Rework SQL statements to actually use PreparedStatements for security reasons
Dieser Commit ist enthalten in:
Ursprung
583760c036
Commit
ec7d1c34d2
@ -20,7 +20,7 @@ public class BannedUserIPs {
|
|||||||
|
|
||||||
public static List<BannedUserIPs> get(int userID){
|
public static List<BannedUserIPs> get(int userID){
|
||||||
List<BannedUserIPs> userIPs = new ArrayList<>();
|
List<BannedUserIPs> userIPs = new ArrayList<>();
|
||||||
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE UserID = '" + userID + "' ORDER BY Timestamp ASC");
|
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE UserID = ? ORDER BY Timestamp ASC", userID);
|
||||||
try {
|
try {
|
||||||
while(dbentry.next()){
|
while(dbentry.next()){
|
||||||
userIPs.add(new BannedUserIPs(
|
userIPs.add(new BannedUserIPs(
|
||||||
@ -35,7 +35,7 @@ public class BannedUserIPs {
|
|||||||
|
|
||||||
public static List<BannedUserIPs> get(String ip){
|
public static List<BannedUserIPs> get(String ip){
|
||||||
List<BannedUserIPs> userIDs = new ArrayList<>();
|
List<BannedUserIPs> userIDs = new ArrayList<>();
|
||||||
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE IP = '" + ip + "' ORDER BY Timestamp DESC");
|
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE IP = ? ORDER BY Timestamp DESC", ip);
|
||||||
try {
|
try {
|
||||||
while(dbentry.next()){
|
while(dbentry.next()){
|
||||||
userIDs.add(new BannedUserIPs(
|
userIDs.add(new BannedUserIPs(
|
||||||
@ -49,12 +49,7 @@ public class BannedUserIPs {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void banIP(SteamwarUser user, String ip){
|
static void banIP(SteamwarUser user, String ip){
|
||||||
SQL.update("INSERT INTO BannedUserIPs\n" +
|
SQL.update("INSERT INTO BannedUserIPs (UserID, Timestamp, IP) VALUES (?, NOW(), ?) ON DUPLICATE KEY UPDATE Timestamp=NOW()", user.getId(), ip);
|
||||||
" (UserID, Timestamp, IP)\n" +
|
|
||||||
"VALUES\n" +
|
|
||||||
" (" + user.getId() + ", NOW(), '" + ip + "')\n" +
|
|
||||||
"ON DUPLICATE KEY UPDATE\n" +
|
|
||||||
" Timestamp=NOW()");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getUserID() {
|
public int getUserID() {
|
||||||
|
@ -39,12 +39,8 @@ public class BauweltMember{
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void updateDB(){
|
private void updateDB(){
|
||||||
SQL.update("INSERT INTO BauweltMember" +
|
SQL.update("INSERT INTO BauweltMember (BauweltID, MemberID, Build, WorldEdit, World) VALUES (?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE Build = VALUES(Build), WorldEdit = VALUES(WorldEdit), World = VALUES(World)",
|
||||||
" (BauweltID, MemberID, Build, WorldEdit, World)" +
|
bauweltID, memberID, build, worldEdit, world);
|
||||||
" VALUES" +
|
|
||||||
" ('" + bauweltID + "', '" + memberID + "', '" + SQL.booleanToInt(build) + "', '" + SQL.booleanToInt(worldEdit) + "', '" + SQL.booleanToInt(world) + "')" +
|
|
||||||
" ON DUPLICATE KEY UPDATE" +
|
|
||||||
" Build = VALUES(Build), WorldEdit = VALUES(WorldEdit), World = VALUES(World)");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static BauweltMember getBauMember(UUID ownerID, UUID memberID){
|
public static BauweltMember getBauMember(UUID ownerID, UUID memberID){
|
||||||
@ -52,7 +48,7 @@ public class BauweltMember{
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static BauweltMember getBauMember(int ownerID, int memberID){
|
public static BauweltMember getBauMember(int ownerID, int memberID){
|
||||||
ResultSet member = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = '" + ownerID + "' AND MemberID = '" + memberID + "'");
|
ResultSet member = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = ? AND MemberID = ?", ownerID, memberID);
|
||||||
try {
|
try {
|
||||||
if(member == null || !member.next()){
|
if(member == null || !member.next()){
