[crossfire] Ideas needed to fix exploit

[Andreas Kirschbaum]

On #crossfire it was reported that killing other players can be
exploited (and currently is exploited on cat2) to level really fast.

The cause is that kill_object() calculates the exp gain through
calc_skill_exp(). This value is *not* limited/related to the exp the
victim actually loses. This especially holds if the victim already has
reached permanent exp limit: the killer gains up to 5 million exp for
every kill (which is the upper limit kill_object() allows) but the
victim does not lose anything.

I'm not sure what the "right" solution could be. Some ideas:

 a) Do not reward (pk) with exp.

    This is probably the safest "solution" and is very easy to
    implement. Not sure if that is an appropriate solution for servers
    that allow pvp.

 b) Reward a (pk) with MIN(5 million, (exp loss of victim)/10).

    I'm not sure if that really is a good idea since it probably creates
    another exploit: kill a player with some hard to train skill and
    gain lots of exp in that skill.

    Another (probably quite hard to exploit) problem is that a victim
    player can be killed but not actually die. Thus if a player is very
    careful to kill the victim at -1 hp and the victim regains hp very
    fast, the victim will not actually die but the attacker will gain
    exp. Thus the attacker would gain more exp in total than expected.
    (I'm not sure if this problem still exists but it did exist last
    time I did check.)

    Another possible exploit could be to abuse the force inserted into a
    killed player to prevent multiple deaths at his savebed.

 c) Something else.

    Any ideas?