Merge branch 'master' into stealth-rewrite

[admin]/acpanel/meta.xml

@@ -1,6 +1,6 @@
 <meta>
-	<info description="Anti-Cheat Control Panel" author="ccw" version="0.1.8" type="script" />
-	<min_mta_version server="1.3.1" client="1.3.1"></min_mta_version>
+	<info description="Anti-Cheat Control Panel" author="ccw" version="0.2.0" type="script" />
+	<min_mta_version server="1.6.0" client="1.6.0"></min_mta_version>
 
 	<script src="_common.lua"/>
 	<script src="s_joiner.lua"/>
@@ -20,7 +20,7 @@
 
 
 	<settings>
-		<setting name="*admingroup" value="Admin,AdminPlus"
+		<setting name="*admingroup" value="Admin"
 					friendlyname="Admin group list"
 					group="_Advanced"
 					accept="*"

[admin]/acpanel/s_main.lua

@@ -47,7 +47,7 @@ function updatePlayer(player)
 
 	if newAllowed and not oldAllowed then
 		bindKey( player, "o", "down", "Show_AC_Panel" )
-		outputChatBox ( "Press 'o' to open your AC panel", player )
+		outputChatBox ( "Press 'o' to open AC panel", player )
 		if not bAllowGui then return end
 		sendAllSettingsToClient()
 		triggerClientEvent(player, 'onAcpClientInitialSettings', resourceRoot, getServerConfigSettingsToTransfer() )
@@ -113,10 +113,10 @@ function doesResourceHasPermissions()
 	end
 
 	if not bResourceHasPermissions then
-		outputChatBox( "AC Panel can not start until this command is run:" )
-		outputChatBox( "aclrequest allow acpanel all" )
+		outputServerLog( "AC Panel can not start until this command is run:" )
+		outputServerLog( "aclrequest allow acpanel all" )
 	else
-		outputChatBox( "Please restart AC Panel" )
+		outputServerLog( "Please restart AC Panel" )
 	end
 	return false
 end

[admin]/acpanel/s_settings.lua

@@ -198,16 +198,16 @@ end
 -- Get version data from remote server
 ---------------------------------------------------------
 function GetVersInfoFromRemoteServer()
-	fetchRemote( "http://nightly.mtasa.com/ver/", onGotVersInfo )
+	fetchRemote( "https://nightly.multitheftauto.com/ver/", onGotVersInfo )
 end
 
 function onGotVersInfo( responseData, errno )
 	if errno == 0 then
 
-		local ver = string.sub( getVersion().sortable, 0, 3 )
+		local ver = string.sub( getVersion().sortable, 1, 3 )
 
-		releaseMinVersion = string.match( responseData, "default: " ..ver .. ".(.-)[^0-9.-]" )
-		latestMinVersion = string.match( responseData, "minclientversion: " .. ver .. ".(.-)[^0-9.-]" )
+		releaseMinVersion = string.match( responseData, "Auto-update default:%s*" .. ver .. "%.([%d%-%.]+)" )
+		latestMinVersion = string.match( responseData, "Max recommended/minclientversion:%s*" .. ver .. "%.([%d%-%.]+)" )
 
 		if releaseMinVersion and latestMinVersion then
 			releaseMinVersion = ver .. "." .. releaseMinVersion
@@ -247,7 +247,7 @@ function onGotAcPanelVersInfo( responseData, errno )
 			setPanelSetting( "acpanelVersion", acpanelVersion )
 			setPanelSetting( "acpanelUrl", acpanelUrl )
 			if acpanelVersion > _version then
-				outputChatBox("New version of Anti-Cheat panel is available!")
+				outputServerLog("New version of Anti-Cheat panel is available!")
 			end
 		end
 	end

[admin]/security/NOTES.txt

@@ -0,0 +1,11 @@
+*** DISCLAIMER ***
+
+This resource is very barebone and should be used as a learning foundation for security on your server.
+It only covers the most basic server events for detecting abusive behaviour and logs them without taking any action.
+There are many more ways to combat bad players with server and client scripting adapted to your server/gamemode.
+
+As a general rule of thumb, following points should be considered:
+- never trust the client, if you accept data from client, validate it on server if they make any sense
+- use the variable "client" instead of "source" for custom server events, source can be faked, client not
+- try to avoid elementdatas, if you need elementdata to be synced to client and they should remain read only on client,
+	add them to tblProtectedElementDatas in players.lua to prevent clients from updating them

