDatabase(); + + database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "huds SET hudtype = '" + hudType.toString() + "' WHERE user_id = " + userId); + database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "users SET lastlogin = " + timestamp.intValue() + " WHERE id = " + userId); + database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "cooldowns SET " + " mining = " + skillsDATS.get(AbilityType.SUPER_BREAKER) + ", woodcutting = " + skillsDATS.get(AbilityType.TREE_FELLER) + ", unarmed = " + skillsDATS.get(AbilityType.BERSERK) @@ -280,7 +287,7 @@ public class PlayerProfile { + ", axes = " + skillsDATS.get(AbilityType.SKULL_SPLIITER) + ", blast_mining = " + skillsDATS.get(AbilityType.BLAST_MINING) + " WHERE user_id = " + userId); - mcMMO.database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "skills SET " + database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "skills SET " + " taming = " + skills.get(SkillType.TAMING) + ", mining = " + skills.get(SkillType.MINING) + ", repair = " + skills.get(SkillType.REPAIR) @@ -294,7 +301,7 @@ public class PlayerProfile { + ", acrobatics = " + skills.get(SkillType.ACROBATICS) + ", fishing = " + skills.get(SkillType.FISHING) + " WHERE user_id = " + userId); - mcMMO.database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "experience SET " + database.write("UPDATE " + Config.getInstance().getMySQLTablePrefix() + "experience SET " + " taming = " + skillsXp.get(SkillType.TAMING) + ", mining = " + skillsXp.get(SkillType.MINING) + ", repair = " + skillsXp.get(SkillType.REPAIR) diff --git a/src/main/java/com/gmail/nossr50/mcMMO.java b/src/main/java/com/gmail/nossr50/mcMMO.java index b08f2546a..6add98b85 100644 --- a/src/main/java/com/gmail/nossr50/mcMMO.java +++ b/src/main/java/com/gmail/nossr50/mcMMO.java @@ -92,7 +92,7 @@ public class mcMMO extends JavaPlugin { private HashMap tntTracker = new HashMap(); public static File versionFile; - public static Database database; + private static Database database; public static mcMMO p; public static ChunkletManager placeStore; @@ -500,5 +500,9 @@ public class mcMMO extends JavaPlugin { public static String getModDirectory() { return modDirectory; } + + public static Database getPlayerDatabase() { + return database; + } } diff --git a/src/main/java/com/gmail/nossr50/runnables/SQLConversionTask.java b/src/main/java/com/gmail/nossr50/runnables/SQLConversionTask.java index 087b8909b..59b62aaac 100644 --- a/src/main/java/com/gmail/nossr50/runnables/SQLConversionTask.java +++ b/src/main/java/com/gmail/nossr50/runnables/SQLConversionTask.java @@ -5,6 +5,7 @@ import java.io.FileReader; import com.gmail.nossr50.mcMMO; import com.gmail.nossr50.config.Config; +import com.gmail.nossr50.util.Database; import com.gmail.nossr50.util.Misc; public class SQLConversionTask implements Runnable { @@ -17,6 +18,7 @@ public class SQLConversionTask implements Runnable { @Override public void run() { + Database database = mcMMO.getPlayerDatabase(); String location = mcMMO.getUsersFile(); try { @@ -164,7 +166,7 @@ public class SQLConversionTask implements Runnable { } //Check to see if the user is in the DB - id = mcMMO.database.getInt("SELECT id FROM " + id = database.getInt("SELECT id FROM " + tablePrefix + "users WHERE user = '" + playerName + "'"); @@ -172,11 +174,11 @@ public class SQLConversionTask implements Runnable { theCount++; //Update the skill values - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "users SET lastlogin = " + 0 + " WHERE id = " + id); - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "skills SET " + " taming = taming+" + Misc.getInt(taming) @@ -192,7 +194,7 @@ public class SQLConversionTask implements Runnable { + ", acrobatics = acrobatics+" + Misc.getInt(acrobatics) + ", fishing = fishing+" + Misc.getInt(fishing) + " WHERE user_id = " + id); - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "experience SET " + " taming = " + Misc.getInt(tamingXP) @@ -213,32 +215,32 @@ public class SQLConversionTask implements Runnable { theCount++; //Create the user in the DB - mcMMO.database.write("INSERT INTO " + database.write("INSERT INTO " + tablePrefix + "users (user, lastlogin) VALUES ('" + playerName + "'," + System.currentTimeMillis() / 1000 + ")"); - id = mcMMO.database.getInt("SELECT id FROM " + id = database.getInt("SELECT id FROM " + tablePrefix + "users WHERE user = '" + playerName + "'"); - mcMMO.database.write("INSERT INTO " + database.write("INSERT INTO " + tablePrefix + "skills (user_id) VALUES (" + id + ")"); - mcMMO.database.write("INSERT INTO " + database.write("INSERT INTO " + tablePrefix + "experience (user_id) VALUES (" + id + ")"); //Update the skill values - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "users SET lastlogin = " + 0 + " WHERE id = " + id); - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "users SET party = '" + party + "' WHERE id = " + id); - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "skills SET " + " taming = taming+" + Misc.getInt(taming) @@ -254,7 +256,7 @@ public class SQLConversionTask implements Runnable { + ", acrobatics = acrobatics+" + Misc.getInt(acrobatics) + ", fishing = fishing+" + Misc.getInt(fishing) + " WHERE user_id = " + id); - mcMMO.database.write("UPDATE " + database.write("UPDATE " + tablePrefix + "experience SET " + " taming = " + Misc.getInt(tamingXP)