esx? 
So can I put cars inside the dealership to sell?if so how easy or hard is it
I don’t think I’ve ever seen such an amount of insecure server events in one script before
RegisterServerEvent('k-dealership:owncar', function(vehicle, plate)
RegisterServerEvent('k-dealership:purchaseshop', function(name)
RegisterServerEvent('k-dealership:storevehicle', function(plate, hash, vehProperties, bodyDamage, engineDamage, totalFuel, name)
-- How many queries do you need ????
RegisterServerEvent('k-dealership:updatecarloc', function(entityid, plate, x, y, z, heading)
MySQL.query('UPDATE dealership_cars SET entityid = ? WHERE vehicleplate = ?', {entityid, plate})
MySQL.query('UPDATE dealership_cars SET x = ? WHERE vehicleplate = ?', {x, plate})
MySQL.query('UPDATE dealership_cars SET y = ? WHERE vehicleplate = ?', {y, plate})
MySQL.query('UPDATE dealership_cars SET z = ? WHERE vehicleplate = ?', {z, plate})
MySQL.query('UPDATE dealership_cars SET w = ? WHERE vehicleplate = ?', {heading, plate})
MySQL.query('UPDATE dealership_cars SET state = ? WHERE vehicleplate = ?', {3, plate})
end)
RegisterServerEvent('k-dealership:changecarstatestore', function(plate)
RegisterServerEvent('k-dealership:changecarstate', function(entityid, plate)
RegisterServerEvent('k-dealership:setoutcar', function(entry, hash, name, plate, props, body, engine, fuel)
-- My favourites
RegisterServerEvent('k-dealership:setprice', function(entry, plate)
RegisterServerEvent('k-dealership:transfer', function(source, plate)
RegisterServerEvent('k-dealership:removestock', function(plate, name, price)
RegisterServerEvent('k-dealership:setfunds', function(source, input, type, funds, name)
And all the checks are done clientside after some qb server callbacks ? Why are you trusting the client for anything ? This script is a minefield and should be put on a sticky for what NOT to do. Have you ever heard of injectors ?
1 Like
If its soo bad instead of thrashing me on a forum do what i do fix it and submit a PR with a good description of how that person could do better. Thanks for your input tho it was unnecessary
1 Like
It pulls from ur shared vehicles table
2 Likes
Well for one I don’t really see where I am trashing you, for two if you give advice to people when your code looks like swiss cheese then I don’t really know what to tell you. That script doesn’t need a PR it needs to be scrapped and redone from scratch.
Here I’ll link you some litterature if it means you can improve your skills : [TUT] Securing Your Server
Drop the defensive stance and learn to code better, you have half a dozen PAID releases on the forum and if they all look like this under that escrow then I pity whoever purchased anything from your store.
1 Like
Lmao well i have noticed 0 issues in my own server im not defensive to learning im defensive to nitwits like urself who just tradh other peoples shit with no intention on teaching or helping so PR or sray off my posts if u intend not to help thank you
3 Likes
Caring about basic server security makes me a nitwit, glad you cleared that one out
Anyone else reading this and caring enough about their server’s well-being, above is what to expect from this guy’s scripts
Have a great evening and good luck !
Lmao at this point twisting my words would be another thing that proves ur intention here PR or move along thank you for you guidance and input if i notice any issues in this department i will be sure to fix it. If it is something to be addressed immediately i do again reccomend that u do a pull request since you obviously have knowledge that i dont on this subject. Not sure whats hard to understand about that instead of going post to post complaining go post to post and help people fix their resources?
2 Likes
Ok I’m try it here when I get home
1 Like
Well, you could start with the tutorial I linked because I’m not going to do your work for you with a “PR” that ends up removing 99% of the original code.
I explained the reasons why the script is insecure (trusting the client to confirm server callbacks, callbacks that are useless since the client can trigger the main event directly anyway, trusting the client for values that go directly into the database without any check whatsoever and so on).
Read the tutorial, it perfectly explains and covers these exact vulnerabilities. No one learns by having others fix up their mistakes, only you can do that.
Well then looks like the code is fine then if anything needs fixed i suggest opening a pull request other wise i suggest having enough creative ability to develope your own resource before ripping apart other peoples resources that u have no intention on contributing to thanks. The community is better off place without a load of harassment.
Actually thats how i learn is from people doing prs i then take their good practices and apply that to my future resources? So how do i not learn from a pr because i dont just merge whatever i review it and see where the actual benifit lies within…
Not even going to bother responding to that statement of yours. If you feel personally attacked by any of my replies, feel free to contact a forum moderator. Have a great day.
damn , i paid for this
2 Likes
Please add some information about the resource so people know what it is and how to use it. Pictures/videos are also helpful.
its open source now arent u happy?
I recall you saying for a while you wanted this to not be escrowed anymore and now you have it!
A preview!
where can I find the interior of the store ?
breeze