GUI Help

[kingcj]

Yes it does, however, you send the text and use params[1] as well, which is what I was under the impression was unsafe. I don't understand how yours is more secure is what I was trying to say.

[Twinny]

The unsafe part was sending the account name through the trigger since hackers could manipulate it to affect someone else. Sending a new nickname doesn't have the same safety concerns. There are ways to protect it but completely unnecessary.

[fowlplay4]

Quote:

Originally Posted by kingcj

Yes it does, however, you send the text and use params[1] as well, which is what I was under the impression was unsafe. I don't understand how yours is more secure is what I was trying to say.

The 'unsafe' part was sending the account that you wanted to change the nickname for. Sending player input was fine however.

[cbk1994]

Quote:

Originally Posted by kingcj

Yes it does, however, you send the text and use params[1] as well, which is what I was under the impression was unsafe. I don't understand how yours is more secure is what I was trying to say.

The issue is not with using the params array. Do you understand how parameters work?

PHP Code:

function onCreated() {
  myFunction("one", "two", "three");
}

function myFunction() {
  echo(params[0] @ ", " @ params[1] @ ", " @ params[2]);
} 


is exactly the same as

PHP Code:

function onCreated() {
  myFunction("one", "two", "three");
}

function myFunction(p1, p2, p3) {
  echo(p1 @ ", " @ p2 @ ", " @ p3);
} 


When you put variable names inside the parentheses like that, you're assigning the parameter values to those variables.

The security problem I referenced was in relation to sending the player's account. The script Twinny posted is fine, as was yours.

edit: wow way too slow