diff --git a/[gamemodes]/[deathmatch]/deathmatch/server/main.lua b/[gamemodes]/[deathmatch]/deathmatch/server/main.lua index 8cbc93e3c..0507f1d05 100644 --- a/[gamemodes]/[deathmatch]/deathmatch/server/main.lua +++ b/[gamemodes]/[deathmatch]/deathmatch/server/main.lua @@ -123,5 +123,41 @@ function calculatePlayerRanks() end end --- TODO: remove this debug command -addCommandHandler("kill", function(p) killPed(p) end) \ No newline at end of file +-- +-- checkElementData(): secures element data against unauthorized changes +-- +function checkElementData(key, oldValue, newValue) + -- if the change was server-side, ignore it + if not client then + return + end + + local revert = true + + -- if the change by the client was on resourceRoot, revert it + if source == resourceRoot then + revert = true + end + + -- if the change by the client was a player's rank or score, revert it + if getElementType(source) == "player" and (key == "Rank" or key == "Score") then + revert = true + end + + if not revert then + return + end + + -- revert the change and output a warning + setElementData(source, key, oldValue) + local warning = string.format( + "Unauthorized element data change detected: client = %s, element = %s, key = %s, oldValue = %s, newValue = %s", + getPlayerName(client), + getElementType(source) == "player" and getPlayerName(source) or tostring(source), + tostring(key), + tostring(oldValue), + tostring(newValue) + ) + outputDebugString(warning, 2) +end +addEventHandler("onElementDataChange", resourceRoot, checkElementData) \ No newline at end of file diff --git a/[gamemodes]/[deathmatch]/deathmatch/server/player.lua b/[gamemodes]/[deathmatch]/deathmatch/server/player.lua index 2eb66611c..12dfa9cea 100644 --- a/[gamemodes]/[deathmatch]/deathmatch/server/player.lua +++ b/[gamemodes]/[deathmatch]/deathmatch/server/player.lua @@ -3,6 +3,8 @@ -- local function processPlayerJoin() _playerStates[source] = PLAYER_JOINED + -- begin protecting player element data + addEventHandler("onElementDataChange", source, checkElementData) -- initialize player score data setElementData(source, "Score", 0) setElementData(source, "Rank", "-")