alexsavory
commented
4 years ago Thanks, as this is meant to be an ingame item the website address should not be visible to the players thus unable to open dev panel.However some may use it out of game aswell. I will update the login system to combat this error.
I found a pretty big exploit with the Combine Datapad found here: https://github.com/trurascalz/clockworkplugins/tree/master/hl2rp/combinedatapad
When using the normal web interface outside of Garry's mod, you have the quick login set to readonly, but when I use developer console to change the default value of the text box to anyone's steamid64, I am able to quick signin as said person without error.
If you change the value="" to any steamID 64 via the developer console, then hit quick login, you can login as any user.