Question about LuaRules
Moderator: Moderators
Question about LuaRules
Can gadgets create arbitrary functions that can be called by widgets (and know the username of the caller?). If such a mechanism exists, one way it could be used is to have a "god" player with a control panel widget who directs the course of the game (can give resources to players, destroy specific units, damage specific units, etc.).
Edited for clarity.
Edited for clarity.
- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
no, synced part of gadgets is oblivion to player names by design
unsynced part ( other part of gadgets, widgets ) can communicate to the synced only trough commands
so even if you add an instawin button, you won't be able to discriminate players from username, so anyone could use it if he knows about it
EDIT: there is still one way to bypass that and afaik it cannot be stopped, but I won't write in public how to do it ( nor in private, so don't bother pm'ing me unless you're an engine dev ), altho it requires a LOT of coding
unsynced part ( other part of gadgets, widgets ) can communicate to the synced only trough commands
so even if you add an instawin button, you won't be able to discriminate players from username, so anyone could use it if he knows about it
EDIT: there is still one way to bypass that and afaik it cannot be stopped, but I won't write in public how to do it ( nor in private, so don't bother pm'ing me unless you're an engine dev ), altho it requires a LOT of coding
Re: Question about LuaRules
Why? Is it a security problem?Brain Damage wrote:no, synced part of gadgets is oblivion to player names by design
unsynced part ( other part of gadgets, widgets ) can communicate to the synced only trough commands
so even if you add an instawin button, you won't be able to discriminate players from username, so anyone could use it if he knows about it
EDIT: there is still one way to bypass that and afaik it cannot be stopped, but I won't write in public how to do it ( nor in private, so don't bother pm'ing me unless you're an engine dev ), altho it requires a LOT of coding
Also, why is it "by design" that gadgets can't discriminate by name?
Finally, even if discriminating by name isn't easy, is it possible to discriminate by id?
EDIT: I figured out the answer to my third question, so disregard that one.
Please tell me if the following kludge will work:
Have an unsynced gadget that "validates" all commands. When the synced gadget receives a command, it creates dummy units on the map to communicate the content of the command to the unsynced gadget. The unsynced gadget uses this info to check whether the command was authorized, and if it was not, it tells the synced gadget to reverse the changes made and to kill the player that sent the command (or make him no longer be able to control their units) as a penalty.
Last edited by eyu100 on 10 Jul 2010, 02:02, edited 1 time in total.
- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
because I don't like lame jokes and the eventual drama from people shouting "omg cheat!!"eyu100 wrote: Why? Is it a security problem?
read again what I said, it's only the synced part that cannot discriminateeyu100 wrote:Also, why is it "by design" that gadgets can't discriminate by name?
playernames, and it's to avoid the exact scenario you described earlier
which "id" are you talking about?eyu100 wrote:Finally, even if discriminating by name isn't easy, is it possible to discriminate by id?
playerid is randomly assigned
teamid and allyteam id would be silly since anyone can take those
Re: Question about LuaRules
Sorry about the third question, I figured out the answer (it is possible, but it is hard to make the ids meaningful). Please read my edit, it has another questionBrain Damage wrote:because I don't like lame jokes and the eventual drama from people shouting "omg cheat!!"eyu100 wrote: Why? Is it a security problem?read again what I said, it's only the synced part that cannot discriminateeyu100 wrote:Also, why is it "by design" that gadgets can't discriminate by name?
playernames, and it's to avoid the exact scenario you described earlierwhich "id" are you talking about?eyu100 wrote:Finally, even if discriminating by name isn't easy, is it possible to discriminate by id?
playerid is randomly assigned
teamid and allyteam id would be silly since anyone can take those

- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
convoluted (there's mechanisms that allows to send synced data to be read from unsynced without that much fuss ) and still won't work, anyone can see the right sequence of orders by simply opening the source of the gadget file and send himself those
Re: Question about LuaRules
I'm saying that instead of preventing people from sending the orders, you punish them for sending unauthorized orders. People can send arbitrary orders, but they can't prevent the unsynced gadget from punishing them because it is also able to send arbitrary punishment ordersBrain Damage wrote:convoluted (there's mechanisms that allows to send synced data to be read from unsynced without that much fuss ) and still won't work, anyone can see the right sequence of orders by simply opening the source of the gadget file and send himself those

- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
whenever you give bonus to a single player or punish the others, the situation does not change, you still have to handle player auth ( and no, ids are totally unhelpful there )
Re: Question about LuaRules
Btw, another way to work around it is to have the "god" player pick a different faction and only allow players owning that unit to send "god" commands.
- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
then anyone can pick that faction too,
btw, if you want for everyone to have "god" powers, spring has builtin /cheat command, but it unlocks the features for _everyone_
btw, if you want for everyone to have "god" powers, spring has builtin /cheat command, but it unlocks the features for _everyone_
Last edited by BrainDamage on 10 Jul 2010, 02:17, edited 1 time in total.
Re: Question about LuaRules
What do you mean? You only need the player's id to punish them. If you *really* wanted authentication, you could set up a password system - make the hash a mod option and have the widget communicate the password to the gadget, which checks it.Brain Damage wrote:whenever you give bonus to a single player or punish the others, the situation does not change, you still have to handle player auth ( and no, ids are totally unhelpful there )
Yeah, but the host can kick anyone who picks it without their permission.then anyone can pick that faction too
- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
if you put it this way, then the host can already kick all the players in the enemy team and wineyu100 wrote: Yeah, but the host can kick anyone who picks it without their permission.
id works only after you already authenticated an user, it's completely pointless *for* authenticating iteyu100 wrote: What do you mean? You only need the player's id to punish them.
Re: Question about LuaRules
But they can't make more fine-grained changes, like using MoveCtrl on units (rofl).Brain Damage wrote:if you put it this way, then the host can already kick all the players in the enemy team and wineyu100 wrote: Yeah, but the host can kick anyone who picks it without their permission.
EDIT: I meant other units. Also, what if the host wants to be neutral but still influence the game? Or if the game has rules that require human discretion to enforce (and where the punishment for breaking them is not kicking)?
Thanks for the feedback

- BrainDamage
- Lobby Developer
- Posts: 1164
- Joined: 25 Sep 2006, 13:56
Re: Question about LuaRules
if players agree on having someone with higher powers is one thing, another is having it secretly shoved down their throatseyu100 wrote:But they can't make more fine-grained changes, like using MoveCtrl on units (rofl).Brain Damage wrote:if you put it this way, then the host can already kick all the players in the enemy team and wineyu100 wrote: Yeah, but the host can kick anyone who picks it without their permission.
EDIT: I meant other units. Also, what if the host wants to be neutral but still influence the game? Or if the game has rules that require human discretion to enforce (and where the punishment for breaking them is not kicking)?
Thanks for the feedback.
if you want to set a "boss" which is publicly visible, either use the faction, or even better, create a new mod/map option which will contain the team id of the boss player that the host can set trough the lobby
Re: Question about LuaRules
This is much better than my method, lol. And if you want the "boss" to be able to give special permissions to others, you could make invisible units like perm_movectrl and perm_sethp that the boss can give through his/her control panel; the gadget would check for the presence of these units before executing commands. This would work, right?Brain Damage wrote:if players agree on having someone with higher powers is one thing, another is having it secretly shoved down their throatseyu100 wrote:But they can't make more fine-grained changes, like using MoveCtrl on units (rofl).Brain Damage wrote: if you put it this way, then the host can already kick all the players in the enemy team and win
EDIT: I meant other units. Also, what if the host wants to be neutral but still influence the game? Or if the game has rules that require human discretion to enforce (and where the punishment for breaking them is not kicking)?
Thanks for the feedback.
if you want to set a "boss" which is publicly visible, either use the faction, or even better, create a new mod/map option which will contain the team id of the boss player that the host can set trough the lobby
EDIT: or you could just set gadget variables

Re: Question about LuaRules
Err... after reading about Lua a bit more, can't you just send player info to synced with SendLuaRulesMsg? Sure, any player can send the message, but if you use a random encryption key that is only revealed to the unsynced part of the gadget, you can prevent cheating.
EDIT: instead of encryption, you can just use a password...
EDIT: instead of encryption, you can just use a password...

Re: Question about LuaRules
Be aware that anyone can see the gadget's code and thus determine the god password.
Re: Question about LuaRules
Not if the password is randomly generated.Peet wrote:Be aware that anyone can see the gadget's code and thus determine the god password.