[How-to] secure your esx_inventoryhud from item duplication bug

FiveM Server Development ES/ESX
, , , ,
1

There is a bug which allows people to duplicate any item using esx_inventoryhud. Not gonna explain how it works, but basically it can be done when someone opens another player’s inventory e.g. by searching.
I found an easy workaround which basically closes target inventory and prevents from opening it while being searched.
GitHub pull request

You need to add the lines in your:
client/main.lua:

local canOpenInventory = true
local targetInventory = nil

-- sets the id of target
RegisterNetEvent("esx_invnetoryhud:setOpenedPlayerId")
AddEventHandler("esx_invnetoryhud:setOpenedPlayerId", function(target)
    --print(target)
    targetInventory = target
end)

-- disables inventory opening if someone is searching the source
RegisterNetEvent("esx_inventoryhud:disableOpen")
AddEventHandler('esx_inventoryhud:disableOpen', function()
    ESX.UI.Menu.CloseAll() -- this also closes any esx menus to prevent duping using society inventory
    closeInventory()
    canOpenInventory = false
end)

-- enables opening after search is finished
RegisterNetEvent("esx_inventoryhud:enableOpen")
AddEventHandler("esx_inventoryhud:enableOpen", function()
    canOpenInventory = true
end)

replace closeInventory function in client/main.lua

function closeInventory()
    --print(targetInventory)
    --print('enabling open')
    if targetInventory ~= nil then
        print(targetInventory)
        TriggerServerEvent("esx_inventoryhud:enableTargetInv", targetInventory)
        targetInventory = nil
    end
    isInInventory = false
    SendNUIMessage(
        {
            action = "hide"
        }
    )
    SetNuiFocus(false, false)
end

replace openInventory function in client/main.lua

function openInventory()
    ESX.UI.Menu.CloseAll()-- this also closes any esx menus to prevent from society inventory duping
    if canOpenInventory then -- checks if inventory is being searched (can be opened)
        loadPlayerInventory()
        isInInventory = true
        SendNUIMessage(
            {
                action = "display",
                type = "normal"
            }
        )
        SetNuiFocus(true, true)
    else
        -- add any notification that lets person know that he can't open inventory
    end
end

change thread at the bottom of client.lua

Citizen.CreateThread(
    function()
        while true do
            Citizen.Wait(1000)
            if isInInventory then
                local playerPed = PlayerPedId()
                DisableAllControlActions(0)
                EnableControlAction(0, 47, true)
                EnableControlAction(0, 245, true)
                EnableControlAction(0, 38, true)
            end
            --print(canOpenInventory)
            if not canOpenInventory then -- if inventory is being searched (can not be opened) - disable open control
                local playerPed = PlayerPedId()
                DisableControlAction(0, Config.OpenControl, true)
            else
                Citizen.Wait(2000)
            end
        end
    end
)

Edit event handler in client/player.lua

AddEventHandler("esx_inventoryhud:openPlayerInventory", function(target, playerName)
	PlayerData = ESX.GetPlayerData()
    if PlayerData.job and PlayerData.job.name == 'police' or PlayerData.job.name == 'ambulance' then
        targetPlayer = target
        targetPlayerName = playerName
        setPlayerInventoryData()
        openPlayerInventory()
-- triggers server event that disables target inventory opening
        TriggerServerEvent('esx_inventoryhud:disableTargetInv', target) 
	else
		ESX.ShowNotification('Negeras berniukas')
		-- add discord log if you would like to fag
	end
end)

In server/main.lua add the following events:

--Event that disables target inventory opening while being searched
RegisterServerEvent('esx_inventoryhud:disableTargetInv')
AddEventHandler('esx_inventoryhud:disableTargetInv', function(target)
	local _source = source
	local _target = target
	TriggerClientEvent("esx_inventoryhud:disableOpen", _target)
	--TriggerClientEvent("esx_inventoryhud:disableOpenShop", _target)
	TriggerClientEvent("esx_invnetoryhud:setOpenedPlayerId", _source, _target)
end)
--Event that enables target inventory after being searched
RegisterServerEvent('esx_inventoryhud:enableTargetInv')
AddEventHandler('esx_inventoryhud:enableTargetInv', function(target)
	print('enabling open inv')
	print(target)
	TriggerClientEvent('esx_inventoryhud:enableOpen', target)
	--TriggerClientEvent('esx_inventoryhud:enableOpenShop', target)
end)

After that you should also add the following code to your trunk, shop, vailt or whatever other systems you are using. I will use trunk for an example. client/trunk.lua
add these:

local canOpenTrunkInventory = true

AddEventHandler('esx_inventoryhud:disableOpen', function()
    closeInventory()
    canOpenTrunkInventory = false
end)
AddEventHandler("esx_inventoryhud:enableOpen", function()
    canOpenTrunkInventory = true
end)

edit the openTrunkInventory function

function openTrunkInventory()
    if canOpenTrunkInventory then -- adds a check if trunk inventory can be opened
        loadPlayerInventory()
        isInInventory = true

        SendNUIMessage(
            {
                action = "display",
                type = "trunk"
            }
        )

        SetNuiFocus(true, true)
    end
end
15 Likes
2

Good job

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.