[SickAttack]

This seems to be something obvious, yet not a lot of people know about it. I assume.

[ame]http://www.youtube.com/watch?v=ftAQ1FuFSdc[/ame]

In my point of view, this could be possibly used to by-pass required dialogs such as the one in the video, authentication dialogs, etc.

A possible solution: Disallow the appearance of any other dialog, in exception of the one displayed, with an addition of checks/resets to tighten it out squeaky clean.

It would be wonderful if we had something that we could use to detect dialog by-passes by disabling their appearance (NOP SHOWPLAYERDILAOG). A function such as "IsDialogVisibleForPlayer(playerid, dialogid)" would do just fine. In the meanwhile I'll just create a server-sided fix for both issues.

[Spmn]

This is more a script fault than a SA-MP fault because script is not checking if player has already a shown dialog when showing another dialog. Actually restricting F6 wouldn't make any difference because there are a lot of mods and ways for NOPing dialogs

[SickAttack]

Quote:

Originally Posted by Spmn This is more a script fault than a SA-MP fault because script is not checking if player has already a shown dialog when showing another dialog. Actually restricting F6 wouldn't make any difference because there are a lot of mods and ways for NOPing dialogs

I'm pretty sure 99.9% (if not all) of the servers do not have any related checks regarding to this matter or even prevent it from interfering.

Quote:

Originally Posted by Spmn Actually restricting F6 wouldn't make any difference because there are a lot of mods and ways for NOPing dialogs

Yes, it will. Not everyone uses cheats.

[Abagail]

F6 submits to OnDialogResponse but with a response of 0 if I am not wrong.

[SickAttack]

Quote:

Originally Posted by Abagail F6 submits to OnDialogResponse but with a response of 0 if I am not wrong.

No, it doesn't as your response will not be submitted whatsoever.

[Abagail]

You are right actually, but I think if you stored the player's current dialog ID and compare it on OnDialogResponse it'd be surely easy to detect.

[SickAttack]

Quote:

Originally Posted by Abagail You are right actually, but I think if you stored the player's current dialog ID and compare it on OnDialogResponse it'd be surely easy to detect.

Well, that's not really the issue here. That is for somewhat an anti dialog spoofer.

The only solution I can think of to stop people from disabling the control over showing dialogs to them is by comparing positions with a limit, and then kicking them from the server afterwards (a hook on ShowPlayerDialog() and possibly a timer - and everything else required).

[Ahmad45123]

The key hides the dialog and not closes it.
Meaning the OnDialogResponse will never be called regarding that dialog.. And that's why the guy in the video had to do another command to show a dialog that will hide the current dialog and show another one that bypasses the checks.

So what I think is that the bug here is that ShowPlayerDialog, If there is another dialog already showen.. It hides it and then show itself.

If its made that it returns 0 if there is another dialog already shown and not show itself until its closed, It should fix the issue.

Note here that the mod is ONLY client sided of-course, So in the server side.. The dialog is still shown.

______________________________
Until its fixed from the SAMP devs.
This include should avoid this from happening AFAIK:

PHP Code:

#include <a_samp>
#include <YSI_Coding\y_hooks>
new currentDialogID[MAX_PLAYERS];
stock ShowPlayerDialogEx(playerid, dialogid, style, caption[], info[], button1[], button2[])
{
    if(currentDialogID[playerid] != -1){ currentDialogID[playerid] = -1; Kick(playerid); return 1; } //If the var isn't -1, Meaning there is a dialog showen and he hide it.
    currentDialogID[playerid] = dialogid; //Set the var to the dialogid so its known there is a dialog now shown.
    return ShowPlayerDialog(playerid, dialogid, style, caption, info, button1, button2); //Show the dialog.
}
#if defined _ALS_ShowPlayerDialog
    #undef ShowPlayerDialog
#else
    #define _ALS_ShowPlayerDialog
#endif
#define ShowPlayerDialog ShowPlayerDialogEx
hook OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    if(dialogid == currentDialogID[playerid]) //If the dialog that he responded is the one which is stored.
    {
        currentDialogID[playerid] = -1; //Set the var, that he responded.
        return 1;
    }
    else { //Then he somehow forced a dialog to show with an id not equal to the one he supposed to see.
        Kick(playerid);
        return 1;
    }
    return 0;
}
hook OnPlayerConnect(playerid)
{
    currentDialogID[playerid] = -1;
    return 1;
} 


Quote:

All what I said is of-course just a theory and I am not really 100% sure.

[Abagail]

So because I press F6 and trigger another dialog using a script sided command I am automatically a hacker that needs to be banned from the server?

[Spmn]

Quote:

Originally Posted by SickAttack Yes, it will. Not everyone uses cheats.

Who uses this bug to bypass a dialog surely will continue to use it even if F6 will be blocked.

Quote:

Originally Posted by SickAttack The only solution I can think of to stop people from disabling the control over showing dialogs to them is by comparing positions with a limit, and then kicking them from the server afterwards (a hook on ShowPlayerDialog() and possibly a timer - and everything else required).

This protection would need also checks over SetPlayerPos, SetPlayerVelocity (and equivalent vehicle functions), SpawnPlayer, OnPlayerDeath, check if player is being rammed by a car, if he is falling, check if something exploded around him, check if player is surfing something, check if player is being punched, if player is underwater and maybe a lot more situations need to be checked.

So your method is time consuming for such a little exploit.
There is always a way easier, so you could just check if OnPlayerKeyStateChange is called because keys are not synchronised with server when a dialog is shown. (though this could be easily bypassed)

[Ahmad45123]

Quote:

Originally Posted by Abagail So because I press F6 and trigger another dialog using a script sided command I am automatically a hacker that needs to be banned from the server?

If that was for me.. The include is just an example lol.. People should know how to edit.. :P
I ofcourse won't ban/kick in all cases.. Only if the dialog is a high security dialog, If it is a /help dialog, not really needed.

E: And if you are talking about the comments in the code(I edited them though :P).. TBH I thought the thread was talking about a mod/hack.
Then after I wrote the code, I realized it was talking about F6.
However, Its still the same case whether its a hack or F6 :P

[Spmn]

@Ahmad: that code would ban the player at first ShowPlayerDialog call for that playerid since you haven't set anywhere variable to -1.

[Ahmad45123]

Quote:

Originally Posted by Spmn @Ahmad: that code would ban the player at first ShowPlayerDialog call for that playerid since you haven't set anywhere variable to -1.

Oops, My bad.
Edited.