Digital Paint Discussion Board
Development => General Development => Topic started by: jitspoe on March 05, 2006, 08:46:55 PM
-
Since it seems the global login system was the most popular wish for build 17, we need to come up with a good, secure method of implementing it so I can start coding. Here's what I had in mind:
- Login names/passwords would be stored in a "central" server (most likely dpball.com) database.
- The passwords would be stored in some kind of encoded manner (the most popular method for this is md5sums, I think).
- For sending the login -- There's a way you're supposed to do this kind of thing to protect it from packet sniffers... the old "lock on a box" analogy. I think the client sends an encrypted packet with its own key to the server. The server then encrypts it with its key, sends it back to the client, the client decrypts with its key, sends back to the server, which decrypts with its key to get the login/password. Is that right? What encryption algorithm should we use? Preferably something clean and lean (and free of patents). For such a small amount of data, it won't need to be too robust, as I don't think anybody could crack it.
- When the server successfully logs into the central server, the central server assigns a temporary password to the client and the game server the client is connecting to.
- The client then logs into the game server with the temporary password (this is done behind the scenes - the client doesn't actually have to type this in).
- Once the client disconnects, the temporary password expires.
-
sounds good , but would the registration process go through the same crap?
-
What would be done if someone were to get someone else's password? How would that be handled?
-
THere are a few ways to do this.
1. Have the player login to their local client. Have a registration type screen pop up where they enter some key info, set up a secured question and answer, and those results are encrypted and go back to the server. But when the user registeres his client, a specific keygets generated based on a given piece of info that he enters.. That key is then sent back to teh server for safe keeping ansd that key is used for authentication
2. Have the user log in to a central server where he enters key information ie.. q and a stuff and a key is generated. This key the user then enters in to his client which then authenticates the user and possibly generates a second clear key.
Remember: the user ID ( key or whatever ) can be encrypted and should be, as once its entered, no one needs to see it. Even the DBA browsign the database.
Now for stats gathering, you might want a clear key that is generated based on info the user enters.
These are jsut some thoughts.
-
ok all that sounds good but in the future will we have built-in player stats? ;p
-
Post removed
-
KnacK: I'm not sure if I follow, but it sounds kind of like we're saying the same thing. The password would be encrypted in the database. I'm not sure I see the need for questions and answers, though. A simple username and password should be sufficient, no?
Also, it might be nice to be able to "save" your password, so that you don't have to log in every time you play. I wonder what the most secure way to do that would be.
I'm going to implement the login system first, then we'll worry about stats later. One thing at a time. :) The two main purposes stats will serve right now are protecting users names and combating cheaters.
Oh, a couple notes I forgot to mention about the logins:
- They'd be alphanumeric only and case insensitive. Color codes, spaces, splats, etc. will be stripped off (this should cut back on people doing clever things to create names that are visually the same, but technically different).
- There will be a primary name and two alternate names. The primary name will remain the same, but the alternate names can be changed every, say, 2 weeks (in order to allow for clan tags and whatnot).
-
Alternate names, eh? I think there should be a primary name, then a tag that would automatically be put in front of the name in brakets.
-
what if its a clan that dosent have in in front.. or not brackets
-
Meh. It'd just make tags universal.
-
the question and answer would be used to reissue a password.
ie.. skater forgets his password. He goes to teh web site and clicks on the " I R A dumbie and forgot my password" link.
From there he enters his primary user id.
A challenge phrase appears that he entered when he registerd:
ie.. " What color is my white dog"
and skater, having some sort of mental whit would respond to his previously entered resposnse :
" white"
I guess the main thing is we need to lay out exactly what is going to be accomplished by the gloabal login:
Stats user and clan
Security/fraud/theft of user name-id
clan membership
authentication of valid client software.
oh, while I'm thinking about it, the login might also grab the login IP address as well as the original IP address when the account was created. This would also help in fraud cases within the DP community or if skater justreally was a dumbie and entered "red" for his response to his challenge phrase.
-
I've never cared much for password retrieval questions. People should just use passwords they remember. I mean, what if skater's friend pretends to be skater forgetting his question, and, knowing the color of skater's white dog, answers correctly, thus gaining control of skater's account. Plus they make things more complicated to implement.
-
it really does need to be in there, or it will be an admin's nightmare. :P
-
I think a "forgot password"/"reset password" email is a better approach, personally.
-
ok...
grumblegrumblegrumble....
:-X
-
/me gets the feeling that knack forgets his password a lot.
-
Whoa, how'd I get mixed up with all of this? :)
I like the idea there Jitty, too many people wanna fake my famouis name :-p
-
What's to prevent someone from registering a known person's name before they get to it?
-
Honor and dignity? And a trip to global ban land if they don't have such things?
-
What's to prevent someone from registering a known person's name before they get to it?
That's why IP logging should be utilised for registration and login attempts.
-
all this stuff sounds pretty cool i just hope it comes out like it sounds and wouldnt this make it so much easier to ban hackers all you would have to do is disable their accounts but they could register all over again n im sure u could make a way so they cant register. and hackers wont be able to change their name and use a hack then change it back because they would have to wait two weeks.
-
I'm really glad that you 'roll up your sleeves and get to work'. I'm impressed how you go on this thing. It's something great and I think it will really do a great advance.
When the time has come and you finnished this login system, then my dream, and I think the dream of a lot people, comes true.
That was what I liked to say. Thanks for your work Jit!
-
hah your correct Pimp. i am one of those people who will have their dreams fulfilled.
-
Well, it looks like the "lock on a box" method is fundamentally flawed, so I won't be using that. I think public/private keys are the way to go, but I'm having a hard time finding a good implementation that isn't completely overkill. I don't want to add a bunch of bloat just for a login system.
-
Just make it good, and lotsa stats, yes lots of stats..
-
Take a look at how SSH works. pub/priv keys. And as for bloat? Its not like you are encrypting the data stream of the game play. I dont think many people would notice any bloat on a login system.
You might think about looking at the mod KOTS. Last time I played that (a year or two ago) they had a login system that worked well....you register, then set the password in your config (or in PB case, in the 'login' screen) and you are set...never have to touch the password again. They even had a 'stats' page that was fairly deacent. The one thing that kept people honest with that mod was you had to build up your characters stats (D&D type mod) in order to have a stronger character. If you didn't care about your characters stats then you could hack and re-register any time you wanted.
I dont think md5sums is a good method for this. md5sums is more for checking file consistency. The returned string is too sort for authentication.
Definitly include some sort of IP checking. The only problem is that DSL and dialup IPs change frequently. In that case, you can use the CIDR block from whois and at least verify the ISP.
I like the naming scheme...keeping the name consistent. Add in a 'clan tag' selection and allow it to be added before or after the perm name. Dont allow short names like 'I' or 'The' They should be atleast 5 chars and the clan tag a max of 4 (plus brackets/braces = 6).
Just some thoughts,
-Derrek
-
rofl some thing is important, a name has to be at least 4 characters, not 5 long. my name.... has 4 letters...
-
Well, the way I see it, there are two ways to do this: The easy way, and the right way. My guess is that KOTS does it "the easy way." I think it's just a q2 mod, so that would actually be the only way, really. The same way we do admin logins, which should really be more secure, but they were implemented back in the Q2 mod days, and there was really no other way to do it.
I could, of course, do it the easy way, but that would mean your passwords would be floating around in plaintext, available to anybody using a sniffer. Lots of people use the same password for multiple things, so I don't like that idea at all. Using public/private key encryption, it's possible to securely log in without ever sending your password (like with SSH). Unfortunately, I can't find a simple implementation of it. I tried using OpenSSL, but that library ends up adding 500K. Paintball2.exe is like 360K. That more than doubles it, just to add logins. If that's not bloat, I don't know what is. I'm going to see if it's possible use just the necessary portions of the OpenSSL library, but knowing the way most GNU code is, there's probably a nightmare of dependencies in there and it would be easier to write my own RSA implementation.
-
I dont think md5sums is a good method for this. md5sums is more for checking file consistency. The returned string is too sort for authentication.
have you ever seen a md5sum?? there like 20 charecters
a example i found
5263374160726782c1a8a066d8978e84
-
Smokey...I know what an md5sum looks like...and I know what ssh pub and priv keys look like....I use this stuff at work every day.
Maybe I was not clear in my statement, and assumed that people know how secure authentication works. md5sum is merely a checksum. Its not a challenge/response implementation. md5sum is nearly the same as plain text passwords, in my opinion, unless you combine it with some sort of key pair that can allow the server side to control a piece of the key. If the server does not keep part of the authentication key secret, then you might as well use a plain password...even if it is md5sum'd first.
My statement 'md5sum return strings are too short' was based on the thought that if you are going to bother to encrypt data, use a long enough key so that it will not be compromised. Short keys are hackable, and should never be trusted. 'why would someone bother to try to hack the encryption for such a small lousy game??'....because it is there. Just like people trying to prove the anti-cheat system is flawed. If you are going to do it...do it right so you don't regret it later. But...maybe I’m taking the corporate view where data protection is extremely critical.
As far as bloat. The paintball executable can stay the same size...just have it call another executable to handle the authentication part, or a shared lib like the opengl lib. It does not have to be done by the same binary that runs the game. Maybe I’m missing something here?
Another thought I just had is that certain encryption algorithms may not be exportable outside of the USA. Jitspoe...check the laws before you implement anything. It has been quite a while since I last worked with international exportation. It may only apply to the key size (64bit limit)...but I thought it was the algorithms themselves..
-Derrek
-
Post removed
-
I'm really just looking to use the encryption for the login stage, so using a secondary algorithm wouldn't be necessary, though the second key was an idea I had for logging into the servers: you connect to the master server using your key, then it sends you and the game server a random, temporary key, which can be used to log onto the server, and even if a "corrupt server admin" manages to steal your key, it won't do him any good because it expires as soon as you quit playing. The downside to doing this is that it would tax the login server a lot, having to generate random keys all the time, and having to be used for every player that connects. With public/private keys, it would be possible for the game server to cache keys and not have to use the login server at all for frequently returning players.