|
||||||
return null;
|
return null;
|
||||||
@ -73,7 +69,7 @@ public class BauweltMember{
|
|||||||
|
|
||||||
public static List<BauweltMember> getMembers(int bauweltID){
|
public static List<BauweltMember> getMembers(int bauweltID){
|
||||||
try{
|
try{
|
||||||
ResultSet memberlist = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = '" + bauweltID + "'");
|
ResultSet memberlist = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = ?", bauweltID);
|
||||||
List<BauweltMember> members = new ArrayList<>();
|
List<BauweltMember> members = new ArrayList<>();
|
||||||
while(memberlist.next()){
|
while(memberlist.next()){
|
||||||
int memberID = memberlist.getInt("MemberID");
|
int memberID = memberlist.getInt("MemberID");
|
||||||
|
@ -20,13 +20,13 @@ public class Event {
|
|||||||
|
|
||||||
private static Event current = null;
|
private static Event current = null;
|
||||||
|
|
||||||
private Event(int eventID, String eventName, Timestamp start, Timestamp end, int maximumTeamMembers, boolean publicSchemsOnly){
|
private Event(ResultSet rs) throws SQLException{
|
||||||
this.eventID = eventID;
|
this.eventID = rs.getInt("EventID");
|
||||||
this.eventName = eventName;
|
this.eventName = rs.getString("EventName");
|
||||||
this.start = start;
|
this.start = rs.getTimestamp("Start");
|
||||||
this.end = end;
|
this.end = rs.getTimestamp("End");
|
||||||
this.maximumTeamMembers = maximumTeamMembers;
|
this.maximumTeamMembers = rs.getInt("MaximumTeamMembers");
|
||||||
this.publicSchemsOnly = publicSchemsOnly;
|
this.publicSchemsOnly = rs.getBoolean("PublicSchemsOnly");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Event get(){
|
public static Event get(){
|
||||||
@ -40,7 +40,7 @@ public class Event {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
current = new Event(rs.getInt("EventID"), rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
current = new Event(rs);
|
||||||
return current;
|
return current;
|
||||||
}catch (SQLException e){
|
}catch (SQLException e){
|
||||||
BungeeCore.log("Failed to load current Event", e);
|
BungeeCore.log("Failed to load current Event", e);
|
||||||
@ -54,7 +54,7 @@ public class Event {
|
|||||||
if(!rs.next())
|
if(!rs.next())
|
||||||
throw new IllegalArgumentException();
|
throw new IllegalArgumentException();
|
||||||
|
|
||||||
return new Event(eventID, rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
return new Event(rs);
|
||||||
}catch (SQLException e){
|
}catch (SQLException e){
|
||||||
BungeeCore.log("Failed to load Event", e);
|
BungeeCore.log("Failed to load Event", e);
|
||||||
throw new SecurityException();
|
throw new SecurityException();
|
||||||
@ -62,12 +62,12 @@ public class Event {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static Event get(String eventName){
|
public static Event get(String eventName){
|
||||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE lower(EventName) = '" + SQL.disarmString(eventName.toLowerCase()) + "'");
|
ResultSet rs = SQL.select("SELECT * FROM Event WHERE lower(EventName) = ?", eventName.toLowerCase());
|
||||||
try{
|
try{
|
||||||
if(!rs.next())
|
if(!rs.next())
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
return new Event(rs.getInt("EventID"), rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
return new Event(rs);
|
||||||
}catch (SQLException e){
|
}catch (SQLException e){
|
||||||
BungeeCore.log("Failed to load Event by name", e);
|
BungeeCore.log("Failed to load Event by name", e);
|
||||||
throw new SecurityException();
|
throw new SecurityException();
|
||||||
@ -79,7 +79,7 @@ public class Event {
|
|||||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE Start > now()");
|
ResultSet rs = SQL.select("SELECT * FROM Event WHERE Start > now()");
