Author Topic: Global Login System (Implementation Discussion)  (Read 84011 times)

Smokey

  • Autococker
  • Posts: 1172
Re: Global Login System (Implementation Discussion)
« Reply #160 on: September 17, 2006, 10:54:48 AM »
For all those interested in Cryptography, ( almost relevent in this thread as we discuss RSA and keys ans stuffage) might want to visit this web site:

http://www.cryptodox.com/

Lot's of good reading for the n00bs, me included.

Forbidden
You don't have permission to access / on this server.

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
Re: Global Login System (Implementation Discussion)
« Reply #161 on: September 17, 2006, 11:19:14 AM »
I think the site got /.'d

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: Global Login System (Implementation Discussion)
« Reply #162 on: September 18, 2006, 06:59:05 PM »
Slight change of plan.  Apparently mcrypt isn't a standard PHP module and I don't want to mess with requiring proprietary stuff.  Instead of using AES, I'm just going to md5hash the password hash combined with the random string generated, do the same on the login server, and compare the two together.

I actually have this part working now.  The problem is key generation time.  In my test app, it takes less than a second to generate a key.  When I put the code into paintball2, however, it took several seconds.  I can't for the life of me figure out why, though.  I hate to try to come up with yet another plan, though, when I've gotten this far.  I might just have to put the login stuff in a separate thread and have it run in the background.

Sprinkle

  • VM-68
  • Posts: 115
Re: Global Login System (Implementation Discussion)
« Reply #163 on: September 18, 2006, 08:15:37 PM »
I think thats common practice to thread the auth stuff and have it validate within 10-15 seconds after you join the server.. ala punkbuster. 
I guess the trick is to keep people from abusing it by joinflooding the server and whatnot.

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: Global Login System (Implementation Discussion)
« Reply #164 on: September 19, 2006, 02:00:42 AM »
I think I'm making it more complicated than it needed to be.  If I'm just going to md5 hash the password hash with a random string, I can just send that random string in plain text.  It's not going to matter.  So I could just do something like:

Client <- RandStr = random() <- LoginServer
Client -> pwhash2 = md5(RandStr+pwhash) -> LoginServer
Client <- validate(pwhash2 == md5(RandStr + pwhash in db)) <- LoginServer
Client <- RandStr2 <- GameServer <- RandStr2 = random() <- LoginServer
Client -> pwhash3 = md5(RandStr2+pwhash) -> GameServer -> pwhash3 -> LoginServer
GameServer <- validate(pwhash3 == md5(RandStr2 + pwhash in db)) <- LoginServer

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: Global Login System (Implementation Discussion)
« Reply #165 on: September 30, 2006, 01:12:27 AM »
http://dplogin.com/testlogin.php

Account activation emails and clan member joins/invites are now functional.  A person must both join a clan and have a leader invite him to become a member (order doesn't matter).  Leaving isn't implemented yet.  Play around with it and let me know what you think.

bitmate

  • Autococker
  • Posts: 1248
Re: Global Login System (Implementation Discussion)
« Reply #166 on: September 30, 2006, 02:21:04 AM »
1.) You can create more than one clan from the same profile. (e.g. http://dplogin.com/testlogin.php?action=viewclan&clanid=2 and http://dplogin.com/testlogin.php?action=viewclan&clanid=3). I both created them with the same login name. Maybe that should be changed in order to avoid multi-claning and several fun-clans.

2.) I've encountered some email problems with my @ch1ll.com email - address, but maybe that's because @ch1ll.com is just forwarding to my normal email - address.

3.) When you've chosen your 3 registered names, there still is a comma after the latest name.

Smokey

  • Autococker
  • Posts: 1172
Re: Global Login System (Implementation Discussion)
« Reply #167 on: September 30, 2006, 09:08:52 AM »
the username smokey is already taken..?
NVM, i got it =]



This error comes up when it tells me the account has yet to be activated

http://dplogin.com/testlogin.php?action=emailactivation
Code: [Select]
Unknown action: emailactivation.

Lunatic

  • 68 Carbine
  • Posts: 349
Re: Global Login System (Implementation Discussion)
« Reply #168 on: September 30, 2006, 02:34:06 PM »
Registered YAY.

GreenAffairz

  • Autococker
  • Posts: 515
Re: Global Login System (Implementation Discussion)
« Reply #169 on: September 30, 2006, 09:09:02 PM »
Wiz00t Me T00!

ViciouZ

  • Map Committee
  • Autococker
  • Posts: 2227
Re: Global Login System (Implementation Discussion)
« Reply #170 on: October 01, 2006, 02:02:02 AM »
I'm having trouble receiving the email. I use AOL (fat bastards, switching to pipex soon) and the email doesn't get to my inbox, or spam folder.

TinMan

  • Autococker
  • Posts: 1347
Re: Global Login System (Implementation Discussion)
« Reply #171 on: October 01, 2006, 02:08:37 AM »
Its AOL, give it some time, like a couple days. lol

ViciouZ

  • Map Committee
  • Autococker
  • Posts: 2227
Re: Global Login System (Implementation Discussion)
« Reply #172 on: October 01, 2006, 07:22:48 AM »
Its been 3.

Smokey

  • Autococker
  • Posts: 1172
Re: Global Login System (Implementation Discussion)
« Reply #173 on: October 01, 2006, 07:26:07 AM »
well uh, it says unknown function when i try. also vicious, i
can set you up with a @arena-zone.com address.

bitmate

  • Autococker
  • Posts: 1248
Re: Global Login System (Implementation Discussion)
« Reply #174 on: October 01, 2006, 07:48:48 AM »
My @ch1ll.com address is still not working...

Matze

  • 68 Carbine
  • Posts: 346
Re: Global Login System (Implementation Discussion)
« Reply #175 on: October 01, 2006, 08:31:08 AM »
Because it's down, same as pbcup.com.

bitmate

  • Autococker
  • Posts: 1248
Re: Global Login System (Implementation Discussion)
« Reply #176 on: October 01, 2006, 09:55:05 AM »
Negative. I still can receive _normal_ emails on that address.

TinMan

  • Autococker
  • Posts: 1347
Re: Global Login System (Implementation Discussion)
« Reply #177 on: October 01, 2006, 11:31:06 AM »
I got my e-mail fine. @neonpulse.net ftw!

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: Global Login System (Implementation Discussion)
« Reply #178 on: October 01, 2006, 08:58:16 PM »
bitmate: When it's done, you won't be able to create multiple clans.  I guess I didn't put that check in there yet.  #3 (the commas) is me just being lazy.  Polish comes after functionality.

Smokey: Re-sending activation emails isn't implemented yet.  I just deleted your account.  When you make a new one, it should send you an email.

ViCiOUS (and other people not getting the email): I had to do a bit of configuration before hotmail would even receive my emails (though they worked consistently with yahoo).  After I got reverse DNS and whatnot set up, it would at least get the email (after a long delay), but it junk filtered it.  I may still need to configure some more things to get it to pass through the spam filters, though I don't know what.  I hate spam.  Clutters the Internet's tubes and the filters people make to preserve sanity end up blocking legit data.

Matze: pbcup.com isn't down for me.

Everyone: Note that this is just the test database and will more than likely get wiped (or a different database will be used entirely) for the live login system.

Smokey

  • Autococker
  • Posts: 1172
Re: Global Login System (Implementation Discussion)
« Reply #179 on: October 01, 2006, 09:44:15 PM »
you didnt use my sweet ajax :(