Script to gag users for 5 minutes
#198734
03/05/08 09:49 PM
|
Joined: Nov 2006
Posts: 5
CSC2YA
OP
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: Nov 2006
Posts: 5 |
I'm trying to get a script working that will gag users for 5 minutes, then automatically ungag them, but can't get it working how I want it to. The following is what i've got so far: if (!gag isin $1) { /mode $2 +z | /msg # $2 has been gagged for 5 minutes | /setvar %gag $nick | timer1 300 /mode %gag -z } I'm getting the following errors: * /timer1: invalid parameters (line 39, opercommands.mrc) - SETVAR Unknown command I also want to edit that so that it will message the channel to say that the user is no longer gagged once the 5 minutes are up, but can't work out how to code it so that it all works.
Last edited by CSC2YA; 03/05/08 09:52 PM.
|
|
|
Re: Script to gag users for 5 minutes
[Re: CSC2YA]
#198735
03/05/08 10:08 PM
|
Joined: Oct 2004
Posts: 8,330
Riamus2
Hoopy frood
|
Hoopy frood
Joined: Oct 2004
Posts: 8,330 |
on *:text:*:#: {
if ($1 == !gag && $2 ison $chan) {
mode $2 +z
msg $chan $2 has been gagged for 5 minutes
.timer 1 300 mode $2 -z
}
}
The main problems being that /setvar is not a valid command. You can use /set or you can use /var depending on what you're doing. Also, you missed a space after timer for your other error. One other issue you had is that you can only every have 1 nick automatically ungagged the way you are setting a variable like that. Also, you were ungagging the person doing the command rather than $2. The changes made fix all 3 issues and make it a little more efficient. Note that I stuck it into an on TEXT event just to show how it fits into a script. If you have it in some other event, you can just insert the part that is inside this on TEXT into whatever event you already have set up. EDIT: Edited to make the timer safe. Keep in mind that you should, of course, limit the ability to use this command to approved nicks or only yourself, which also will help prevent misuse. I would actually assume this command would be either an alias or an on INPUT anyhow.
Last edited by Riamus2; 04/05/08 01:12 AM.
Invision Support #Invision on irc.irchighway.net
|
|
|
Re: Script to gag users for 5 minutes
[Re: Riamus2]
#198736
03/05/08 11:03 PM
|
Joined: Jan 2003
Posts: 2,523
qwerty
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
It's been pointed out an awful lot of times, but I'll point it out again: passing unknown content to /timer can be dangerous. In this case $2 is just a single word, which limits serious attacks like $findfile to mere annoyances (counting the number of files in C: can be pretty annoying though!), if you ignore aliases. If the attacker knows that the victim has a potentially dangerous alias, they can use that. In this case somebody could type "!gag $p" and have the bot part the channel or something like that. I think you get the point. I realise it may not be easy for an inexperienced scripter to properly escape stuff passed to /timer, so here's an alias that should help: ; it's important to keep the spacing exactly as it is
alias safe return $!decode( $encode($1,m) ,m) Then one can use $safe($2) instead of $2 in /timer, /scon or /scid. The only problem with that is having $encode/$decode disabled for security reasons (a somewhat ironic situation). In such cases, the following (uglier, slower and more prone to hit the maximum-string-length limit) alternative could be used: alias safe2 bset -tc &a 1 $1 | return $!regsubex(safe, $bvar(&a,1-) ,/(\d+)(?: |$)/g,$chr(\1)) Edit: this recent report implies that even single-word identifiers like $2 can be used to execute arbitrary commands, which makes escaping them even more important.Edit 2: added -c switch in /bset to avoid problems with multiple calls in the same script (thanks Wims)
Last edited by qwerty; 24/01/10 12:52 PM.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
Re: Script to gag users for 5 minutes
[Re: qwerty]
#202537
24/07/08 12:24 PM
|
Joined: Sep 2005
Posts: 2,881
hixxy
Hoopy frood
|
Hoopy frood
Joined: Sep 2005
Posts: 2,881 |
Sorry to bump an old thread, but it's worth noting that /flash also double evaluates content. This is what caused an exploit in PnP a while back.
Think it's worth making a sticky about /timer, /scon, /scid, /flash and any other potentially dangerous situations q?
|
|
|
Re: Script to gag users for 5 minutes
[Re: hixxy]
#202541
24/07/08 12:52 PM
|
Joined: Jan 2003
Posts: 2,523
qwerty
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,523 |
Good idea, a sticky might help. I'll make one soon.
/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
|
|
|
Re: Script to gag users for 5 minutes
[Re: qwerty]
#212662
29/05/09 11:07 PM
|
Joined: Jul 2006
Posts: 3,924
Wims
Hoopy frood
|
Hoopy frood
Joined: Jul 2006
Posts: 3,924 |
I have noticed that the $safe2 alias isn't working really well, the binary var is never unset before using /bset, this result with some old characters in it : //Echo -a $($safe2(longggggggggggg) $safe2(short),2) I think it would be good if the code could be edited with the use of /bunset &a before the /bset.
#mircscripting @ irc.swiftirc.net == the best mIRC help channel
|
|
|
Re: Script to gag users for 5 minutes
[Re: Wims]
#217870
24/01/10 02:27 AM
|
Joined: Jul 2008
Posts: 236
s00p
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
I wonder if you've noticed how there was no response, Wims...