|
||||||
try{
|
try{
|
||||||
while(rs.next())
|
while(rs.next())
|
||||||
events.add(new Event(rs.getInt("EventID"), rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly")));
|
events.add(new Event(rs));
|
||||||
}catch (SQLException e){
|
}catch (SQLException e){
|
||||||
BungeeCore.log("Failed to load Events", e);
|
BungeeCore.log("Failed to load Events", e);
|
||||||
}
|
}
|
||||||
|
@ -38,7 +38,7 @@ public class EventFight implements Comparable<EventFight> {
|
|||||||
|
|
||||||
public void reschedule(){
|
public void reschedule(){
|
||||||
startTime = Timestamp.from(new Date().toInstant().plus(30, SECONDS));
|
startTime = Timestamp.from(new Date().toInstant().plus(30, SECONDS));
|
||||||
SQL.update("UPDATE EventFight SET StartTime = '" + startTime.toString() + "' WHERE EventID = " + eventID + " AND FightID = " + fightID);
|
SQL.update("UPDATE EventFight SET StartTime = ? WHERE EventID = ? AND FightID = ?", startTime, eventID, fightID);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void loadAllComingFights(){
|
public static void loadAllComingFights(){
|
||||||
@ -54,7 +54,7 @@ public class EventFight implements Comparable<EventFight> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static List<EventFight> getEvent(int eventID){
|
public static List<EventFight> getEvent(int eventID){
|
||||||
ResultSet rs = SQL.select("SELECT * FROM EventFight WHERE EventID = " + eventID + " ORDER BY `StartTime` ASC");
|
ResultSet rs = SQL.select("SELECT * FROM EventFight WHERE EventID = ? ORDER BY `StartTime` ASC", eventID);
|
||||||
List<EventFight> fights = new LinkedList<>();
|
List<EventFight> fights = new LinkedList<>();
|
||||||
try{
|
try{
|
||||||
while(rs.next())
|
while(rs.next())
|
||||||
|
@ -17,8 +17,7 @@ public class Mod {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static Mod get(String modName, Platform platform){
|
public static Mod get(String modName, Platform platform){
|
||||||
modName = SQL.disarmString(modName);
|
ResultSet rs = SQL.select("SELECT * FROM Mods WHERE ModName = ? AND Platform = ?", modName, platform.value);
|
||||||
ResultSet rs = SQL.select("SELECT * FROM Mods WHERE ModName = '" + modName + "' AND Platform = " + platform.value);
|
|
||||||
try{
|
try{
|
||||||
if(rs.next())
|
if(rs.next())
|
||||||
return new Mod(modName, platform, ModType.valueOf(rs.getInt("ModType")));
|
return new Mod(modName, platform, ModType.valueOf(rs.getInt("ModType")));
|
||||||
@ -26,7 +25,7 @@ public class Mod {
|
|||||||
BungeeCore.log("Failed to load Mod", e);
|
BungeeCore.log("Failed to load Mod", e);
|
||||||
throw new SecurityException();
|
throw new SecurityException();
|
||||||
}
|
}
|
||||||
SQL.update("INSERT INTO Mods (ModName, Platform) VALUES ('" + modName + "'," + platform.value + ")");
|
SQL.update("INSERT INTO Mods (ModName, Platform) VALUES ('" + modName + "'," + platform.value + ")", modName, platform.value);
|
||||||
return new Mod(modName, platform, ModType.UNKLASSIFIED);
|
return new Mod(modName, platform, ModType.UNKLASSIFIED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ public class PollAnswer {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static PollAnswer get(int userID){
|
public static PollAnswer get(int userID){
|
||||||
ResultSet rs = SQL.select("SELECT * FROM PollAnswer WHERE UserID = " + userID + " AND Question = '" + PollSystem.getQuestion() + "'");
|
ResultSet rs = SQL.select("SELECT * FROM PollAnswer WHERE UserID = ? AND Question = ?", userID, PollSystem.getQuestion());
|
||||||
try {
|
try {
|
||||||
if(!rs.next())
|
if(!rs.next())
|
||||||
return new PollAnswer(userID, PollSystem.getQuestion());
|
return new PollAnswer(userID, PollSystem.getQuestion());
|
||||||
@ -40,6 +40,6 @@ public class PollAnswer {
|
|||||||
|
|
||||||