[admin]/security/events.lua

@@ -0,0 +1,15 @@
+-- https://wiki.multitheftauto.com/wiki/OnPlayerTriggerInvalidEvent
+-- gets triggered when a remote clients triggers an invalid event on server
+function clientTriggersInvalidEvent(strEventName, bIsAdded, bIsRemote)
+	logViolation(source, "Triggered invalid event \""..strEventName.."\" - bIsAdded: "..tostring(bIsAdded).." - bIsRemote: "..tostring(bIsRemote));
+end
+addEventHandler("onPlayerTriggerInvalidEvent", root, clientTriggersInvalidEvent);
+
+
+
+-- https://wiki.multitheftauto.com/wiki/OnPlayerTriggerEventThreshold
+-- gets triggered when a remote clients exceeds the event trigger treshold set by server in config -> max_player_triggered_events_per_interval
+function clientTriggersEventThreshold()
+	logViolation(source, "Exceeded event trigger threshold of "..tostring(getServerConfigSetting("max_player_triggered_events_per_interval")));
+end
+addEventHandler("onPlayerTriggerEventThreshold", root, clientTriggersEventThreshold);

[admin]/security/logging.lua

@@ -0,0 +1,63 @@
+-- log messages triggered by player
+function logViolation(uPlayer, strMessage)
+	local strPlayerName, strPlayerIP, strPlayerSerial = getPlayerName(uPlayer), getPlayerIP(uPlayer), getPlayerSerial(uPlayer);
+	local strLogFileName = "violations.txt";
+	local uFileHandle = fileExists(strLogFileName) and fileOpen(strLogFileName);
+
+	if(not uFileHandle) then
+		uFileHandle = fileCreate(strLogFileName);
+		fileFlush(uFileHandle);
+	else
+		fileSetPos(uFileHandle, fileGetSize(uFileHandle));
+	end
+
+	local strViolationMessage = getDateTime().." CLIENT: "..strPlayerName.." | IP: "..strPlayerIP.." | SERIAL: "..strPlayerSerial.." | "..strMessage;
+
+	outputDebugString(strViolationMessage, 4, 255, 255, 255);
+	outputServerLog(strViolationMessage);
+	fileWrite(uFileHandle, strViolationMessage.."\n");
+	fileClose(uFileHandle);
+end
+
+
+
+-- log messages without player element
+function logAction(strMessage)
+	local strLogFileName = "actions.txt";
+	local uFileHandle = fileExists(strLogFileName) and fileOpen(strLogFileName);
+
+	if(not uFileHandle) then
+		uFileHandle = fileCreate(strLogFileName);
+		fileFlush(uFileHandle);
+	else
+		fileSetPos(uFileHandle, fileGetSize(uFileHandle));
+	end
+
+	local strActionMessage = getDateTime().." "..strMessage;
+
+	outputDebugString(strActionMessage, 4, 255, 255, 255);
+	outputServerLog(strActionMessage);
+	fileWrite(uFileHandle, strActionMessage.."\n");
+	fileClose(uFileHandle);
+end
+
+
+
+-- get the current date and time for logging
+function getDateTime()
+	local tblRealTime 	= getRealTime();
+	local iDay 			= tblRealTime.monthday;
+	local iMonth 		= tblRealTime.month + 1;
+	local iYear 		= tblRealTime.year + 1900;
+	local iHour 		= tblRealTime.hour;
+	local iMinute 		= tblRealTime.minute;
+	local iSecond 		= tblRealTime.second;
+
+	if(iDay < 10) then iDay = "0"..iDay end;
+	if(iMonth < 10) then iMonth = "0"..iMonth end;
+	if(iHour < 10) then iHour = "0"..iHour end;
+	if(iMinute < 10) then iMinute = "0"..iMinute end;
+	if(iSecond < 10) then iSecond = "0"..iSecond end;
+
+	return "["..tostring(iDay).."."..tostring(iMonth).."."..tostring(iYear).." - "..tostring(iHour)..":"..tostring(iMinute)..":"..tostring(iSecond).."]";
+end

[admin]/security/meta.xml

@@ -0,0 +1,10 @@
+<meta>
+	<info name="Security" author="-ffs-PLASMA" type="misc" version="1.0" description="Basic security functionality" />
+
+	<min_mta_version server="1.6.0-9.22470" />
+
+	<script src="logging.lua" type="server"/>
+	<script src="events.lua" type="server"/>
+	<script src="misc.lua" type="server"/>
+	<script src="players.lua" type="server"/>
+</meta>