Last edited by s00p; 24/01/10 02:41 AM.
|
|
|
Re: Script to gag users for 5 minutes
[Re: s00p]
#217871
24/01/10 03:16 AM
|
Joined: Jul 2006
Posts: 3,924
Wims
Hoopy frood
|
Hoopy frood
Joined: Jul 2006
Posts: 3,924 |
And how the sticky never has been made 
#mircscripting @ irc.swiftirc.net == the best mIRC help channel
|
|
|
Re: Script to gag users for 5 minutes
[Re: Wims]
#217874
24/01/10 04:16 AM
|
Joined: Jul 2008
Posts: 236
s00p
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
Mostly how safe2 was never fixed.
|
|
|
Re: Script to gag users for 5 minutes
[Re: Riamus2]
#217876
24/01/10 10:29 AM
|
Joined: Feb 2009
Posts: 133
chacha
Vogon poet
|
Vogon poet
Joined: Feb 2009
Posts: 133 |
use "$strip($1) == !gag" is better
WorldDMT
|
|
|
Re: Script to gag users for 5 minutes
[Re: chacha]
#217880
24/01/10 01:12 PM
|
Joined: Jul 2008
Posts: 236
s00p
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
"better" is not well defined, so your statement is void.
|
|
|
Re: Script to gag users for 5 minutes
[Re: s00p]
#217893
24/01/10 09:38 PM
|
Joined: Feb 2009
Posts: 133
chacha
Vogon poet
|
Vogon poet
Joined: Feb 2009
Posts: 133 |
WorldDMT
|
|
|
Re: Script to gag users for 5 minutes
[Re: chacha]
#217894
24/01/10 10:06 PM
|
Joined: Jul 2007
Posts: 1,129
Tomao
Hoopy frood
|
Hoopy frood
Joined: Jul 2007
Posts: 1,129 |
So does using $strip help to prevent code exploits?
|
|
|
Re: Script to gag users for 5 minutes
[Re: Tomao]
#217896
24/01/10 10:32 PM
|
Joined: Aug 2004
Posts: 7,252
RusselB
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
No, it doesn't help prevent exploits, but it does allow people with scripts that alter their text (using the ON INPUT event) to still use the !gag command without control characters affecting what the bot sees.
It's a nice thing to include, rather than forcing people to not use their scripts, or make them use /say before each bot command.
|
|
|
Re: Script to gag users for 5 minutes
[Re: RusselB]
#217925
25/01/10 04:08 PM
|
Joined: Oct 2004
Posts: 8,330
Riamus2
Hoopy frood
|
Hoopy frood
Joined: Oct 2004
Posts: 8,330 |
That said, I usually don't help others to spam control codes. If people want to use commands in scripts I run, they can type them without control codes. Just how I do things. Everyone has their own preferences. If you like supporting them, then using $strip() on every command is "better" ... otherwise, it's not necessary. 
Invision Support #Invision on irc.irchighway.net
|
|
|
Re: Script to gag users for 5 minutes
[Re: Riamus2]
#217937
25/01/10 09:12 PM
|
Joined: Feb 2009
Posts: 133
chacha
Vogon poet
|
Vogon poet
Joined: Feb 2009
Posts: 133 |
there are scripts or addons, including automatic configuration with Scripture colorful, bold, or otherwise. So you cant prevent users from using the control of a bot. so I say: better to use $strip()
WorldDMT
|
|
|
Re: Script to gag users for 5 minutes
[Re: chacha]
#217939
25/01/10 10:58 PM
|
Joined: Oct 2004
Posts: 8,330
Riamus2
Hoopy frood
|
Hoopy frood
Joined: Oct 2004
Posts: 8,330 |
If I make the script I can.  Besides, most channels I have been on don't really appreciate people talking in color every single sentence and those are really the only scripts that will affect using bot command. Anything else shouldn't affect commands.
Invision Support #Invision on irc.irchighway.net
|
|
|
Re: Script to gag users for 5 minutes
[Re: Riamus2]
#217946
26/01/10 07:47 PM
|
Joined: Jul 2007
Posts: 1,129
Tomao
Hoopy frood
|
Hoopy frood
Joined: Jul 2007
Posts: 1,129 |
Yeah well, I think chacha comes from a good start with the use of $strip() just in case control codes take place. Besides, using $strip() is just like adding an extra shield to your script commands. There's no winning or losing...
|
|
|
Re: Script to gag users for 5 minutes
[Re: Tomao]
#218049
30/01/10 01:27 PM
|
Joined: Jul 2008
Posts: 236
s00p
Fjord artisan
|
Fjord artisan
Joined: Jul 2008
Posts: 236 |
|
|
|
Re: Script to gag users for 5 minutes
[Re: qwerty]
#235785
12/01/12 03:53 PM
|
Joined: Jul 2006
Posts: 3,924
Wims
Hoopy frood
|
Hoopy frood
Joined: Jul 2006
Posts: 3,924 |
I think a sticky about this should really be made, I'm still seeing a lot of people not being aware of the problem who makes exploitable code. Also, since mIRC 7.0, $!utfdecode($regsubex()) should be used for that second version of the safe alias
#mircscripting @ irc.swiftirc.net == the best mIRC help channel
|
|
|
|
|