Jump to content

Recommended Posts

Posted

Hello, I bring you an item that allows the player to recover an item that fails in an enchant. It shows the last 10 items of the player that have failed with the enchants.

 

 

I would like if someone is encouraged to add a filter because now it shows them to all types of item and I think it would be better if they are separated by armor weapon and jewels

 

 code

 sql

 

config

#==========================================================================
#   BLACK COUPON RECOVERY 1 ITEM ENCHANT FAILED
#==========================================================================

BlackCouponId = 6392

 

 

preview

  • Like 1
Posted (edited)

You should consider to fix this code. I won't mention that it's coding style is before java 8, but I will mention the security issue of your bypasses. You can easily get any item with your desired enchant value

Edited by melron
Posted
40 minutes ago, melron said:

You should consider to fix this code. I won't mention that it's coding style is before java 8, but I will mention the security issue of your bypasses. You can easily get any item with your desired enchant value

@tensador3 this is a big issue. You could send the obj_id first of the item on the bypass instead of itemid and enchant value and also save the char_id of the person that broke the item in the sql table. Then see if obj_id and char_id exists in sql. Then return the provided item_id and enchant value.

Also, rework your try catch, I recommend using try with resources. 

Posted
42 minutes ago, melron said:

You should consider to fix this code. I won't mention that it's coding style is before java 8, but I will mention the security issue of your bypasses. You can easily get any item with your desired enchant value

 

 

Excuse me, I'm not very good at this, would this be enough to prevent that from happening?

 

	private static void recoverSelectedItem(L2PcInstance player, int itemId, int enchantLevel)
	{
		// Comprueba si el jugador tiene suficientes items del ID 6392
		L2ItemInstance recoveryItem = player.getInventory().getItemByItemId(Config.BLACK_COUPON_ID);
		if (recoveryItem == null || recoveryItem.getCount() < 1)
		{
			player.sendMessage("No tienes suficientes items para recuperar este item.");
			return;
		}
		
		// Verifica el nivel de enchant del item recuperable en la base de datos
		if (!isValidEnchantLevel(itemId, enchantLevel, player.getObjectId()))
		{
			player.sendMessage("No puedes recuperar este item con ese nivel de enchant.");
			return;
		}
		
		// Verifica que el artículo que se está recuperando coincide con el artículo original
		if (!isValidRecoveryItem(itemId, player.getObjectId()))
		{
			player.sendMessage("No puedes recuperar este item.");
			return;
		}
		
		// Crea el item a recuperar con el ID y enchantLevel proporcionados
		L2ItemInstance recoveredItem = ItemTable.getInstance().createItem("RecoverItem", itemId, 1, player);
		recoveredItem.setEnchantLevel(enchantLevel);
		
		// Agrega el item recuperado al inventario del jugador
		player.getInventory().addItem("RecoverItem", recoveredItem, player, player);
		
		// Cobra 1 item del ID 6392
		player.getInventory().destroyItemByItemId("RecoveryCost", Config.BLACK_COUPON_ID, 1, player, player);
		
		// Elimina el item recuperado de la base de datos
		removeRecoverableItem(itemId, player.getObjectId());
		
		// Actualiza el inventario del jugador para que aparezca el item recuperado
		player.sendPacket(new ItemList(player, true));
		
		// Envía un mensaje al jugador con el nombre del item y su nivel de enchant
		String itemName = recoveredItem.getItemName();
		String message = "Has recuperado el item " + itemName;
		if (enchantLevel > 0)
		{
			message += " +" + enchantLevel;
		}
		player.sendMessage(message);
	}
	
	private static boolean isValidRecoveryItem(int itemId, int objectId)
	{
		Connection con = null;
		PreparedStatement statement = null;
		ResultSet resultSet = null;
		
		try
		{
			con = L2DatabaseFactory.getInstance().getConnection();
			String sql = "SELECT item_id FROM item_recover WHERE object_id = ? AND item_id = ?";
			statement = con.prepareStatement(sql);
			statement.setInt(1, objectId);
			statement.setInt(2, itemId);
			resultSet = statement.executeQuery();
			
			return resultSet.next(); // Si hay un resultado, el artículo es válido
			
		}
		catch (SQLException e)
		{
			// Manejo de excepciones en caso de error al obtener el artículo recuperable de la base de datos
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (resultSet != null)
				{
					resultSet.close();
				}
				if (statement != null)
				{
					statement.close();
				}
				if (con != null)
				{
					con.close();
				}
			}
			catch (SQLException e)
			{
				// Manejo de excepciones en caso de error al cerrar la conexión a la base de datos
				e.printStackTrace();
			}
		}
		
		return false; // Si ocurre alguna excepción o no se encuentra el artículo, se considera inválido
	}
	
