Java MC Plugin - Why not? 02-28-2015, 08:14 PM
#1
Code:
package me.gay.reporter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import org.bukkit.Bukkit;
import org.bukkit.ChatColor;
import org.bukkit.command.Command;
import org.bukkit.command.CommandSender;
import org.bukkit.entity.Player;
import org.bukkit.plugin.java.JavaPlugin;
public class Reporter extends JavaPlugin
{
String user;
String pass;
String url;
public void onEnable()
{
getConfig().options().copyDefaults(true);
this.user = getConfig().getString("DB.user");
this.pass = getConfig().getString("DB.pass");
this.url = getConfig().getString("DB.url");
saveConfig();
System.out.println(this + " was enabled successfully!");
}
@SuppressWarnings({ "deprecation", "unused" })
public boolean onCommand(CommandSender sender, Command cmd, String commandLabel, String[] args) {
if (cmd.getName().equalsIgnoreCase("report-help")) {
if (!(sender instanceof Player)) {
sender.sendMessage(ChatColor.BLUE + "You must be a player!");
}
sender.sendMessage(ChatColor.GOLD + "== Sector-Reporters ==");
sender.sendMessage(ChatColor.GOLD + "== Type /r-help | for help ==");
sender.sendMessage(ChatColor.GOLD + "== Type /r <player> <reason> | to report player to OP ==");
return true;
}
if ((cmd.getName().equalsIgnoreCase("reports-clear")) &&
(sender.isOp())) {
try {
Connection conn = DriverManager.getConnection(this.url, this.user, this.pass);
PreparedStatement query = conn.prepareStatement("DELETE FROM reports");
query.executeUpdate();
sender.sendMessage(ChatColor.GOLD + "Reports Cleared");
query.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
if (cmd.getName().equalsIgnoreCase("report")) {
if ((sender instanceof Player)) {
Player player = (Player)sender;
}
if (args.length < 2) {
sender.sendMessage(ChatColor.RED + "Proper Use!");
sender.sendMessage(ChatColor.RED + "/report " + ChatColor.GREEN + "[Player] [Reason]");
return true;
}
Player target = getServer().getPlayer(args[0]);
if (target == null) {
sender.sendMessage(ChatColor.RED + "That person doesn't exist! Online players only!");
return true;
}
Player[] arrayOfPlayer;
if ((arrayOfPlayer = getServer().getOnlinePlayers()).length != 0) { Player p = arrayOfPlayer[0];
DateFormat time = new SimpleDateFormat("MM/dd/yyyy HH:mm");
try {
Connection conn = DriverManager.getConnection(this.url, this.user, this.pass);
PreparedStatement query = conn.prepareStatement("INSERT INTO `reports` (id, user, reportuser, report, time) VALUES ('0', '" + sender.getName() + "', '" + target.getName() + "', '" + grabStringFromInt(1, args) + "', NOW())");
query.executeUpdate();
query.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
Bukkit.broadcastMessage(ChatColor.GOLD + sender.getName() + ChatColor.WHITE + " has reported " + ChatColor.GOLD + target.getName() + ChatColor.WHITE + " for" + ChatColor.RED + grabStringFromInt(1, args));
sender.sendMessage(ChatColor.GOLD + "Your report will be shortly veiwed.");
}
}
}
return true;
}
public String grabStringFromInt(int start, String[] args) {
String answer = " ";
for (int x = start; x < args.length; x++) {
answer = answer + args[x] + " ";
}
return answer;
}
public void onDisable() {
System.out.println(this + " was disabled successfully!");
}
}Made an MC plugin because dongs. Left a persistant XSS and potential SQL Injection vuln in there. Feedback? (On everything but security
)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
