Trusting the client?

[ash47]

I know you said you're no Lua coder, but I'd still like to bring this to your attention:

Convars:RegisterCommand( "upgradeSpell", function(name, _ID, abilityName, _cost, _pnt)
    local cmdPlayer = Convars:GetCommandClient()
    if cmdPlayer then 
        return self:PlayerUpgradeSpell( cmdPlayer, _ID, abilityName, _cost, _pnt)
    end
end, "Upgrade the spell of the player", 0 )

The client specifies how much a given spell costs, so they could modify the cost of abilities via a VPK override, or even set the cost to negative to get unlimited free gold :O You should really just sent the ability name they want to buy, then lookup the cost on the server. There is a function to load KVs via Lua as well :)

[AJIADb9]

"_ID" - is the ability "_ID" from spells.txt I asked the same question but for other thing =)

[zedor]

True. I mean, you don't necessarily need to utilise the values passed by the flash UI and use the separate ones, but I suppose it would be better to just pass the name and tell people to load the kv in Lua itself, since most would probably miss it like I did. Thanks!