public void setAnswer(int answer){
|
public void setAnswer(int answer){
|
||||||
this.answer = answer;
|
this.answer = answer;
|
||||||
SQL.update("INSERT INTO PollAnswer (UserID, Question, Answer) VALUES (" + userID + ",'" + question + "'," + answer + ") ON DUPLICATE KEY UPDATE Answer = VALUES(Answer)");
|
SQL.update("INSERT INTO PollAnswer (UserID, Question, Answer) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE Answer = VALUES(Answer)", userID, question, answer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -41,60 +41,55 @@ public class SQL {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void sqlException(){
|
static void update(String qry, Object... objects) {
|
||||||
close();
|
try {
|
||||||
connect(url, weburl, user, password);
|
prepare(con, qry, objects).executeUpdate();
|
||||||
}
|
|
||||||
|
|
||||||
static void update(String qry) {
|
|
||||||
try (PreparedStatement st = con.prepareStatement(qry)) {
|
|
||||||
st.executeUpdate();
|
|
||||||
} catch (SQLException e) {
|
} catch (SQLException e) {
|
||||||
sqlException();
|
sqlException();
|
||||||
try (PreparedStatement st = con.prepareStatement(qry)) {
|
try (PreparedStatement st = con.prepareStatement(qry)) {
|
||||||
st.executeUpdate();
|
st.executeUpdate();
|
||||||
} catch (SQLException ex) {
|
} catch (SQLException ex) {
|
||||||
BungeeCore.log("Could not execute update statement", ex);
|
throw new SecurityException("Could not execute update statement", ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void webupdate(String qry) {
|
static void webupdate(String qry, Object... objects) {
|
||||||
try (PreparedStatement st = webcon.prepareStatement(qry)) {
|
try {
|
||||||
st.executeUpdate();
|
prepare(webcon, qry, objects).executeUpdate();
|
||||||
} catch (SQLException e) {
|
} catch (SQLException e) {
|
||||||
sqlException();
|
sqlException();
|
||||||
try (PreparedStatement st = webcon.prepareStatement(qry)) {
|
try {
|
||||||
st.executeUpdate();
|
prepare(webcon, qry, objects).executeUpdate();
|
||||||
} catch (SQLException ex) {
|
} catch (SQLException ex) {
|
||||||
BungeeCore.log("Could not execute update statement", ex);
|
throw new SecurityException("Could not execute update statement", ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static ResultSet select(String qry){
|
static ResultSet select(String qry, Object... objects){
|
||||||
try{
|
try{
|
||||||
PreparedStatement st = con.prepareStatement(qry);
|
return prepare(con, qry, objects).executeQuery();
|
||||||
return st.executeQuery();
|
|
||||||
} catch (SQLException e) {
|
} catch (SQLException e) {
|
||||||
sqlException();
|
sqlException();
|
||||||
try {
|
try {
|
||||||
PreparedStatement st = con.prepareStatement(qry);
|
return prepare(con, qry, objects).executeQuery();
|
||||||
return st.executeQuery();
|
|
||||||
} catch (SQLException ex) {
|
} catch (SQLException ex) {
|
||||||
throw new SecurityException("Could not run Select-Statement", ex);
|
throw new SecurityException("Could not run Select-Statement", ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static String disarmString(String s){
|
private static PreparedStatement prepare(Connection connection, String qry, Object... objects) throws SQLException{
|
||||||
return s.replace("'", "");
|
PreparedStatement st = connection.prepareStatement(qry);
|
||||||
|
for(int i = 0; i < objects.length; i++){
|
||||||
|
st.setObject(i+1, objects);
|
||||||
|
}
|
||||||
|
return st;
|
||||||
}
|
}
|
||||||
|
|
||||||
static Integer booleanToInt(boolean b){
|
private static void sqlException(){
|
||||||
if(b)
|
close();
|
||||||
return 1;
|
connect(url, weburl, user, password);
|
||||||
else
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -14,6 +14,6 @@ public class Session {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void stopSession(){
