Jump to content
  • 0

why they can hack in this script?

Nero

Asked by Nero,

 Share

Question

Nero Poring

Nero

Posted
Posted 

ayothaya,151,171,3	script	Drops Trader	403,{
	mes .name$;
	mes "You currently have "+countitem(.Imagine_item)+" Mithril coin/s.";
	mes "Would you like to look at the shop?";
	next;
	if(select("Yes:No") == 2) {
		close;
	}
	close2;
	callshop "Imagine_SHOP",1;
	npcshopattach "Imagine_SHOP";
	dispbottom "You currently have "+countitem(.Imagine_item)+" Mithril coin/s.";
	end;

OnBuyItem:
	for(set @i,0; @i < getarraysize(@bought_nameid); set @i,@i+1) {
		for(set @j,0; @j < getarraysize(.Imagine_ITEMS); set @j,@j+2) {
			if(.iMAGINE_ITEMS[@j] == @bought_nameid[@i]) {
				set @itemcost,(.IMAGINE_ITEMS[(@j+1)]*@bought_quantity[@i]);
				set @totalcost,(@totalcost+@itemcost);
				break;
			}
		}
	}
	if(@totalcost > countitem(.Imagine_item)) {
		dispbottom "You don't have enough coin.";
	}
	else {
		for(set @i,0; @i < getarraysize(@bought_nameid); set @i,@i+1) {
			getitem @bought_nameid[@i],@bought_quantity[@i];
		}
		delitem .Imagine_item,@totalcost;
		dispbottom "Thank you for shopping.";
		dispbottom "You now have "+countitem(.Imagine_item)+" Mithril coin left.";
	}
	set @totalcost,0;
	deletearray @bought_nameid[0],128;
	deletearray @bought_quantity[0],128;
	end;

OnInit:
	npcshopdelitem "Imagine_SHOP",909;	 // Leave this alone
	set .name$,"[DropsTrader]";
	set .Imagine_item,674;	 // Input TCG ID
	setarray .Imagine_ITEMS[0],7086,2,7090,2,7091,2,7077,2,7076,2;	 // Input as many items as you want (item::price)



	for(set .@i,0; .@i < getarraysize(.IMAGINE_ITEMS); set .@i,.@i+2) {
		npcshopadditem "Imagine_SHOP",.IMAGINE_ITEMS[.@i],.Imagine_ITEMS[(.@i+1)];
	}
}


-	shop	Imagine_SHOP	139,909:1
 

in my past server, as iv'e used this script. Some people can hack or bug this script using hack programs.. 

i already post it in here before but im not satisfied with the feedbacks that ive receive.. Im really affraid to use dynamic shop or multi currency shop because of this...

 

any body can figure it out why?

7 answers to this question

Recommended Posts

Digos Poring

Digos

Posted
Posted
I would like suggest to always put delitem before of getitem.

 

So, the script execution will stop if player don't have the item. This will prevent exploits like sending mail with the item attached.
  • Upvote 1
Nero Poring

Nero

Posted
  • Author
Posted

Im sorry that i cannon explain how they can hack it but as i observed they can get any items in that npc. this was also the problem of other eatena member before..

nanakiwurtz Poring

nanakiwurtz

Posted
Posted

Maybe they're using a program to retain the items (in this case the TCG), so the script thinks it's already deleted via delitem but actually it's not.

You could make a check before and after transaction.

Like this:

ayothaya,151,171,3    script    Drops Trader    403,{
    mes .name$;
    mes "You currently have "+countitem(.Imagine_item)+" Mithril coin/s.";
    mes "Would you like to look at the shop?";
    next;
    if(select("Yes:No") == 2) {
        close;
    }
    close2;
    callshop "Imagine_SHOP",1;
    npcshopattach "Imagine_SHOP";
    dispbottom "You currently have "+countitem(.Imagine_item)+" Mithril coin/s.";
    end;

OnBuyItem:
    for(set @i,0; @i < getarraysize(@bought_nameid); set @i,@i+1) {
        for(set @j,0; @j < getarraysize(.Imagine_ITEMS); set @j,@j+2) {
            if(.iMAGINE_ITEMS[@j] == @bought_nameid[@i]) {
                set @itemcost,(.IMAGINE_ITEMS[(@j+1)]*@bought_quantity[@i]);
                set @totalcost,(@totalcost+@itemcost);
                break;
            }
        }
    }
    if(@totalcost > countitem(.Imagine_item)) {
        dispbottom "You don't have enough coin.";
    }
    else {
        set .@before,countitem(.Imagine_item);
        set .@expected,.@before-@totalcost;
        delitem .Imagine_item,@totalcost;
        for(set @i,0; @i < getarraysize(@bought_nameid); set @i,@i+1) {
            getitem @bought_nameid[@i],@bought_quantity[@i];
        }
        set .@after,countitem(.Imagine_item);
        if (.@before == .@after || @.after != .@expected) logmes "WARNING: "+strcharinfo(0)+" is trying to buy items from NPC "+.name$+" illegally!";
        dispbottom "Thank you for shopping.";
        dispbottom "You now have "+countitem(.Imagine_item)+" Mithril coin left.";
    }
    set @totalcost,0;
    deletearray @bought_nameid[0],128;
    deletearray @bought_quantity[0],128;
    end;

OnInit:
    npcshopdelitem "Imagine_SHOP",909;     // Leave this alone
    set .name$,"[DropsTrader]";
    set .Imagine_item,674;     // Input TCG ID
    setarray .Imagine_ITEMS[0],7086,2,7090,2,7091,2,7077,2,7076,2;     // Input as many items as you want (item::price)



    for(set .@i,0; .@i < getarraysize(.IMAGINE_ITEMS); set .@i,.@i+2) {
        npcshopadditem "Imagine_SHOP",.IMAGINE_ITEMS[.@i],.Imagine_ITEMS[(.@i+1)];
    }
}


-    shop    Imagine_SHOP    139,909:1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...