	private static boolean isValidEnchantLevel(int itemId, int enchantLevel, int objectId)
	{
		Connection con = null;
		PreparedStatement statement = null;
		ResultSet resultSet = null;
		
		try
		{
			con = L2DatabaseFactory.getInstance().getConnection();
			String sql = "SELECT enchant_level FROM item_recover WHERE object_id = ? AND item_id = ?";
			statement = con.prepareStatement(sql);
			statement.setInt(1, objectId);
			statement.setInt(2, itemId);
			resultSet = statement.executeQuery();
			
			if (resultSet.next())
			{
				int validEnchantLevel = resultSet.getInt("enchant_level");
				return enchantLevel == validEnchantLevel;
			}
		}
		catch (SQLException e)
		{
			// Manejo de excepciones en caso de error al obtener el nivel de enchant válido de la base de datos
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (resultSet != null)
				{
					resultSet.close();
				}
				if (statement != null)
				{
					statement.close();
				}
				if (con != null)
				{
					con.close();
				}
			}
			catch (SQLException e)
			{
				// Manejo de excepciones en caso de error al cerrar la conexión a la base de datos
				e.printStackTrace();
			}
		}
		
		return false;
	}

 

Posted
2 hours ago, tensador3 said:

 

 

Excuse me, I'm not very good at this, would this be enough to prevent that from happening?

 

	private static void recoverSelectedItem(L2PcInstance player, int itemId, int enchantLevel)
	{
		// Comprueba si el jugador tiene suficientes items del ID 6392
		L2ItemInstance recoveryItem = player.getInventory().getItemByItemId(Config.BLACK_COUPON_ID);
		if (recoveryItem == null || recoveryItem.getCount() < 1)
		{
			player.sendMessage("No tienes suficientes items para recuperar este item.");
			return;
		}
		
		// Verifica el nivel de enchant del item recuperable en la base de datos
		if (!isValidEnchantLevel(itemId, enchantLevel, player.getObjectId()))
		{
			player.sendMessage("No puedes recuperar este item con ese nivel de enchant.");
			return;
		}
		
		// Verifica que el artículo que se está recuperando coincide con el artículo original
		if (!isValidRecoveryItem(itemId, player.getObjectId()))
		{
			player.sendMessage("No puedes recuperar este item.");
			return;
		}
		
		// Crea el item a recuperar con el ID y enchantLevel proporcionados
		L2ItemInstance recoveredItem = ItemTable.getInstance().createItem("RecoverItem", itemId, 1, player);
		recoveredItem.setEnchantLevel(enchantLevel);
		
		// Agrega el item recuperado al inventario del jugador
		player.getInventory().addItem("RecoverItem", recoveredItem, player, player);
		
		// Cobra 1 item del ID 6392
		player.getInventory().destroyItemByItemId("RecoveryCost", Config.BLACK_COUPON_ID, 1, player, player);
		
		// Elimina el item recuperado de la base de datos
		removeRecoverableItem(itemId, player.getObjectId());
		
		// Actualiza el inventario del jugador para que aparezca el item recuperado
		player.sendPacket(new ItemList(player, true));
		
		// Envía un mensaje al jugador con el nombre del item y su nivel de enchant
		String itemName = recoveredItem.getItemName();
		String message = "Has recuperado el item " + itemName;
		if (enchantLevel > 0)
		{
			message += " +" + enchantLevel;
		}
		player.sendMessage(message);
	}
	
	private static boolean isValidRecoveryItem(int itemId, int objectId)
	{
		Connection con = null;
		PreparedStatement statement = null;
		ResultSet resultSet = null;
		
		try
		{
			con = L2DatabaseFactory.getInstance().getConnection();
			String sql = "SELECT item_id FROM item_recover WHERE object_id = ? AND item_id = ?";
			statement = con.prepareStatement(sql);
			statement.setInt(1, objectId);
			statement.setInt(2, itemId);
			resultSet = statement.executeQuery();
			
			return resultSet.next(); // Si hay un resultado, el artículo es válido
			
		}
		catch (SQLException e)
		{
			// Manejo de excepciones en caso de error al obtener el artículo recuperable de la base de datos
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (resultSet != null)
				{
					resultSet.close();
				}
				if (statement != null)
				{
					statement.close();
				}
				if (con != null)
				{
					con.close();
				}
			}
			catch (SQLException e)
			{
				// Manejo de excepciones en caso de error al cerrar la conexión a la base de datos
				e.printStackTrace();
			}
		}
		
		return false; // Si ocurre alguna excepción o no se encuentra el artículo, se considera inválido
	}
	
	private static boolean isValidEnchantLevel(int itemId, int enchantLevel, int objectId)
	{
		Connection con = null;
		PreparedStatement statement = null;
		ResultSet resultSet = null;
		
