Your system is horrid, and there's more problems with it then the obvious security ones but I don't care enough to tell you how to fix everything.
Pretty much all the problems stem from no server-side validation whatsoever.
Problem: He could generate all the house levels he wanted with a trigger.
Solution: Only allow levels to be generated when the player enters the house. If the levels don't exist when player's are invited to them have an error appear instead. Force the player to enter their house before even allowing them to invite people to it.
Problem: Warp into people's houses and drag in their owner's without permission.
Solution: Your invite system needs to be re-designed so there's an actual invite on the server-side the owner has to accept. If people aren't supposed to be in the house when the owner's not there, don't let them warp to it.
Problem: Place furniture in any level he wanted.
Solution: Make sure the player is in his house or has permission to lay furniture in the level. You should also make sure they actually have that piece of furniture as well.
Problem: Use your furniture placer to display naughty images (this can be done without exploiting a script though).
Solution: There's a server option you can use, it's a disable-all allow only a few solution though. Just display the image to client only by using 200 or above instead.
Quote:
Originally Posted by Stefan
showimgstypes=all or poly,ani,img,text
showimgsallowedganis=all
showimgsallowedimages=all
showimgsfilterlog=true -> logs to logs/showimgsfilter.txt
|
Problem: Destroy people's furniture without permission.
Solution: Add a check to confirm the player has permission to destroy the furniture. I.e: If they're the actual owner of the house.