Author Topic: Global Login System (Implementation Discussion) (Read 83221 times)

Smokey · « **Reply #160 on:** September 17, 2006, 10:54:48 AM »

Quote from: KnacK on September 17, 2006, 10:32:42 AM

For all those interested in Cryptography, ( almost relevent in this thread as we discuss RSA and keys ans stuffage) might want to visit this web site:

http://www.cryptodox.com/

Lot's of good reading for the n00bs, me included.

Forbidden
You don't have permission to access / on this server.

KnacK · « **Reply #161 on:** September 17, 2006, 11:19:14 AM »

I think the site got /.'d

jitspoe · « **Reply #162 on:** September 18, 2006, 06:59:05 PM »

Slight change of plan. Apparently mcrypt isn't a standard PHP module and I don't want to mess with requiring proprietary stuff. Instead of using AES, I'm just going to md5hash the password hash combined with the random string generated, do the same on the login server, and compare the two together.

I actually have this part working now. The problem is key generation time. In my test app, it takes less than a second to generate a key. When I put the code into paintball2, however, it took several seconds. I can't for the life of me figure out why, though. I hate to try to come up with yet another plan, though, when I've gotten this far. I might just have to put the login stuff in a separate thread and have it run in the background.

Sprinkle · « **Reply #163 on:** September 18, 2006, 08:15:37 PM »

I think thats common practice to thread the auth stuff and have it validate within 10-15 seconds after you join the server.. ala punkbuster.
I guess the trick is to keep people from abusing it by joinflooding the server and whatnot.

jitspoe · « **Reply #164 on:** September 19, 2006, 02:00:42 AM »

I think I'm making it more complicated than it needed to be. If I'm just going to md5 hash the password hash with a random string, I can just send that random string in plain text. It's not going to matter. So I could just do something like:

Client <- RandStr = random() <- LoginServer
Client -> pwhash2 = md5(RandStr+pwhash) -> LoginServer
Client <- validate(pwhash2 == md5(RandStr + pwhash in db)) <- LoginServer
Client <- RandStr2 <- GameServer <- RandStr2 = random() <- LoginServer
Client -> pwhash3 = md5(RandStr2+pwhash) -> GameServer -> pwhash3 -> LoginServer
GameServer <- validate(pwhash3 == md5(RandStr2 + pwhash in db)) <- LoginServer

jitspoe · « **Reply #165 on:** September 30, 2006, 01:12:27 AM »

http://dplogin.com/testlogin.php

Account activation emails and clan member joins/invites are now functional. A person must both join a clan and have a leader invite him to become a member (order doesn't matter). Leaving isn't implemented yet. Play around with it and let me know what you think.

bitmate · « **Reply #166 on:** September 30, 2006, 02:21:04 AM »

1.) You can create more than one clan from the same profile. (e.g. http://dplogin.com/testlogin.php?action=viewclan&clanid=2 and http://dplogin.com/testlogin.php?action=viewclan&clanid=3). I both created them with the same login name. Maybe that should be changed in order to avoid multi-claning and several fun-clans.

2.) I've encountered some email problems with my @ch1ll.com email - address, but maybe that's because @ch1ll.com is just forwarding to my normal email - address.

3.) When you've chosen your 3 registered names, there still is a comma after the latest name.

Smokey · « **Reply #167 on:** September 30, 2006, 09:08:52 AM »

the username smokey is already taken..?
NVM, i got it =]

This error comes up when it tells me the account has yet to be activated

http://dplogin.com/testlogin.php?action=emailactivation

Code: [Select]

Unknown action: emailactivation.

Lunatic · « **Reply #168 on:** September 30, 2006, 02:34:06 PM »

Registered YAY.

GreenAffairz · « **Reply #169 on:** September 30, 2006, 09:09:02 PM »

Wiz00t Me T00!

ViciouZ · « **Reply #170 on:** October 01, 2006, 02:02:02 AM »

I'm having trouble receiving the email. I use AOL (fat bastards, switching to pipex soon) and the email doesn't get to my inbox, or spam folder.

TinMan · « **Reply #171 on:** October 01, 2006, 02:08:37 AM »

Its AOL, give it some time, like a couple days. lol

ViciouZ · « **Reply #172 on:** October 01, 2006, 07:22:48 AM »

Its been 3.

Smokey · « **Reply #173 on:** October 01, 2006, 07:26:07 AM »

well uh, it says unknown function when i try. also vicious, i
can set you up with a @arena-zone.com address.

bitmate · « **Reply #174 on:** October 01, 2006, 07:48:48 AM »

My @ch1ll.com address is still not working...

Matze · « **Reply #175 on:** October 01, 2006, 08:31:08 AM »

Because it's down, same as pbcup.com.

bitmate · « **Reply #176 on:** October 01, 2006, 09:55:05 AM »

Negative. I still can receive _normal_ emails on that address.

TinMan · « **Reply #177 on:** October 01, 2006, 11:31:06 AM »

I got my e-mail fine. @neonpulse.net ftw!

jitspoe · « **Reply #178 on:** October 01, 2006, 08:58:16 PM »

bitmate: When it's done, you won't be able to create multiple clans. I guess I didn't put that check in there yet. #3 (the commas) is me just being lazy. Polish comes after functionality.

Smokey: Re-sending activation emails isn't implemented yet. I just deleted your account. When you make a new one, it should send you an email.

ViCiOUS (and other people not getting the email): I had to do a bit of configuration before hotmail would even receive my emails (though they worked consistently with yahoo). After I got reverse DNS and whatnot set up, it would at least get the email (after a long delay), but it junk filtered it. I may still need to configure some more things to get it to pass through the spam filters, though I don't know what. I hate spam. Clutters the Internet's tubes and the filters people make to preserve sanity end up blocking legit data.

Matze: pbcup.com isn't down for me.

Everyone: Note that this is just the test database and will more than likely get wiped (or a different database will be used entirely) for the live login system.

Smokey · « **Reply #179 on:** October 01, 2006, 09:44:15 PM »

you didnt use my sweet ajax