Author Topic: What function can I use to grab user input from the chat? (Read 819 times)

theviacom · May 31, 2017, 06:43:08 PM

I have been looking through the code of Jincux's server voting addon. I have been wondering how it grabbed user input from the chat for /yes, /no, or to summon it with /newVote.

What I think is happening is that Blockland somehow puts yes/no from the chat into the variable %a, and !SV::isVote is simply asking if a server command/input is a vote.

Here is the addon's code which I'm guessing gets input:

Code: [Select]


function servercmdnewVote(%client, %var1, %var2, %var3, %var4, %var5, %var6, %var7, %var8, %var9, %var10, %var11, %var12, %var13, %var14, %var15, %var16, %var17, %var18, %var19, %var20)
{
	for(%a = 1; %a < 21; %a++)
	{
		if(%var[%a] !$= "")
		{
			%vote = %vote SPC %var[%a];
		}
	}
	if(%client.isadmin && !$SV::isVote)
	{
		messageall('', "\c6There is a new vote for \"\c3" @ %vote @ "\c6\"! Type \c3/SV Yes \c3\c6or\c3 /SV No");
		$SV::Sch = schedule(60000, 0, "SV_End");
		$SV::isVote = 1;
	}
}

function servercmdSV(%client, %a)
{
	if(%client.hasvoted)
		return;

	if(%a $= "No")
	{
		warn(%client.name @ " voted No");
		%client.hasvoted = 1;
		$SV::Average--;
		messageAll('', "\c3" @ %client.name @ "\c6 voted No!");
	}
	else if(%a $= "Yes")
	{
		warn(%client.name @ " voted Yes");
		%client.hasvoted = 1;
		$SV::Average++;
		messageAll('', "\c3" @ %client.name @ "\c6 voted Yes!");
	}
}

Is getting user input from the chat simply doing the SV::isVote thing? Is there some sort of function involved in this that can be written? I do not understand this.

Ad Bot · Advertisement

Kyuande · May 31, 2017, 08:43:12 PM

Every server command in the chat "/" turns into commandToServer('command', "args here"); (client-side), server-side translates it and finds the function serverCmd<command> that the user is requesting. When creating a server command, the first argument is ALWAYS the client calling it.

In this case, you say "/sv yes" and the server translates it based on what I said above to serverCmdSV(%client, "yes") and the code inside that command handles the rest of it.

Try making a command function using this example:
function serverCmdTest(%client, %stuff) { %client.chatMessage("you did /test " @ %stuff); }

Anyone on the server with that registered command doing /test <stuff here> or using the console with commandToServer('Test', "<stuff here>"); will print out to that client with you did /test <stuff they also sent>

Note: Server command functions have to be on your server (or other servers you have access to eval/files) for them to work

theviacom · May 31, 2017, 09:00:13 PM

Quote from: Kyuande on May 31, 2017, 08:43:12 PM

-snip-

Does this mean that players can, through /, inject any function they want into the server if there didn't exist the system of user/admin/super admin? I ask this, since you said that doing /bla tells the server, or executes a function to do commandToServer('Bla', "no input");, which seems to be able to translate to injecting something like saying /centerprintall("monday"); in order to center print everyone with "monday".

Kyuande · May 31, 2017, 09:04:18 PM

No. Players can only call serverCmds that exist on the server. If they could inject any function most servers would be chaos by now.

If I put /blah but there's no function serverCmdBlah, nothing happens
If I put /test and I have function serverCmdTest, it will be called with the client along with the text after the command if the command has the arguments.

phflack · June 01, 2017, 03:42:13 AM

using /ducks will call the function serverCmdDucks(%client) on the server
torquescript is not as terrible as sql at code injection, the only cases it exists is in poorly made addons using eval

theviacom · June 01, 2017, 03:50:56 AM

Quote from: phflack on June 01, 2017, 03:42:13 AM

using /ducks will call the function serverCmdDucks(%client) on the server
torquescript is not as terrible as sql at code injection, the only cases it exists is in poorly made addons using eval

What does "eval" even mean? I've heard of this term being used before, but I've never understood it.

otto-san · June 01, 2017, 04:11:51 AM

Quote from: theviacom on June 01, 2017, 03:50:56 AM

What does "eval" even mean? I've heard of this term being used before, but I've never understood it.

eval is a just function which will execute some arbitrary torquescript that's passed into it. e.g. eval("$a = 500; announce($a);");
as you might imagine, it can be very useful in certain situations, but if user input is touching eval, and you aren't careful, it's also possible that you'll create a dangerous vulnerability which lets users execute code on the server

casually, it can also refer to a server mod that gives players the ability to run code on the server side via chat using the eval function

also, servers have a corresponding commandToClient function that will trigger a clientCmd on a particular client (e.g. commandToClient(%client, 'beep', "soos", "suus", 50); translates to clientCmdBeep("soos", "suus", 50); on the client). this is how you code pretty much any client/server communication in blockland