3aGl3

I guess you could do that. The hash returned is for any further API requests from that user and thus probably irrelevant for you.

Hm, sorry I can't make much of that. It gets a writer class of some sort...that then writes to the database.

I imagine that a race server is as vulnerable as any other server, however if you never had any problems with cheaters the first answer that comes to mind very well be no. You should keep in mind however, once someone wrote a cheat/hack of some sort for your server it is to late. Especially a highly competitive server like race can be destroyed by a hacker within hours. Imagine someone writes a code injection that completely overwrites his vehicles handling to something way over the top (high speed, acceleration, grip and control), how fun will it be for the other players? Yup, sucks. On a freeroam server one might say people can do pretty much anything anyway but the server might want to block the minigun, hydra and hunter. I've seen that or similar on a bunch of freeroam servers, for reasons obvious. Cheats you still give those things to players, etc. So all that being said the obvious answer is yes, an anti cheat makes total sense. However I just also thought of another side, if you have a private server for instance and you are absolutely sure only trusted people have access you could probably ommit anti cheat. Same if you have an absolutely reliable team, good overall security and there is always someone who can take a look at the server and ban/kick any cheaters.

If you could give me more of the PHP I can probably tell you. Is there something like a register function of some sort?

It looks like there is a setting for what hash function to use, depending on that the script will use sha256 or sha1. The hashing would look like this in LUA, given you use sha256: function hashPassword( password, salt ) return sha256( sha256(password)..salt ) end The hash itself is just a random string, as I don't have any experience with XenForo I can't tell you where or how it's stored.

I don't see what's wrong in at least a simple anti cheat, also depending on what you understand under "anti-cheat" the answer should definitely be yes. I think you should take actions against code injections or memory alteration like AHK or Cheat Engine can perform. Also you should consider the Script Security article on the wiki. Oh and yes, I do consider this "anti-cheat"... One could also consider to take some basic actions against things like speed hacks, maybe bots (aim, minigane, etc.) and the like. Just some very basic stuff as well as logging any breaches/anomalies. This may also help to find bugs in your code... Last but not least as said before security is probably a good anti-cheat too. Don't even have resources like runcode on your server, log all admin actions and also make sure you can trust your staff.

Well then, if it's really that function I doubt the shader I posted fared any better... I played around a little with both shaders and I have to say, the use is pretty limited, at least on the default SA models. I only tried a few but there were usually holes etc. in them...however given enough time this seems to be a great way to alter models for e.g muscles and fat.

I'll give it a shot, even though it sounds unlikely that your GPU can't handle the function... If it can handle VS3.0 it should also be fine with the functions provided...odd. Maybe I can strip down the entire thing a little. Give this a shot, I basically just altered the ped-morph.fx to use a mask with tex2Dlod. // // Example shader - ped_morph.fx // //--------------------------------------------------------------------- // Ped morph settings //--------------------------------------------------------------------- float3 sMorphSize = float3(0,0,0); texture maskMap; //--------------------------------------------------------------------- // Include some common stuff //--------------------------------------------------------------------- #include "mta-helper.fx" //--------------------------------------------------------------------- // Sampler for the mask texture //--------------------------------------------------------------------- sampler maskSampler = sampler_state { Texture = (maskMap); }; //--------------------------------------------------------------------- // Structure of data sent to the vertex shader //--------------------------------------------------------------------- struct VSInput { float3 Position : POSITION0; float3 Normal : NORMAL0; float4 Diffuse : COLOR0; float2 TexCoord : TEXCOORD0; }; //--------------------------------------------------------------------- // Structure of data sent to the pixel shader ( from the vertex shader ) //--------------------------------------------------------------------- struct PSInput { float4 Position : POSITION0; float4 Diffuse : COLOR0; float2 TexCoord : TEXCOORD0; }; //------------------------------------------------------------------------------------------ // VertexShaderFunction // 1. Read from VS structure // 2. Process // 3. Write to PS structure //------------------------------------------------------------------------------------------ PSInput VertexShaderFunction(VSInput VS) { PSInput PS = (PSInput)0; float4 texel = tex2Dlod( maskSampler, float4(VS.TexCoord.xy - float2(0,1), 0, 0) ); // Do morph effect by adding surface normal to the vertex position VS.Position += VS.Normal * sMorphSize * texel.rgb; // Calculate screen pos of vertex PS.Position = MTACalcScreenPosition ( VS.Position ); // Pass through tex coords PS.TexCoord = VS.TexCoord; // Calc GTA lighting for peds PS.Diffuse = MTACalcGTABuildingDiffuse( VS.Diffuse ); return PS; } //------------------------------------------------------------------------------------------ // Techniques //------------------------------------------------------------------------------------------ technique tec0 { pass P0 { VertexShader = compile vs_3_0 VertexShaderFunction(); } } // Fallback technique fallback { pass P0 { // Just draw normally } }

Sooo...I'm stuck. MTA (seems to) support(s) only Shader Version 3_x and lower but I would apparently need 4_x to get the masking to work. I'm pretty much all out of ideas, did a bunch of google searches and got nothing...or at least nothing that I could get anything out of. Note that I'm really not that big into HLSL so maybe someone with more experience could get it to work.

I will take a look at the morph shader and see if I can add a mask to it so only certain parts will be morphed.

You wont need a language menu, you can use the getLocalization function to get the players selected language. Of course you can also have a language menu but considering you just need a window with a combo box and a text telling the player to select his language... Also, I recommend extending the table with a language key so you can't confuse the order e.g.: language = {} language.en_US.quit = "Quit" language.de_DE.quit = "Verlassen" To get the correct language you probably want to write a wrapper function that handles falling back to English if the players selected language isn't available as well as any string:format stuff.

