OpenTTD Login System [Now with binaries]

OpenTTD is a fully open-sourced reimplementation of TTD, written in C++, boasting improved gameplay and many new features.

Moderator: OpenTTD Developers

User avatar
lucaspiller
Tycoon
Tycoon
Posts: 1228
Joined: 18 Apr 2004 20:27

OpenTTD Login System [Now with binaries]

Post by lucaspiller »

I promissed it, so here it is! A centeral authentication login system thingy-ma-bob for OpenTTD. :D

How it works
Here is what happens when a user tries to connect to a game server:
  • The client sends a request to the login server with their username and password. Originally I was hoping to send the password encyrpted but I cannot figure out how to use the md5 stuff built into OpenTTD.
  • The login server checks this version against the encrypted version in the database. If the password is wrong or there is an incorrect username it sends an error message, otherwise it sends a key.
  • The client sends a request to the game server with its key at the end of a packet requesting to join. It doesn't check whether the server supports the system or not, because if it doesn't it will just ignore it. Also the client doesn't check the result from the login server to make sure it has actually got a key - but you won't get in if you ain't.
  • The game server then sends a request to the login server with the users name and key. It will then be processed and returned whether it is correct or not. This was a potential for a security flaw, they have your key so they don't need your password to request a new one, so whenever your key is verified as correct a new one (that isn't given out) is generated. The server then lets the client in, or sends it an error message.
  • If the client is let in then that is it and it continues on its long journey. If it wasn't though that isn't quite it. Have a think about it, somebody could write a program that pretends to be the server but just nicks your key. So if the client isn't allowed in, then a new key is requested.
How to get it going
1) Download the patch below, and merge it against your copy of the code.
2) Compile your fantastic new copy.
or
1 + 2) Download a binary below.

3) Visit http://www.tom-h.com/~ysflight/ottd/ and register, then verify your email address by clicking the link.
4) Open up openttd.cfg for editing and add / modify these values in the [network] section:

Code: Select all

player_name - <The user name you just registered>
player_pass  - <The password you just registered>
login_url = http://www.tom-h.com/~ysflight/ottd/
login_server = www.tom-h.com
login_enabled = true
If you are just running a dedicated server you do not need to register or enter a username / password.
5) Fire up and enjoy! :D

Other features
(More soon)
- You should be able to connect to servers of the same revision (including the m bit) without the patch
- Users can be banned by putting their username into the banning section of openttd.cfg - as they cannot change their username now they will not be able to get back in

Known bugs
(Probably more soon)
- Users without the patch do not see any information about your server in the list

Coming soon
- Central banning system
- Feedback system

Updates
14th Feb 05 - First version
15th Feb 05 - Updates to backend, you need to verify your address to get in and security fixes
16th Feb 05 - Typo fixes / registrations work (cheers Owen) and binaries

Binaries
Windows: OTTD-win32-r2206m.zip
Linux: OTTD-linux-r2206m.tar.bz2
Attachments
login_version1.patch.zip
(4.01 KiB) Downloaded 190 times
Last edited by lucaspiller on 19 Apr 2005 19:13, edited 6 times in total.
No longer active here, but you can still reach me via email: luca[at]stackednotion[dot]com
User avatar
Born Acorn
Tycoon
Tycoon
Posts: 7591
Joined: 10 Dec 2002 20:36
Skype: bornacorn
Location: Wrexham, Wales
Contact:

Post by Born Acorn »

wow

If this was developed more and put into the trunk, and had an ingame registration, it would be amazing! It would finally put an end to the jerks who ruin MP games
Image
markr
Engineer
Engineer
Posts: 39
Joined: 05 Feb 2005 16:04

Post by markr »

I suggested this about a week ago.

I'd be interested to see how you did it, how it works (I may look at the patch later).

Anyway, I agree that you need in-game registration. People shouldn't have to use a web browser to register.

People also should not have to edit the configs manually under normal circumstances.

I assume that this patch also stops the passwords being sent to the openttd servers, instead using some sort of temporary session ID which is checked with the auth server. This was my main concern, about spoofed servers being used to obtain players' passwords.