|
public void stopSession(){
|
||||||
SQL.update("INSERT INTO Session (UserID, StartTime, EndTime) VALUES ("+ userID + ", '" + startTime.toString() + "', NOW())");
|
SQL.update("INSERT INTO Session (UserID, StartTime, EndTime) VALUES (?, ?, NOW())", userID, startTime);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -30,7 +30,6 @@ public class SteamwarUser {
|
|||||||
private static final Map<UUID, SteamwarUser> usersByUUID = new HashMap<>();
|
private static final Map<UUID, SteamwarUser> usersByUUID = new HashMap<>();
|
||||||
private static final Map<Integer, SteamwarUser> usersById = new HashMap<>();
|
private static final Map<Integer, SteamwarUser> usersById = new HashMap<>();
|
||||||
private static final Timestamp PERMA_BAN = Timestamp.from(Instant.ofEpochSecond(946684800));
|
private static final Timestamp PERMA_BAN = Timestamp.from(Instant.ofEpochSecond(946684800));
|
||||||
private static final String SELECT_UUID = "SELECT * FROM UserData WHERE UUID = '";
|
|
||||||
|
|
||||||
private SteamwarUser(ResultSet rs) throws SQLException {
|
private SteamwarUser(ResultSet rs) throws SQLException {
|
||||||
id = rs.getInt("id");
|
id = rs.getInt("id");
|
||||||
@ -51,14 +50,14 @@ public class SteamwarUser {
|
|||||||
SteamwarUser user = SteamwarUser.get(connection.getUniqueId());
|
SteamwarUser user = SteamwarUser.get(connection.getUniqueId());
|
||||||
|
|
||||||
if(user != null){
|
if(user != null){
|
||||||
String userName = SQL.disarmString(connection.getName());
|
String userName = connection.getName();
|
||||||
if(!user.userName.equals(userName)){
|
if(!user.userName.equals(userName)){
|
||||||
SQL.update("UPDATE UserData SET UserName = '" + userName + "' WHERE id = " + user.id);
|
SQL.update("UPDATE UserData SET UserName = ? WHERE id = ?", userName, user.id);
|
||||||
user.userName = userName;
|
user.userName = userName;
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
SQL.update("INSERT INTO UserData (UUID, UserName, UserGroup) VALUES ('" + connection.getUniqueId() + "', '" + connection.getName() + "', 'Member')");
|
SQL.update("INSERT INTO UserData (UUID, UserName, UserGroup) VALUES (?, ?, 'Member')", connection.getUniqueId().toString(), connection.getName());
|
||||||
user = dbInit(SQL.select(SELECT_UUID + connection.getUniqueId().toString() + "'"));
|
user = dbInit(SQL.select("SELECT * FROM UserData WHERE UUID = ?", connection.getUniqueId()));
|
||||||
if(user == null)
|
if(user == null)
|
||||||
throw new SecurityException("user == null");
|
throw new SecurityException("user == null");
|
||||||
}
|
}
|
||||||
@ -67,16 +66,16 @@ public class SteamwarUser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static SteamwarUser get(String userName){
|
public static SteamwarUser get(String userName){
|
||||||
userName = SQL.disarmString(userName).toLowerCase();
|
userName = userName.toLowerCase();
|
||||||
if(usersByName.containsKey(userName))
|
if(usersByName.containsKey(userName))
|
||||||
return usersByName.get(userName);
|
return usersByName.get(userName);
|
||||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE lower(UserName) = '" + userName + "'"));
|
return dbInit(SQL.select("SELECT * FROM UserData WHERE lower(UserName) = ?", userName));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static SteamwarUser get(UUID uuid){
|
public static SteamwarUser get(UUID uuid){
|
||||||
if(usersByUUID.containsKey(uuid))
|
if(usersByUUID.containsKey(uuid))
|
||||||
return usersByUUID.get(uuid);
|
return usersByUUID.get(uuid);
|
||||||
return dbInit(SQL.select(SELECT_UUID + uuid.toString() + "'"));
|
return dbInit(SQL.select("SELECT * FROM UserData WHERE UUID = ?", uuid.toString()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static SteamwarUser get(ProxiedPlayer player){
