Tracer

Cancelling event on the client is dangerous as the cheater can just not execute that code

I disagree. You would need to have X auth code for X servers. It would also be too intrusive. If you want 2fa, you can create it with lua, http...

> > Use custom login solution :) > > The problem with this is that the MTA login is very easy to bypass if you know the username and password...

> The emphasis is on the basic ACL users, where you can log in using the /login command. You can add any kind of email confirmation, but as long as...

you have the `client` variable. You can check if client tried to fake the event.

> Im not sure if you know what you're talking about or did read whole post, but I don't mean player that triggers the event but triggering events cross-resource. That...

I know about this note, but does it also include `sourceResource` and `sourceResourceRoot`? If not then you can use these to check against source ```lua source -- The player or...

well **that** is an issue then.

Can we do the same thing `client` does but for `sourceResource` and `sourceResourceRoot`?

Right now, yes. But every client script runs in a resource. It could be retrieved, no?