Derrek: Interesting point about legality. I don't really care to research it, but if somebody wants to look it up, it would be nice to know. I think it's more the responsibility of the person downloading the software to be aware of their country's laws. Making a separate executable would at least solve the issue of the main executable being bloated, but it still adds to the overall project and would probably make things more complicated, especially dealing with different OS's. I'll keep it in mind, though.
-
have you ever seen a md5sum?? there like 20 charecters
They're 32-bit.
-
128bit, actually. 32bit is only 8 hex characters.
-
(http://img142.imageshack.us/img142/9034/rainbowtables6rd.jpg)
RAINBOW TABLES!!! w00t!
...I'm sorry, have you seen my pills? ???
-
lmao.
-
if there is something like a space reserved for clantags, I believe those are even more valuable to protect. As we have recently seen, ppl tend to fake clantags more and more, just to gain attention.
I think the idea that mentioned like 6-8 spaces in a seperate field for the name is good, and I believe that there should be some kind of "join protection" for those clantags, just like we have in pbcup and in all kinds of other games.
-
Well, it looks like OpenSSL isn't GPL-compatible. Back to square one, I guess.
-
I think I'm getting somewhere with libgcrypt. There are some more things I need to address, though, once I get past the basic public/private key verification.
- The private key needs to be encrypted somehow so somebody can't just copy it. What algorithm should I use for this?
- While the key should be encrypted, there should also be a way to optionally remember the password, so the user doesn't have to type it in every time he plays. How would I store that safely? I was thinking of encrypting the saved password with a randomly generated key in the registry or something like that -- something that wouldn't be accidently copied over if you were, say, giving the game to a friend at a lan party. I'm not sure what you'd do for Linux, though.
- If the user reinstalls the game, he will need to be able to re-obtain his private key. I'm thinking uploading an encrypted copy to the login server would be the best bet.
- There would be other benefits to logging into the master server, such as clan and account management, so the web login password and private key password could be set to the same thing, for the sake of simplicity for the user.
- What happens if the user completely forgets his password?
- What should I do about two people who use the same computer (ie: brothers who both play the game but would need different logins)?
-
Ok, I think I have almost everything figured out now. Let's see if I can explain it.
The client will create a new profile. During this creation process, an RSA public/private key pair will be generated. The public key will be uploaded to the master server. The private key will be encrypted with the user's password and uploaded to the master server as well as saved locally to the users hard drive. A hashed copy of the user's password will also be stored on the master server for web logins to manage clans and other future features.
The user must supply an email address, which will be used to send a random activation number. An account must be activated in order to use it. This is so people don't create lots of bogus accounts and so that there will be an email address to send a reset password to.
There will be an option to remember a password so you don't have to type it in every time you play. This password will be encrypted with unique information about your computer as a key, so if somebody copies your profile file, they won't have easy access to your password. This is only really a concern for something like LAN parties where you might be copying games or something between friends.
When a client connects to a game server, the game server contacts the master server and obtains the client's public key. The game server encrypts a random string using the client's public key, then sends it to the client. The client decrypts the string with its private key, and sends it back to the server. If the strings match, the client is validated and can play using that name. If not, the player is kicked.
In the event that a user forgets his password, a reset password code can be sent to his email address. This code, when used, will allow the user to generate a new public/private key pair and pick a new password.
Clan tags are going to be a bit tricky. I could make them separate, like Battlefield 2 does, but that would mean somebody could incorporate a tag into their name and get away with it. For example, if there was a clan called "[TAG]" and a player called "Name", using "[TAG]" for the tag and "Name" for the name, somebody else could come along and create a name called "[TAG]Name", with no clan tag, and it would appear the same visually. I guess what I'll have to do is keep the clan tag part of the player name, like it is now, and scan the player name for each existing clan tag, then ensure that the player that logged in is legitimately part of that clan.
I think that covers the basics. Let me know if you see any potential problems with this design.
-
Perhaps make it so the tag looks different from the Name?
-
For the clan tag:
-Require clan tags to be in brackets "[]"
-Player names can be checked for brackets when created and if they are detected be clasified as an illegal charactor in the player's name.
-
But what if someone wants to type in their H the 'cool' way?!?
-
I don't know that I want to stifle creativity that much. Many clan tags don't use []'s. Crossbones uses .'s, for example, and ch1ll uses -'s.
-
The only reason I brought that up was for tag protection ( imposters)
Unless..... you want to create a clan tag registry. That might solve the issue.
-
As part of the login system, you will be able to create and manage clans and their associated tags.
-
sweet
-
I was worried about that, thanks.
-
sounds like cool stuff, looking forward ;D
-
For the clan tags, I'm going to require that tags be surrounded by at least one of the following characters:
[]=-|.<>{}()
That way people can't abuse the system and create a clan tag like "J" and then a player named "Jack" would not be able to use his name because it contains a clan tag. They'd have to make the clan tag "<J>" or "=J=" or something. "-=[J]=-" would be fine, too.
I'm trying to decide if I should require clan tags to be prefixes, scan the whole names for clan tags, or have the clan specify if the tag is a prefix or a suffix. I think it would be simpler and more standardized to have all clan tags be prefixes. That would require some adjustment for a couple clans, though.
-
I knew you'd see it my way :p
-
I think that clan tags should be completely separate from names-- Formatted differently, too. (So it's obvious it's a tag and not just the beginning of someone's name). That way, if you include the whole 'You-can-only-change-your-name-3-or-so-times-a-month' thing, and you've already changed your name 3 times (for whatever reason), you won't have to wait until the end of the month to add the tag to your name.
-
The formatting is up to the clan. Clan tags aren't considered part of the name, even though they're all part of the same string. When you register an account, all non-alphanumeric characters will be stripped out and the name will be made case-insensitive.
Say somebody registered the name "John Smith". It would be stored as "johnsmith", and any variation could be used by that player: "JohnSmith", "[joHn sMIth]", "john_smith" etc. J0hnSm1th, however, would be a different name. If John Smith was in Clan John, with the <J> tag, he could just tack it on like "<J>JohnSmith", then when he connected to the account server, the server would search the user name for clan tags and strip them out, in this case, <J>, and use the remaining name, JohnSmith, for the login, then make sure that "johnsmith" actually belonged to the clan with the <J> tag.
-
Sounds sweet, how is this going to work with colors if its alphanumeric though? Would you be able to impliment the Quake 3 color system of ^# for colors? That would make the whole funnames thing a lot easier and the output in logs would be more readable to the naked eye. (without doing anything to it)
-
Formatting and non-alphanumeric characters are simply ignored during the login process (except with clan tags, where just the formatting is ignored).
Logs should strip formatting by default now, and if ^ were used for colors, it would mean everybody would have to change their names, and it wouldn't account for other things, like italics and extended characters.
-
Wouldn't it be easier (and eliminate the whole clan-tag-in-name-that-you-must-do-tons-of-random-parsing-to-stop problem) to just make clan tags entirely seperate? As in, being able to register a clan tag that DOES NOT appear with your name, example:
Your clan: {NOTHING}
Your name: {ROCK}
What people see in-game: {ROCK}
And then you could have something like a player profile (floating box on mouseover in player scores?) that would tell you their clan tag and some other information. Clan fakers could easily be spotted because the clan tags would not be included in the names.
[eR33T]BoB would be a fake.
BoB (with [eR33T] as his clan in the player profile) would not be a fake.
Just an idea.
-
Then legit players wouldn't be able to "wear" their clan tag, and fakers would. Not to mention it would require re-writing everything that displays player names.
-
The first part is indeed true, if you want to brandish your (legit) clan tag, it wouldn't be immediately visible. As for the second, I don't see why it would -- the name would be stored completely as normal. It would be an extra variable for the clan, and the profile-displaying that's needed.
-
Just an idea....
Another game, BZFlag, has a really clever login system....
It uses the forum's user database, so if you want to play you register at the forums and use the same username and password. In fact, wouldn't this make it simpler, you would just have to md5 the password at the client or something? I dunno, i'm not a programmer, but I just thought it would be interesting....although I think that it was mainly made for PHPbb.
Plus that way you get a built in password retrival and no worries about duplicates. In fact, the user db software is open source on the BZFlag CVS at Sourceforge, I think, under the db module.
THe BZFlag system is so fancy, they have it set up with global usergroups for servers (Cop, Admin, Moderator, and other custom ones that group owners can edit) that can be assigned to users with the the forum's group database.
Just a suggestion....
Apparently this system is reasonably foolproof, although the probem with bzflag is that not all servers have this enabled (It can be switched off). I know there are at least 4000 active players out there who are registered, and i haven't seen many reports of cheaters/impersonators on the bzflag forums, so i'm guessing it works well.
-
I have certainly considered this, but I don't know if it would make it simpler or more complicated. Requiring people to sign up for the forums would likely increase community involvement and feedback, but integrating player accounts with forum accounts is going to be messy at best. If something goes wrong with one, both will probably have issues. Not only might the integration be complicated, but it will make forum upgrades very difficult if not impossible.
Of course, another reason I wasn't really interested in doing it was because there were so many issues with the forums earlier that I was going to use a completely different server. Now that they've been relocated, I suppose it might be possible to just tap into the forum user database and not modify anything at all. There is, of course, some additional information that will need to be stored for the game users, so I'll have to make another database for that. I think trying to integrate it with the forum database would be too risky.
In the end, all that would really be gained is ease for users -- they'd have to sign up once instead of twice to use the forums and game accounts. After thinking about it a bit, though, you have made me reconsider the overall login system. I might have been making it too complicated. I think I may go back more toward the design I had originally, but with a little more knowledge of cryptography.
- The login server would have an RSA key pair set up, with the public key available.
- The client will encrypt the password + user name + random data with the public key and send it to the login server.
- The login server will verify the password against a salted MD5.
- If verified, the login server will encrypt ...
meh, you know what? It's going to be about the same complexity either way.
-
Just an Idea how to trick whole system:
If I'm just fast, download build 17 and then quickly call my self "jitspoe" and create an account on that dpball.com server, I would be jitspoe without any probs!
(jitspoe is just anexample...)
Will there be possibility of having 2 nicks?
