mIRC Home    About    Download    Register    News    Help

Page 1 of 2 1 2 >
Topic Options
#198734 - 03/05/08 10:49 PM Script to gag users for 5 minutes
CSC2YA Offline
Nutrimatic drinks dispenser

Registered: 22/11/06
Posts: 5
I'm trying to get a script working that will gag users for 5 minutes, then automatically ungag them, but can't get it working how I want it to. The following is what i've got so far:

Quote:
if (!gag isin $1) { /mode $2 +z | /msg # $2 has been gagged for 5 minutes | /setvar %gag $nick | timer1 300 /mode %gag -z }


I'm getting the following errors:
Quote:
* /timer1: invalid parameters (line 39, opercommands.mrc)
-
SETVAR Unknown command

I also want to edit that so that it will message the channel to say that the user is no longer gagged once the 5 minutes are up, but can't work out how to code it so that it all works.


Edited by CSC2YA (03/05/08 10:52 PM)

Top
#198735 - 03/05/08 11:08 PM Re: Script to gag users for 5 minutes [Re: CSC2YA]
Riamus2 Offline
Planetary brain

Registered: 13/10/04
Posts: 8327
Loc: MA, USA
Code:
on *:text:*:#: {
  if ($1 == !gag && $2 ison $chan) {
    mode $2 +z
    msg $chan $2 has been gagged for 5 minutes
    .timer 1 300 mode $2 -z
  }
}


The main problems being that /setvar is not a valid command. You can use /set or you can use /var depending on what you're doing. Also, you missed a space after timer for your other error. One other issue you had is that you can only every have 1 nick automatically ungagged the way you are setting a variable like that. Also, you were ungagging the person doing the command rather than $2. The changes made fix all 3 issues and make it a little more efficient.

Note that I stuck it into an on TEXT event just to show how it fits into a script. If you have it in some other event, you can just insert the part that is inside this on TEXT into whatever event you already have set up.

EDIT: Edited to make the timer safe. Keep in mind that you should, of course, limit the ability to use this command to approved nicks or only yourself, which also will help prevent misuse. I would actually assume this command would be either an alias or an on INPUT anyhow.


Edited by Riamus2 (04/05/08 02:12 AM)
_________________________
Invision Support
#Invision on irc.irchighway.net

Top
#198736 - 04/05/08 12:03 AM Re: Script to gag users for 5 minutes [Re: Riamus2]
qwerty Offline
Hoopy frood

Registered: 07/01/03
Posts: 2523
It's been pointed out an awful lot of times, but I'll point it out again: passing unknown content to /timer can be dangerous. In this case $2 is just a single word, which limits serious attacks like $findfile to mere annoyances (counting the number of files in C: can be pretty annoying though!), if you ignore aliases. If the attacker knows that the victim has a potentially dangerous alias, they can use that. In this case somebody could type "!gag $p" and have the bot part the channel or something like that. I think you get the point.

I realise it may not be easy for an inexperienced scripter to properly escape stuff passed to /timer, so here's an alias that should help:
Code:
; it's important to keep the spacing exactly as it is
alias safe return $!decode( $encode($1,m) ,m)

Then one can use $safe($2) instead of $2 in /timer, /scon or /scid.

The only problem with that is having $encode/$decode disabled for security reasons (a somewhat ironic situation). In such cases, the following (uglier, slower and more prone to hit the maximum-string-length limit) alternative could be used:
Code:
alias safe2 bset -tc &a 1 $1 | return $!regsubex(safe, $bvar(&a,1-) ,/(\d+)(?: |$)/g,$chr(\1))


Edit: this recent report implies that even single-word identifiers like $2 can be used to execute arbitrary commands, which makes escaping them even more important.

Edit 2: added -c switch in /bset to avoid problems with multiple calls in the same script (thanks Wims)


Edited by qwerty (24/01/10 12:52 PM)
_________________________
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com

Top
#202537 - 24/07/08 01:24 PM Re: Script to gag users for 5 minutes [Re: qwerty]
hixxy Offline
Hoopy frood

Registered: 06/09/05
Posts: 2876
Sorry to bump an old thread, but it's worth noting that /flash also double evaluates content. This is what caused an exploit in PnP a while back.

Think it's worth making a sticky about /timer, /scon, /scid, /flash and any other potentially dangerous situations q?

Top
#202541 - 24/07/08 01:52 PM Re: Script to gag users for 5 minutes [Re: hixxy]
qwerty Offline
Hoopy frood

Registered: 07/01/03
Posts: 2523
Good idea, a sticky might help. I'll make one soon.
_________________________
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com

Top
#212662 - 30/05/09 12:07 AM Re: Script to gag users for 5 minutes [Re: qwerty]
Wims Offline
Planetary brain

Registered: 31/07/06
Posts: 3509
Loc: France
I have noticed that the $safe2 alias isn't working really well, the binary var is never unset before using /bset, this result with some old characters in it :
Code:
//Echo -a $($safe2(longggggggggggg) $safe2(short),2)
I think it would be good if the code could be edited with the use of /bunset &a before the /bset.
_________________________
Looking for a good help channel about mIRC? Check #mircscripting @ irc.swiftirc.net

Top
#217870 - 24/01/10 02:27 AM Re: Script to gag users for 5 minutes [Re: Wims]
s00p Offline
Fjord artisan

Registered: 01/07/08
Posts: 236
Loc: Hell, Australia
I wonder if you've noticed how there was no response, Wims...


