Author Topic: Global Login System (Implementation Discussion) (Read 83957 times)

Eiii · « **Reply #40 on:** May 11, 2006, 07:13:17 PM »

Perhaps make it so the tag looks different from the Name?

KnacK · « **Reply #41 on:** May 11, 2006, 08:19:15 PM »

For the clan tag:
-Require clan tags to be in brackets "[]"
-Player names can be checked for brackets when created and if they are detected be clasified as an illegal charactor in the player's name.

Eiii · « **Reply #42 on:** May 11, 2006, 09:13:46 PM »

But what if someone wants to type in their H the 'cool' way?!?

jitspoe · « **Reply #43 on:** May 12, 2006, 02:08:55 AM »

I don't know that I want to stifle creativity that much. Many clan tags don't use []'s. Crossbones uses .'s, for example, and ch1ll uses -'s.

KnacK · « **Reply #44 on:** May 12, 2006, 04:55:00 AM »

The only reason I brought that up was for tag protection ( imposters)

Unless..... you want to create a clan tag registry. That might solve the issue.

jitspoe · « **Reply #45 on:** May 12, 2006, 01:16:42 PM »

As part of the login system, you will be able to create and manage clans and their associated tags.

KnacK · « **Reply #46 on:** May 12, 2006, 01:39:57 PM »

sweet

loial21 · « **Reply #47 on:** May 12, 2006, 09:36:10 PM »

I was worried about that, thanks.

GreenAffairz · « **Reply #48 on:** May 13, 2006, 12:26:45 AM »

sounds like cool stuff, looking forward

jitspoe · « **Reply #49 on:** June 06, 2006, 12:53:45 PM »

For the clan tags, I'm going to require that tags be surrounded by at least one of the following characters:
[]=-|.<>{}()

That way people can't abuse the system and create a clan tag like "J" and then a player named "Jack" would not be able to use his name because it contains a clan tag. They'd have to make the clan tag "<J>" or "=J=" or something. "-=[J]=-" would be fine, too.

I'm trying to decide if I should require clan tags to be prefixes, scan the whole names for clan tags, or have the clan specify if the tag is a prefix or a suffix. I think it would be simpler and more standardized to have all clan tags be prefixes. That would require some adjustment for a couple clans, though.

KnacK · « **Reply #50 on:** June 06, 2006, 02:58:47 PM »

I knew you'd see it my way :p

Eiii · « **Reply #51 on:** June 06, 2006, 04:38:18 PM »

I think that clan tags should be completely separate from names-- Formatted differently, too. (So it's obvious it's a tag and not just the beginning of someone's name). That way, if you include the whole 'You-can-only-change-your-name-3-or-so-times-a-month' thing, and you've already changed your name 3 times (for whatever reason), you won't have to wait until the end of the month to add the tag to your name.

jitspoe · « **Reply #52 on:** June 06, 2006, 07:17:28 PM »

The formatting is up to the clan. Clan tags aren't considered part of the name, even though they're all part of the same string. When you register an account, all non-alphanumeric characters will be stripped out and the name will be made case-insensitive.

Say somebody registered the name "John Smith". It would be stored as "johnsmith", and any variation could be used by that player: "JohnSmith", "[joHn sMIth]", "john_smith" etc. J0hnSm1th, however, would be a different name. If John Smith was in Clan John, with the <J> tag, he could just tack it on like "<J>JohnSmith", then when he connected to the account server, the server would search the user name for clan tags and strip them out, in this case, <J>, and use the remaining name, JohnSmith, for the login, then make sure that "johnsmith" actually belonged to the clan with the <J> tag.

TinMan · « **Reply #53 on:** June 06, 2006, 08:37:32 PM »

Sounds sweet, how is this going to work with colors if its alphanumeric though? Would you be able to impliment the Quake 3 color system of ^# for colors? That would make the whole funnames thing a lot easier and the output in logs would be more readable to the naked eye. (without doing anything to it)

jitspoe · « **Reply #54 on:** June 06, 2006, 09:48:05 PM »

Formatting and non-alphanumeric characters are simply ignored during the login process (except with clan tags, where just the formatting is ignored).

