Nyets comrade, for Arstozka!
I guess Iâll adress this however none of you have read my update posts related to this.
So let me quote that real quick:
Added convar: es_enableDevTools enabled by default. Set to 0 if you want them disabled
Link: [Release] EssentialMode base
So this was mentioned that it was enabled by default, as to why this would be enabled by default: âA lot of people donât even know how to set these and I get questions daily regarding convars.â
So just search next time please. It can easily be disabled if you donât want it, neither does it really matter as that steamid is mine. I havenât joined a single random server in the past month and neither would I try and abuse it.
1 Like
Looks like the strange version quoted here was in version 4.6.1 - It was changed for 4.6.3
1 Like
With all due respect surely it can never be a good idea to put this sort of âbackdoorâ in a widely used piece of code, whatever its intended purpose is. We only have your word regarding how you would use this functionality and what if your Steam account were to be compromised? It then opens up all of these servers to whoever is in control of your account.
This is a framework people are supposed to copy and either learn from as they build their own framework, or edit this one so that it fits their needs. If you take someones FREE code and then complain because the developer customized the code for themselves, then this server stuff is not for you.
Itâs not âtucked awayâ or hidden in anyway, or there to âbackdoorâ your server. It took maybe 6 seconds to find everything that related to dev, _dev, and self.group because essentialmode is literally ~8 scripts that you can search all at once in any basic text editor. You donât even need that, he literally commented the lines relating to the dev code. If you donât like whats in the code, then just remove it, its what your supposed to do with the files anyway.
1 Like
So? Disable it. Itâs a convar that you can easily change, and my account wont be hacked. Kinda dumb assumption on anything.
1 Like
Youâre right, if you donât like it remove it, or even better donât use it; which I wonât. Iâm only warning people of the potential problem, Iâm not saying donât use it no matter what. I just think itâs important to let people know exactly what this script allows.
You say âSo?â, Iâm pointing out a security vulnerability in your code. You say your account wonât be hacked, that is a very naive assumption to make and something you can never be sure of.
In my opinion it is bad programming practice, why not put something in that allows the owner of the server to quickly give you temporary permissions to help you debug it? Rather than hard coding in your own steam ID (which has a suspicious concatenation in it which still hasnât been properly explained) and giving it elevated privileges.
Still continuing to receive errors after numerous fresh installs of EessentialMode and FiveM. Essentialmode is listed to start before es_admin. I attempted to use your website for support, but I am not receiving the email confirmation.
Anything I am doing wrong?
EDIT: I should add that I have couchDB working and it appears to be working. When a player joins the server, it adds a new user thing. Whenever the console is done loading, it says âEverything is ok!â or whatever.
ehm you should do
setadmin [id] [permission-level]
setgroup [id] [group]
not setadmin [id] [group]
1 Like
It isnât hard-coded. It checks a web server for a steam id. So even if my account was hacked I would just remove it. Youâre way to afraid for literally nothing.
The first âversionâ of this debug mode was more of a joke and wasnât meant to exist. So I immediately removed it once I noticed it. Later on I implemented it back in in a better way. Which is the current implementation.
1 Like
Yeah thatâs great for everyone who keeps their code up to the date with the latest version of essential mode, but not so great for those who donât update and are left vulnerable to someone using your Steam account maliciously. Thatâs why itâs not good practice. Iâve made my point and I hope some lessons are learnt.
I only support updated versions, not my problem. Thereâs nothing to be âlearnedâ as nothing was done incorrectly.
4 Likes
My point is, it wouldnât be an issue (for anyone) at all if this wasnât coded in the way it has been; thatâs why I say itâs bad practice.
Why not just remove the line yourself if it bothers you so much?
Iâm not using the script, Iâm only saying something so others know the potential implications.
The bottom line is this:
It can easily be disabled if you donât want it
If people are really that paranoid that @Kanersps is going to hax0r their server, it can be disabled. If people donât bother to look into what scripts can do, thatâs again not his fault. Even more so because itâs a completely optional thing.