I don't think that's possible, at least I can't find a function and also have never seen it done. If you want to save some sort of dynamic files you will either have to make a list of them e.g. create a files.txt/xml and add a file name every time you create a file. Or have the names in some sort of relation, e.g map name, player account, etc. Whichever fits better for what you are planning.

I don't think a UNION is quite what he wants, furthermore I doubt it'll even work, considering that this is one of the UNION operators requirements: This would be more what he wants: SELECT * FROM players WHERE player_id=? JOIN licenses ON players.player_id=licenses.player_id ...however it'll not give you exactly what you are looking for. Read more on JOINs here: W3Schools

Something like this would do the trick. Note that databaseQuery is a wrapper function I wrote for dbQuery and dbPoll, also make sure to use the same password hashing you do when registering, if you don't have one yet feel free to use the method I use, otherwise the login will always be invalid. --[[ - Attempts to log the player into the given account - - @param <string> username: Username for the account - @param <string> password: Password for the account ]] function requestPlayerLogin( username, password ) if not username or not password or username == "" or password == "" then outputDebugString( "Function requestPlayerLogin called without an username or password.", 2 ) return end -- get the account from the database local result = databaseQuery( "account", "SELECT `account_id`, `name`, `password`, `online` FROM `accounts` WHERE `name`=?", username ) if result then -- grab the account data from the query result local account = result[1] -- get the salt from the password field and hash the password send by the client local salt = string.sub( account.password, 65 ) password = sha256( salt..password ) -- check if the hash and the database hash match if password == string.sub( account.password, 1, 64 ) then -- check the online state of the account if account.online == 1 then -- let the player know that his account is already logged in outputChatBox( string.format( loc(client, "your_account_is_already_logged_in"), get("website") ), client, 255, 128, 128 ) return else -- set the accounts online flag result = databaseQuery( "account", "UPDATE `accounts` SET `online`=1, `last_online`=CURRENT_TIMESTAMP WHERE (`account_id`='?')", account.account_id ) if result then outputDebugString( "Successfully logged player ".. getPlayerName(client) .." in." ) -- save the players account id playerAccount[client] = account.account_id playerAccountName[client] = account.name -- trigger the server and client login event triggerEvent( "onPlayerSQLLogin", resourceRoot, client, account_id ) triggerClientEvent( client, "onClientPlayerLogin", resourceRoot ) -- log a successfull login databaseQuery( "account", "INSERT INTO `accountlogins` (`account`, `address`, `serial`, `success`) VALUES (?,?,?,?)", account.account_id, getPlayerIP(client), getPlayerSerial(client), 1 ) return end end end -- log a failed login attempt databaseQuery( "account", "INSERT INTO `accountlogins` (`account`, `address`, `serial`, `success`) VALUES (?,?,?,?)", account.account_id, getPlayerIP(client), getPlayerSerial(client), 0 ) end -- if we reach this the login request failed -- NOTE -- We stick to a generic error message, even though this isn't super user friendly -- this prevents a hacker from finding out valid usernames by trying to log into them. outputChatBox( loc(client, "invalid_username_or_password"), client, 255, 128, 128 ) end --[[ requestPlayerLogin ]]

You should check the username only. It would also be possible to simply flag the username column as unique and not check it at all. In that case the query will simply fail and just telling the user that it didn't work is sufficient enough.

Given that I have no experience and/or interest in cracking hashes etc. and that I really don't want to argue this out I'll just say this: Whatever. Have it your way. That doesn't change the fact that md5 should be considered insecure and that choosing md5 for encrypting passwords is like choosing a lower quality product because of habit instead of a better one that would have the same price...

Mods aren't exactly 'physically' made, however at some point someone creates a model and a texture. In case of a ported car (eg. GTA V, NFS, ...) usually a game studio like Rockstar made the car model and textures. The modder takes those and adjusts them to GTASA/MTASA. In other cases the modder might create the model himself, probably from images of the real vehicle. Last but not least technology advanced so far in the last years that you can take a bunch of photos of an object and the computer will use those to calculate the model and textures for you, however models made that way aren't usually 'game ready', meaning they are of poor quality. To get a better idea of models and textures you can probably just look those terms up and if you want to get specifically into making car mods for GTASA you can google that or search on gtagarage.com. Also most tools for modding GTASA are free

Since gui and dxDrawing are in no relation to each other I think this would be difficult. I think that using a render target and dxDrawImageSection should work best, combined with the scroll values. Depending on what exactly you want to do it might be easier to just use guiCreateStaticImage.

Looks like you're missing an end in your script after the setObjectScale function.

No, no, no, no md5 is insecure, period! MTA offers sha256 and you should use it. I don't want to get to lengthy about it but you can read this if you want to get more info on password security. Or just google "how to password security" or something...just don't think it's a joke. User data is sensitive data, even more so if you save something like players mail addresses as well.

Sure, I posted you a fully working login function as well as pointing out numerous things that could simplify your script. If that doesn't help you maybe consider to let scripting go. Also...my mobile phone can crack md5 within seconds, it's unsafe too.

You have to check if the menu is currently visible. Just create a variable for that and check it in the onClientClick events.

The event is named onClientGUIComboBoxAccepted

The wiki states that the engineLoadDFF function also accepts strings of text instead of a filepath. So reading the file, then coding it and calling engineLoadDFF with that data would also work.

I keep track of the element that has focus on a variable declared at the top of the document. I created a few functions that create elements so I have a reference for every object, in the onClientRender function I get the mouse position on screen and before drawing the element I check if the mouse is on top of it, if so I save that element in the variable. I also trigger custom events when the mouse enters or leaves an element and with onClientClick and onClientDoubleClick you can also check if the player tries to click the currently focused element.