Bring back the tokens

[MathiAs2Pique]

Hello, I used to check the HWIDs for ban bypasses on my servers. Unfortunately, I saw that you decided to remove them from cfxTicket. Could you explain why and maybe provide us with another way to identify the player? A lot of bad people sell rockstar accounts very cheap, and now a cheater or banned player just needs to buy another account for about $0.5-1$ and he will be unbanned from all the servers bans.

I hope I speak for many people with this message, and hope you can respond.

Thanks a lot, Mathias.

[blattersturm]

Tokens haven't been 'removed'. If no tokens are returned for players, either a) they don't have tokens, or b) there's a bug somewhere, which you should provide information for.

Why are you assuming there was a conscious decision to 'remove tokens', when this was and is an announced and documented feature?

[gewrutv]

I asked about this earlier today in gated support. We use these tokens to enhance our banning logic just like the native instructs us to do. We require the tokens exist as a layer of protection again modders and people who ban evade. I am getting users who now return no tokens for some reason. Is there something better we should be doing to get these tokens? https://docs.fivem.net/natives/?_0x619E4A3D https://docs.fivem.net/natives/?_0x54C06897 These are the two natives we use together to enhance banning logic.

[blattersturm]

There's nothing 'better you should be doing'. Read my message above.

I legitimately do not understand why, instead of acting civil and just asking in a normal way/place, there's somehow a targeted harassment campaign about 'tokens'.

[gewrutv]

I am confused at how they would not have any tokens? Could you explain this so we can understand it better?

[blattersturm]

I am confused at how they would not have any tokens?

I'm confused as to why everyone must have 'any tokens'. 'Tokens' are only for machine identifiers that are known to not cause false positives. If someone doesn't have any such identifiers, they won't have any tokens returned either, and recently one type was removed as a low amount of users were reporting too many of that type leading to the recent week of outages.

Similarly, this could also be a bug induced by those changes for people who do have other tokens, without specifying which 'some users' are, we can't investigate such at all...

FWIW, the moment we found out (10 minutes before this issue was even opened) there was an issue with scripts breaking with an empty token list, we even fixed this on the backend to return at least some tokens of this type. Your issue is already fixed. Why are you all still trying this harassment campaign?

[gewrutv]

I am sorry if my questions feel like harassment that is certainly not my intent. I am mealy having an issue. I reached out in discord 3 hours ago and Beans responded asking what the code was. I provided this and heard nothing back until I saw this post. Here is our code segment below. If you would like I can provide a lengthily list of steam accounts that we are getting no tokens for. local license, identifier, liveid, xboxid, discord, playerip, tokens, fivem = GetOnlineFormattedIdentifiers(_source) `function GetOnlineFormattedIdentifiers(source) local license, identifier, liveid, xboxid, discord, playerip, fivem local tokens = {}

for k,v in ipairs(GetPlayerIdentifiers(source))do
    if string.sub(v, 1, string.len("license:")) == "license:" then
        license = v
    elseif string.sub(v, 1, string.len("steam:")) == "steam:" then
        identifier = v
    elseif string.sub(v, 1, string.len("live:")) == "live:" then
        liveid = v
    elseif string.sub(v, 1, string.len("xbl:")) == "xbl:" then
        xboxid  = v
    elseif string.sub(v, 1, string.len("discord:")) == "discord:" then
        discord = v
    elseif string.sub(v, 1, string.len("ip:")) == "ip:" then
        playerip = v
    elseif string.sub(v, 1, string.len("fivem:")) == "fivem:" then
        fivem = v
    end
end

for i = 1, GetNumPlayerTokens(source) do
    local t = GetPlayerToken(source, i)
    if t ~= nil then
        table.insert(tokens, t)
    end
end

return license, identifier, liveid, xboxid, discord, playerip, tokens, fivem

end`

[gewrutv]

I am unsure why it is formatting weird but I think you get the idea of it.

[blattersturm]

Can you check if it works again now at least?

Also,

a lengthily list of steam accounts

This is useless to us, as we don't actually log anyone's Steam ID anywhere at all. license: or any other identifier would work, but please, only if it isn't already fixed.

[gewrutv]

blattersturm

I will check into it now and update our logging to include license if it fails further

[gewrutv]

Can you check if it works again now at least?

Also,

a lengthily list of steam accounts

This is useless to us, as we don't actually log anyone's Steam ID anywhere at all. license: or any other identifier would work, but please, only if it isn't already fixed.

I am being told it works now. We have also updated logging to provide license info should it happen again.

thank you

[MathiAs2Pique]

I legitimately do not understand why, instead of acting civil and just asking in a normal way/place, there's somehow a targeted harassment campaign about 'tokens'.

Because to me, as you said, this feature is documented and (was) well implemented in FiveM, and you changed it without telling anyone. I don't blame you or the FiveM team, but I think it's a shame to make changes that can have a real impact on servers and players (because of the many anticheats that use them) without warning or making a patch note, so that there is official information about what is going on.

But anyway, thanks for modifying the backend code to allow us to use some of it.

[technetium-cfx]

There was never an intention to break anything, hence a it works now again.

[MathiAs2Pique]

There was never an intention to break anything, hence a it works now again.

I'm not complaining about intent, but about a lack of communication with developers. Please do not take my comments as a harassment campaign, but more as advice to being more developers-friendly

[technetium-cfx]

What I mean is, if anything is known to break, it would be communicated of course. If something breaks as a result of a change, it is more often than not unintended 😉