- case 4: // Observe: Confirm receiver information
wordpacket pakItemmall
search:
replace the whole case by:
- case 4: // Observe: Confirm receiver information
- {
- int imSlot = GETBYTE ((*P), 4 );
- char name[30];
- char accountName[30];
- memcpy( name, &P->Buffer[5], P->Size );
- MYSQL_RES *accName = GServer->DB->QStore("SELECT account_name FROM characters WHERE char_name='%s'",name);
- if(accName==NULL) return false;
- MYSQL_ROW row = mysql_fetch_row(accName);
- memcpy( accountName, row[0], 25 );
- GServer->DB->FreeResult( );
- MYSQL_RES *result = GServer->DB->QStore("SELECT id FROM accounts WHERE username='%s'", accountName);
- if(accName==NULL) return false;
- MYSQL_ROW row2 = mysql_fetch_row(result);
- int otherID = atoi(row[0]);
- GServer->DB->FreeResult( );
- int otherSlot;
- result = GServer->DB->QStore("SELECT MAX(slotnum) FROM mileage WHERE owner='%i'", otherID);
- if(result==NULL){
- otherSlot = 0;
- } else {
- row = mysql_fetch_row(result);
- otherSlot = atoi(row[0])+1;
- }
- GServer->DB->FreeResult( );
- BEGINPACKET ( pak, 0x7d9 );
- ADDBYTE ( pak, 0x06 );
- ADDWORD ( pak, imSlot );
- ADDWORD ( pak, imSlot );
- for(byte i=0; i<30; i++)
- {
- ADDBYTE ( pak, 0 );
- }
- GServer->DB->Query("UPDATE mileage SET owner='%i', slotnum='%i' WHERE owner='%i' AND slotnum='%i'", otherID, otherSlot, thisclient->Session->userid, imSlot);
- thisclient->client->SendPacket(&pak);
- }
- break;
to fInd free slotnum, I prepare SELECT MAX(slotnum)
raher than: SELECT *
in my opinion more secure to avoid duplicate entry
CMIIW