Yeah, just make sure it’s not commented out. That looks rights.
OK, Is it a snippet to make this code like when they hack and use this they get banned? Or do you get banned?
EDIT : What does VervoseCilent and server? Is it if you use Security token
If you protect your events with this, by default it will kick the player when the attempt to trigger an unauthorized event. You can use the custom action in the config to make it ban with easy admin, etc.
VerboseClient will print validations client side. This should be disabled unless you’re testing. If it’s enabled, it will expose the tokens.
Hello @SaltyGrandpa
My codes:
Client.lua
TriggerServerEvent(‘esx_jobs:caution’, “give_back”, giveBack, 0, 0, securityToken)
Server.lua
RegisterNetEvent(‘esx_jobs:caution’)
AddEventHandler(‘esx_jobs:caution’, function(token)
local _source = source
if not exports[‘salty_tokenizer’]:secureServerEvent(GetCurrentResourceName(), _source, token) then
return false
end
print(“ESX JOBS ARAC GERI VERME SISTEMI KORUMADA”)
end)
My Config :
Config.VerboseClient = true
Config.VerboseServer = true
But miner or any job if spawn job vehicle, player will kicked. How can I fix?
Did you add the init.lua file to your resource’s __resource.lua file?
@SaltyGrandpa Yes.
Like :
resource_manifest_version '44febabe-d386-4d18-afbe-5e627f4af937'
description 'ESX Jobs'
version '1.1.0'
server_scripts {
'@es_extended/locale.lua',
'@salty_tokenizer/init.lua',
'locales/br.lua',
'locales/en.lua',
'locales/fi.lua',
'locales/fr.lua',
'locales/sv.lua',
'config.lua',
'server/main.lua'
}
client_scripts {
'@es_extended/locale.lua',
'@salty_tokenizer/init.lua',
'locales/br.lua',
'locales/fi.lua',
'locales/en.lua',
'locales/fr.lua',
'locales/sv.lua',
'config.lua',
'client/jobs/fisherman.lua',
'client/jobs/fueler.lua',
'client/jobs/lumberjack.lua',
'client/jobs/miner.lua',
'client/jobs/reporter.lua',
'client/jobs/slaughterer.lua',
'client/jobs/tailor.lua',
'client/main.lua'
}
dependencies {
'es_extended',
'esx_addonaccount',
'skinchanger',
'esx_skin'
}
And you have start salty_tokenizer in your server cfg? Do you see anything in the server log and client log about retrieving tokens?
Server Started :
> > > S A L T Y _ T O K E N I Z E R < < <
Generated token for resource esx_society: l0TVR7SZjJ4vPwhyOFFMo6ik
Generated token for resource esx_jobs: MNpEdW6VpsZn8Sb4n52dFb45
I joined :
Obfuscated Event for Player ID 1: Original - esx_society Obfuscated - xeFr9HKKwfyYkHJ9hbljeGGY
Obfuscated Event for Player ID 1: Original - esx_jobs Obfuscated - Szi698quE3fjrqUHc41WiPDQ
Player ID 1 loaded.
Sending token for esx_jobs (Event: Szi698quE3fjrqUHc41WiPDQ Token: MNpEdW6VpsZn8Sb4n52dFb45) to Player ID 1.
Sending token for esx_society (Event: xeFr9HKKwfyYkHJ9hbljeGGY Token: l0TVR7SZjJ4vPwhyOFFMo6ik) to Player ID 1.
KICKED :
Validating token for esx_jobs for Player ID 1. Provided: take Stored: MNpEdW6VpsZn8Sb4n52dFb45
Invalid token detected! Resource: esx_jobs, Player ID: 1. Provided: take Stored: MNpEdW6VpsZn8Sb4n52dFb45
Player ID 1 dropped, purged obfuscated events.
@SaltyGrandpa I think salty_tokenizer not safe working or what?
Please help sir, thanks.
The security token was not properly passed to the server.