Cheers

Mark
User avatar
Born Acorn
Tycoon
Tycoon
Posts: 7591
Joined: 10 Dec 2002 20:36
Skype: bornacorn
Location: Wrexham, Wales
Contact:

Post by Born Acorn »

maybe in future Games stay hosted by the master server so if the hoster leaves the game stays open. ALso it should be possible to choose a saved password in account settings or similar and it be automatically applied to every game you are in
Image
User avatar
lucaspiller
Tycoon
Tycoon
Posts: 1228
Joined: 18 Apr 2004 20:27

Post by lucaspiller »

In game registration is planned, but for now it was easier just to setup a site. Also it is PHP based, so that made it easier.
markr wrote: I assume that this patch also stops the passwords being sent to the openttd servers, instead using some sort of temporary session ID which is checked with the auth server. This was my main concern, about spoofed servers being used to obtain players' passwords.
[See "How it works" above]

How's that for an explanation at 7 in the morning? :P

Also if you want to ban users for now, just add their username to the banlist normally.
Last edited by lucaspiller on 16 Apr 2005 08:43, edited 1 time in total.
No longer active here, but you can still reach me via email: luca[at]stackednotion[dot]com
User avatar
orudge
Administrator
Administrator
Posts: 25034
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Post by orudge »

Typo alert in your registration script!

Fatal error: Call to undefined function: addslahes() in /home/ysflight/public_html/ottd/register.php on line 36

;)

Sounds good, otherwise!
User avatar
lucaspiller
Tycoon
Tycoon
Posts: 1228
Joined: 18 Apr 2004 20:27

Post by lucaspiller »

I added that last night and didn't do much testing, so I expected there to be some bugs. Cheers Owen. :D I was hoping to do a bit more last night but we had a damn power cut. :evil:

Also I am afraid I won't be able to put any Windows binaries up because whenever I try and cross compile it Zlib ends up messing up. It can read and save its own savegames, and other versions can read its savegames, but it cannot read other versions save games. :x The error is "Load game: inflate() failed", just in case anyone has an idea - both versions were compiled with the same version of zlib so I cannot understand what the problem is. :P

I probably won't be able to get much done over the coming week because I have loads of coursework to do, 3 pieces due in Wednesday, all of which I have barely started. :(

EDIT: OK fixed the problem now, appears to be something with linking zlib statically. Windows binary eta <10 mins.

EDIT #2: Binaries up now, I have also put a server up "Login_Test" (it may not work due to port forwarding being wrong so post here if so).
No longer active here, but you can still reach me via email: luca[at]stackednotion[dot]com
PayableOnDeath
Engineer
Engineer
Posts: 27
Joined: 18 Apr 2005 13:42

Post by PayableOnDeath »

Hi

for this to work server side I just download the binary and then run the server as normal with -D ( think its -D) only started setting up a server n playing MP this morning lol :)


I love the MP in OTTD when me n a mate had TTD we tryed playing together but the modems didnt seem to pick up n connect to play :(

oh well glad to see we have go thou all that again lol

hope to see some of you on a server sometime :)
MeusH
Tycoon
Tycoon
Posts: 4349
Joined: 25 Oct 2004 15:39
Location: Mississauga

Post by MeusH »

Some questions:

:arrow: Do I need to download this if I just want to play (is it server side only)?
:arrow: Whan OTTD version I must have to play? Latest nightly?
:arrow: Are all servers going to support this?
User avatar
lucaspiller
Tycoon
Tycoon
Posts: 1228
Joined: 18 Apr 2004 20:27

Post by lucaspiller »

PayableOnDeath wrote:for this to work server side I just download the binary and then run the server as normal with -D ( think its -D) only started setting up a server n playing MP this morning lol :)
Yep, and add the stuff into the config file - you don't need to add a username or password if you are just starting a server.
MeusH wrote: :arrow: Do I need to download this if I just want to play (is it server side only)?
If you want to play on any servers with the system then yes, the server and client code is slightly modified. If not just download a nightly.
MeusH wrote: :arrow: Whan OTTD version I must have to play? Latest nightly?
The version above at the moment, because it is not yet in the SVN tree.
MeusH wrote: :arrow: Are all servers going to support this?
If it gets accepted into the SVN tree. :D

I am still thinking of some good ideas to use for the warning / banning system. If anyone has any post 'em here.

I was thinking of an Ebay style feedback system where people rank you good or bad, but I need a way to encourage users to leave good feedback for good players- trust me, nobody will do it unless they have good reason (the good of the comunity isn't good enough). An outright banning system wouldn't be very good because I would have 1000s of complaints from people who don't think they should be banned. Maybe something so that their ranking is based upon how they rank other players. Another idea could be a Halo 2 level type thing, but the only way I could think of this working could easily be faked.
No longer active here, but you can still reach me via email: luca[at]stackednotion[dot]com
User avatar
Sionide
Director
Director
Posts: 523
Joined: 10 Oct 2004 10:54
Location: England
Contact:

Post by Sionide »

I like the AIM-style Warn system the best. It's the best form of self-moderation I've seen in a long while. If enough users warn another, he gets kicked... I was thinking a 50% majority or something?
...Synthetic Intelligent Organism Normally for Infiltration and Dangerous Exploration...
...sionide.net...
xyfor
Engineer
Engineer
Posts: 4
Joined: 03 May 2004 18:46
Location: Norway
Contact:

