How to ban a user directly from CloudScript?

Question

question

morningstargamestudio asked Oct 4, '20

How to ban a user directly from CloudScript?

So basically I'm new to Playfab, I'm doing my best to find out of the box solutions to prevent users from sending their own packets and giving themselves gold/items. Right now I'm working on the rating system and I'm thinking of trying to add +1 to the user's "Games Started" statistic, and then when I call the CloudScript to update their rating I want to have it first check certain criteria like is the Games Played > TimesRatingWasUpdated or something like that... I'll figure it out at some point.

My problem is that I can't seem to figure out how to ban a player directly in CloudScript. So when the Change Rating script is called I want the If(legit) to change the rating and the else() to ban the player.

So can you change a player's banned state from CloudScript?

CloudScript

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2020-10-05T13:51:20Z

morningstargamestudio answered Oct 5, '20

Thanks, I managed to figure it out. My solution to packet sniffing for now is I generate a random string in Cloud Script and assign it to my player's read only data.

I then pull that string from any client function before sending through a request, and send the string through with the "Change Rating" function. I then set up rules so that when ever Stats or Currency is changed it will generate a new random string and update the player data.

So what this does is, played sends request to change rating, client pulls current string and then sends a call to Cloud Script with the new rating and random string. If the received string matches the player's data then it processes the function, if it doesn't match it instantly bans the account.

I'll have to experiment and fine tune it so people don't get banned by mistake. But I believe this will stop people from being able to capture a packet and send it manually more than once. This does still allow people to change the value of the Rating in the first packet. I'll just add some kind of time out resend function or time stamp system to that - as well as a check to find and ban accounts sending changes that are well above the normal values.

I could simplify this by just calculating my ELO rating change directly in cloud script, as well as calculate the gold reward there too... Then validate it somehow to make sure no parameters were modified.

Anyway, thanks for the reply. :)

1

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Citrus Yan commented · Oct 06, 2020 at 02:25 AM

Np, happy coding:)

0 ·

Answer 2 · 2020-10-05T03:21:29Z

Citrus Yan answered Oct 5, '20

The whole server API set is included in CloudScript, in your case, you can call the server BanUsers API to ban a specific player from CloudScript by doing this:

server.BanUsers({<request details>});

For more details on calling server APIs from CloudScript, please see this section:

https://docs.microsoft.com/en-us/gaming/playfab/features/automation/cloudscript/writing-custom-cloudscript#intermediate-calling-the-server-apis

Moreover, there are some other ban-related server APIs which you can use to manage your ban system if you're interested:

https://docs.microsoft.com/en-us/rest/api/playfab/server/account-management/getuserbans?view=playfab-rest

https://docs.microsoft.com/en-us/rest/api/playfab/server/account-management/revokeallbansforuser?view=playfab-rest

https://docs.microsoft.com/en-us/rest/api/playfab/server/account-management/revokebans?view=playfab-rest

https://docs.microsoft.com/en-us/rest/api/playfab/server/account-management/updatebans?view=playfab-rest

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question