How can I fix? Can u create for esx_jobs please?
It will work fine for esx_jobs if you properly implement it
Ye with out doubt im testing it out right now works like it should
Also, I had an idea. Let’s say some “wiseguy” will try to spawn things. But since I don’t have any proper script for spawning things myself on the server (no trainers, no scripthook allowed), how could I prevent this client sided spawn request with some Lua injector or whatever else is out there? Is there a way how to just write down certain client requests into a file for this token script, so it could run security checks on them too?
Pardon me, I am still learning all this. 
It’s not 100% reliable, @SaltyGrandpa 
I’ve had problems with invalid tokens, I’ve made sure it’s properly installed/written inside the scripts and tested myself on my public server. Left it without any change, as it was working like it should. Then, after restart of two of the server, invalid token errors began to show up again.
Any ideas?
Edit.:
Server
> > > S A L T Y _ T O K E N I Z E R < < <
Generated token for resource esx_forklift: vZJS2MJqCYySlGpXpJUPWUfS
Obfuscated Event for Player ID 1: Original - esx_forklift Obfuscated - rgLxgHH3EIYGkZbh5LUMH36X
Player ID 1 loaded.
Sending token for esx_forklift (Event: rgLxgHH3EIYGkZbh5LUMH36X Token: vZJS2MJqCYySlGpXpJUPWUfS) to Player ID 1.
Validating token for esx_forklift for Player ID 1. Provided: nil Stored: vZJS2MJqCYySlGpXpJUPWUfS
Invalid token detected! Resource: esx_forklift, Player ID: 1. Provided: nil Stored: vZJS2MJqCYySlGpXpJUPWUfS
Player ID 1 dropped, purged obfuscated events.
Client
> > > S A L T Y _ T O K E N I Z E R < < <
[ 91969] Deploying Obfuscated Event: esx_forklift = rgLxgHH3EIYGkZbh5LUMH36X
What does the client side code look like for that? Is it possible it is triggering before the client received the token, such as in the first few seconds after joining?
I don’t believe that’s an issue here. Both server and client have enough time to do the necessary exchange, as the first collision with this came after 2-3 minutes of playing
And again, it was working before. I haven’t touched it since…
Client
function getPaid()
setGPS(0) --rip gps
local playerPed = GetPlayerPed(-1)
if IsPedInAnyVehicle(playerPed) and isMyCar() then --player successfully returned the forklift
deleteCar() --delete players car
TriggerServerEvent('esx_fork:getPaid', packetsDelivered * Config.pay, securityToken) --pay accordingly
else --if player didn't return the forklift
ESX.ShowNotification('~r~Where is forklift?')
local amount = 400 --charge 100-400 EUR
if packetsDelivered < 2 then --if player delivered less than 2 packets
amount = 1200 --charge 900-1200 EUR
end
ESX.ShowNotification('~w~You have earned: ~r~ - $' .. amount .. '.')
end
currentJob = 'none' --reset current mission
currentPlate = '' --reset current plate
currentVehicle = nil --remove current vehicle from variables
packetsDelivered = 0 --reset packetsDelivered
taskPoints = {} --reset taskPoints
deleteCurrentBox() --delete last box spawned by player
end
Server
RegisterServerEvent('esx_fork:getPaid')
AddEventHandler('esx_fork:getPaid', function(amount, token)
local _source = source
local xPlayer = ESX.GetPlayerFromId(_source) --get xPlayer
if not exports['salty_tokenizer']:secureServerEvent(GetCurrentResourceName(), _source, token) then
return false
end
xPlayer.addMoney(math.floor(amount))
end)
__resource
version '1.1.0'
client_scripts {
'@salty_tokenizer/init.lua',
'@es_extended/locale.lua',
'locales/en.lua',
'config.lua',
'client/main.lua'
}
server_scripts {
'@salty_tokenizer/init.lua',
'@es_extended/locale.lua',
'locales/en.lua',
'config.lua',
'server/main.lua'
}
Edit.: But it works for majority of other scripts… I am really confused now.
