Instead of re-using the params array, you could at least use variables so other scripters can see what they actually are.
It's also better to just call findplayer once and store the 'found player' in a variable and use it instead of constantly calling findplayer every time you want to access the player's object.
I.e:
PHP Code:
function onActionServerSide() {
// other code..
if (params[0] == "GiveEC") {
temp.target = findplayer(params[1]);
temp.ec_amount = params[2];
if (temp.target != NULL) {
if (temp.target != player) {
EC_Database.(@temp.target.account) += params[2];
EC_Database.trigger("update");
temp.msg = player.communityname SPC "gave " @ temp.ec_amount SPC "EC to " @ temp.target.communityname SPC "(" @ temp.target.account @ ")";
sendToRc(temp.msg);
saveLog2("ec_log.txt", temp.msg);
player.chat = "Gave " @ temp.ec_amount SPC "EC!";
temp.target.chat = "Gained " @ temp.ec_amount SPC "EC!";
} else {
sendToRC(player.communityname SPC "tried to take EC while hosting an event.");
player.chat = "Now, now.. You shouldn't be stealing EC...";
}
} else {
player.chat = "Player doesn't exist...";
}
}
// other code..
}
Serverside security is also very important so make sure you follow cbk's advice and fix that too.
Your 'Join Event' GUI could use some work still as well.