|
public static SteamwarUser get(ProxiedPlayer player){
|
||||||
@ -86,7 +85,7 @@ public class SteamwarUser {
|
|||||||
public static SteamwarUser get(int id){
|
public static SteamwarUser get(int id){
|
||||||
if(usersById.containsKey(id))
|
if(usersById.containsKey(id))
|
||||||
return usersById.get(id);
|
return usersById.get(id);
|
||||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE id = " + id));
|
return dbInit(SQL.select("SELECT * FROM UserData WHERE id = ?", id));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void clearCache(){
|
public static void clearCache(){
|
||||||
@ -96,17 +95,12 @@ public class SteamwarUser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void setWebpw(String password){
|
public void setWebpw(String password){
|
||||||
SQL.webupdate("INSERT INTO User\n" +
|
SQL.webupdate("INSERT INTO User (UID, WebPassword) VALUES (?, password(?)) ON DUPLICATE KEY UPDATE WebPassword = VALUES(WebPassword)", id, password);
|
||||||
" (UID, WebPassword)\n" +
|
|
||||||
"VALUES\n" +
|
|
||||||
" (" + id + ", password('"+ SQL.disarmString(password) + "'))\n" +
|
|
||||||
"ON DUPLICATE KEY UPDATE\n" +
|
|
||||||
" WebPassword = VALUES(WebPassword)");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setTeam(int team){
|
public void setTeam(int team){
|
||||||
this.team = team;
|
this.team = team;
|
||||||
SQL.update("Update UserData SET Team = " + team + " WHERE id = " + id);
|
SQL.update("Update UserData SET Team = ? WHERE id = ?", team, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getId() {
|
public int getId() {
|
||||||
@ -135,8 +129,8 @@ public class SteamwarUser {
|
|||||||
} else if (banTime.after(new Date()) || banTime.before(PERMA_BAN)) {
|
} else if (banTime.after(new Date()) || banTime.before(PERMA_BAN)) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
SQL.update("UPDATE UserData SET BanTime = NULL, BanReason = '' WHERE id = " + id);
|
SQL.update("UPDATE UserData SET BanTime = NULL, BanReason = '' WHERE id = ?", id);
|
||||||
SQL.update("DELETE FROM BannedUserIPs WHERE UserID = '" + getId() + "'");
|
SQL.update("DELETE FROM BannedUserIPs WHERE UserID = ?", id);
|
||||||
banTime = null;
|
banTime = null;
|
||||||
banReason = "";
|
banReason = "";
|
||||||
return false;
|
return false;
|
||||||
@ -149,7 +143,7 @@ public class SteamwarUser {
|
|||||||
}else if(muteTime.after(new Date()) || muteTime.before(PERMA_BAN)){
|
}else if(muteTime.after(new Date()) || muteTime.before(PERMA_BAN)){
|
||||||
return true;
|
return true;
|
||||||
}else{
|
}else{
|
||||||
SQL.update("UPDATE UserData SET MuteTime = NULL, MuteReason = '' WHERE id = " + id);
|
SQL.update("UPDATE UserData SET MuteTime = NULL, MuteReason = '' WHERE id = ?", id);
|
||||||
muteTime = null;
|
muteTime = null;
|
||||||
muteReason = "";
|
muteReason = "";
|
||||||
return false;
|
return false;
|
||||||
@ -179,7 +173,7 @@ public class SteamwarUser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void ban(Timestamp time, String banReason){
|
public void ban(Timestamp time, String banReason){
|
||||||
SQL.update("UPDATE UserData SET BanTime = '" + time.toString() + "', BanReason = '" + banReason + "' WHERE id = " + id);
|
SQL.update("UPDATE UserData SET BanTime = ?, BanReason = ? WHERE id = ?", time, banReason, id);
|
||||||
banTime = time;
|
banTime = time;
|
||||||
this.banReason = banReason;
|
this.banReason = banReason;
|
||||||
|
|
||||||
@ -192,7 +186,7 @@ public class SteamwarUser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void mute(Timestamp time, String muteReason){
|
public void mute(Timestamp time, String muteReason){
|
||||||
SQL.update("UPDATE UserData SET MuteTime = '" + time.toString() + "', MuteReason = '" + muteReason + "' WHERE id = " + id);