I think I know where the problem is for both resources who refuses to work with this…
They payment triggers are written as functions. Therefore I am not sure how should I write token into them, as they probably don’t transfer this security check how they should. Example follows:
Client
function donnerlapaye()
ped = GetPlayerPed(-1)
vehicle = GetVehiclePedIsIn(ped, false)
vievehicule = GetVehicleEngineHealth(vehicle)
calculargentretire = round(viemaxvehicule-vievehicule)
if calculargentretire <= 0 then
argentretire = 0
else
argentretire = calculargentretire
end
ESX.Game.DeleteVehicle(vehicle)
local amount = livraisonTotalPaye-argentretire
if vievehicule >= 1 then
if livraisonTotalPaye == 0 then
ESX.ShowNotification(_U('not_delivery'))
ESX.ShowNotification(_U('pay_repair'))
ESX.ShowNotification(_U('repair_minus')..argentretire)
TriggerServerEvent("esx_garbagejob:pay", amount, securityToken)
livraisonTotalPaye = 0
else
if argentretire <= 0 then
ESX.ShowNotification(_U('shipments_plus')..livraisonTotalPaye)
TriggerServerEvent("esx_garbagejob:pay", amount, securityToken)
livraisonTotalPaye = 0
else
ESX.ShowNotification(_U('shipments_plus')..livraisonTotalPaye)
ESX.ShowNotification(_U('repair_minus')..argentretire)
TriggerServerEvent("esx_garbagejob:pay", amount, securityToken)
livraisonTotalPaye = 0
end
end
else
if livraisonTotalPaye ~= 0 and amount <= 0 then
ESX.ShowNotification(_U('truck_state'))
livraisonTotalPaye = 0
else
if argentretire <= 0 then
ESX.ShowNotification(_U('shipments_plus')..livraisonTotalPaye)
TriggerServerEvent("esx_garbagejob:pay", amount, securityToken)
livraisonTotalPaye = 0
else
ESX.ShowNotification(_U('shipments_plus')..livraisonTotalPaye)
ESX.ShowNotification(_U('repair_minus')..argentretire)
TriggerServerEvent("esx_garbagejob:pay", amount, securityToken)
livraisonTotalPaye = 0
end
end
end
end
Server
ESX = nil
TriggerEvent('esx:getSharedObject', function(obj) ESX = obj end)
RegisterServerEvent('esx_garbagejob:pay')
AddEventHandler('esx_garbagejob:pay', function(amount, token)
local _source = source
local xPlayer = ESX.GetPlayerFromId(_source)
if not exports['salty_tokenizer']:secureServerEvent(GetCurrentResourceName(), _source, token) then
return false
end
xPlayer.addMoney(tonumber(amount))
end)
Now, this showed up in server console…
Error running system event handling function for resource salty_tokenizer: citizen:/scripting/lua/scheduler.lua:41: Failed to execute thread: @salty_tokenizer/server.lua:61: bad argument #1 to 'pairs' (table expected, got nil)
stack traceback:
[C]: in function 'pairs'
@salty_tokenizer/server.lua:61: in function 'isTokenUnique'
@salty_tokenizer/server.lua:84: in function 'generateToken'
@salty_tokenizer/server.lua:93: in function 'getObfuscatedEvent'
@salty_tokenizer/server.lua:145: in upvalue 'handler'
citizen:/scripting/lua/scheduler.lua:219: in function <citizen:/scripting/lua/scheduler.lua:218>
stack traceback:
[C]: in function 'error'
citizen:/scripting/lua/scheduler.lua:41: in field 'CreateThreadNow'
citizen:/scripting/lua/scheduler.lua:218: in function <citizen:/scripting/lua/scheduler.lua:182>
And it goes for each every resource that is connected to Tokenizer
Appreciate this! Thank you!
1 Like