House System

[Hezzy002]

Quote:

Originally Posted by fowlplay4

You should probably learn something about script security.

I took a minute to look over your code and found quite a few things he could exploit.

He could generate all the house levels he wanted with a trigger, warp into people's houses and drag in their owner's without permission, place furniture in any level he wanted, use your furniture placer to display naughty images (this can be done without exploiting a script though), destroy people's furniture without permission.

Ruining my aspirations of Graal Godhood, but whatever.

[fowlplay4]

Quote:

Originally Posted by Hezzy002

Ruining my aspirations of Graal Godhood, but whatever.

I'm sure his server is full of treasures for you to find.

[Crow]

Quote:

Originally Posted by fowlplay4

I'm sure his server is full of treasures for you to find.

Sad thing is: you're probably right.

[Tolnaftate2004]

Quote:

Originally Posted by fowlplay4

He could generate all the house levels he wanted with a trigger, warp into people's houses and drag in their owner's without permission, place furniture in any level he wanted, use your furniture placer to display naughty images (this can be done without exploiting a script though), destroy people's furniture without permission.

All of these things with a single trigger.

[fowlplay4]

Your system is horrid, and there's more problems with it then the obvious security ones but I don't care enough to tell you how to fix everything.

Pretty much all the problems stem from no server-side validation whatsoever.

Problem: He could generate all the house levels he wanted with a trigger.

Solution: Only allow levels to be generated when the player enters the house. If the levels don't exist when player's are invited to them have an error appear instead. Force the player to enter their house before even allowing them to invite people to it.

Problem: Warp into people's houses and drag in their owner's without permission.

Solution: Your invite system needs to be re-designed so there's an actual invite on the server-side the owner has to accept. If people aren't supposed to be in the house when the owner's not there, don't let them warp to it.

Problem: Place furniture in any level he wanted.

Solution: Make sure the player is in his house or has permission to lay furniture in the level. You should also make sure they actually have that piece of furniture as well.

Problem: Use your furniture placer to display naughty images (this can be done without exploiting a script though).

Solution: There's a server option you can use, it's a disable-all allow only a few solution though. Just display the image to client only by using 200 or above instead.

Quote:

Originally Posted by Stefan

showimgstypes=all or poly,ani,img,text
showimgsallowedganis=all
showimgsallowedimages=all
showimgsfilterlog=true -> logs to logs/showimgsfilter.txt

Problem: Destroy people's furniture without permission.

Solution: Add a check to confirm the player has permission to destroy the furniture. I.e: If they're the actual owner of the house.

[Gunderak]

Thanks for the informative post, I will try to fix all issues when I am home.

[Vlad1]

one glitch within your house script is if a player is in jail they can enter their house and exit their house and easily get out of jail

[fowlplay4]

Quote:

Originally Posted by Vlad1

one glitch within your house script is if a player is in jail they can enter their house and exit their house and easily get out of jail

That's not really a glitch, more a custom condition that you need to script into it yourself.

A generic check like this could be added to prevent warping:

PHP Code:

temp.lvls = serveroptions.jaillevels.tokenize(",");
if (player.level.name in temp.lvls) {
  player.chat = "You are stuck in jail! red dragons";
  return;
} 


[skillmaster19]

from what ive heard hezzy is a pretty notorious hacker lol.

[fowlplay4]

Quote:

Originally Posted by skillmaster19

from what ive heard hezzy is a pretty notorious hacker lol.

might want to read the date on those posts.

red dragons

[Gunderak]

Bumped much? lol
And bahahaha this is my old script.

[Devil_Lord2]

Quote:

Originally Posted by Gunderak

Bumped much? lol
And bahahaha this is my old script.

That doesn't mean you should not improve it...
I honestly hate when people post of a script "To help help the Graal community" then when people give suggestions how to make them better or more efficient they 'brush them to the side' and the script is never actually finished.

In my opinion those type of "helping community posts" should be deleted since they aren't too great. Or put into a template section..

You should go back and fix up your old script so it can be once again considered good. :]
If I were you I'd remake the thread once it is finished and delete this one so it stays on the first page / post.

[Crow]

Quote:

Originally Posted by Devil_Lord2

That doesn't mean you should not improve it...

This is not the code gallery. We can let this rot away.

[Gunderak]

David, I have fixed it up and added new features.
But it's in use on Corinthia and I will not be releasing it.