[admin]/security/misc.lua

@@ -0,0 +1,15 @@
+-- https://wiki.multitheftauto.com/wiki/OnSettingChange
+-- gets triggered when a resource setting has been changed
+function resourceSettingChanged(strSetting, strOldValue, strNewValue)
+	logAction("Setting \""..strSetting.."\" has been changed from \""..fromJSON(strOldValue).."\" to \""..fromJSON(strNewValue).."\"");
+end
+addEventHandler("onSettingChange", root, resourceSettingChanged);
+
+
+
+-- https://wiki.multitheftauto.com/wiki/OnAccountDataChange
+-- gets triggered when account has been changed
+function accountDataChanged(uAccount, strKey, strValue)
+	logAction("Data \""..strKey.."\" of account \""..getAccountName(uAccount).."\" has been changed to \""..strValue.."\"");
+end
+addEventHandler("onAccountDataChange", root, accountDataChanged);

[admin]/security/players.lua

@@ -0,0 +1,58 @@
+-- add the elementdatas you want to protect from client updates in here
+local tblProtectedElementDatas = {["Score"] = true};
+
+
+
+-- https://wiki.multitheftauto.com/wiki/OnElementDataChange
+-- gets triggered when a client tries to change a synced elementdata, check if client is permitted to change that specific data
+-- also prevents one client changing the elementdata of another client
+function clientChangesElementData(strKey, varOldValue, varNewValue)
+	if(client and (tblProtectedElementDatas[strKey] or client ~= source)) then
+		logViolation(client, "Tried to change elementdata \""..tostring(strKey).."\" of resource \""..tostring(sourceResource).."\" from \""..tostring(varOldValue).."\" to \""..tostring(varNewValue).."\"");
+		setElementData(source, strKey, varOldValue);
+	end
+end
+addEventHandler("onElementDataChange", root, clientChangesElementData);
+
+
+
+-- https://wiki.multitheftauto.com/wiki/OnPlayerACInfo
+-- gets triggered when AC detects something for client on connect
+function clientNotifyACInfo(tblDetectedACList, iD3D9Size, strD3D9MD5, strD3D9SHA256)
+	logViolation(source, "AC list detected: "..table.concat(tblDetectedACList, ",").." - D3D9Size: "..tostring(iD3D9Size).." - D3D9MD5: "..tostring(strD3D9MD5));
+end
+addEventHandler("onPlayerACInfo", root, clientNotifyACInfo);
+
+
+
+-- https://wiki.multitheftauto.com/wiki/OnPlayerModInfo
+-- gets triggered when client joins server with modified game files
+function clientNotifyModInfo(strFileName, tblItemList)
+	for _, strItemName in ipairs(tblItemList) do
+		logViolation(source, "Mod detected - file: "..strFileName.." - GTA ID: "..strItemName.id.." - GTA name: "..strItemName.name);
+	end
+end
+addEventHandler("onPlayerModInfo", root, clientNotifyModInfo);
+
+
+
+-- force all connected players to send their AC/Mod info on resource start
+addEventHandler("onResourceStart", resourceRoot, function()
+	for _, uPlayer in ipairs(getElementsByType("player")) do
+		resendPlayerModInfo(uPlayer);
+		resendPlayerACInfo(uPlayer);
+	end
+end);
+
+
+
+-- https://wiki.multitheftauto.com/wiki/OnPlayerNetworkStatus
+-- gets triggered when connection from server to a client is interrupted
+function clientNetworkStatus(iStatus, iTicks)
+	if(iStatus == 0) then
+		logViolation(source, "Network interruption has began after "..iTicks.." ticks");
+	elseif(iStatus == 1) then
+		logViolation(source, "Network interruption has stopped after "..iTicks.." ticks");
+	end
+end
+addEventHandler("onPlayerNetworkStatus", root, clientNetworkStatus);

[editor]/edf/edf.lua

@@ -620,7 +620,11 @@ function edfCreateElement(elementType, creatorClient, fromResource, parametersTa
 			elseif dataField == "rotation" then
 				edfSetElementRotation(newElement, dataValue[1], dataValue[2], dataValue[3], dataValue[4])
 			elseif dataField == "interior" then
-				setElementInterior(newElement, dataValue)
+				if dataValue == -1 then
+					setElementInterior(newElement, 0) -- Interior -1 only works on removeWorldModel (But element data must be set to -1)
+				else
+					setElementInterior(newElement, dataValue)
+				end
 				setElementData(newElement, dataField, dataValue)
 			elseif dataField == "dimension" then
 				setElementDimension(newElement, dataValue)

[editor]/edf/interface.lua

@@ -1,6 +1,9 @@
 local interface_mt = {
 	__index = function(t, k)
-		t[k] = function(...) return call(t.res, k, ...) end
+		t[k] = function(...)
+			if getUserdataType(t.res) ~= "resource-data" or getResourceState(t.res) ~= "running" then return end
+			return call(t.res, k, ...)
+		end
 		return t[k]
 	end
 }