I think something like a Web-Interface would be cool, where I can add and delete Nicknames I am actually using..
-
nah, im sure if someone takes a players name jitspoe will help us out and delete the name under that persons account.
-
im regging newbie
-
Intentional name theft will incur some kind of stiff penalty, such as a global ban, or at least an account suspension, so don't do it. There are plenty of server logs, so it should be easy to determine who legitimately uses a name. There will also be reserved names that people can't use for logins, such as "newbie."
-
Also, you mentioned that case did not matter in names. If the actual eR33t player BoB registers the name [eR33t]BoB, will that allow someone else to register [eR33T]BoB [er33t]bob [ER33T]BOB, etc? Another question, will we be able to change our names at will after using our global-login name? It would be quite a hindrance if you could never change your name for a clan change, new name idea, etc.
-
read the topic. all those questions are answered.
-
I'm working on the database side of it now. I haven't done much with databases, but here's what I have so far:
User account table:
id|timestamp|passwdhash|pubkey|encprivkey|randstr|email|realname|primarynameid
- id & timestamp are auto
- password hash is for the web logins
- pubkey is for RSA encryption used with in-game logins.
- randstr is generated every login
- encprivkey is an encrypted copy of the user's private RSA key, in case the user ever reinstalls or plays on a different machine where his profile doesn't exist.
- primarynameid is the id for the name the player primarily uses.
Name-account id remap table:
id|timestamp|name|playerid
This table simply maps a player name back to a user account.
Name history table:
id|timestamp|name|playerid
Keeps a history of names used with a particular account.
Clan table:
id|timestamp|name|tag|website|ircchan
Clan member table:
id|timestamp|clanid|playerid|memberstatus
Pretty straightforward -- maps player id's and clan id's together, so you can tell which players belong to a clan, and visa versa. Member status would be a flag field for things like leader, co-leader, active/inactive, etc.
I've installed a local copy of mySQL to tinker with so I don't blow anything up. :)
-
Two suggestions:
First, when you do any sort of table joining (EG, to find out what clan a user belongs to), conflicting field names (such as ID) can be a problem. I would make it look like:
User account table:
userid|timestamp|passwdhash|pubkey|encprivkey|randstr|email|realname|primarynameid
Name-account id remap table:
id|timestamp|name|playerid
This table simply maps a player name back to a user account.
Name history table:
nameid|timestamp|name|playerid
Keeps a history of names used with a particular account.
Clan table:
clanid|timestamp|name|tag|website|ircchan
Clan member table:
id|timestamp|clannum|playerid|memberstatus
Or similar.
Of course, the forum has a built in user database....
-
What's the second suggestion?
-
It was going to be to modify the forum's database, but I forgot I already suggested that.
Ummm....maybe a sort of Karma or Rating system?
Like, add the column "userkarma" as an INT, from 1 to 10. When someone registers make it start at 5 as default, and users can rate others for behavior
-
Psh, but then Jitspoe would be at 2 just for jokes and Vinne would be at 10, it wouldn't be very realistic.
-
I was planning to do something like that a while back. It's a nice idea in theory, but like TinMan said, in practice, it just doesn't work out very well. One of the forums I visit has something like that, and the people who are constantly spamming annoying posts somehow manage to get high ratings, while the people who post fewer, more constructive posts don't get much. That and I can see the trouble makers in the community grouping up and giving each other positive rating while picking on a few select members they don't like and, as a group, giving them significant negative rating.
Anyway, that goes above and beyond the basic login system. Those kinds of things can be added later. Right now I'm working on the structure to simply let people log in and reserve names and clan tags.
-
Could you incorporate a stats system into this? like where you can login to a stats database on the site and look up your stats, and maybe a buddy list.
Just throwing out ideas/suggestions.
If someone already asked about this, sorry. I didnt read the whole discussion. :D
-
I can only recommend you to read it, it's very intresting what jit's talking about and also to see how this login system is moving forward.
-
Yeah I read through some of it, didnt know if i missed a stats comment or not. :D
-
This is the first step toward a stats system. Right now I'm just creating the login system.
-
A buddy list would be pretty cool.
-
... and add Vinne to the buddy list by default!
-
Why would you need a buddy list? If you're trying to find someone there are never more than 4 or 5 servers full, and jit's server browser lists clients. :P
-
What does a buddy list have to do with logins? Anyway, here's what I have for the DB so far. Still a work in progress:
CREATE TABLE `dplogin_accounts` (
`id` int UNSIGNED NOT NULL auto_increment,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`pwhash` char(32) NOT NULL,
`pubkey` VARBINARY(128) NOT NULL,
`encprivkey` VARBINARY(128) NOT NULL,
`email` varchar(255) collate utf8_bin NOT NULL default '',
`realname` varchar(64) collate utf8_bin NOT NULL default '',
`flags` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`),
INDEX (email(8))
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Account' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_names` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`name` varchar(32) collate utf8_bin NOT NULL default '',
`playerid` int UNSIGNED NOT NULL,
PRIMARY KEY (`id`),
INDEX (name(8)),
INDEX (playerid)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Name to ID remap';
CREATE TABLE `dplogin_clans` (
`id` int UNSIGNED NOT NULL auto_increment,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`name` varchar(64) collate utf8_bin NOT NULL default '',
`tag` varchar(16) collate utf8_bin NOT NULL default '',
`website` varchar(255) collate utf8_bin NOT NULL default '',
`ircchan` varchar(32) collate utf8_bin NOT NULL default '',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Account' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_clanmembers` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`clanid` int UNSIGNED NOT NULL,
`playerid` int UNSIGNED NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Name to ID remap' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_ips` (
`id` int UNSIGNED NOT NULL AUTO_INCREMENT,
`ip` varchar(16) collate utf8_bin NOT NULL default 'BADIP',
PRIMARY KEY (`id`)
) COMMENT='IP Tracking Table' CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1;
CREATE TABLE `dplogin_hardwareids` (
`id` int UNSIGNED NOT NULL AUTO_INCREMENT,
`hardwareid` char(32) collate utf8_bin NOT NULL default 'BADHWID',
`hardwareidtype` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`)
) COMMENT='IP Tracking Table' CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1;
CREATE TABLE `dplogin_connectinfo` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`playerid` INT UNSIGNED NOT NULL,
`ipid` INT UNSIGNED NOT NULL,
`hardwareid1` INT UNSIGNED NOT NULL,
`hardwareid2` INT UNSIGNED NOT NULL,
`hardwareid3` INT UNSIGNED NOT NULL,
`hardwareid4` INT UNSIGNED NOT NULL,
`hardwareid5` INT UNSIGNED NOT NULL,
`hardwareid6` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`)
) COMMENT='Maps acconuts to IPs and hardware IDs.' CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1;
-
6 Different hardware id's per account?
-
6 Different hardware id's per account?
some of us have a lot of networking interfaces on out boxes, we like the WiFi, the 3g, the broadband, and the copper wire that goes right into the back of the computer.
-
It's more than just networking devices. I plan on taking the punkbuster approach and generate hashed values of various hardware serial numbers and whatnot, so if you get banned, you basically have to get a whole new machine (or wait for the ban to expire). The main reason I'm storing them in the login system is because I need to make sure a particular ID is unique. Sometimes manufacturers put the same serial number on multiple pieces of hardware, and I don't want to end up banning some random legit player because he has the same hardware as a cheater.
Note that I'll be storing an irreversible hashed value of serial numbers, not the numbers themselves. I'm just annoyed with the players who keep cheating then change their IP to avoid bans, so I'm going to have to kick the global ban system up a notch. Plus I don't want people creating duplicate accounts, so this should help keep track of that as well.
-
great idea, taking the hardware serials and all. What about name changed though..can you still be logged into an accound lets say J0E and change the name in-game? or wil you be forced to use the accnt name as your player name. I know with stats you need to use the same name every time in order to get them recorded....umm will there be a prefix/suffix ioption if name changing cant happen? umm what else do i wanna know...oh yeah, will this login system cost money? will we get like awards and stuff like marksman and different levels based on time playing while on an accnt sorta like bf2 (referance http://ubar.bf2s.com/ for ideas about medals and requirments). uhh.. yeah :-)
-
I don't know how I'm going to handle name changing in-game yet. The name would have to be verified against the login every time it changes, so somebody couldn't log in with their own name, then spoof somebody else's. This could cause lag on the game server, and it would only be a matter of time before somebody threw together some kind of lame name changing script to bombard the servers with making the game unplayable.
The simplest solution would be to simply disable name changing once you've logged in, but that may be frustrating for a lot of people. I guess what I could do is have a periodic check -- say, once a minute -- to see if any names have changed, and if they have, contact the login server and verify them. I really need to make name validation a separate thread so it won't cause hiccups in the gameplay. Gonna be fun working out all the kinks in that.
No, it won't cost money. First it's just going to be a login system. Nothing more. If that pans out, we'll go from there.
-
Personally, I don't think anyone would really need to change their name in-game...
-
well i know a lot of the kids who play (skater and smokey for instance) dont use their names in pub because they're newbs and afraid to show their real scores :x
-
They can set one of their alternate names as one of their fake one and just use it when joining. What I meant is that I don't get why someone would need to change their name while playing.
-
What I meant is that I don't get why someone would need to change their name while playing
Amen!!! I can't belive we agree on something, someone better check hell for ice. There is no valid reason for doing this, ever
-
Ugh, I went to try combining the RSA stuff I had done with libgcrypt with some PHP RSA code and it didn't pan out at all. Moreover, it seems libgcrypt does no padding and as such is insecure. I'm not sure how difficult it would be to add this in, but I'm almost tempted to ditch the RSA idea all together. All that work for nothing. :-\
-
Post removed
-
Only alphanumeric characters will be stored, but you can surround them with whatever you want. Your name would be stored as "pnk". You could play as p|nk, p!ink, p*nk, or quite a few other things.
-
so yours will be jit
you can be
jits
jitspoe
jitler
jitspina
jitty
jit
jitter
-
no, "s", "spoe", "ler", etc. contain alphanumeric characters. I'd have to register those names specifically, otherwise I'd be stuck with **jit** =]|jit|[= *J*i*T* or some variant containing non-alphanumeric characters.
-
does this mean i wont be allowed to use the 0 in my name?
-
0 = alphanumeric, so yes.
-
I think eiii meant yes, you will be able to, not yes, you won't be allowed to.
alphanumeric means alpha characters (a-z) and numeric characters (0-9). You can still use non-alphanumeric characters in your name, they will just be ignored (except in clan tags).
Say, for a realistic example, I'm in crossbones (which has the .xb. tag), and I have "jitspoe" registered. I could log in as .xb.[jitspoe]. The clan tag, .xb., would be stripped off, leaving [jitspoe], and the []'s would be ignored, since they're not alphanumeric, leaving just "jitspoe", which is registered on the login server.
If somebody else came along and tried to use -jitspoe- or **jitspoe** or some variant like that, he would not be able to (unless he had my password).
-
Okay, I'm mildly confused now as to how the clan tag thing will work. Will it be put in a separate field manually, or do you just type in your name and the login system magically detects a clan tag? I assume it's the former, but the way you wrote your last post makes it sound like it auto-detects the tag.
-
It auto-detects the clan tag, strips it from the name, and verifies that the name belongs to the clan with the tag. Otherwise people could just spoof clan tags by putting them in their name.
-
jitspoe is my hero.
-
jitspoe is my hero.
Good to hear. ::)
To me he is a kick ass coder and someone that needs to send me a DP T-shirt. :)
-
JItspoe,
Any plan for a language filter for the logins?
-
As in not allowing people to register names with profanity? Yes.
-
Super sweet, thanks.
-
Do you have any date planned when you are going to release build 17?
-
No date planned.
Well, crap. I was going to go the "easy" route and just throw libcurl in there and use https. But apparently cURL uses OpenSSL for HTTPS, which isn't compatible with the GPL, so I guess that throws that out the window. Stupid license.
-
How about more focus on renderer enhancements and less on network functions? Q2E has taken a turn tward rediculous GFX card requirements.
-
We're not Q2E. ;)
-
but all you're doing with Q2E is using jitspoes code and making small changes.
-
I think you're thinking of Quake2: Source. Q2E isn't using my code (or not much of it if they are).
In other news, I have the urge to punch some GNU programmers in the face because of their poor windows support, dependency hell, and bloated libraries. Try getting libcurl compiled with gnutls, I dare you. I think I may just throw the concept of secure logins out the window and settle for something basic.
-
Poor windows support? Ouch. How the tables turn when it comes to security.
How does Tremulous's GUID feature work? Is that only built into the TJW mod, or is it built into the normal game? Building off of something that somebody else already got working and has open sourced would be easist I assume.
-
Uh, there's plenty of secure stuff for windows; it's just not GPL compatible. I'm not sure how Tremulous' GUID works.
-
After a little research, it seems Tremulous does not support GUID's, but rather it's a mod for Tremulous that does it. I'm guessing since it's a mod, it just does messages in plain text (unless Tremulous has some kind of encryption layer).
-
tjw's admin mod is killer, dp needs it.
-
Latest version of mysql table, by request:
CREATE TABLE `dplogin_accounts` (
`id` int UNSIGNED NOT NULL auto_increment,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`pwhash` char(32) NOT NULL,
`tempkey` char(32) NOT NULL,
`name` varchar(32) NOT NULL,
`email` varchar(255) NOT NULL default '',
`realname` varchar(64) NOT NULL default '',
`activationnum` INT UNSIGNED NOT NULL,
`flags` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`),
INDEX (email(8))
) COMMENT='Account' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_names` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`name` varchar(32) NOT NULL default '',
`playerid` int UNSIGNED NOT NULL,
`flags` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`),
INDEX (name(8)),
INDEX (playerid)
) COMMENT='Name to ID remap';
CREATE TABLE `dplogin_clans` (
`id` int UNSIGNED NOT NULL auto_increment,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`name` varchar(64) NOT NULL default '',
`tag` varchar(16) NOT NULL default '',
`website` varchar(255) NOT NULL default '',
`ircchan` varchar(32) NOT NULL default '',
PRIMARY KEY (`id`)
) COMMENT='Account' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_clanmembers` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`clanid` int UNSIGNED NOT NULL,
`playerid` int UNSIGNED NOT NULL,
`flags` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`),
INDEX (clanid),
INDEX (playerid)
) COMMENT='Name to ID remap' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_ips` (
`id` int UNSIGNED NOT NULL AUTO_INCREMENT,
`ip` varchar(16) NOT NULL default 'BADIP',
PRIMARY KEY (`id`)
) COMMENT='IP Tracking Table' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_hardwareids` (
`id` int UNSIGNED NOT NULL AUTO_INCREMENT,
`hardwareid` char(32) NOT NULL default 'BADHWID',
`hardwareidtype` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`)
) COMMENT='IP Tracking Table' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_connectinfo` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`playerid` INT UNSIGNED NOT NULL,
`ipid` INT UNSIGNED NOT NULL,
`hardwareid1` INT UNSIGNED NOT NULL,
`hardwareid2` INT UNSIGNED NOT NULL,
`hardwareid3` INT UNSIGNED NOT NULL,
`hardwareid4` INT UNSIGNED NOT NULL,
`hardwareid5` INT UNSIGNED NOT NULL,
`hardwareid6` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`)
) COMMENT='Maps acconuts to IPs and hardware IDs.' AUTO_INCREMENT=1;
CREATE TABLE `dplogin_reservednames` (
`id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
`name` VARCHAR(32),
`flags` INT UNSIGNED NOT NULL,
PRIMARY KEY (`id`)
) COMMENT='Protected names that nobody can register.' AUTO_INCREMENT=1;
INSERT INTO dplogin_reservednames (name,flags) VALUES ('newbie[0-9]*','1');
-
can you add a password to the clan table for simplicity?
-
I'm not going to do passwords for the clans. A leader will have to initiate an invite.
-
well that means 5 sets of mysql_queries to log them in >:(
-
Here's the source to what I've done in php so far. It's kind of sloppy. It just started as a simple test and kept growing.
http://www.dplogin.com/testlogin.php.txt
Clan invites is one of the things I haven't gotten to yet. You can create a clan, but that's it.
-
Hrm, seems the server I'm using for dplogin has a really old version of mysql installed (3.x), and a lot of the stuff I was doing doesn't work with it. I wonder if I should upgrade the server, or try to make the code compatible with the older version.
-
4.x ftw!
-
upgrade the server.
-
4.x ftw!
What about 5.x?
-
I stick to 4.x, why? Because as I've both experienced and been told of, 4.x is stable and works with most everything that I've tried on it.
Some of my stuff doesn't work in 5.x, pretty sure that phpMyAdmin has some issues with it and stuff like that too...
-
Hmm... 5.x is what I've been using locally, so I know what I've done works.
-
Then you're good to go with it. :P
-
Upgrade server. Let me know if you need funds.
-
lol, you dont pay to update mysql..
-
Ok, so it's all updated now (after following about 5 different tutorials. I hate Linux).
Now I have a stupid question. After you log in, using POST, I put a "continue" link for ease, like so:
<a href=\"$phpfile\">Continue</a>
But when you click continue, even though the link says "testlogin.php", it goes there with the post data again, bringing you back to the screen saying you've logged in successfully... with the continue link....
If I copy and paste the link in the browser, though, it takes me back to the main page. What's up with that, and how do I make it just do it with a link?
-
Ok, so it's all updated now (after following about 5 different tutorials. I hate Linux).
Now I have a stupid question. After you log in, using POST, I put a "continue" link for ease, like so:
<a href=\"$phpfile\">Continue</a>
But when you click continue, even though the link says "testlogin.php", it goes there with the post data again, bringing you back to the screen saying you've logged in successfully... with the continue link....
If I copy and paste the link in the browser, though, it takes me back to the main page. What's up with that, and how do I make it just do it with a link?
whos needs <a href=\"$phpfile\">Continue</a>?
header("Refresh: 3; URL=/testlogin.php");
Automatic redirection after 3 seconds..
-
Post removed
-
It's all the same php file. You can try it out here: http://www.dplogin.com/testlogin.php
-
Some ajax to tell the user if the name is taken:
Register page:
<script src="clienthint.js" type="text/javascript"></script>
<form action="register.php" method="post">
Username:<br>
<input type="text" id="username" name="username" onkeyup="showHint(this.value)"> <span id="txtHint"></span>
<input type="submit" value="Submit">
</form>
clienthint.js
var xmlHttp
function showHint(str)
{
if (str.length==0)
{
document.getElementById("txtHint").innerHTML=""
return
}
xmlHttp=GetXmlHttpObject()
if (xmlHttp==null)
{
alert ("Browser does not support HTTP Request")
return
}
var url="check.php"
url=url+"?q="+str
xmlHttp.onreadystatechange=stateChanged
xmlHttp.open("GET",url,true)
xmlHttp.send(null)
}
function stateChanged()
{
if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
{
document.getElementById("txtHint").innerHTML=xmlHttp.responseText
}
}
function GetXmlHttpObject()
{
var objXMLHttp=null
if (window.XMLHttpRequest)
{
objXMLHttp=new XMLHttpRequest()
}
else if (window.ActiveXObject)
{
objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP")
}
return objXMLHttp
}
check.php
<?PHP
include "db.php";
$query = $_GET['q'];
$sql_username_check = mysql_query("SELECT * FROM `members` WHERE username='$query'");
$username_check = mysql_num_rows($sql_username_check);
if ($username_check > 0) {
echo "<font color='#FF0000'>This username is taken</font>";
}
else {
echo "<font color='#00FF00'>Username Available!</font>";
}
?>
-
Sorry to double post, but this is worth a post of its own.
Any way at all the someone is going to be able to sqlinject the system?
Make sure you have your
'
's
-
Updating in linux is a pain with .rpm's, that's why we use .deb's and apt-get. 8)
-
I think everything had quotes but some id's which should always be numeric. I went ahead and put quotes around everything, though.
-
Great... now I'm getting this:
Fatal error: Call to undefined function: mysql_connect() in /var/www/html/index.php on line 5
I didn't touch anything and now all of a sudden it decides those functions are undefined? I'm guessing this is a delayed effect of my updating mysql.
-
There should nto be anything delayed within MySQL....
-
So... any ideas on how to fix it? MySQL is running. PHP is running. Somewhere along the line they decided to quit communicating with each other.
-
are you running php5.0? might wanna check if the mysql-library is defined in the php.ini
there was some issue with php5 and the wrong or missing declaration of the mysql.so / libmysql.dll I think.
-
php5 doesn't have mysql enabled by default or something (don't know why they would do that), but I'm running 4.3. I think I have everything straightened out now. I ran up2date on php-mysql (after opening a support ticket to get them to fix up2date) and restarted apache. up2date tried to reinstall mysql 3.x, but failed, so it's still using 5.0.
-
are you going to use my sweet ajax system?
;)
-
Maybe, but it will require some tweaking. I'll worry about making it look pretty later. I just want to make it functional for now.
-
that is functional!
I mean, think about it :D
Anyways SWEET.
-
Anybody know anything about configuring mail servers? I'm trying to get activation numbers to send, but they're getting filtered. I think it's because @dplogin.com email addresses don't exist, but I'm not sure how to create them.
Edit: Nevermind. I think I've figured it out. It was configured to use mail.dplogin.com instead of just dplogin.com. I think it's set up right now. Email sent to no-reply@dplogin.com should get sent straight to /dev/null.
-
with php iv never had problems with mail, even if the account wasent setup.
-
Seems even after I've configured it to just "dplogin.com", emails to no-reply@dplogin.com still get bounced, but no-reply@mail.dplogin.com still work. Does it take more than a day to propigate?
-
It normally takes a few hours.. after a day it should definately work.
-
Well, I just don't know what I'm doing then.
-
Got it fixed! It was at the domain level. MX records weren't set up.
-
Haha, good job. I always forget about MX levels myself.
-
Well, I started tinkering around with RSA again and got it working. The PHP end of things is really slow, though. Granted, it might just be the PlanetQuake server I was testing it on, but when it takes like 4 seconds to load the page... that concerns me. I don't want it bogging down the game servers.
-
Well, I started tinkering around with RSA again and got it working. The PHP end of things is really slow, though. Granted, it might just be the PlanetQuake server I was testing it on, but when it takes like 4 seconds to load the page... that concerns me. I don't want it bogging down the game servers.
hosting IS cheap. if you need some better hosting for testing just ask.
-
Well, this is strange. I added some timers, and it doesn't seem like it's actually taking that long. It must have to do with using long strings with GET:
http://digitalpaint.planetquake.gamespy.com/test/rsatestvar.php?n=00DC9F56E791A01F34BDBDB990346B64E735A1E086665F5B32589CA7A4BF0F690172E7724B26BC670BB9CDAD892946E4CAD4CF835F34B62898766FD56B21DBA225C422C565D42C1B5E507FE1CC2DF3B438E4975B99489161680AC5D579E110DB10E2DDFCD45029C4602B1FCD4088556B1D1CA6D89B5B0099D6572C05E2D03DF895&e=29&d=023DFA1E736E600E95B35BE6EDCD0F13000653F90A67FE533E4C84D35D84D6EBB8D7AF78704379C33DB9C3D849C90BB0E3FBDD6EC1938AD1ADF39BAA31C66507A644BF45C2CE902048056965BE703D06725D0A7320FC6FA30BC8DCD40EC6A9B73E9A1BAF6E1F33CF0F37332FE78043F2D2FFF2A65412A05EBAD830967481AB59&p=00ECBEAD5F462BEAB4BA50C619C97F32343B5D6443EBB2891DC0A834D55C2BEA4FA30EE7EF4BC1B6F34802F16C33D61D0C5D0777C75D2BA325997A85C2494415C1&q=00EE90F9361367310DE74DCBC9FE1D0D23E710597B1570BC04F5B58BEED6EEE7EB962C70A9E39CF03CA37EC89DBF31FCBAD8714F4BAD12857A85CB9FE558559FD5&u=7DBD4EC2621894C937336255F4E8C710A199B453A010BAE672F4C60F6B93C560403D036831CE3773836A696AFE45C44A6F6339A8C5E1D5DBC018CB41326309B4&encdata=00B9750B65BF77BC1B196A43CC324C1028CE8163B54969B0D7E3FF8537361127A736E8234B37DC168D98A1D18984218A35B920E91BE0EEF7D81AE10882DDCF815EC1C665FABC8505D84951C40A8E04E8AC74FE402DFB3492F4F7CC1336166F15421D24D9E9189CA96EA33957A3D90B5CDB8AD536B9AF1DE6EDA12C880A8DCA7554&bits=1024
It looks like it only takes like 0.5 seconds to actually generate the content, but it's several seconds before the page actually loads. Maybe if I use POST it would be faster.
I think what I can do, though, instead of having a large key on the server, is generate a small one (128 or even 64 bit should be sufficient) on the client at each login, then send the public portion to the login server, have the login server generate a random temporary password, send that back to the client using the previously generated RSA key, then use AES to encrypt the actual login information using the temporary password.
128bit encryption actually loads pretty quick.
http://digitalpaint.planetquake.gamespy.com/test/rsatestvar.php?n=00C2554CF7D5B499BE9405B61C992CF461&e=2B&d=00A8B930F6ED23BF072CD52527F43503&p=00DDB62FDD28CFABC1&q=00E0632B73B4CDF0A1&u=78CF4DF324513956&encdata=59D2C6DC898EF0FD17B27038B874562E&bits=128
-
Ok, I think I have it all figured out now. Here's a simple diagram to explain it:
Client RSAkey[secret,public] = random()
Client RSAkey[public] -> LoginServer
LoginServer AESKey = random()
Client <- encrypt(RSAKey[public], AESKey) LoginServer
Client encrypt(AESKey, login/password) -> LoginServer
Client <- validate(login,password) LoginServer
Client login -> GameServer login -> LoginServer
GameServer <- RSAkey[public] LoginServer
GameServer TestString = random()
Client <- EncTestString <- encrypt(RSAkey[public], TestString) GameServer
Client decrypt(RSAkey[secret], EncTestString) -> DecTestString -> GameServer
Client <- validate(DecTestString == TestString) or kick GameServer
-
Ok, I think I have it all figured out now. Here's a simple diagram to explain it:
Client RSAkey[secret,public] = random()
Client RSAkey[public] -> LoginServer
LoginServer AESKey = random()
Client <- encrypt(RSAKey[public], AESKey) LoginServer
Client encrypt(AESKey, login/password) -> LoginServer
Client <- validate(login,password) LoginServer
Client login -> GameServer login -> LoginServer
GameServer <- RSAkey[public] LoginServer
GameServer TestString = random()
Client <- EncTestString <- encrypt(RSAkey[public], TestString) GameServer
Client decrypt(RSAkey[secret], EncTestString) -> DecTestString -> GameServer
Client <- validate(DecTestString == TestString) or kick GameServer
hmm, why not just use a keyring and drop some of this to;
Client encrypt(RSAkey[LoginServer:public], login/password) -> GameServer
GameServer encrypt(RSAkey[LoginServer:public2], Client encrypt(RSAkey[LoginServer:public], login/password) )-> LoginServer
GameServer <- validated(login,password) LoginServer
Client <- validatedGameServer or kick GameServer
Then you could throw in a challenge & response for good measure.
$.02
-
A login server public key would have to be large enough to not get cracked, but having large keys on the server takes too long to decrypt (see above).
-
Well, I'll have to do some testing on; pgp, gpg, openssl versions of RSA & AES
( I think they are all not at the same verison or upstream code base )
on which is faster; 1024 || 2048 decrypts or 128 keygens.
If my memory serves me right from several years ago of being more into crypto, the "real" kick in performance is memory, so a 256M or a 1G system will give different results.
( the en/de-crypts will gain more in larger memory system then the keygen ( which is really "collecting" data (ie. random noise)))
More later....................................
-
You also have to keep in mind that the crypto library for PHP does not support RSA, so it has to be scripted in the PHP language itself. It's not exactly designed for heavy duty math like that.
-
For all those interested in Cryptography, ( almost relevent in this thread as we discuss RSA and keys ans stuffage) might want to visit this web site:
http://www.cryptodox.com/
Lot's of good reading for the n00bs, me included.
-
For all those interested in Cryptography, ( almost relevent in this thread as we discuss RSA and keys ans stuffage) might want to visit this web site:
http://www.cryptodox.com/
Lot's of good reading for the n00bs, me included.
Forbidden
You don't have permission to access / on this server.
-
I think the site got /.'d
-
Slight change of plan. Apparently mcrypt isn't a standard PHP module and I don't want to mess with requiring proprietary stuff. Instead of using AES, I'm just going to md5hash the password hash combined with the random string generated, do the same on the login server, and compare the two together.
I actually have this part working now. The problem is key generation time. In my test app, it takes less than a second to generate a key. When I put the code into paintball2, however, it took several seconds. I can't for the life of me figure out why, though. I hate to try to come up with yet another plan, though, when I've gotten this far. I might just have to put the login stuff in a separate thread and have it run in the background.
-
I think thats common practice to thread the auth stuff and have it validate within 10-15 seconds after you join the server.. ala punkbuster.
I guess the trick is to keep people from abusing it by joinflooding the server and whatnot.
-
I think I'm making it more complicated than it needed to be. If I'm just going to md5 hash the password hash with a random string, I can just send that random string in plain text. It's not going to matter. So I could just do something like:
Client <- RandStr = random() <- LoginServer
Client -> pwhash2 = md5(RandStr+pwhash) -> LoginServer
Client <- validate(pwhash2 == md5(RandStr + pwhash in db)) <- LoginServer
Client <- RandStr2 <- GameServer <- RandStr2 = random() <- LoginServer
Client -> pwhash3 = md5(RandStr2+pwhash) -> GameServer -> pwhash3 -> LoginServer
GameServer <- validate(pwhash3 == md5(RandStr2 + pwhash in db)) <- LoginServer
-
http://dplogin.com/testlogin.php
Account activation emails and clan member joins/invites are now functional. A person must both join a clan and have a leader invite him to become a member (order doesn't matter). Leaving isn't implemented yet. Play around with it and let me know what you think.
