logout/login dupe

[tru321]

so we found a way to dupe item using /logout and /login command on SSC servers. working on newest tshock version.

simple and free way to reproduce:

1. find NPC Guide and open his crafting help screen.
2. do /logout while crafting help screen still open.
3. put any item material on guide's crafting help slot.
4. do /login.
5. the item is spawned back to player's inventory and we can take back the dupe item on guide's crafting slot.

this can be done on goblin's reforge slot too and on any NPC with shop except we must buy back those dupe items.

another things that can be dupe this way is critters. it seems a logged out player can release critters and when they login back, the critter item return to player's inventory and they can catch back the critter they release before.

[hakusaro]

Just to clarify, you could just remove the logout permission right?

[tru321]

yes that what we do. but some community servers don't. :)

[tru321]

well, i'll break this issue and its fix so far:

1. because there is no way server can control what player do when interacting with npc's item slot this #2525 will prevent player to interacting with npc while disabled so they can't smuggling items when they login back and this #2522 will prevent player to logging out if they still interacting with npc.

2. this fix #2535 for stopping player to catch or release critter while disabled.

i think this issue can be closed now :) .

[ghost]

on this glitch it is not possible for mobile so if the server is a mobile main server then it is hard to dupe