[loiraolhosazul]

even adding the correct ip the plugin closes.
why?

PHP Code:

new const list_allow_ips[][] =
{
    "192.168.0.125:27015",
    "123.456.789.012:27015"
}

new server_ip[64], i
get_user_ip(0, server_ip, charsmax(server_ip), false)
    
set_cvar_string("net_address", server_ip)

for(i = 0; i < sizeof(list_allow_ips); i++)
{
    if(!equal(server_ip, list_allow_ips[i]))
    {
        set_fail_state("no man :)")
    }
} 


[r0ma]

Test:

PHP Code:

    new iFound = false;
    
    for(i = 0; i < sizeof(list_allow_ips); i++) {
        if(equal(server_ip, list_allow_ips[i])) {
            iFound = true;
            break;
        }
    }
    
    if(!iFound)
        set_fail_state("no man :)"); 


[loiraolhosazul]

Quote:

Originally Posted by r0ma Test: PHP Code:     new iFound = false;          for(i = 0; i < sizeof(list_allow_ips); i++) {         if(equal(server_ip, list_allow_ips[i])) {             iFound = true;             break;         }     }          if(!iFound)         set_fail_state("no man :)");

works, thx

[HamletEagle]

Your protection is useless and can be broken in several ways. The only way to keep your plugin private is not to share it with anyone else.

One way to break it:
1. Hook set_fail_state with orpheu.
2. Block the native call and print "yes man " just for the laughs.
3. Profit???

Another thing, get_user_ip(0, ...) gets the ip from net_address so what you are doing there is set_cvar(net_address, get_cvar(net_address)). Very useful.

[r0ma]

Quote:

Originally Posted by HamletEagle Your protection is useless and can be broken in several ways. The only way to keep your plugin private is not to share it with anyone else. One way to break it: 1. Hook set_fail_state with orpheu. 2. Block the native call and print "yes man " just for the laughs. 3. Profit??? Another thing, get_user_ip(0, ...) gets the ip from net_address so what you are doing there is set_cvar(net_address, get_cvar(net_address)). Very useful.

or just change net_address before the check xD
btw for someone with not idea of programming its sufficient

[loiraolhosazul]

Quote:

Originally Posted by r0ma or just change net_address before the check xD btw for someone with not idea of programming its sufficient

exact

[fysiks]

Quote:

Originally Posted by r0ma or just change net_address before the check xD btw for someone with not idea of programming its sufficient

Ever heard of the internet?

[r0ma]

Quote:

Originally Posted by fysiks Ever heard of the internet?

Not really, why ?

if someone only have the .amxx and try to avoid the ip check, need to have basic knowledge about amxx and amxx dump/uncompress. Its not just enter to internet and magic happens, or paid to someone able to do dat.

Its a very basic "security" ? Yes of course, but some times its just enough

[HamletEagle]

Quote:

Originally Posted by r0ma Not really, why ? if someone only have the .amxx and try to avoid the ip check, need to have basic knowledge about amxx and amxx dump/uncompress. Its not just enter to internet and magic happens, or paid to someone able to do dat. Its a very basic "security" ? Yes of course, but some times its just enough

Why would someone have the amxx and not the sma? The license forbids distributing plugins without source.

[r0ma]

Quote:

Originally Posted by HamletEagle Why would someone have the amxx and not the sma? The license forbids distributing plugins without source.

in my case sometime hostings not have enough security and someone stolen server files/plugins.
happened in all hosting in Argentina a few years ago (2011-2013 maybe), was a nice time for learning about security and how hosting are so bad administration.