I am making a pack opening system for my soccer/football game, RSA. I have the system already made and works like a charm, however, I don’t want to duplicate the code 4 times for each pack. I was thinking of sending over a word from the client to the server such as “Gold” for gold pack, or “Silver” and so on. This would enable an exploiter to just change the word for the pack they want, I know that. If I check the player’s coins to see if they have enough to purchase on the server though then that could be prevented. So my question is, is this a valid limit to extend too? The exploiter changing to the most expensive pack will charge them a lot if they have it, but they are an exploiter so does it really matter if they lose coins? Is this a good method for this operation?
I think what you should do is treat the client as an input, rather than as a modifier. Always verify the input on the server. This should stop most types of exploits, regardless of their methods of actually doing the exploit.
How you can go about doing this depends on how your system works, although the generalised rule is:
Check if Player X has enough of Y to do Z
So, if a player sends a request (think: not an order!) to the server to open a pack, have the server check how many coins the player has before it does anything.
If they don’t have enough, it can simply deny the request. It works like you said.
And yeah, don’t give a damn about your exploiters. They choose to mess with your system, let them have whatever results the tampering gives them
If I understand you correctly, and you are making sure they have the money on the server first, then that is exactly how you should handle it.
If the packs in question need to be unlocked or something (i.e. you can’t just have a million coins and choose gold every time), then they could potentially exploit that, but you already know this. All you would need to do in this case is check on the server if they have unlocked said pack or whatever and are able to buy it.
As an afterthought, make sure when they get rewards at the end of a round or when making a kill or whatever, the server awards the coins and keeps track of how much has been awarded and what has been unlocked, that way you have something for the server to verify with.