|
SQL.update("UPDATE UserData SET MuteTime = ?, MuteReason = ? WHERE id = ?", time, muteReason, id);
|
||||||
muteTime = time;
|
muteTime = time;
|
||||||
this.muteReason = muteReason;
|
this.muteReason = muteReason;
|
||||||
}
|
}
|
||||||
|
@ -32,10 +32,7 @@ public class Team {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static void create(String kuerzel, String name, int leader){
|
public static void create(String kuerzel, String name, int leader){
|
||||||
SQL.update("INSERT INTO Team" +
|
SQL.update("INSERT INTO Team (TeamKuerzel, TeamName, TeamLeader) VALUES (?, ?, ?)", kuerzel, name, leader);
|
||||||
" (TeamKuerzel, TeamName, TeamLeader)" +
|
|
||||||
" VALUES" +
|
|
||||||
" ('" + kuerzel + "', '" + name + "', '" + leader + "')");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Team get(int id){
|
public static Team get(int id){
|
||||||
@ -46,7 +43,7 @@ public class Team {
|
|||||||
for(Team team : teamCache)
|
for(Team team : teamCache)
|
||||||
if(team.teamId == id)
|
if(team.teamId == id)
|
||||||
return team;
|
return team;
|
||||||
return load(select("SELECT * FROM Team WHERE TeamID = " + id));
|
return load(select("SELECT * FROM Team WHERE TeamID = ?", id));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Team get(String name){
|
public static Team get(String name){
|
||||||
@ -56,7 +53,7 @@ public class Team {
|
|||||||
for(Team team : teamCache)
|
for(Team team : teamCache)
|
||||||
if(team.teamKuerzel.equalsIgnoreCase(name))
|
if(team.teamKuerzel.equalsIgnoreCase(name))
|
||||||
return team;
|
return team;
|
||||||
return load(select("SELECT * FROM Team WHERE (lower(TeamName) = '" + SQL.disarmString(name).toLowerCase() + "' OR lower(TeamKuerzel) = '" + SQL.disarmString(name).toLowerCase() + "') AND NOT TeamDeleted"));
|
return load(select("SELECT * FROM Team WHERE (lower(TeamName) = ? OR lower(TeamKuerzel) = ?) AND NOT TeamDeleted", name.toLowerCase(), name.toLowerCase()));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static List<Team> getAll(){
|
public static List<Team> getAll(){
|
||||||
@ -90,12 +87,7 @@ public class Team {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void updateDB(){
|
private void updateDB(){
|
||||||
SQL.update("INSERT INTO Team" +
|
SQL.update("INSERT INTO Team (TeamID, TeamKuerzel, TeamName, TeamLeader) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE TeamName = VALUES(TeamName), TeamKuerzel = VALUES(TeamKuerzel), TeamLeader = VALUES(TeamLeader)", teamId, teamKuerzel, teamName, teamLeader);
|
||||||
" (TeamID, TeamKuerzel, TeamName, TeamLeader)" +
|
|
||||||
" VALUES" +
|
|
||||||
" ('" + teamId + "', '" + teamKuerzel + "', '" + teamName + "', '" + teamLeader + "')" +
|
|
||||||
" ON DUPLICATE KEY UPDATE" +
|
|
||||||
" TeamName = VALUES(TeamName), TeamKuerzel = VALUES(TeamKuerzel), TeamLeader = VALUES(TeamLeader)");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getTeamId() {
|
public int getTeamId() {
|
||||||
@ -107,7 +99,7 @@ public class Team {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void setTeamKuerzel(String teamKuerzel) {
|
public void setTeamKuerzel(String teamKuerzel) {
|
||||||
this.teamKuerzel = SQL.disarmString(teamKuerzel);
|
this.teamKuerzel = teamKuerzel;
|
||||||
updateDB();
|
updateDB();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -116,7 +108,7 @@ public class Team {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void setTeamName(String teamName) {
|
public void setTeamName(String teamName) {
|
||||||
this.teamName = SQL.disarmString(teamName);
|
this.teamName = teamName;
|
||||||
updateDB();
|
updateDB();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -130,7 +122,7 @@ public class Team {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public int size(){
|
public int size(){
