#Help installing a free new crafting script.

don't use this for the love of all that is holy. this is terrible code. See https://github.com/Mustachedom/md-crafting/issues/1

its a metadata and qbCore.Config issue stopping me from being able to use it atm.

Darn, well the one I was looking at before I saw this release was Pickle's are there any other good xpbased crafting scripts you may recommend?

My issue is that most of the ones I've found don't utilize mutiple forms of xp (or just have a UI I find unfavorable). Id love suggestions.

i use core-crafting personally. it is a paid script but open source out of the box and fairly easy to customize.

but it also only has the single xp bucket

That's a real shame too, he was super friendly in support and I was happy to be using his script. Hopefully he takes your suggestions.

yeah he seems like a good guy just misguided by bad coding practices

fwiw most his scripts have similar style exploits in them

I wonder if I may be better off using a few crafting scripts together to get my desired effect (though I would be concerned about mismatching UI's). I really would like to have more than one xp type in my crafting.

let me look at core crafting real quick

to see how much of a pain it would be to add multiple crafting types

if you could guide me on that, that would be huge, Id gladly consider that one as an option.

I see they have a skills script, I was looking at pickles for that and seeing what I would be capable of tying into it.

so looking at it very quickly it does seem to be viable to rework it as such to use multiple buckets of xp. it would take a little bit of work to get it going but the actual code isn't super complicated. I don't remember if I cleaned up their code a bunch but looking at it the server.lua is only like 55 lines of code

oh theirs is a whole skill tree thing lol thats more than I was looking for out of a skills script. 🤣

thats gives me some high hopes for their crafting, I like their UI better than pickles.

i did do some ui tweaks to clean up duplicating items such as pulling the item images from ox_inventory vice a folder in the script so everytime you touch it people don't have to download a huge resource

good change for sure.

a lot of what I have in my server just utilizes this menu, thats part of why I was hyped on md's as well.

oh the ox_lib context menu?

yeah, pretty much everything I use uses it so far.

if you break it down into steps it's really a question of do you want a queue of items to be crafted or a 1 by 1 crafting?

md's script is 1 by 1 vice core is a queue system

a lot of jim resources and a mix of Open source projects mostly utilizing ox_lib. really not much of what I use is purchased so far.

pickle's is a queue and it uses more than one level type.

the level types is one of the biggest things Ive been looking for in a crafting. I've also looked at some of the crafting scripts that function using blueprints as another option.

I like being able to gate certain items behind a level or path of some sort.

https://github.com/Coffeelot/cw-crafting this is one of the other crafting scripts I've considered that Ive come across.

ahh the old can't spawn blueprint items with /giveitem

Know anything about this one (as far as if its written in an optimized/secure way)?

let me give it a look

This is another Dev whos always been friendly to work with and has some good freebies 🤘

Him and his partner are actually the ones who influenced my decision to go Qbox.

so looking at the server.lua in that one there are some interesting decisions for what is a netevent vice callback

the giveitem thing can be fixed with an ox_inventory hook

good to know, if they don't already know that I'm sure they would appreciate knowing it.

overall (at first glance) does it seem "secure" to use? I've done a pretty good job of keeping my server lightweight. I think I spent more of my first week on qbox removing/replacing than adding anything :p

https://github.com/Coffeelot/cw-crafting/blob/f7c0bf99491c219e676eea10fb75b098880a8d47/server/server.lua#L4-L50C5 - this isn't great but it's at least looking for a data object rather just an item name

Kinda expected this when I asked the question tbh but the answer kinda went over MY head . but it sounds semi-positive.

He's in this discord, I just checked. :p

so the gist of it is if you have a netevent that you can pass whatever to then you can either probe it until it gives you the desired output of xyz item or whatever. This one at least requires the items to be removed but it doesn't hard check against configed values

so my half assed guesstimate of what it meant was at least in the ballpark. 🤣

ideally you would pass just an item name and then it would check in a config variable to see if the item is valid to be crafted and then remove the materials that you have craft it

the premise is not to trust the client ever cause the client is naughty

so the removeitem events are kinda protecting the event from being spammable by a cheat engine?

yeah but the item being removed can be whatever rather than hard coding it in the configuration

Ideally a server has an AC though right? though I can say a server I worked on helping in the past went through like 4 AC's so I haven't even been worried about that yet. we don't really have players so I'm just watching logs really.

no you should never need an anticheat

good coding practices, logging, and admin/dev team should catch any cheaters before they do much damage

anticheats and netevent obfuscators are lazy ways of bandaiding chest wounds of bad code

see I figured if watched properly the logs should serve as a way to undo any real damage done for the most part but you do need an active team for that.

good to kinda hear you reinforce that.

i mean cheaters are going to cheat, look at any big AAA game. all the anticheat in the world doesn't stop being from being scumbags

pci-e screamer cards are a thing and there ain't nothing you can do about them

I looked up the pci-e screamer thing you mentioned and found something about remote memory dumping, is this sortof whats used by some cheat engines to grab the resources of a server?

if you have knowledge on that topic I'd love to hear security suggestions about it. is there anything I can do to protect the work of myself and others that I have on my server?

from a pci-e dma card? na

do you know anything about the cheat engine server dumping though? this just kinda led me back to that issue as I read something about memory dumping.

It was brought to my attention by someone who used to play in that server I was helping at the time, it was what led them to wanna do an AC.

no haven't heard anything about that. but if you don't have any variables exposed to the client that they don't need to see then they can't dump it

from what I was able to tell (he showed me what it could do) he was getting all but "stream" folders in all of the resources, this was just kinda' a glance, I didn't really get to poke around with it or anything, I don't even know what he was using to be honest. just that he was able to grab several servers and show me "proof"

I was curious if this had been a known exploit or something I could do anything to prevent?

so anything in the client/shared/files of the fxmanifest the client sees. if it's not listed in there it's not possible for the client to see that data

so they should have none of the server folders?

if so that's a huge relief.

nope nothing in there. it's never sent to the client

you want me to close this topic as we didnt really reach a "solution" just knida talked about a few crafting script options.