[editor]/edf/properties_client.lua

@@ -23,7 +23,7 @@ propertyGetters = {
 		model = getElementModel,
 		rotZ = getPedRotation,
 		health = getElementHealth,
-		armor = setPedArmor,
+		armor = getPedArmor,
 		collisions = function(element)
 			local collisions = getElementData(element, "collisions")
 			if collisions == "true" or collisions == false then
@@ -152,9 +152,6 @@ propertySetters = {
 		end,
 		breakable = function(element, breakable)
 			return setObjectBreakable(element, breakable == "true")
-		end,
-		collisions = function(element, state)
-			return setElementCollisionsEnabled(element, state == "true")
 		end
 	},
 	ped = {

[editor]/editor/freeroam.lua

@@ -3,7 +3,6 @@ addEventHandler("onResourceStart", resourceRoot,
 		if not getResourceFromName("freeroam") then
 			outputChatBox("WARNING: 'FREEROAM' RESOURCE NOT FOUND.  Editor will not function properly.  Please install the 'freeroam' resource immediately!", root, 255, 0, 0)
 			outputDebugString("WARNING: 'FREEROAM' RESOURCE NOT FOUND.  Editor will not function properly.  Please install the 'freeroam' resource immediately!")
-			editor_gui.outputMessage("WARNING: 'FREEROAM' RESOURCE NOT FOUND.  Editor will not function properly.  Please install the 'freeroam' resource immediately!", root, 255, 0, 0)
 		end
 	end
 )

[editor]/editor_gui/client/currentbrowser.lua

@@ -431,6 +431,7 @@ end
 function closeCurrentBrowser()
 	if ( not currentBrowser.showing ) then return end
 	currentBrowser.showing = false
+	cSelectedElement = false
 	if ( callbackFunction ) then
 		local id = currentBrowserGUI.gridlist:getSelectedText()
 		if ( not id ) then

[editor]/editor_gui/client/elementproperties.lua

@@ -814,7 +814,8 @@ function openPropertiesBox( element, resourceName, shortcut )
 		addEventHandler("onClientElementDataChange", selectedElement, checkForNewID)
 
 		addEDFPropertyControlsForElement( selectedElement )
-		addPropertyControl("selection", "locked", "Locked", function (control) exports.editor_main:lockSelectedElement(selectedElement, control:getValue() == "true" or false) end, {value = exports.editor_main:isElementLocked(selectedElement) and "true" or "false", validvalues = {"false","true"}, datafield = "locked"})
+		-- `locked` is reserved for vehicles
+		addPropertyControl("selection", "locked-s", "Locked selection", function (control) exports.editor_main:lockSelectedElement(selectedElement, control:getValue() == "true" or false) end, {value = exports.editor_main:isElementLocked(selectedElement) and "true" or "false", validvalues = {"false","true"}, datafield = "locked"})
 
 		creatingNewElment = false
 		syncPropertiesCallback = applyPropertiesChanges

[editor]/editor_gui/client/interface.lua

@@ -14,7 +14,10 @@ local interface = {
 
 local interface_mt = {
 	__index = function(t, k)
-		return function(...) return call(t.res, k, ...) end
+		return function(...)
+			if getUserdataType(t.res) ~= "resource-data" or getResourceState(t.res) ~= "running" then return end
+			return call(t.res, k, ...)
+		end
 	end
 }
 

[editor]/editor_gui/client/test.lua

@@ -32,7 +32,7 @@ function quickTest()
 	if tutorialVars.blockQuickTest then return end
 	if lastTestGamemode == "<None>" then lastTestGamemode = false end
 	editor_main.dropElement()
-	triggerServerEvent ( "testResource",localPlayer, text )
+	triggerServerEvent ( "testResource",localPlayer, lastTestGamemode )
 	unbindControl ( "toggle_test", "down", quickTest )
 	if tutorialVars.test then tutorialNext() end
 end
@@ -142,7 +142,7 @@ function disableColPatchInTesting()
 
 	-- Disable
 	guiCheckBoxSetSelected(dialog.enableColPatch.GUI.checkbox, false)
-	confirmSettings()
+	doActions()
 end
 
 function enableColPatchAfterTesting()
@@ -251,3 +251,11 @@ end
 function noDamageInBasicTest()
 	cancelEvent()
 end
+
+addEventHandler ( "saveloadtest_return", root,
+	function ( command )
+		if command == "new" or command == "open" then
+			lastTestGamemode = nil
+		end
+	end
+)

[editor]/editor_gui/server/interface.lua

@@ -7,6 +7,7 @@ local interface = {
 
 local interface_mt = {
 	__index = function(t, k)
+		if getUserdataType(t.res) ~= "resource-data" or getResourceState(t.res) ~= "running" then return end
 		return function(...) return call(t.res, k, ...) end
 	end
 }