|
||||||
ResultSet rs = select("SELECT COUNT(id) FROM UserData WHERE Team = " + teamId);
|
ResultSet rs = select("SELECT COUNT(id) FROM UserData WHERE Team = ?", teamId);
|
||||||
try {
|
try {
|
||||||
rs.next();
|
rs.next();
|
||||||
return rs.getInt("COUNT(id)");
|
return rs.getInt("COUNT(id)");
|
||||||
@ -141,13 +133,13 @@ public class Team {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void disband(){
|
public void disband(){
|
||||||
SQL.update("UPDATE Team SET TeamDeleted = 1, TeamLeader = NULL WHERE TeamID = " + teamId);
|
SQL.update("UPDATE Team SET TeamDeleted = 1, TeamLeader = NULL WHERE TeamID = ?", teamId);
|
||||||
teamCache.remove(this);
|
teamCache.remove(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<Integer> getMembers(){
|
public List<Integer> getMembers(){
|
||||||
try{
|
try{
|
||||||
ResultSet memberlist = select("SELECT id FROM UserData WHERE Team = '" + teamId + "'");
|
ResultSet memberlist = select("SELECT id FROM UserData WHERE Team = ?", teamId);
|
||||||
List<Integer> members = new ArrayList<>();
|
List<Integer> members = new ArrayList<>();
|
||||||
while(memberlist.next()){
|
while(memberlist.next()){
|
||||||
members.add(memberlist.getInt("id"));
|
members.add(memberlist.getInt("id"));
|
||||||
|
@ -11,15 +11,15 @@ public class TeamTeilnahme {
|
|||||||
private TeamTeilnahme(){}
|
private TeamTeilnahme(){}
|
||||||
|
|
||||||
public static void teilnehmen(int teamID, int eventID){
|
public static void teilnehmen(int teamID, int eventID){
|
||||||
SQL.update("INSERT INTO TeamTeilnahme (TeamID, EventID) VALUES (" + teamID + "," + eventID + ")");
|
SQL.update("INSERT INTO TeamTeilnahme (TeamID, EventID) VALUES (?, ?)", teamID, eventID);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void notTeilnehmen(int teamID, int eventID){
|
public static void notTeilnehmen(int teamID, int eventID){
|
||||||
SQL.update("DELETE FROM TeamTeilnahme WHERE TeamID = " + teamID + " AND EventID = " + eventID);
|
SQL.update("DELETE FROM TeamTeilnahme WHERE TeamID = ? AND EventID = ?", teamID, eventID);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static boolean nimmtTeil(int teamID, int eventID){
|
public static boolean nimmtTeil(int teamID, int eventID){
|
||||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = " + teamID + " AND EventID = " + eventID);
|
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = ? AND EventID = ?", teamID, eventID);
|
||||||
try{
|
try{
|
||||||
return rs.next();
|
return rs.next();
|
||||||
}catch (SQLException e){
|
}catch (SQLException e){
|
||||||
@ -30,7 +30,7 @@ public class TeamTeilnahme {
|
|||||||
|
|
||||||
public static Set<Team> getTeams(int eventID){
|
public static Set<Team> getTeams(int eventID){
|
||||||
Set<Team> teams = new HashSet<>();
|
Set<Team> teams = new HashSet<>();
|
||||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE EventID = " + eventID);
|
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE EventID = ?", eventID);
|
||||||
try{
|
try{
|
||||||
while(rs.next())
|
while(rs.next())
|
||||||
teams.add(Team.get(rs.getInt("TeamID")));
|
teams.add(Team.get(rs.getInt("TeamID")));
|
||||||
@ -42,7 +42,7 @@ public class TeamTeilnahme {
|
|||||||
|
|
||||||
public static Set<Event> getEvents(int teamID){
|
public static Set<Event> getEvents(int teamID){
|
||||||
Set<Event> events = new HashSet<>();
|
Set<Event> events = new HashSet<>();
|
||||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = " + teamID);
|
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = ?", teamID);
|
||||||
try{
|
try{
|
||||||
while(rs.next())
|
while(rs.next())
|
||||||
events.add(Event.get(rs.getInt("EventID")));
|
events.add(Event.get(rs.getInt("EventID")));
|
||||||
|
In neuem Issue referenzieren
Einen Benutzer sperren