Author Topic: Global Login System (Implementation Discussion) (Read 83788 times)

bug · « **Reply #180 on:** October 02, 2006, 12:02:24 AM »

Two words:

Over complication.

Sure, if the point of the GLS had stayed as it was originally intended: have a username/password that every player needs to play online for easy GBLs. But no, we had to start getting funky with clan tags, clan invites, and all whatnot and crap. I want a clan tag of {}, but no, I need alphanumeric characters. I want to surround my clan tag with ANSI color codes, but no, that's not approved clan tags. Sure, you can try to cater to perfectionism, but the best system is no system.

Just leave it as a username and password.

Matze · « **Reply #181 on:** October 02, 2006, 05:47:09 AM »

Right, ch1ll and pbcup are working again for me, too, but still i've got the same problem as bitmate has. So i guess i just use my "real" email adress next time i try to register

If you want you can delete 33matze aswell, since i won't get any activation email then. Or just leave it as that if there will be a new database after the test time.

Btw,thank you for your work you spent on making such a nice login-system

XtremeBain · « **Reply #182 on:** October 02, 2006, 06:11:50 AM »

I was testing @ch1ll.com last night and it wasn't working. Weird because mail aliasing is hosted by our DNS provider's MX, rather than pbcup.com's mail server. Anyway it is functional right now, however still not receiving confirmation e-mails.

I remember when setting up pbcup.com activation e-mails I had to jump through loops to get it to work with most providers. I would recommend doing a lot of browsing through your mail logs to see exactly which errors the mailservers are sending you. Those error messages are pretty helpful for determining the root cause of the problem.

I'm around in evenings if you'd like any help with it.

toM|vendettA · « **Reply #183 on:** October 02, 2006, 06:39:12 AM »

Email confirmation works with gmail.

jitspoe · « **Reply #184 on:** October 02, 2006, 04:09:02 PM »

Bain: Thinks for the tips. Where would those mail logs be stored?

bug: The idea was always to protect both player names and clan tags. This method both prevents people from spoofing clan tags and lets people keep their current name without having to mess with adding a tagged name to their account. As for the tag restrictions, I have a simple set of rules (that should work fine for most clan tags) in order to prevent people from registering tags that are likely to conflict with player names. For example, if somebody registered the tag "b", then you wouldn't be able to use "bug", because it would read "b" as the clan tag and "ug" as the name. You also don't need to register color codes. They will be stripped out during the verification process. This prevents people from spoofing a tag or name just by throwing in some format codes. I can make it strip those out during the registration process, too, though.

jitspoe · « **Reply #185 on:** October 02, 2006, 05:41:01 PM »

Ok, found it.

Quote

Action: delayed
Status: 4.2.0
Remote-MTA: DNS; guide.mx.dnspark.net
Diagnostic-Code: SMTP; 450 <apache@ensim.ev1servers.net>: Sender address rejected: Domain not found
Last-Attempt-Date: Sat, 30 Sep 2006 07:37:03 -0500

X-ClientAddr: 127.0.0.1
Return-Path: <apache@ensim.ev1servers.net>
Received: from ensim.ev1servers.net (localhost.localdomain [127.0.0.1])
by ensim.ev1servers.net (8.12.11/8.12.11) with ESMTP id k8U7eg2x022182
for <bitmate@ch1ll.com>; Sat, 30 Sep 2006 02:40:42 -0500
Received: (from apache@localhost)
by ensim.ev1servers.net (8.12.11/8.12.11/Submit) id k8U7efgO022180;
Sat, 30 Sep 2006 02:40:41 -0500
Date: Sat, 30 Sep 2006 02:40:41 -0500
Message-Id: <200609300740.k8U7efgO022180@ensim.ev1servers.net>
To: bitmate@ch1ll.com
Subject: DPLogin Paintball 2 Account Activation
From: "Digital Paint" <no-reply@dplogin.com>
X-Mailer: PHP/4.3.2
X-yoursite-MailScanner-Information: Please contact the ISP for more information
X-yoursite-MailScanner: Found to be clean
X-MailScanner-From: apache@ensim.ev1servers.net

I guess changing the header in the mail() function didn't get rid of the apache@ensim.ev1servers.net. How do I fix that?

jitspoe · « **Reply #186 on:** October 02, 2006, 07:43:34 PM »

Ok, I've configured the domain now, so it should work for some of the more picky email accounts.

jitspoe · « **Reply #187 on:** October 05, 2006, 03:08:03 PM »

If somebody is bored, I need a way to check if an email has already been sent recently for a particular ip, so people don't abuse the system.

Smokey · « **Reply #188 on:** October 05, 2006, 03:25:26 PM »

i am.

ill msg u on irsEA

jitspoe · « **Reply #189 on:** October 09, 2006, 08:44:18 PM »

I've changed the way the md5 salting works in order to be more secure. I had to wipe all of the existing accounts. Try creating new ones and make sure everything works. Also, for the paranoid, I have a secure version here:

https://www.dplogin.com/login.php

Edit: Though it's not signed because what companies charge to have these things signed is highway robbery.

Edit2: Fixed the url because it seems people are still clicking on it.

Smokey · « **Reply #190 on:** October 09, 2006, 08:47:07 PM »

confirm password field.

also, provide the ip address that was used to register and a activation LING

and for the login, just make it a simple username and password form.

and for irc channels on clans page, make them be a link to the channel.

bitmate · « **Reply #191 on:** October 10, 2006, 07:14:12 AM »

Matze and me just messed around a bit with the clan setup and we both wanted to know if there is any possibility to add any additional leaders to the list. Or is it only one leader per clan (most likely the one who registered the clan)?

jitspoe · « **Reply #192 on:** October 10, 2006, 10:49:28 AM »

bitmate: I haven't added that functionality yet, but I will. It will basically be like ops in an irc channel. Leaders can make other members leaders, remove the leader status of other leaders, and invite/kick players.

Smokey: What do you mean by an activation "LING"?

Matze · « **Reply #193 on:** October 10, 2006, 11:18:14 AM »

Thanks Jits.

I dont know what LING could be ( maybe a typo ? ), but i think smokey meant is that when you receive an email with an activation number it should show the ip who entered the email. Well at least thats the only way i can think of. If not, SMOKEY WHATS A LiNg

jitspoe · « **Reply #194 on:** October 10, 2006, 11:21:02 AM »

Oh, wait. I think he meant link. Yeah, I can do that.

KnacK · « **Reply #195 on:** October 10, 2006, 11:34:32 AM »

I was going to suggest sending a link as well.

Good idea.

Smokey · « **Reply #196 on:** October 10, 2006, 12:44:08 PM »

i meant link, my bad.

late night post, ya know

jitspoe · « **Reply #197 on:** October 10, 2006, 03:36:57 PM »

Activation link is now sent by email.

maxpower · « **Reply #198 on:** October 10, 2006, 06:39:46 PM »

Yea nice login, i just dont like all that extra stuff like the session id and pwhash stuff, and the username and password should be on same page, create a account another link and maybe a forgot password link. This will just make the page more organize and make it more "cleaner"

Smokey · « **Reply #199 on:** October 10, 2006, 07:03:50 PM »

Quote from: maxpower on October 10, 2006, 06:39:46 PM

Yea nice login, i just dont like all that extra stuff like the session id and pwhash stuff, and the username and password should be on same page, create a account another link and maybe a forgot password link. This will just make the page more organize and make it more "cleaner"

its in dev stage still..