1 Like
i need help im getting this error:
Loaded System.Buffers, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 into ScriptDomain_234936983
InvokeNative: execution failed: type must be object, but is array
Error running call reference function for resource essentialmode: Execution of native 000000008e8cc653 in script host failed.
stack traceback:
[C]: in upvalue â_inâ
citizen:/scripting/lua/natives_server.lua:190: in function âPerformHttpRequestInternalâ
citizen:/scripting/lua/scheduler.lua:233: in function âPerformHttpRequestâ
server/classes/player.lua:198: in function âCreatePlayerâ
server/player/login.lua:10: in local ârefâ
citizen:/scripting/lua/scheduler.lua:277: in function citizen:/scripting/lua/scheduler.lua:268
Error running call reference function for resource esplugin_mysql: citizen:/scripting/lua/MessagePack.lua:830: missing bytes
stack traceback:
[C]: in function âerrorâ
citizen:/scripting/lua/MessagePack.lua:830: in method âunderflowâ
citizen:/scripting/lua/MessagePack.lua:465: in field âanyâ
citizen:/scripting/lua/MessagePack.lua:860: in field âunpackâ
citizen:/scripting/lua/scheduler.lua:338: in upvalue âCallbackâ
server.lua:28: in local ârefâ
citizen:/scripting/lua/scheduler.lua:277: in function citizen:/scripting/lua/scheduler.lua:268
[ERROR] [MySQL] Check the error above, an error happens when executing the callback from the query : âSELECT * FROM users WHERE identifier=@identifier; {identifier=steam:110000104353179}â
Error running system event handling function for resource LockDoors: citizen:/scripting/lua/scheduler.lua:39: Failed to execute thread: server.lua:17: attempt to call a nil value (method âSplitâ)
stack traceback:
server.lua:17: in function âstringSplitâ
server.lua:6: in upvalue âhandlerâ
citizen:/scripting/lua/scheduler.lua:124: in function citizen:/scripting/lua/scheduler.lua:123
stack traceback:
[C]: in function âerrorâ
citizen:/scripting/lua/scheduler.lua:39: in field âCreateThreadNowâ
citizen:/scripting/lua/scheduler.lua:123: in function citizen:/scripting/lua/scheduler.lua:92
Error running system event handling function for resource mxhandcuff: citizen:/scripting/lua/scheduler.lua:39: Failed to execute thread: sv_handcuffs.lua:38: attempt to call a nil value (method âSplitâ)
stack traceback:
sv_handcuffs.lua:38: in function âstringsplitâ
sv_handcuffs.lua:4: in upvalue âhandlerâ
citizen:/scripting/lua/scheduler.lua:124: in function citizen:/scripting/lua/scheduler.lua:123
stack traceback:
[C]: in function âerrorâ
citizen:/scripting/lua/scheduler.lua:39: in field âCreateThreadNowâ
citizen:/scripting/lua/scheduler.lua:123: in function citizen:/scripting/lua/scheduler.lua:92
Error running system event handling function for resource RappelHeli: citizen:/scripting/lua/scheduler.lua:39: Failed to execute thread: server.lua:17: attempt to call a nil value (method âSplitâ)
stack traceback:
server.lua:17: in function âstringSplitâ
server.lua:6: in upvalue âhandlerâ
citizen:/scripting/lua/scheduler.lua:124: in function citizen:/scripting/lua/scheduler.lua:123
stack traceback:
[C]: in function âerrorâ
citizen:/scripting/lua/scheduler.lua:39: in field âCreateThreadNowâ
citizen:/scripting/lua/scheduler.lua:123: in function citizen:/scripting/lua/scheduler.lua:92
Sending heartbeat to live-internal.fivem.net:30110
i dont know what to do 
1 Like
Youâre completely right. I figured if it was wrong, it would tell me instead of allowing a permission level value be âOwnerââŚ
Thanks,
Caesar