AlliedModders - View Single Post - SMAC by-pass hack?

**DarkDeviL** · 09-29-2017 , 10:51 Re: SMAC by-pass hack?

If

Code:

GetClientAuthId(client, AuthId_Steam2, auth, sizeof(auth)

returns FALSE, then

Code:

IsAuthorized(client);

should return FALSE too according to my experiments in the past, though that was with CS:S.

If GetClientAuthId returns FALSE, and you're still using the contents of "auth", that is when when you're getting "STEAM_ID_STOP_IGNORING_RETVALS", it should not be returning TRUE at the same time as providing "STEAM_ID_STOP_IGNORING_RETVALS".

Even the very old GetClientAuthString, says the same as the newer GetClientAuthId:

Code:

Return:
True on success, false otherwise.

&&

Code:

Return Value

True on success, false otherwise.

core.cfg: Keep "SteamAuthstringValidation" to "yes", as the default value is set to!
Check return value of "GetClientAuthId" EVERY time you use it.
Use GetSteamAccountID, if you need a more simple check, as that one returns 0, if the Steam ID of the user isn't or not yet validated, or something else is wrong. And always the Steam Account ID (the "12345678" from Steam3 "[U:1:12345678]") when successful.
... etc.

Many years ago, I started out with some plugins here from AM, then I changed to my own plugins, and/or re-built them to suit my needs better.

Many of them was using like the above example I made in POST #5.

I ended up on having a lot of issues, sometimes with empty or invalid Steam ID's, and when I finally saw the documentaiton, I found that the plugins wasn't doing things according to the API (checking TRUE vs FALSE return value)

I then changed things from:

Code:

GetClientAuthString(client, SteamID, sizeof(SteamID));
PrintToChat(client, "Your Steam ID is: %s", SteamID);

to

Code:

new bool:bSteam32 = GetClientAuthString(client, SteamID, sizeof(SteamID));
if (bSteam32) {
  /* Do whatever I wanted to do with SteamID here */
  PrintToChat(client, "Your Steam ID is: %s", SteamID);
} else {
  LogError("Something failed here ... bla bla bla");
  PrintToChat(client, "Something went wrong when looking up your Steam ID, sorry.");
}

Since then, there was NEVER any problems retrieving the correct Steam ID any more on those third party plugins after they were re-built this way.

I don't intend to be rude, but for plugin creators, the thing is very simple - make sure to follow the documentation 100%. That worked for me when creating my plugins, as well as when fixing broken plugins created by others.

For the above "temp fix", I would rather suggest kicking people, like SMAC does, if the player hasn't validated within like 15, 30, 45 or 60 seconds - depending on what you prefer. 15 seconds should usually be enough, unless the Steam network is down.

OnClientPostAdminCheck will never be called, if Steam network is down (or STEAM_ID_PENDING / STEAM_ID_STOP_IGNORING_RETVALS), and therefore I usually suggest using that one for "on-connect" things when you need to know who they really are.