Skip to content
Snippets Groups Projects
Commit 7cb73e63 authored by Levatax's avatar Levatax
Browse files

fixed security issues

parent 88f9e97f
Branches
No related tags found
No related merge requests found
settings.json
node_modules
.idea
\ No newline at end of file
const Discord = require('discord.js');
exports.run = async(bot, message, args) => {
let user = message.mentions.users.first() || message.guild.member(args[0]) || message.author;
message.channel.send(new Discord.RichEmbed()
.setDescription('Here:')
.setImage(user.avatarURL)
......
......@@ -7,10 +7,9 @@ exports.run = async(bot, message, args, connection) => {
if(!user) return message.channel.send('Please mention user to ban.');
if(!reason) return message.channel.send('Please type a reason and try again');
if (!message.guild.member(user).bannable) return message.reply(`I don't have permission to ban this user`);
let userid = user.id;
let username = user.username;
let userdiscriminator= user.discriminator;
message.guild.ban(user, { days: 7, reason: reason});
await message.guild.ban(user, {days: 7, reason: reason});
const embed = new Discord.RichEmbed()
.setColor('RANDOM')
......@@ -19,12 +18,11 @@ exports.run = async(bot, message, args, connection) => {
.addField('Banned User:', `${user.user.tag} (${user.id})`)
.addField('Moderator:', `${message.author.tag} (${message.author.id})`)
.addField('Reason:', reason);
message.channel.send(embed);
await message.channel.send(embed);
var sql = `INSERT INTO punishments (type,guild,user,admin,duration,reason,channel) VALUES ('Ban','${message.guild.id}','${userid}','${message.member.id}','7 Days','${reason}','${message.channel.id}')`;
connection.query(sql, function (err, result) {
connection.query("INSERT INTO punishments (type,guild,user,admin,duration,reason,channel) VALUES ('Ban', ?, ?, ?,'7 Days', ?, ?)", [message.guild.id, userid, message.member.id, reason, message.channel.id], function (err, result) {
if (err) throw err;
console.log('successfully added to sql');
console.log(`successfully added to sql`);
});
};
......
......@@ -4,7 +4,7 @@ exports.run = async(bot, message, args) => {
let number = parseInt(args.join(' '));
if (!number) return message.channel.send('Please enter number and try again');
if (number > 99) return message.channel.send(`I can't delete more than 100 message`);
message.channel.bulkDelete(number + 1);
await message.channel.bulkDelete(number + 1);
message.channel.send('Cleared ' + number + ' message')
};
......
......@@ -9,7 +9,7 @@ exports.run = async(bot, message, args, connection) => {
if (!message.guild.member(user).kickable) return message.reply(`I don't have permission to kick this user`);
console.log(user.user.tag);
user.kick({reason: reason});
await user.kick({reason: reason});
const embed = new Discord.RichEmbed()
.setColor('RANDOM')
......@@ -18,10 +18,9 @@ exports.run = async(bot, message, args, connection) => {
.addField('Kicked User:', `${user.user.tag} (${user.id})`)
.addField('Moderator:', `${message.author.tag} (${message.author.id})`)
.addField('Reason:', reason);
message.channel.send(embed);
await message.channel.send(embed);
var sql = `INSERT INTO punishments (type,guild,user,admin,duration,reason,channel) VALUES ('Kick','${message.guild.id}','${user.id}','${message.member.id}','-','${reason}','${message.channel.id}')`;
connection.query(sql, function (err, result) {
connection.query("INSERT INTO punishments (type,guild,user,admin,duration,reason,channel) VALUES ('Kick', ?, ?, ?,'-', ?, ?)", [message.guild.id, user.id, message.member.id, reason, message.channel.id], function (err, result) {
if (err) throw err;
console.log('successfully added to sql');
});
......
......@@ -34,8 +34,7 @@ exports.run = async(bot, message, args, connection) => {
await(spammer.addRole(role.id));
message.channel.send(`Muted User: <@${spammer.id}> \nDuration: ${ms(ms(time))} \nReason: ${reason}`);
var sql = `INSERT INTO punishments (type,guild,user,admin,duration,reason,channel) VALUES ('Mute','${message.guild.id}','${spammer.id}','${message.member.id}','${time}','${reason}','${message.channel.id}')`;
connection.query(sql, function (err, result) {
connection.query("INSERT INTO punishments (type,guild,user,admin,duration,reason,channel) VALUES ('Mute', ?, ?, ?, ?, ?, ?)", [message.guild.id, spammer.id, message.member.id, time, reason, message.channel.id], function (err, result) {
if (err) throw err;
console.log('successfully added to sql');
});
......@@ -53,5 +52,5 @@ exports.run = async(bot, message, args, connection) => {
module.exports.help = {
name: 'mute',
aliases: ['tempmute']
aliases: [`tempmute`]
};
......@@ -3,8 +3,8 @@ exports.run = async(bot, message, args, connection) => {
let prefix = args[0];
let guildid= message.guild.id;
var sql = `UPDATE guilds SET prefix = '`+ prefix +`' WHERE guildid = '`+ guildid +`'`;
connection.query(sql, function (err, result) {
connection.query("UPDATE guilds SET prefix=? WHERE guildid=?", [prefix, guildid], function (err, result) {
if (err) throw err;
message.channel.send("prefix changed succesffully to "+ prefix);
});
......
......@@ -15,8 +15,7 @@ exports.run = async(bot, message, args, connection) => {
}
}
var sql = `SELECT * FROM punishments WHERE guild='${message.guild.id}' AND user='${user}'`;
connection.query(sql, function (err, result) {
connection.query("SELECT * FROM punishments WHERE guild=? AND user=?", [message.guild.id, user], function (err, result) {
let data = [
["ID", "Type", "Moderator", "Duration", "Reason", "Time"]
];
......
This diff is collapsed.
{
"prefix" :"prefix",
"prefix" :"v!",
"token" : "token",
"owner": "ownerid"
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment