[EO 2.0] Fix level up security hole

[Robin]

Apparently I never added server-side checks to the level up command. Not much can be done without a packet repeater or a copy of your source code, but you should fix it.

Find:
```
Sub HandleRequestLevelUp(ByVal index As Long, ByRef Data() As Byte, ByVal StartAddr As Long, ByVal ExtraVar As Long)

```
and add this to the top:
```
If GetPlayerAccess(index) < 4 Then Exit Sub

```

[lexkymbeth]

i should never post any of my mods on here lol

[wellHell]

Oh, that's funny. Because I thought you knew your code oh so well that there were no issues. I thought players tested your security so thoroughly that there could be no reason to test any further?

I knew the day I would be laughing in the face of cocky programmer would come, just didn't know it would be so soon.. but according to you it was impossible.

There is a saying that goes something like this "He who thinks he knows everything will never learn anything."

[psyDelic]

Back when I was active in hacking mmos, a packet repeater is one of the essential tools. I'm surprised this hasn't been checked already, but then again, no one has created a game worth hacking.

[Taegan]

@wellHell:

> Oh, that's funny. Because I thought you knew your code oh so well that there were no issues. I thought players tested your security so thoroughly that there could be no reason to test any further?
>
> I knew the day I would be laughing in the face of cocky programmer would come, just didn't know it would be so soon.. but according to you it was impossible.
>
> There is a saying that goes something like this "He who thinks he knows everything will never learn anything."

Preeeetty sure he said he had fixed all cheats discovered and not that there weren't more to find and fix. But that's just me.

[lexkymbeth]

lol im so glad i thought of this :3

[Harris6310]

@lexkymbeth:

> lol im so glad i thought of this :3

You've pointed out a small exploit, this doesn't mean you're now god.

[Robin]

@wellHell:

> Oh, that's funny. Because I thought you knew your code oh so well that there were no issues. I thought players tested your security so thoroughly that there could be no reason to test any further?
>
> I knew the day I would be laughing in the face of cocky programmer would come, just didn't know it would be so soon.. but according to you it was impossible.
>
> There is a saying that goes something like this "He who thinks he knows everything will never learn anything."

I said I'd fixed all known issues. Nothing more.

I do love how I'm so important in your life that you'll actually go through so many different accounts just trying to talk to me. I'm flattered, really, but this just can't work. I'm afraid I just can't be in a relationship with someone who goes through such efforts to stalk me.

It's starting to get a bit creepy, actually. Most people stop stalking me after the first 5 or so accounts.

@psyDelic:

> Back when I was active in hacking mmos, a packet repeater is one of the essential tools. I'm surprised this hasn't been checked already, but then again, no one has created a game worth hacking.

I use my own games for testing security issues. In this case Crystalshire.

I never came across the issue because the admin panel doesn't actually exist in my game, and the level up packets don't either.

[lexkymbeth]

@Harris:

> You've pointed out a small exploit, this doesn't mean you're now god.

-.- i don't think i said i was god, batman

[Murdoc]


[Robin]

I find this picture uncomfortable.

[lexkymbeth]

haha

[urakes]

@Robin; However much you think that was me it wasn't :p.

Cya.

- Sek.

[Robin]

@urakes:

> @Robin; However much you think that was me it wasn't :p.
>
> Cya.
>
> - Sek.

I know it isn't you. Believe it or not you're not the first person who's so desperate to be on here that you'll keep making new accounts just to talk to me.

There are dozens of people just as pathetic as you. I do love how you actually go out of your way to register new e-mails, though. I'm sure the time you spend going to such lengths just to get a single message to me must be well worth it.

[Displaced]

You're something like a god i think.

Thanks for the hint anyway.

[mrmiguu]

You guys have a very skewed idea of what a God is.

@Robin Are you going to be posting a re-release of EO with these little fixes you've managed to find over time since EO 2.0 Beta?

[Justn]

@Alexander:

> @Robin Are you going to be posting a re-release of EO with these little fixes you've managed to find over time since EO 2.0 Beta?

Seems like a complete waste of time to me.. All the known bugs have fixes and are listed and only take a couple of seconds to do on your own… =p

Thanks for posting this Robin.

[Harris6310]

@Matlock:

> 

I told him not to turn around.

[Robin]

@Alexander:

> @Robin Are you going to be posting a re-release of EO with these little fixes you've managed to find over time since EO 2.0 Beta?

/shrug. Not just for bug fixes. I'm sick and tired of all the problems people are posting about so I'll probably add UPnP and add dialogues which explain exactly what someone has done wrong rather than obscure RTEs.

[mrmiguu]

@Robin:

> /shrug. Not just for bug fixes. I'm sick and tired of all the problems people are posting about so I'll probably add UPnP and add dialogues which explain exactly what someone has done wrong rather than obscure RTEs.

That honestly is the best solution for revisions and the sort. It rids of the need for developers using older versions/editions to completely wipe their slate clean and start a new.

[lel]

If Robin started a simple new version, that just had the fixes, I think he would multiply the work he'd have, because he'd think of something he'd want to add. Or he would just do the fixes and he knows he'd hear more people then he'd like complain that he didn't add anything new. I do like the point made by Alex thou. Really keeps me from being bugged by a new version.

[Robin]

@lel:

> If Robin started a simple new version, that just had the fixes, I think he would multiply the work he'd have, because he'd think of something he'd want to add. Or he would just do the fixes and he knows he'd hear more people then he'd like complain that he didn't add anything new. I do like the point made by Alex thou. Really keeps me from being bugged by a new version.

If I wanted to add something to EO I already would have done. In my opinion it's in the perfect state to develop a unique and fun game. Any features I add will simply distract from that.

UPnP and bugfixes are just two small things which would stop the amount of support I need to give on here thus actually saving time in the future.

[Likestodraw]

@Alexander:

> You guys have a very skewed idea of what a God is.
>
> @Robin Are you going to be posting a re-release of EO with these little fixes you've managed to find over time since EO 2.0 Beta?

Robin probably won't think about releasing EO again for a while. Ask again when either a) a huge security hole opens up and EO games are being hacked each day
b)Robin adds something new
and you'll probably get a different answer.
@Robin- Thanks for posting this, now I get to make sure Lex can't hack me lol

[Likestodraw]

So what file is this in again?

[Robin]

Ctrl + F. Come on now. You're not even trying.