Logs should strip formatting by default now, and if ^ were used for colors, it would mean everybody would have to change their names, and it wouldn't account for other things, like italics and extended characters.

bug · « **Reply #55 on:** June 07, 2006, 12:09:33 PM »

Wouldn't it be easier (and eliminate the whole clan-tag-in-name-that-you-must-do-tons-of-random-parsing-to-stop problem) to just make clan tags entirely seperate? As in, being able to register a clan tag that DOES NOT appear with your name, example:

Your clan: {NOTHING}
Your name: {ROCK}
What people see in-game: {ROCK}

And then you could have something like a player profile (floating box on mouseover in player scores?) that would tell you their clan tag and some other information. Clan fakers could easily be spotted because the clan tags would not be included in the names.

[eR33T]BoB would be a fake.
BoB (with [eR33T] as his clan in the player profile) would not be a fake.

Just an idea.

jitspoe · « **Reply #56 on:** June 07, 2006, 12:41:36 PM »

Then legit players wouldn't be able to "wear" their clan tag, and fakers would. Not to mention it would require re-writing everything that displays player names.

bug · « **Reply #57 on:** June 07, 2006, 01:46:22 PM »

The first part is indeed true, if you want to brandish your (legit) clan tag, it wouldn't be immediately visible. As for the second, I don't see why it would -- the name would be stored completely as normal. It would be an extra variable for the clan, and the profile-displaying that's needed.

supertanker · « **Reply #58 on:** June 08, 2006, 11:15:30 AM »

Just an idea....

Another game, BZFlag, has a really clever login system....

It uses the forum's user database, so if you want to play you register at the forums and use the same username and password. In fact, wouldn't this make it simpler, you would just have to md5 the password at the client or something? I dunno, i'm not a programmer, but I just thought it would be interesting....although I think that it was mainly made for PHPbb.

Plus that way you get a built in password retrival and no worries about duplicates. In fact, the user db software is open source on the BZFlag CVS at Sourceforge, I think, under the db module.

THe BZFlag system is so fancy, they have it set up with global usergroups for servers (Cop, Admin, Moderator, and other custom ones that group owners can edit) that can be assigned to users with the the forum's group database.

Just a suggestion....

Apparently this system is reasonably foolproof, although the probem with bzflag is that not all servers have this enabled (It can be switched off). I know there are at least 4000 active players out there who are registered, and i haven't seen many reports of cheaters/impersonators on the bzflag forums, so i'm guessing it works well.

jitspoe · « **Reply #59 on:** June 08, 2006, 01:16:14 PM »

I have certainly considered this, but I don't know if it would make it simpler or more complicated. Requiring people to sign up for the forums would likely increase community involvement and feedback, but integrating player accounts with forum accounts is going to be messy at best. If something goes wrong with one, both will probably have issues. Not only might the integration be complicated, but it will make forum upgrades very difficult if not impossible.

Of course, another reason I wasn't really interested in doing it was because there were so many issues with the forums earlier that I was going to use a completely different server. Now that they've been relocated, I suppose it might be possible to just tap into the forum user database and not modify anything at all. There is, of course, some additional information that will need to be stored for the game users, so I'll have to make another database for that. I think trying to integrate it with the forum database would be too risky.

In the end, all that would really be gained is ease for users -- they'd have to sign up once instead of twice to use the forums and game accounts. After thinking about it a bit, though, you have made me reconsider the overall login system. I might have been making it too complicated. I think I may go back more toward the design I had originally, but with a little more knowledge of cryptography.

- The login server would have an RSA key pair set up, with the public key available.
- The client will encrypt the password + user name + random data with the public key and send it to the login server.
- The login server will verify the password against a salted MD5.
- If verified, the login server will encrypt ...

meh, you know what? It's going to be about the same complexity either way.