Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
Couple bugs
Dec 12, 2017, 5:42 pm
By Remcon
Bug in disarm( )
Nov 12, 2017, 6:54 pm
By GatewaySysop
Bug in will_fall( )
Oct 23, 2017, 1:35 am
By GatewaySysop
Bug in do_zap( ), do_brandish( )
Oct 18, 2017, 1:52 pm
By GatewaySysop
Bug in get_exp_worth( )
Oct 10, 2017, 1:26 am
By GatewaySysop
LOP 1.45
Author: Remcon
Submitted by: Remcon
LOP Heroes Edition
Author: Vladaar
Submitted by: Vladaar
Heroes sound extras
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.3
Author: Vladaar
Submitted by: Vladaar
Memwatch
Author: Johan Lindh
Submitted by: Vladaar
Users Online
CommonCrawl, DotBot

Members: 0
Guests: 12
Stats
Files
Topics
Posts
Members
Newest Member
477
3,705
19,232
608
LAntorcha
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Codebases » SWR FUSS » Major Exploit in FORCE/ORDER ...
Forum Rules | Mark all | Recent Posts

Major Exploit in FORCE/ORDER Command
< Newer Topic :: Older Topic > Unsure why no one saw this.

Pages:<< prev 1 next >>
Post is unread #1 Apr 16, 2006, 10:38 am
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

I've been through the SWR bugfix list, saw this nowhere. So I'll bring it up here. Its possible for an immortal or player to use FORCE or ORDER respectively to acess MP commands within a MOB. Think about it, an immortal typing 'force puff mpforce banner makeimm bob 210' Or mpslay. Or a player using a mob to 'mpwithdraw 2000000000'. Why stop there? The possibilities are endless. Sorry if this has been brought up before, but I didn't see it.


do_force:
/*
 * Thanks to Grodyn for pointing out bugs in this function.
 * - Mob bug fix, Banner 2005/2006                 
 */
void do_force( CHAR_DATA *ch, char *argument )      
{
        char buf[MAX_INPUT_LENGTH];
        char arg[MAX_INPUT_LENGTH];
        bool mobsonly;

        set_char_color( AT_IMMORT, ch );
    argument = one_argument( argument, arg );
        if ( arg[0] == '\0' || argument[0] == '\0' )
        {
                send_to_char( "Force whom to do what?\n\r", ch );
                return;
        }             

        mobsonly = get_trust( ch ) < sysdata.level_forcepc;

    if ( !str_cmp( arg, "all" ) )
        {       
                CHAR_DATA *vch;
                CHAR_DATA *vch_next;

                if ( mobsonly )
                {                 
                        send_to_char( "Force whom to do what?\n\r", ch );
                        return;
                }

                /* Better warn other staff about this one - Banner */
                if ( !str_prefix("mp",argument) )
                {
                        sprintf( buf , "&RWARNING: &G&W %s is attempting to cheat.\n\r",ch->name );
                        log_string ( buf );
                        send_to_char( "But that's cheating!\n\r", ch );
                        return;
                }

                for ( vch = first_char; vch; vch = vch_next )
                {                  
                        vch_next = vch->next;
                        if ( !IS_NPC(vch) && get_trust( vch ) < get_trust( ch ) )
                        {               
                                act( AT_IMMORT, "$n forces you to '$t'.", ch, argument, vch, TO_VICT );
                                interpret( vch, argument );
                        }
                }      
        }             
        else
        {
                CHAR_DATA *victim;
                if ( ( victim = get_char_world( ch, arg ) ) == NULL )
                {                
                        send_to_char( "They aren't here.\n\r", ch );
                        return;
                }
                if ( victim == ch )
                {              
                        send_to_char( "Aye aye, right away!\n\r", ch );
                        return;
                }              
                if ( ( get_trust( victim ) >= get_trust( ch ) )
                        || ( mobsonly && !IS_NPC( victim ) ) )
                {
                        send_to_char( "Do it yourself!\n\r", ch );
                        return;
                }
                /* Better warn other staff about this one - Banner */
                if ( !str_prefix("mp",argument) )
                {
                        sprintf( buf , "&RWARNING: &G&W %s is attempting to cheat.\n\r",ch->name );
                        log_string( buf ); 
                        send_to_char( "But that's cheating!\n\r", ch );
                        return;
                }   
                act( AT_IMMORT, "$n forces you to '$t'.", ch, argument, victim, TO_VICT );
                interpret( victim, argument );
        }             
      send_to_char( "Force complete.\n\r", ch );
        return;
}    


do_order:
void do_order( CHAR_DATA * ch, char *argument )
{
   char arg[MAX_INPUT_LENGTH];
   char argbuf[MAX_INPUT_LENGTH];
   CHAR_DATA *victim;
   CHAR_DATA *och;
   CHAR_DATA *och_next;
   bool found;
   bool fAll;
   char buf[MAX_INPUT_LENGTH];

   strcpy( argbuf, argument );
   argument = one_argument( argument, arg );

   if( arg[0] == '\0' || argument[0] == '\0' )
   {
      send_to_char( "Order whom to do what?\n\r", ch );
      return;
   }

   if( IS_AFFECTED( ch, AFF_CHARM ) )
   {
      send_to_char( "You feel like taking, not giving, orders.\n\r", ch );
      return;
   }

   if( !str_cmp( arg, "all" ) )
   {
      fAll = TRUE;
      victim = NULL;

      /* Don't want mobs using the aquest command.. - Banner 2006 */
      if( strstr( argument, "aquest" ) !=NULL )
      {
         send_to_char( "That command cannot be forced.\n\r", ch );
         return;
      }

      /* Players with acess to MP commands noway - Banner 2006 */
      else if ( !str_prefix("mp",argument) )
      {           
         send_to_char( "No.. I don't think so.\n\r", ch );
         return;              
      }


   }

   else
   {
      fAll = FALSE;
      if( ( victim = get_char_room( ch, arg ) ) == NULL )
      {
         send_to_char( "They aren't here.\n\r", ch );
         return;
      }

      if( victim == ch )
      {
         send_to_char( "Aye aye, right away!\n\r", ch );
         return;
      }          
 
      /* Players with acess to MP commands noway - Banner 2006 */ 
      if( strstr( argument, "mp" ) != NULL )
      {
         send_to_char( "No.. I don't think so.\n\r", ch );
         return;
      }

      /* Don't want mobs using the aquest command.. - Banner 2006 */
      if( strstr( argument, "aquest" ) !=NULL )
      {
         send_to_char( "That command cannot be forced.\n\r", ch );
         return;
      }

      if( !IS_AFFECTED( victim, AFF_CHARM ) || victim->master != ch )
      {
         send_to_char( "Do it yourself!\n\r", ch );
         return;
      }
   }   

   found = FALSE;  
   for( och = ch->in_room->first_person; och; och = och_next )
   {   
      och_next = och->next_in_room;                  

      if( IS_AFFECTED( och, AFF_CHARM ) && och->master == ch && ( fAll || och == victim ) )
      {
         found = TRUE;  
         act( AT_ACTION, "$n orders you to '$t'.", ch, argument, och, TO_VICT );
         interpret( och, argument );
      }         
   }              

   if( found )
   {   

      sprintf( log_buf, "%s: order %s.", ch->name, argbuf );
      log_string_plus( log_buf, LOG_NORMAL, ch->top_level );
      send_to_char( "Ok.\n\r", ch );
      WAIT_STATE( ch, 12 );
   }
   else
      send_to_char( "You have no followers here.\n\r", ch );
   return;
} 
       
Post is unread #2 Apr 16, 2006, 4:30 pm
Go to the top of the page
Go to the bottom of the page

Zeno
Sorcerer
GroupMembers
Posts723
JoinedMar 5, 2005

Er, I don't think this is a problem.

Order cannot be used to make a pet use a mpcommand.

There are things already safe-coded for mpcommands via force as well. For example, mpslay cannot be used on Imms.
       
Post is unread #3 Apr 16, 2006, 5:37 pm
Go to the top of the page
Go to the bottom of the page

Banner
Magician
GroupMembers
Posts169
JoinedNov 29, 2005

Not while I tested mine. Mpforce is probably more dangerous than mpslay anyway.
       
Post is unread #4 Apr 16, 2006, 5:49 pm   Last edited Apr 16, 2006, 5:50 pm by Zeno
Go to the top of the page
Go to the bottom of the page

Zeno
Sorcerer
GroupMembers
Posts723
JoinedMar 5, 2005

Didn't notice this is SWR.

I'm pretty sure Smaug is fine, so I guess those safeguards would have to be copied from Smaug to SWR.
       
Pages:<< prev 1 next >>