Callstack Access

[cbk1994]

Making an item system, I have a function that looks like this:

PHP Code:

public function addItem(itemid, quantity) {
  // code here
  temp.callstack = getcallstack();
  echo("C:" SPC callstack[callstack.size() - 2].scriptcallobject SPC callstack.size());
  // code here
} 


The problem I'm having is that the callstack does not have an object for scripts that call it outside of a function block. For example, a weapon below:

PHP Code:

findPlayer("cbk1994").addItem(100, 1); 


Echos "C: 1" meaning that there is only one entry, which is the current object/function.

However, if this is used, it works perfectly:

PHP Code:

function onCreated() {
  findPlayer("cbk1994").addItem(100, 1);
} 


Echoes "C: -Guns 2" (-Guns being the name of the weapon)

This is, of course, serverside. It would be great if this could be fixed ASAP, or if someone knows a solution.

Thanks.

[Loriel]

I am probably missing something here, but why would you ever call functions outside of function blocks?

(Also I assume this is for debugging?)

[cbk1994]

Quote:

Originally Posted by Loriel

I am probably missing something here, but why would you ever call functions outside of function blocks?

Normally, you never would; this is to try to catch/prevent abuse of script rights.

PHP Code:

findPlayer("cbk1994").addItem("gun_ak47", 5);
function onCreated() {
 // blah
} 


Quote:

Weapon/GUI-Script SomeRandomWeapon has been added/updated by cbk1994!
[note: top line of code is now removed]
Weapon/GUI-Script SomeRandomWeapon has been added/updated by cbk1994!
Tig: Woah, that was fast.

etc.

Right now I'm simply denying anything I can't get the callstack for, and then only allowing it for a list of allowed scripts.

However, I'd like it if I could see what function is trying to add an item so staff can tell if it was an honest glitch, or if someone is trying to abuse powers (Era has had a lot of abuse of power problems lately).

[Programmer]

Quote:

Originally Posted by Loriel

I am probably missing something here, but why would you ever call functions outside of function blocks?

(Also I assume this is for debugging?)

In a normal situation, reliable scripters do not do such a thing. However, malicious ones tend to add weapons to themselves using scripts that usually have methods called outside of a function block. Chris is attempting to secure his code with a simple check of the call stack, but this is a problem since the method is called on a global scope.

Chris, why not just eliminate the possibility of a weapon addition on a global scope (or, consequently, through the weapon itself) by only allowing calls that have a total stack size of >1?

[cbk1994]

Quote:

Originally Posted by Programmer

Chris, why not just eliminate the possibility of a weapon addition on a global scope (or, consequently, through the weapon itself) by only allowing calls that have a total stack size of >1?

I did, but I think it would be a reasonable addition to callstack access to still be able to tell where it's coming from so staff can see that "NPC at (1,5) at era_newlat-mylevel.nw is trying to add items (guns_ak47 x4) to cbk1994!"

[Loriel]

Quote:

Originally Posted by cbk1994

Normally, you never would; this is to try to catch/prevent abuse of script rights.

[...]

However, I'd like it if I could see what function is trying to add an item so staff can tell if it was an honest glitch, or if someone is trying to abuse powers (Era has had a lot of abuse of power problems lately).

Oh, okay, that is not a situation I would want to be in, but it makes a lot of sense. Carry on, then.

[cbk1994]

bump