-
1.) You can create more than one clan from the same profile. (e.g. http://dplogin.com/testlogin.php?action=viewclan&clanid=2 and http://dplogin.com/testlogin.php?action=viewclan&clanid=3). I both created them with the same login name. Maybe that should be changed in order to avoid multi-claning and several fun-clans.
2.) I've encountered some email problems with my @ch1ll.com email - address, but maybe that's because @ch1ll.com is just forwarding to my normal email - address.
3.) When you've chosen your 3 registered names, there still is a comma after the latest name.
-
the username smokey is already taken..?
NVM, i got it =]
This error comes up when it tells me the account has yet to be activated
http://dplogin.com/testlogin.php?action=emailactivation
Unknown action: emailactivation.
-
Registered YAY.
-
Wiz00t Me T00!
-
I'm having trouble receiving the email. I use AOL (fat bastards, switching to pipex soon) and the email doesn't get to my inbox, or spam folder.
-
Its AOL, give it some time, like a couple days. lol
-
Its been 3.
-
well uh, it says unknown function when i try. also vicious, i
can set you up with a @arena-zone.com address.
-
My @ch1ll.com address is still not working...
-
Because it's down, same as pbcup.com.
-
Negative. I still can receive _normal_ emails on that address.
-
I got my e-mail fine. @neonpulse.net ftw!
-
bitmate: When it's done, you won't be able to create multiple clans. I guess I didn't put that check in there yet. #3 (the commas) is me just being lazy. Polish comes after functionality.
Smokey: Re-sending activation emails isn't implemented yet. I just deleted your account. When you make a new one, it should send you an email.
ViCiOUS (and other people not getting the email): I had to do a bit of configuration before hotmail would even receive my emails (though they worked consistently with yahoo). After I got reverse DNS and whatnot set up, it would at least get the email (after a long delay), but it junk filtered it. I may still need to configure some more things to get it to pass through the spam filters, though I don't know what. I hate spam. Clutters the Internet's tubes and the filters people make to preserve sanity end up blocking legit data.
Matze: pbcup.com isn't down for me.
Everyone: Note that this is just the test database and will more than likely get wiped (or a different database will be used entirely) for the live login system.
-
you didnt use my sweet ajax :(
-
Two words:
Over complication.
Sure, if the point of the GLS had stayed as it was originally intended: have a username/password that every player needs to play online for easy GBLs. But no, we had to start getting funky with clan tags, clan invites, and all whatnot and crap. I want a clan tag of {}, but no, I need alphanumeric characters. I want to surround my clan tag with ANSI color codes, but no, that's not approved clan tags. Sure, you can try to cater to perfectionism, but the best system is no system.
Just leave it as a username and password.
-
Right, ch1ll and pbcup are working again for me, too, but still i've got the same problem as bitmate has. So i guess i just use my "real" email adress next time i try to register ;)
If you want you can delete 33matze aswell, since i won't get any activation email then. Or just leave it as that if there will be a new database after the test time.
Btw,thank you for your work you spent on making such a nice login-system :P
-
I was testing @ch1ll.com last night and it wasn't working. Weird because mail aliasing is hosted by our DNS provider's MX, rather than pbcup.com's mail server. Anyway it is functional right now, however still not receiving confirmation e-mails.
I remember when setting up pbcup.com activation e-mails I had to jump through loops to get it to work with most providers. I would recommend doing a lot of browsing through your mail logs to see exactly which errors the mailservers are sending you. Those error messages are pretty helpful for determining the root cause of the problem.
I'm around in evenings if you'd like any help with it.
-
Email confirmation works with gmail.
-
Bain: Thinks for the tips. Where would those mail logs be stored?
bug: The idea was always to protect both player names and clan tags. This method both prevents people from spoofing clan tags and lets people keep their current name without having to mess with adding a tagged name to their account. As for the tag restrictions, I have a simple set of rules (that should work fine for most clan tags) in order to prevent people from registering tags that are likely to conflict with player names. For example, if somebody registered the tag "b", then you wouldn't be able to use "bug", because it would read "b" as the clan tag and "ug" as the name. You also don't need to register color codes. They will be stripped out during the verification process. This prevents people from spoofing a tag or name just by throwing in some format codes. I can make it strip those out during the registration process, too, though.
-
Ok, found it.
Action: delayed
Status: 4.2.0
Remote-MTA: DNS; guide.mx.dnspark.net
Diagnostic-Code: SMTP; 450 <apache@ensim.ev1servers.net>: Sender address rejected: Domain not found
Last-Attempt-Date: Sat, 30 Sep 2006 07:37:03 -0500
X-ClientAddr: 127.0.0.1
Return-Path: <apache@ensim.ev1servers.net>
Received: from ensim.ev1servers.net (localhost.localdomain [127.0.0.1])
by ensim.ev1servers.net (8.12.11/8.12.11) with ESMTP id k8U7eg2x022182
for <bitmate@ch1ll.com>; Sat, 30 Sep 2006 02:40:42 -0500
Received: (from apache@localhost)
by ensim.ev1servers.net (8.12.11/8.12.11/Submit) id k8U7efgO022180;
Sat, 30 Sep 2006 02:40:41 -0500
Date: Sat, 30 Sep 2006 02:40:41 -0500
Message-Id: <200609300740.k8U7efgO022180@ensim.ev1servers.net>
To: bitmate@ch1ll.com
Subject: DPLogin Paintball 2 Account Activation
From: "Digital Paint" <no-reply@dplogin.com>
X-Mailer: PHP/4.3.2
X-yoursite-MailScanner-Information: Please contact the ISP for more information
X-yoursite-MailScanner: Found to be clean
X-MailScanner-From: apache@ensim.ev1servers.net
I guess changing the header in the mail() function didn't get rid of the apache@ensim.ev1servers.net. How do I fix that?
-
Ok, I've configured the domain now, so it should work for some of the more picky email accounts.
-
If somebody is bored, I need a way to check if an email has already been sent recently for a particular ip, so people don't abuse the system.
-
i am.
ill msg u on irsEA
-
I've changed the way the md5 salting works in order to be more secure. I had to wipe all of the existing accounts. Try creating new ones and make sure everything works. Also, for the paranoid, I have a secure version here:
https://www.dplogin.com/login.php
Edit: Though it's not signed because what companies charge to have these things signed is highway robbery.
Edit2: Fixed the url because it seems people are still clicking on it.
-
confirm password field.
also, provide the ip address that was used to register and a activation LING
and for the login, just make it a simple username and password form.
and for irc channels on clans page, make them be a link to the channel.
-
Matze and me just messed around a bit with the clan setup and we both wanted to know if there is any possibility to add any additional leaders to the list. Or is it only one leader per clan (most likely the one who registered the clan)?
-
bitmate: I haven't added that functionality yet, but I will. It will basically be like ops in an irc channel. Leaders can make other members leaders, remove the leader status of other leaders, and invite/kick players.
Smokey: What do you mean by an activation "LING"?
-
Thanks Jits.
I dont know what LING could be ( maybe a typo ? ), but i think smokey meant is that when you receive an email with an activation number it should show the ip who entered the email. Well at least thats the only way i can think of. If not, SMOKEY WHATS A LiNg
-
Oh, wait. I think he meant link. Yeah, I can do that.
-
I was going to suggest sending a link as well.
Good idea.
-
i meant link, my bad.
late night post, ya know ;)
-
Activation link is now sent by email.
-
Yea nice login, i just dont like all that extra stuff like the session id and pwhash stuff, and the username and password should be on same page, create a account another link and maybe a forgot password link. This will just make the page more organize and make it more "cleaner"
-
Yea nice login, i just dont like all that extra stuff like the session id and pwhash stuff, and the username and password should be on same page, create a account another link and maybe a forgot password link. This will just make the page more organize and make it more "cleaner"
its in dev stage still..
-
He's giving good feedback as well as some constructive ideas, Jared... ::)
No need to put him down.
-
Im not, just telling him like it is :)
-
Guess you guys already figured out I added functionality to add and remove clan leaders. I also fixed a bug so you can log in with your clan tag, so you should be able to log in as -ch1ll-bitmate. The name shown in the clan list will be whatever you last logged in as.
-
you didnt use my sweet ajax :(
"Your" ajax isn't even compatible with the way my forms and tables are set up. I'm guessing you didn't even write it, either.
I've tweaked the clan interface quite a bit. It now lists the clan(s) you're currently involved in (be it active membership, invites, or whatever) so it's more user friendly.
-
you didnt use my sweet ajax :(
"Your" ajax isn't even compatible with the way my forms and tables are set up. I'm guessing you didn't even write it, either.
I've tweaked the clan interface quite a bit. It now lists the clan(s) you're currently involved in (be it active membership, invites, or whatever) so it's more user friendly.
i did like 50% :D
Also, lose the lame "dp" theme and go with some web 2.0 looks.
-
Post removed
-
If somebody is bored, I need a way to check if an email has already been sent recently for a particular ip, so people don't abuse the system.
Jitspoe, I just responded and logged in with my e-mail ink from the IP starting with 24.29.x.x Figure that is enough of an IP for you to work with.
-
Jitspoe, I just responded and logged in with my e-mail ink from the IP starting with 24.29.x.x Figure that is enough of an IP for you to work with.
Er, what I meant by that is write some php that logs each time an email is sent from a particular IP and doesn't let them use it more than 2 or 3 times, in order to prevent some kind of retarded email spamming (I mostly just want to protect the email from getting black listed).
What did you mean by "just responded", anyway?
-
Jitspoe, I just responded and logged in with my e-mail ink from the IP starting with 24.29.x.x Figure that is enough of an IP for you to work with.
Er, what I meant by that is write some php that logs each time an email is sent from a particular IP and doesn't let them use it more than 2 or 3 times, in order to prevent some kind of retarded email spamming (I mostly just want to protect the email from getting black listed).
What did you mean by "just responded", anyway?
Id suggest a flatfite, with a .httaccess so no wrong-doer's can get to it
-
Man I have to stop posting stuff at 3 in the morning. I meant by just responded that I replied to the global login confirmation e-mail that I received. Now that I understand what you are looking for, I will close my mouth and see what I can dig up.
-
I'm sure your email to no-reply@dplogin.com will have fun sitting in /dev/null. ;)
-
Made some headway today: completed the auto-login feature. I want to make this as painless as possible for the anti-global login crew. Just register your name at dplogin.com, create a profile in-game, and check remember password and auto-login. You won't even notice it's there once you have it set up.
Looks like quite a handful of people have registered at dplogin.com already. How does it work so far?
-
I'd be cool if you could list up some more information about yourself, not only registered name and nicknames.
In my opinion, the clan (if the person is in a clan) must/should be displayed.
Further information, like "name", "age", "location", etc. could be listed up as well.
Despite that, the login system as well as all its functions work pretty neat for me. :)
Good job so far!
-
Yeah, I plan to add more profile information (email, aim, icq, etc. -- all optional stuff). Name is already in there. I need to set up a profile page where all this can be edited, too.
-
Yeah, I plan to add more profile information (email, aim, icq, etc. -- all optional stuff). Name is already in there. I need to set up a profile page where all this can be edited, too.
How about copying the stuff that was once entered on the forums (for email, aim, etc.).
Or even connecting those 2 pages, so when you click on "Additional Information" of a player, you get directed on their forum account page?
-
I was thinking of having a forum name option in there, too. In order to truly get everything linked together, though, I think I'd have to move the forums to the dplogin server.
-
I was thinking of having a forum name option in there, too. In order to truly get everything linked together, though, I think I'd have to move the forums to the dplogin server.
na, just add the dplogin server's ip to mysql allowed connection list or whatever, then instead of localhost use dpball's ip to connect to the mysql server
-
I've added a profile section where you can add info about yourself. Let me know if there's anything else you think I should add or what you think I should work on next.
Also http://www.dplogin.com/ to the secure/insecure versions of the site. I'd like to think my design is secure enough not to need HTTPS, but it's there if anybody wants it.
Edit: Forgot to mention that the password and email changing are not yet functional, so don't bother trying those.
-
Is this data going to be cleared before the system is actually implemented? If not, I can't remember what the hell my password is, and the email I got only contains the activation number, and not password or anything.
-
I'm impressed of your work Jits, really great. I can't wait till the new build is coming and the login system begins to work.
one little problem: i created a clan, then removed myself, i think. now, no one is leader and no one can control the clan. what now? (MeMi)
-
Nice work Jitspoe but the age calculator is not working properly... It is listing me as 36 with the birthdate 1962-05-27 Although I would love to be 36 or less again, I am 44 LOL
-
HA!
Old man!!
-
pfft I'm 36 now which makes me younger than you ya dinosaur!
-
Is this data going to be cleared before the system is actually implemented? If not, I can't remember what the hell my password is, and the email I got only contains the activation number, and not password or anything.
The password is never even sent to the server for security purposes. It gets hashed by the javascript then salted and hashed again before being stored in the database. On top of that, you can use the HTTPS connection to really make sure nobody can sniff your password out. In other words, even a high-level admin has no way of getting your password. I tried to make it as secure as possible so the people who don't want one more password to remember can use it.
I'm impressed of your work Jits, really great. I can't wait till the new build is coming and the login system begins to work.
one little problem: i created a clan, then removed myself, i think. now, no one is leader and no one can control the clan. what now? (MeMi)
If there are members in the clan and you are the only leader, it shouldn't let you remove your leader status or leave the clan without promoting somebody else to leader. I'll have to double check that. I can go and manually set you back to leader, though.
Nice work Jitspoe but the age calculator is not working properly... It is listing me as 36 with the birthdate 1962-05-27 Although I would love to be 36 or less again, I am 44 LOL
Strange. Seemed to work fine for my age. Maybe it has trouble calculating numbers that high.
Edit: Just verified the age thing. That's weird. All it does is convert your entered date to a unix date, subtract it from the current unix date, and divide by the number of seconds in a year. Unless Google lied to me when it said "1 year = 31 556 926 seconds", I don't see how that could not work. :-\ Maybe there's a "feel good" factor in PHP that needs to be adjusted.
Edit2: Haha, I know why. Unix epoch is 1970. You're too old for the system, man. I'll have to find a different way to calculate age or just use "36+". :)
-
Hahaha kiss my prehistoric dinosaur aZZ!!
-
I redid the age calculations so it will work for senior citizens.
I need to make the email and password changing functional. What else do you think it needs?
-
I redid the age calculations so it will work for senior citizens.
I need to make the email and password changing functional. What else do you think it needs?
uh, nothing.
-
Password changing is functional. I haven't had much time to work on it today, so email changing still doesn't work.
-
Will the database once be wiped off when everything is done, or will you use the available data?
-
It will most likely be wiped. There's a lot of junk data in there from failed experiments.
Email changing is now functional. Now that I think about it, there's not much reason to change you email since all it's used for is activations. Oh well.
-
What happened 2 paint ball? ???
-
is there a password recovery? i signed up for the Dplogin and have forgotten my password.
-
There is currently no password recovery feature. I suggest voting for that here: http://dplogin.com/forums/index.php?topic=5060.0
-
There is currently no password recovery feature. I suggest voting for that here: http://dplogin.com/forums/index.php?topic=5060.0
It would only take 30ish minutes :)
-
So would the thousands of other things I have on my todo list. They add up.
-
So this is... the login system right... And this is going to be on Paintball build 017? Aaand great job jitspoe, really admire your coding skills. Right now still it seems a bit lame. Not bad though, but it's just there on a website. We all will surely be waiting for the login system to come in-game!
/* Sorry for the bad english if there's some, I haven't woke yet :) */
-
http://dplogin.com/forums/index.php?topic=5260.0
Wait for build 18 for the modified (UDP) login system, though.
=> http://dplogin.com/forums/index.php?topic=951.msg62974#msg62974
-
Ya i love the build 17 just one minor thing do you think you could make it so you can make your name funname like colour and all that???
But other than that it's totaly sweet! ;D
-
You can name formatting (colors, etc), but only in-game.
-
Hey jitspoe is double clanning permitted???
-
Hey jitspoe is double clanning permitted???
No.
-
K ty just wanted to clear that up. ;D
-
Also can you create clans that are groups of others like say dead is the clan the you make like dead soldiers dead intelligence or would you just put the tags for each division on aswell as the general tag?
-
Also can you create clans that are groups of others like say dead is the clan the you make like dead soldiers dead intelligence or would you just put the tags for each division on aswell as the general tag?
I'm not sure what you're asking here. Currently there isn't a provision for making groups other than clans, and you can only be in one clan at a time.
-
Apocalypse - you can only enter one clan / squad. If you want multiple squads in one clan, you need to define each squad as a "clan" in this login-system. If that is what you are talking about :)
-
Apocalypse - you can only enter one clan / squad. If you want multiple squads in one clan, you need to define each squad as a "clan" in this login-system. If that is what you are talking about :)
So then if one squad in the clan were responsible for one thing or were ranked lower or higher than the others you would make a separate clan thing?
-
Like a sub-clan. Right?
-
Like a sub-clan. Right?
That's what I thought of when I first read these posts.
-
Ya basicly a sub clan Zorchenhimer maybe with a different tag like say tag is d for death then for this section db for deaths best
-
I'm trying to decide if I should prevent multiple registrations from the same IP.
-
if you can keep the hardware-signatures apart, I wouldn't, because there are a bunch of people connecting through the same routers as I've seen so far... and IPs often are dynamic anyways.
-
Agreed,
Look at brothers playing the game from teh same connection, or heaven forbid me and MONEY playing.......
-
Account registration is currently done through the website, so I can't keep track of the hardware id's, but I guess disabling multiple registrations from the same ip would cause more headaches than anything.
-
Account registration is currently done through the website, so I can't keep track of the hardware id's, but I guess disabling multiple registrations from the same ip would cause more headaches than anything.
2 per IP, And any more need to go through jitspoe, perhaps a special request form.
-
Account registration is currently done through the website, so I can't keep track of the hardware id's, but I guess disabling multiple registrations from the same ip would cause more headaches than anything.
2 per IP, And any more need to go through jitspoe, perhaps a special request form.
I agree I know that it would really piss me off if my brother got banned and then I couldn't play I know there was an insident earlier like that with tank and sparky or something getting banned.
-
I have been trying to login recently and cannot due to "invalid password" but I have changed nothing. I cannot re-create my account myself, can I get some assistance? It would be greatly appreciated.
login is qed
-
Are you trying to log in to the website or in the game?
-
Account registration is currently done through the website, so I can't keep track of the hardware id's, but I guess disabling multiple registrations from the same ip would cause more headaches than anything.
2 per IP, And any more need to go through jitspoe, perhaps a special request form.
I agree I know that it would really piss me off if my brother got banned and then I couldn't play I know there was an insident earlier like that with tank and sparky or something getting banned.
And dont let your friend get on your pc while you are mowing the lawn....
-
Trying to log into the site doesn't work and logging into the server in the game... it just seems to hang.
-
Trying to log into the site doesn't work and logging into the server in the game... it just seems to hang.
In the game you may be behind a firewall and that is the problem. As for not logging into the site make sure that caps lock in not on because the password may be case sensitive.
-
If it's case sensitive, I'll have to remember what was upper and lower. Being behind a firewall shouldn't be an issue because I already allow the game through it. I use Sygate personal firewall and until the global login, there was no issue with connection.
-
The firewall could still be the problem thoguh because I was playing at school yesterday and I could play but I couldn't use the global login.
-
Whenever I go to a server, it says something like : either this name is registered to someone else or your password is incorect. I checked on the site, and no one else has my name, and my password is right, but I can go into grafiti paint servers, what's wrong?
-
Are you using build 18? Did you set up a profile and log in through it?
-
I set up a profile, but I can't install biuld 18 and I don't know why
-
If you registered an account, you need to have build 18 to be able to use it.