		try
		{
			con = L2DatabaseFactory.getInstance().getConnection();
			String sql = "SELECT enchant_level FROM item_recover WHERE object_id = ? AND item_id = ?";
			statement = con.prepareStatement(sql);
			statement.setInt(1, objectId);
			statement.setInt(2, itemId);
			resultSet = statement.executeQuery();
			
			if (resultSet.next())
			{
				int validEnchantLevel = resultSet.getInt("enchant_level");
				return enchantLevel == validEnchantLevel;
			}
		}
		catch (SQLException e)
		{
			// Manejo de excepciones en caso de error al obtener el nivel de enchant válido de la base de datos
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (resultSet != null)
				{
					resultSet.close();
				}
				if (statement != null)
				{
					statement.close();
				}
				if (con != null)
				{
					con.close();
				}
			}
			catch (SQLException e)
			{
				// Manejo de excepciones en caso de error al cerrar la conexión a la base de datos
				e.printStackTrace();
			}
		}
		
		return false;
	}

 

 

From a security standpoint, I would say yes, it is a concern. However, from a broader perspective, it is not an ideal approach. The code you provided establishes three separate database connections for a single click, which is highly inefficient. It would be more advisable to implement a manager that can handle all the necessary tasks and hold the relevant data, rather than querying the database each time. This approach would greatly improve the efficiency and maintainability of the code.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



  • Posts

    • From Salvation onwards I think you need a patched nwindow.dll that allows such modifications, try to see if you get what you need here: https://drive.google.com/drive/u/1/folders/1LLbQFGf8KlR-O0Iv5umfF-pwZgrDh9bd
    • hello everyone! I am wanting to save the files (Ini. - Data - ) of the EP5 Client: Salvation... But they generate the error "corrupt files"... I tried several versions of L2FileEditor without good results. I need help! Thank you!
    • Opening December 6th at 19:00 (GMT +3)! Open Beta Test from November 30th!   https://l2soe.com/   🌟 Introducing L2 Saga of Eternia: A Revolution in Lineage 2 High Five! 🌟   Dear Lineage 2 enthusiasts, Prepare to witness the future of private servers! L2 Saga of Eternia is not just another High Five project—it’s a game-changing experience designed to compete with the giants of the Lineage 2 private server scene. Built for the community, by the community, we’re here to raise the bar in quality, innovation, and longevity. What Sets Us Apart? 💎 No Wipes, Ever Say goodbye to the fear of losing your progress. Our server is built to last and will never close. Stability and consistency are our promises to you. ⚔️ Weekly New Content Our dedicated development team ensures fresh challenges, events, and updates every week. From custom quests to exclusive features, there will always be something exciting to explore. 💰 No Pay-to-Win Skill and strategy matter most here. Enjoy a balanced gameplay environment where your achievements come from effort, not your wallet. 🌍 A Massive Community With 2000+ players expected, join a vibrant and active community of like-minded adventurers ready to conquer the world of Aden. 🏆 Fair and Competitive Gameplay Our systems are designed to promote healthy competition while avoiding abusive mechanics and exploits. 🔧 Professional Development From advanced bug fixes to carefully curated content, we pride ourselves on smooth performance, no lag, and unparalleled server quality. Key Features Chronicle: High Five with unique interface Rate: Dynamic x10 rates Class Balance: Carefully fine-tuned for a fair experience PvP Focused: PvP Ranking & aura display effect for 3 Top PvPers every week Custom Events: Seasonal and permanent events to keep you engaged Additional Features:   Custom Endgame Content: Introduce unique dungeons, raids, or zones unavailable in other servers. Player-Driven Economy: Implement a strong market system and avoid overinflated drops or rewards. Epic Siege Battles: Announce special large-scale sieges and PvP events. Incentives for Streamers and Clans: Attract influencers and big clans to boost server publicity. Roadmap Transparency: Share a public roadmap of planned updates to build trust and excitemen   Here you can read all the features: https://l2soe.com/features   Video preview: Join the Revolution! This is your chance to be part of something legendary. L2 Saga of Eternia is not just a server; it’s a movement to redefine what Lineage 2 can be. Whether you’re a seasoned veteran or a newcomer to the world of Aden, we invite you to experience Lineage 2 at its finest.   Official Launch Date: December 6th 2024 Website: https://l2soe.com/ Facebook: https://www.facebook.com/l2soe Discord: https://discord.com/invite/l2eternia   Let’s build the ultimate Lineage 2 experience together. See you in-game! 🎮
    • That's like a tutorial on how to run l2 on MacOS Xd but good job for the investigation. 
    • small update: dc robe set sold   wts adena 1kk = 1.5$ 
  • Topics

×
×
  • Create New...