The problem is that you're triggering serverside like it's a weapon. You can't do that.
Instead, something like
PHP Code:
function onCreated() {
this.itemName = "whatever";
this.itemPrice = 123123;
this.setShape(1, 16, 16); // so it can be triggered)
}
function onActionPurchase() {
echo(player.account @ " wants to purchase this item!");
}
//#CLIENTSIDE
function Shop_Button1.onAction() {
if (client.gold > client.store1 || client.gold == client.store1) {
if (!(hasweapon((@client.realitem)))) {
triggerAction(this.x, this.y, "purchase", null);
}
}
}
You're trusting the clientside way too much. Any client. variables can be changed by the player; always assume they have been tampered with. You need to store the item price and name on the serverside if that's where you need to access them. I could easily purchase any item I wanted to on your server for no money at all.
While my example should work, I highly recommend you take the code out of the item class and centralize all of it in one weapon. The GUI code is easier to maintain in a single weapon, and the serverside bits are much easier to maintain. Not only can you not assume that a trigger will reach serverside when using triggerAction on a local NPC, but it's a mess whenever you need to change anything since you have to change the scripts in many levels.
Instead, just trigger a weapon when the item is clicked (see
here).
Otherwise, you can keep the same code and still centralize the serverside bit by triggering a database NPC instead of the local NPC. This has huge benefits because you can be sure the trigger will reach serverside. See
here.
Quote:
Originally Posted by callimuc
|
No, never send the player's account in a trigger. All you're doing is opening up major vulnerabilities. With your code, I could force any player online to spend their money to purchase any item I wanted them to (assuming your code would work, which it won't).