-
I set up a profile, but I can't install biuld 18 and I don't know why
If you are using the update then you have to install to the directory that your paintball is currently in.
If you can't get that to work then just remove paintball completely and do a fresh install.
And if that still doesn't work then you should format your hard drive. j/k :D
-
/me is all set now from what I can tell. I'll have to spend some time on some other servers etc this weekend.
-
Oh, I tried installing biuld 18, but something was wrong. What folder is it supposed to go in again? Anyway, that one wasn't showing up or something, I forget exactly what it was, but either way, it didn't work.
-
Oh, I tried installing biuld 18, but something was wrong. What folder is it supposed to go in again? Anyway, that one wasn't showing up or something, I forget exactly what it was, but either way, it didn't work.
Solider that doesn't belong here, please stop doing stuff like this.
Build 18 full can be installed anywhere and the update must be installed to the same folder you installed 16.
-
I know I tried but it isn't working the same way it did on my other computer. And what do you mean "this isn't the place" this is a global login help folder and I can't get into any servers.
-
this is a global login help folder
I'm sorry, I thought it read "Global Login System (Implementation Discussion)," you know, specifically emphasizing that this is for discussion involving implementing it in the game. Thanks for helping me Soldier... This is definitely the best place to post your problem.
-
soldier: Go to the Files page (http://digitalpaint.planetquake.gamespy.com/files/) and download the Full installation. It's the first one on the page.
-
OK first, for yOOtz, I was having problems, and it said : if you are having problems loging in, go to this link, and this link was highlighted, so I clicked it, and it brought me here (by the way don't ask where that was, I don't remember). Also, thank you all for the help, but I tried reinstalling it, and it worked this time, I don't know why, but all my problems are now fixed, but thank you all anyway !
(Also, I know it's off topic, thats why it's at the ned of a post, becuase I'm not going to start a new topic about it, but : Is the karma gone ?)
-
Is the karma gone ?)
Well what does it intercoursein look like!!! >:(
-
Ok Wtf is going on im logged on to the clans server database thing and its still kicking me form the server saying im not on the list bu ti am clearly as day am I NEED AWNSERS
-
Are you logged in from the game? You need to use build 18.
-
yea just seen ur post about build 18 but what password and i supposed to be useing mine.?
-
ok im officially loosing my mind
-
Create a profile using the name you registered on dplogin.com, then log in using the password you registered there as well.
-
Make sure you don't select create new profile to select add existing profile.
-
I prettied up the clan display a bit. It shows the number of players in the clan as well (and sorts by that so all the 1-person clans are at the end of the list).
Can't quite figure out how to make it display empty clans, though...
SELECT `clanid`, `name`, `tag`, COUNT(1) AS `nummembers` FROM `dplogin_clanmembers` LEFT JOIN `dplogin_clans` ON `dplogin_clans`.`id` = `dplogin_clanmembers`.`clanid` WHERE (`dplogin_clanmembers`.`flags` & 1) = 1 GROUP BY `clanid` ORDER BY `nummembers` DESC
A flag of 1 is an active member.
-
put dplogin_clans on the left side of the join, that should get all instances of clans and members associated with those clans right? At the moment you are getting all members and only clans they belong to.
SELECT clanid, name, tag, COUNT(1) AS nummembers
FROM dplogin_clans
LEFT JOIN dplogin_clanmembers ON dplogin_clanmembers.clanid=dplogin_clans.id
WHERE etc
-
I tried that, as well as a right, outer, inner, etc. joins. No go. The problem is with the WHERE statement, I think. Clans without inactive members don't get put in the list, but I need the where statement to generate accurate counts (otherwise it counts former, invited, requesting, etc. members, not just active ones).
-
Very nice job I always got pissed off when I was looking through clans and I bump into clan with no people it was so annoying ::).
-
I tried that, as well as a right, outer, inner, etc. joins. No go. The problem is with the WHERE statement, I think. Clans without inactive members don't get put in the list, but I need the where statement to generate accurate counts (otherwise it counts former, invited, requesting, etc. members, not just active ones).
cant you do:
SELECT clanid, name, tag, COUNT(1) AS nummembers
FROM dplogin_clans
LEFT JOIN dplogin_clanmembers ON dplogin_clanmembers.clanid=dplogin_clans.id AND dplogin_clanmembers.flags = 1
By my reckoning that should get every clan, and then all members with the same clan id and that are flagged as 1
-
MySQL said:
#1140 - Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal if there is no GROUP BY clause
-
stick your GROUP BY on the end then?!
-
Ok, I'm not quite sure what that did, but...
clanid name tag nummembers
NULL [i]nsane [i] 365
2 Metal Militia -)MeMi(- 8
3 Team ch1ll -ch1ll- 4
7 The Testers [test] 2
16 Navy Seals {NS} 3
17 Crossbones .xb. 1
19 God'z Militia .gM^ 1
24 Only The Best [OTB] 6
29 &T (&T) 2
31 InSanE JunCtiOn .Ij. 8
-
Add your order by clause in too.
And that works, as long as you don't have any clans with a null id, which you really shouldn't do!
If so I think you can add AND clanid != NULL to the end of the left join. Not the most efficient code but should work.
-
There aren't any clans with a null id, it's a "NOT NULL" field. Also, insane doesn't have 365 members. It's like it's dumping everything that doesn't match into insane or something.
-
So are you sure Insane has an id? Just from looking at that it looks like its joining on all the members on who's clanid field match a clan id in the clans table. Why is it showing NULL for insanes clan id? Its matching everone who isnt in a clan to insane as they both seem to have a NULL clan id.
Otherwise i dunno :/
-
do you have that fixed now?
also, could you explain why sometimes the players of a clan have the clantag in front of their names and sometimes not? seems to do that randomly, as my nickname has been -)MeMi(-Pureblood once and now is b00nlander on the dplogin-website... :)
-
id timestamp name tag
1 2006-10-09 21:39:54 [i]nsane [i]
2 2006-10-10 02:38:04 Metal Militia -)MeMi(-
3 2006-10-10 03:24:51 Team ch1ll -ch1ll-
...
There are, however, no active members for insane, so I guess it just lumped everything there.
b00n: The name that is displayed is whatever you logged in as last.
Edit: Update: I have it pretty close with this:
SELECT *, COUNT(1) as `count` from `dplogin_clanmembers` right join `dplogin_clans` on `dplogin_clanmembers`.`clanid` = `dplogin_clans`.`id` and (`flags` & 1) = 1 group by `dplogin_clans`.`id`
Before I was trying to group on the clanid field (from the clanmembers table) instead of the id field from the clan table. The former was null in the case of an empty clan because of the way right join works. It shows all the clans now, but it also counts them, so empty clans have a player count of 1. Not sure if there's anything I can do about that.
-
The name that is displayed is whatever you logged in as last.
I always wondered that thought it was because they just registered as that for some weird reason
-
SELECT cl.id, cl.name, cl.tag, COUNT(1) AS nummembers
FROM dplogin_clans cl
LEFT JOIN dplogin_clanmembers cm ON cm.clanid=cl.id AND cm.flags = 1
GROUP BY cl.id
ORDER BY nummembers
I stand by my SQL!
-
SELECT cl.id, cl.name, cl.tag, COUNT(1) AS nummembers
FROM dplogin_clans cl
LEFT JOIN dplogin_clanmembers cm ON cm.clanid=cl.id AND cm.flags = 1
GROUP BY cl.id
ORDER BY nummembers
I stand by my SQL!
That's almost exactly what I have, except you swapped the tables around and did a left join. Also, you can't use equality testing for flags, since a flag of 3 (leader and member) wouldn't be listed. But thanks for the help.
I've added pages and searching to the clan listing. It looks a lot nicer now.
-
I've added pages and searching to the clan listing. It looks a lot nicer now.
Wow, it does look a lot cleaner now, nice one. Are you going to add a link to the GLS to the header with the rest of them when it's finished?
-
Are you going to add a link to the GLS to the header with the rest of them when it's finished?
You referring to the "Login" link next to "News"?
-
it looks smart. (Being able to sort by any of the columns would be nice too :P )
-
Are you going to add a link to the GLS to the header with the rest of them when it's finished?
You referring to the "Login" link next to "News"?
Haha I'm a fool, I thought that was for the forums. There, my 500th post, and I used to it admit that I'm a fool. You have my pride, what else do you want
Jitspoe?
*Edited for pride, grammar, y00tzisms, etc.
-
Great job nice way to clean all up it was a huge mess before great job Jits ;D.
-
I might add column sorting, but it isn't really necessary with the search function. Vote for it if you really want it. :)
-
I agree Jits it isn't really that nesscessary by the way I never realized there was so many 1 person clans I counted unless I can't count I think there is around 305.
-
there must still be some error or weirdness on the players page though:
when you click on "display players", it will show you the first bunch of players, in the order they have registered. except for one:
koperfly (2988) shows up on the first page for some reason.
-
What do you mean b00n the players page is still the same and koperfly isn't on the first page.
-
look in the top right
-
there must still be some error or weirdness on the players page though:
when you click on "display players", it will show you the first bunch of players, in the order they have registered. except for one:
koperfly (2988) shows up on the first page for some reason.
There's no order on the players page. Some early accounts were probably deleted and the database put a new record in that space.
-
Oh I see I just glanced LOL i must be blind 20 and 21 are missing too.
Edit: its pretty much in order except for a few missing numbers up to the 3800-4000 around.
-
Sorry if this is asked all the time, but you mentioned a GLS reset coinciding with a future release. What is your time line of a GLS reset?
Thanks,
y00tz
-
"pretty soon." :)
-
It will come with b20, right?
-
19, most likely. I haven't seen any reason to make a new build yet.
-
19, most likely. I haven't seen any reason to make a new build yet.
Cool, then maybe you can take a short break from DP development and play a few rounds with me?
Then maybe map a bit? :P
-
Perhaps. :)
Edit: Though I'm not sure how mapping is "taking a break from DP development."
-
Cool, then maybe you can take a short break from DP development and play a few rounds with me?
Mee too! :D
-
Though I'm not sure how mapping is "taking a break from DP development."
Lol agreed.