Edited by s00p (24/01/10 02:41 AM)

Top
#217871 - 24/01/10 03:16 AM Re: Script to gag users for 5 minutes [Re: s00p]
Wims Offline
Planetary brain

Registered: 31/07/06
Posts: 3509
Loc: France
And how the sticky never has been made wink
_________________________
Looking for a good help channel about mIRC? Check #mircscripting @ irc.swiftirc.net

Top
#217874 - 24/01/10 04:16 AM Re: Script to gag users for 5 minutes [Re: Wims]
s00p Offline
Fjord artisan

Registered: 01/07/08
Posts: 236
Loc: Hell, Australia
Mostly how safe2 was never fixed.

Top
#217876 - 24/01/10 10:29 AM Re: Script to gag users for 5 minutes [Re: Riamus2]
chacha Offline
Vogon poet

Registered: 20/02/09
Posts: 133
Loc: Belgique
use "$strip($1) == !gag" is better
_________________________
WorldDMT

Top
#217880 - 24/01/10 01:12 PM Re: Script to gag users for 5 minutes [Re: chacha]
s00p Offline
Fjord artisan

Registered: 01/07/08
Posts: 236
Loc: Hell, Australia
"better" is not well defined, so your statement is void.

Top
#217893 - 24/01/10 09:38 PM Re: Script to gag users for 5 minutes [Re: s00p]
chacha Offline
Vogon poet

Registered: 20/02/09
Posts: 133
Loc: Belgique
/help $strip()
_________________________
WorldDMT

Top
#217894 - 24/01/10 10:06 PM Re: Script to gag users for 5 minutes [Re: chacha]
Tomao Offline
Hoopy frood

Registered: 07/07/07
Posts: 1129
Loc: United States
So does using $strip help to prevent code exploits?

Top
#217896 - 24/01/10 10:32 PM Re: Script to gag users for 5 minutes [Re: Tomao]
RusselB Offline
Planetary brain

Registered: 03/08/04
Posts: 7252
Loc: Ontario, Canada
No, it doesn't help prevent exploits, but it does allow people with scripts that alter their text (using the ON INPUT event) to still use the !gag command without control characters affecting what the bot sees.

It's a nice thing to include, rather than forcing people to not use their scripts, or make them use /say before each bot command.

Top
#217925 - 25/01/10 04:08 PM Re: Script to gag users for 5 minutes [Re: RusselB]
Riamus2 Offline
Planetary brain

Registered: 13/10/04
Posts: 8327
Loc: MA, USA
That said, I usually don't help others to spam control codes. If people want to use commands in scripts I run, they can type them without control codes. Just how I do things. Everyone has their own preferences. If you like supporting them, then using $strip() on every command is "better" ... otherwise, it's not necessary. smile
_________________________
Invision Support
#Invision on irc.irchighway.net

Top
#217937 - 25/01/10 09:12 PM Re: Script to gag users for 5 minutes [Re: Riamus2]
chacha Offline
Vogon poet

Registered: 20/02/09
Posts: 133
Loc: Belgique
there are scripts or addons, including automatic configuration with Scripture colorful, bold, or otherwise. So you cant prevent users from using the control of a bot. so I say: better to use $strip()
_________________________
WorldDMT

Top
#217939 - 25/01/10 10:58 PM Re: Script to gag users for 5 minutes [Re: chacha]
Riamus2 Offline
Planetary brain

Registered: 13/10/04
Posts: 8327
Loc: MA, USA
If I make the script I can. laugh

Besides, most channels I have been on don't really appreciate people talking in color every single sentence and those are really the only scripts that will affect using bot command. Anything else shouldn't affect commands.
_________________________
Invision Support
#Invision on irc.irchighway.net

Top
#217946 - 26/01/10 07:47 PM Re: Script to gag users for 5 minutes [Re: Riamus2]
Tomao Offline
Hoopy frood

Registered: 07/07/07
Posts: 1129
Loc: United States
Yeah well, I think chacha comes from a good start with the use of $strip() just in case control codes take place. Besides, using $strip() is just like adding an extra shield to your script commands. There's no winning or losing...

Top
#218049 - 30/01/10 01:27 PM Re: Script to gag users for 5 minutes [Re: Tomao]
s00p Offline
Fjord artisan

Registered: 01/07/08
Posts: 236
Loc: Hell, Australia
"An extra shield"?

Top
#235785 - 12/01/12 03:53 PM Re: Script to gag users for 5 minutes [Re: qwerty]
Wims Offline
Planetary brain

Registered: 31/07/06
Posts: 3509
Loc: France
I think a sticky about this should really be made, I'm still seeing a lot of people not being aware of the problem who makes exploitable code.
Also, since mIRC 7.0, $!utfdecode($regsubex()) should be used for that second version of the safe alias
_________________________
Looking for a good help channel about mIRC? Check #mircscripting @ irc.swiftirc.net

Top
Page 1 of 2 1 2 >