I tried this on the client
TriggerServerEvent('esx_society:openBossMenu', securityToken)
and this on the server
RegisterNetEvent('esx_society:openBossMenu')
AddEventHandler('esx_society:openBossMenu', function(token)
local _source = source
if not exports['salty_tokenizer']:secureServerEvent(GetCurrentResourceName(), _source, token) then
return false
end
print("Authenticated")
end)
and i keep getting insta kicked
Turn verbose server and verbose client on and see if youâre getting a token for that resource.
there is only client.lua
how to protect this ?
can you guys tell me how to works with vrp ?
invalid security token detected :S
Like this idea, got to play abit around with this to see how it works.
Just to be sure i understand this 100% - if i got a resource called letâs say âbobcatâ and this script got some client scripting but calls a server side function in a resource called ârentâ would that still work?
Not exactly, because by default both resources would get two different security tokens. No, there is a few ways to get around this:
GetCurrentResourceName() with the actual resource name. So, from within âbobcatâ you could add the following snippet to get the rent token:securityToken = nil
AddEventHandler('salty_tokenizer:clientReady', function()
securityToken = exports['salty_tokenizer']:setupClientResource('rent')
end)
how to do this code
RegisterServerEvent("dropOff")
AddEventHandler("dropOff", function(vehPrice)
local source = source
local player = vRP.getUserSource({user_id})
local user_id = vRP.getUserId({source})
vRP.giveMoney({user_id,price})
TriggerClientEvent('chatMessage', source, "", {0, 200, 60}, "You received: ^2$" .. price)
CancelEvent()
end)
Yhea still getting insta kicked
Did you do like I said above?
Did you do like I said above? Are you getting tokens?
Update 10/15/2018
This update adds stability to this add on and is highly encouraged. Like always, no configuration changes are needed.
config.lua file.Config.CustomAction to true and define your function under Config.CustomActionFunction. The playerâs ID will be provided as source.Config.CustomAction is false, players are dropped by default.hi man , is this disable to cache decrypt ?
No. You can obfuscate your client-side code to prevent it to a degree, but that is a vulnerability in the FiveM client itself.
how to do that ? people are gonna stole my server files :S
Easiest way is to use a minifyer. This does not prevent people from âstealingâ it per se, but makes the script illegible.
Also, they can only âstealâ client side code. Anything server-side is safe, unless you have open SFTP/FTP access for some crazy bad idea.
/// edited /// 20 char
so what is this server event security tokens ? if server side is safe ?
From the OP:
âŚ
Unrelated to the tokenizer(sorry, gramps!) but regarding the discussion of protecting client scripts, I was thinking about this last week. I imagine it would be possible to modify or create scripts that would keep skeleton functions on the client side but that would require server to pass the meat and potatoes of the functions over on connection, wouldnât it? In my mind, I imagine something that required an initial var to be passed, one that contained the contents of that function to be passed over which would then be used. Without those vars, I picture the client scripts providing even a more incomplete picture of the script than just missing the server side.
Would that be something possible without huge performance losses?