Client-Side Event Sanitization

I came across a very interesting image of someone who is currently working on a script. I figured I could write an article on this small subject since it applies for all multiplayer clients such as alt:V, RAGE:MP, etc. that have a client-side and server-side event system.

The image in question.

Now. Looking at this image it looks like some normal job code for a Trucking job. There's a glaring issue with this code but it may not be incredibly obvious for the average developer.

Let me highlight where the issue is.

The issue in question.

What is wrong with this code?

Just going to loosely define some problems with this code with their problem and their solution(s).


Problem: There is no way to determine if the player is actually at their respective location.

Run an if statement to make sure they're at their location server-side.

Problem: There is no way to prevent the player from simply teleporting their vehicle and self to fulfill the job quickly.

Add a simple cooldown to job completion time. Prevent the player from instantly finishing the job and receiving their money.

Problem: There is no boolean stating the player is currently doing this job on server-side.

Should definitely throw an if check to see if they're running the job.

Problem: There is nothing preventing this event from being called through other means such as some form of V8 Injection.

Should definitely add flags for putting the player into a job and prevent this event from being called if they're not currently serving that job.

Stuyk

Stuyk