FOSS gamedev and creative worlds

Hey, as default on my Hommies server, players do not have interact. The server is on minetesthosting.com and 0.4.14. Somebody WITHOUT interact privs edited different signs around spawn.

BTW, I thought I had posted this before, but either (A) I really didn't, (B) I did, but the forums have a bug, or (C) an admin/moderator deleted it. :P

BTW, I thought I had posted this before, but either (A) I really didn't, (B) I did, but the forums have a bug, or (C) an admin/moderator deleted it. :P

(D) Somebody WITHOUT interact privs edited your post

hmm looks like that old bug is back: https://github.com/minetest/minetest_game/issues/210
Maybe in combination with a manipulated client

Were the signs protected? Afaik, the formspects for default signs use client-side prediction. And validation of that form doesn't occur until submission. And at least in 0.4.14, there is no check for privileges only protection (see below). I imagine this bug also affects unlocked chests and bookshelves for the same reason.

sorcerykid wrote:Were the signs protected? Afaik, the formspects for default signs use client-side prediction. And validation of that form doesn't occur until submission. And at least in 0.4.14, there is no check for privileges only protection (see below). I imagine this bug also affects unlocked chests and bookshelves for the same reason.

Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.

Code: Select all

                on_receive_fields = function(pos, formname, fields, sender)
                        --print("Sign at "..minetest.pos_to_string(pos).." got "..dump(fields))
                        local player_name = sender:get_player_name()
                        if minetest.is_protected(pos, player_name) then
                                minetest.record_protection_violation(pos, player_name)
                                return
                        end
                        local meta = minetest.get_meta(pos)
                        if not fields.text then return end
                        minetest.log("action", (player_name or "") .. " wrote \"" ..
                                fields.text .. "\" to sign at " .. minetest.pos_to_string(pos))
                        meta:set_string("text", fields.text)
                        meta:set_string("infotext", '"' .. fields.text .. '"')
                end,


It was not protected because I use the free version of that hosting service, which only includes vanilla and external_cmd. Maybe I should stop having my furnaces stuffed......

Oh also, I tried banning the guy who did that, but because he was not online at the time, it wouldn't ban him >:(

I just did a test with a client that has no interact privs. I can't even right-click on anything. Not even signs. So either that player was cheating, or he had an old, dumb client. The trick is how to ban him. :P

Thanks for the heads up. It looks like right-clicking is indeed disabled once interact is revoked. That is very good to know.

Oh, if you want to test it with different clients, the server is: minetesthosting.com PORT: 30352 :)

You will have no interact by default, unless I already granted you interact, in which case, create another account.