Stacker UI Improvements + Critical Exploit Fixes

[alexandrosmagos]

Hey, just pushing some changes to the Stacker GUI and patching up some pretty bad exploits I found in the sell system.

As a server owner, I actually caught multiple people abusing these to print millions of dollars and inflate the economy. It got so bad I had to completely disable the plugin on my production server until I could get these fixed. On top of the security fixes, the new bulk actions are a massive resource saver since people aren't forced to stack hundred of spawners one by one anymore.

1. Stacker GUI: Bulk Actions & Resource Optimization

• Added Add All and Remove All buttons to the Stacker menu. This is way easier for players and saves a ton of server resources because it batches the stacking operations instead of processing dozens of individual clicks.
• Added an inventory check to "Remove All" so it won't let you pull more than you can actually fit in your bags. No more losing spawners to the void.

New GUI Layout:

Full Stacker GUI	Add All (Hover)	Remove All (Hover)

If you need me to make the slot numbers configerable in config, let me know, and I'll have it ready.

2. Sell UI Optimization

• Made it so the Sell Confirmation menu won't even open if the spawner is empty.
• Now it just tosses a "no items to sell" warning in chat. It’s cleaner and prevents people from getting stuck in "locked" interaction states.

3. The Big One: Sell All Exploit Fixes

The sell system had some massive holes where people were printing money.

• The Race Condition: Because sales were running in the background (async), multiple players could time their clicks and sell the same spawner inventory simultaneously. Both would get paid the full amount before the items were actually cleared.
• The Click Spam: You could also just spam the "Confirm" button really fast before the server closed the UI, getting paid 2-6 times for one inventory. If a spawner has $100M of loot, that's $600M+ appearing out of thin air.

The Fix:
Everything is now strictly synchronous and locked down. The server now finishes the whole transaction (calculating, paying, and removing items) in one go on the main thread. If you try to double-click or have a friend try to "help" sell, the server will just tell you an "Action is in progress."

Examples of what was being abused:

Selling from multiple accounts at once	Spamming the sell button

4. Technical Bits

• Added a tiny (50ms) time guard to SpawnerData.java during spawn events. This fixes that weird bug where the Stacker would get stuck and refuse to remove items, and helps with hologram sync.

Everything is tested and building fine on Gradle, and both exploit have been heavily tested by me, and in production by players.