How come this happens sometimes?

OfficialBadger · December 12, 2019, 10:29pm

Basically I have made a script named DiscordAcePerms, but a problem happens sometimes which is very odd and harmful. Sometimes a player can login and get someone else’s permissions who is actually a staff member. It’s a huge problem and I don’t quite understand how it happens. This is quite rare, but happens enough times that I would like to look into getting it fully solved.

Here is the server.lua code in which somehow is causing this issue… Thank you.

-----------------------------------
--- Discord ACE Perms by Badger ---
-----------------------------------

--- Code ---

roleList = {
{577968852852539392, "group.tc"}, --[[ Trusted-Civ --- 577968852852539392 ]] 
{581159762138497027, "group.faa"}, --[[ FAA --- 581159762138497027 ]]
{577661583497363456, "group.donator"}, --[[ Donator --- 577661583497363456 ]]
{577631197987995678, "group.trialModerator"}, --[[ T-Mod --- 577631197987995678 ]] 
{506211787214159872, "group.moderator"}, --[[ Moderator --- 506211787214159872 ]]
{506212543749029900, "group.admin"}, --[[ Admin --- 506212543749029900 ]]
{577966729981067305, "group.admin"}, --[[ Management --- 577966729981067305 ]]
{506212786481922058, "group.owner"}, --[[ Owner --- 506212786481922058]]
}
local function has_value (tab, val)
    for index, value in ipairs(tab) do
        if value == val then
            return true
        end
    end

    return false
end
function PlayerIdentifier(type, id)
    local identifiers = {}
    local numIdentifiers = GetNumPlayerIdentifiers(id)

    for a = 0, numIdentifiers do
        table.insert(identifiers, GetPlayerIdentifier(id, a))
    end

    for b = 1, #identifiers do
        if string.find(identifiers[b], type, 1) then
            return identifiers[b]
        end
    end
    return false
end
function stringsplit(inputstr, sep)
    if sep == nil then
        sep = "%s"
    end
    local t={} ; i=1
    for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
        t[i] = str
        i = i + 1
    end
    return t
end

hasPermsAlready = {}

AddEventHandler('playerConnecting', function(name, setKickReason, deferrals)
	local src = source
	local hex = string.sub(tostring(PlayerIdentifier("steam", src)), 7)
	permAdd = "add_principal identifier.steam:" .. hex .. " "
	for k, v in ipairs(GetPlayerIdentifiers(src)) do
			if string.sub(v, 1, string.len("discord:")) == "discord:" then
				identifierDiscord = v
			end
	end
	if identifierDiscord then
		if not has_value(hasPermsAlready, GetPlayerName(src)) then
			local roleIDs = exports.discord_perms:GetRoles(src)
			if not (roleIDs == false) then
				for i = 1, #roleList do
					for j = 1, #roleIDs do
						if (tostring(roleList[i][1]) == tostring(roleIDs[j])) then
							print("Added " .. GetPlayerName(src) .. " to role group " .. roleList[i][2] .. " with discordRole ID: " .. roleIDs[j])
							ExecuteCommand(permAdd .. roleList[i][2])
						end
					end
				end
				table.insert(hasPermsAlready, GetPlayerName(src))
			else
				print(GetPlayerName(src) .. " has not gotten their permissions cause roleIDs == false")
			end
		end
	end
end)

RegisterServerEvent("DiscordAcePerms:GivePerms")
AddEventHandler("DiscordAcePerms:GivePerms", function()
	-- Deprecated 
end)

ChristopherM · December 13, 2019, 5:31am

Is it a case of their Discord ID being incorrect, if so, are they perhaps spoofing the ID of a Mod, etc? Have you had a chance to log the IDs of users who get the wrong perms and compare them with the ID of the person they are intended for?

OfficialBadger · December 13, 2019, 7:33pm

I don’t think it’s spoofing. What I suspect is happening is on playerConnecting, the ID is the ID of another user as Fivem is still determining what ID to give them and then they get the perms of someone who logged in before them. Not sure if it’s possible, but it doesn’t seem any other way for this to happen. Hopefully someone actually has experienced such a problem with the playerConnecting problem and knows a fix

OfficialBadger · September 25, 2020, 12:20am

Does anyone know why this happens? Still looking for a fix…

Zenithium589 · September 25, 2020, 6:25am

Could onPlayerSpawn work instead? I havent looked at the code so I’m not sure whether it would work or not. Everytime a player dies and respawn it will also be triggered, but since player spawn happens after connect FiveM should have actually sorted out what ID the player is.

OfficialBadger · September 25, 2020, 3:51pm

The only problem with using onPlayerSpawn is then for vMenu permissions to take effect, you need the player to relog or restart the vMenu script. I’m wondering if there is a vMenu event that could recheck the permissions after someone logs in perhaps though? I could add this to the vMenu code, but they people would require that vMenu version for it to work properly.

OfficialBadger · October 2, 2020, 6:30pm

Bumping this again cause it would be amazing if this was fixed