Post by xyfor »

I have to say. I am somewhat worried about this. Bringing OTTD multiplayer to this level is a BIG! step. Have some experience running different game-servers, common is that there will be lots of ppl calling other ppl lamers, so a ranking system would be very hard to work, as there would be lots of unnessessary complaints.
But all this aside. A great system (in my head), but needs some sort of validating complaints?
btw! ALL HAIL TO Luca Spiller
------=====**/XYFOR\**=====------
User avatar
lucaspiller
Tycoon
Tycoon
Posts: 1228
Joined: 18 Apr 2004 20:27

Post by lucaspiller »

Sionide wrote:I like the AIM-style Warn system the best. It's the best form of self-moderation I've seen in a long while. If enough users warn another, he gets kicked... I was thinking a 50% majority or something?
I am not familiar with the AIM system, but I highly doubt 50% of users would warn someone - it would have to be a fixed number around 10 maybe?
xyfor wrote: A great system (in my head), but needs some sort of validating complaints?
Thats the problem that is facing me, the system needs to encourage users to report abusers and to also reward good people.
No longer active here, but you can still reach me via email: luca[at]stackednotion[dot]com
User avatar
LKRaider
Transport Coordinator
Transport Coordinator
Posts: 360
Joined: 23 Mar 2005 04:05
Location: Brasil
Contact:

Post by LKRaider »

Maybe you could distribute delicious butter cookies to the people that make good reports. No one can resist that! :P


And I think that by 50% he meant of the people in the current game... right? 10 people in a single game is quite impossible yet, I believe.
User avatar
Villem
Tycoon
Tycoon
Posts: 3310
Joined: 28 Aug 2003 09:38

Post by Villem »

Should i register myself even if i don't play on servers with this yeat?
[edit]nevermind, i registered anyways and downloaded the binary..no servers with this yeat though
Welshwonder
Engineer
Engineer
Posts: 8
Joined: 17 Feb 2005 18:01

patch

Post by Welshwonder »

how do you merge the patch into OTTD? im not too good with computers so try keep it simple
Im Longing For Your Touch, And I Welcome Your Sweet 666 In My Heart
PayableOnDeath
Engineer
Engineer
Posts: 27
Joined: 18 Apr 2005 13:42

Post by PayableOnDeath »

Akalamanaia wrote:Should i register myself even if i don't play on servers with this yeat?
[edit]nevermind, i registered anyways and downloaded the binary..no servers with this yeat though
cant get Dedi server working keeps crashing :(


Image

any ideas?
User avatar
lucaspiller
Tycoon
Tycoon
Posts: 1228
Joined: 18 Apr 2004 20:27

Post by lucaspiller »

LKRaider: The cookies idea could work... I think postage costs may be a bit OTT though. I don't think 50% of people would really work, because if its just you and a cheater playing KABOOM! you are banned.

Akalamanaia: If you don't want to play on servers with this there is no point in reading this thread, let alone registering. :P

Welshwonder:Checkout the Development / SVN FAQ on the wiki.

PayableOnDeath: Errrrr..... My patch does not change any of the news code, so I dunno why you are getting that. Can you reproduce it with any other versions of the game (i.e. nightlies) and can anyone else reproduce it? According to SVN (see this) the last change to that file was before the version above (r2206m) was released; so the bug should still be there.
No longer active here, but you can still reach me via email: luca[at]stackednotion[dot]com
User avatar
Darkvater
Tycoon
Tycoon
Posts: 3053
Joined: 24 Feb 2003 18:45
Location: Hong Kong

Post by Darkvater »

PayableOnDeath wrote:
Akalamanaia wrote:Should i register myself even if i don't play on servers with this yeat?
[edit]nevermind, i registered anyways and downloaded the binary..no servers with this yeat though
cant get Dedi server working keeps crashing :(


Image

any ideas?
This should not happen, can you send me your openttd.cfg? After you sent it, change the 'news_display_opt' line to 0. But only after!
TrueLight: "Did you bother to read any of the replies, or you just pressed 'Reply' and started typing?"
<@[R-Dk]FoRbiDDeN> "HELP, this litte arrow thing keeps following my mouse, and I can't make it go away."
PayableOnDeath
Engineer
Engineer
Posts: 27
Joined: 18 Apr 2005 13:42

Post by PayableOnDeath »

OpenTTD 0.3.6 works ok but crashed about onces a day
and
the nightlies seem to work ok will find out later
Post Reply

Return to “General OpenTTD”

Who is online

Users browsing this forum: No registered users and 6 guests