Help fixing a exploit in an old addon.

Before I carry on, I would like to say thank you if you are going to help also please don’t hate me for asking for help (Ive tried a lot to fix this exploit, I can’t figure it out).

OK, well there is a Hitmenu system on the workshop that was originally made for DarkRP 2.4.3, I extracted it and updated some things to make it work with DarkRP 2.5 -
the only problem is that I have found a huge exploit that I can’t seem to fix. It should only be a line or two of code to fix it, also I was wondering if you could help me make a
hitman only command to reset the accepted hits (Money is added after the hit is completed, so it should only be a quick line or two)
**
Here is the addon - [HR](I won’t post the exploit here because some servers still might use this addon)[/HR]:**

*
I did try contacting the developer but he hasn’t been online for about 14 days.*
**
So it more simple terms, I really would need this -**

  • Fix exploit
  • Add hitman only reset command

If you think you can help, post your steam or Skype below and I will add you!

^Which should all take a line or two of code each.

Thank you very much and have a great day!

UPDATE - I tried Penguins method but unfortunately it didn’t work.
Here is the supposed code that has a exploit -

The way the exploit works is when I use the concommand to add a hit - In the actual menu its fine (It will not allow hits below 150)
Example (In console) -

This would result in a added $5000

Here is the full thing if you need it -
http://pastebin.com/PV0bS8xA

There are more files, but I don’t think they are essential.

How do you expect us to help if you won’t tell us what’s wrong?

A while back I did some work and I fixed some exploit with a server using hitman mod. What is the exploit?

The exploit is where you can add hits for a negative amount of money in the console which results in money being added to a players wallet (Rather then being taken away when a positive value is given). I will post the code when I get home.

[editline]10th November 2014[/editline]

I posted it now, geuss I was having a stupid moment.

if amount < 0 then
– cockblock
return
end

bam

Ah, yeah; that was it. I think I just used math.abs so they can think they’re clever but it’ll charge them.

Could just abs the value and let the hitman system handle it.
But yeah, either way works.

Thanks for the help Penguin, ill try it when I get home. :slight_smile:
Ill post if it works or not.

BUMP - Solved to early, the exploit still is not fixed :frowning: - Updated the OP

This should work
[lua]function addhit(player,command,args) //format “addhit player amount steamid"s
money = tonumber(player.DarkRPVars.money)
cost = tonumber(args[2])
if money < cost or money < 150 then
net.Start(“nomoney”)
net.WriteString(”")
net.Send(player)
else
player:addMoney(-math.abs(args[2]))
hit = {
ply = args[1],
amount = math.abs(args[2]),
steamid = args[3]
}
table.insert(hits, hit)
net.Start(“hitplaced”)
net.WriteTable(hits)
net.Broadcast()
print("[HITMENU] A hit has been set hit on: " … args[1] … " for amount: " … args[2])
PrintMessage( HUD_PRINTTALK, “[HITMENU] A hit has been set.”)
end

end[/lua]
Easy to do and punishes people who try to exploit :v:

yet if they do it enough times they still can get infinite money topkek

This should work better then
[lua]function addhit(player,command,args) //format “addhit player amount steamid"s
if args[2] != math.abs( args[2]) then
//Punish them here :slight_smile:
return
end
money = tonumber(player.DarkRPVars.money)
cost = tonumber(args[2])
if money < cost or money < 150 then
net.Start(“nomoney”)
net.WriteString(”")
net.Send(player)
else
player:addMoney(-args[2] )
hit = {
ply = args[1],
amount = args[2],
steamid = args[3]
}
table.insert(hits, hit)
net.Start(“hitplaced”)
net.WriteTable(hits)
net.Broadcast()
print("[HITMENU] A hit has been set hit on: " … args[1] … " for amount: " … args[2])
PrintMessage( HUD_PRINTTALK, “[HITMENU] A hit has been set.”)
end

end[/lua]

This one worked great, thank you very much good sir! sorry for the bump everyone :frowning: