How it works
Here is what happens when a user tries to connect to a game server:
- The client sends a request to the login server with their username and password. Originally I was hoping to send the password encyrpted but I cannot figure out how to use the md5 stuff built into OpenTTD.
- The login server checks this version against the encrypted version in the database. If the password is wrong or there is an incorrect username it sends an error message, otherwise it sends a key.
- The client sends a request to the game server with its key at the end of a packet requesting to join. It doesn't check whether the server supports the system or not, because if it doesn't it will just ignore it. Also the client doesn't check the result from the login server to make sure it has actually got a key - but you won't get in if you ain't.
- The game server then sends a request to the login server with the users name and key. It will then be processed and returned whether it is correct or not. This was a potential for a security flaw, they have your key so they don't need your password to request a new one, so whenever your key is verified as correct a new one (that isn't given out) is generated. The server then lets the client in, or sends it an error message.
- If the client is let in then that is it and it continues on its long journey. If it wasn't though that isn't quite it. Have a think about it, somebody could write a program that pretends to be the server but just nicks your key. So if the client isn't allowed in, then a new key is requested.
1) Download the patch below, and merge it against your copy of the code.
2) Compile your fantastic new copy.
1 + 2) Download a binary below.
3) Visit http://www.tom-h.com/~ysflight/ottd/ and register, then verify your email address by clicking the link.
4) Open up openttd.cfg for editing and add / modify these values in the [network] section:
Code: Select all
player_name - <The user name you just registered> player_pass - <The password you just registered> login_url = http://www.tom-h.com/~ysflight/ottd/ login_server = www.tom-h.com login_enabled = true
5) Fire up and enjoy!
- You should be able to connect to servers of the same revision (including the m bit) without the patch
- Users can be banned by putting their username into the banning section of openttd.cfg - as they cannot change their username now they will not be able to get back in
(Probably more soon)
- Users without the patch do not see any information about your server in the list
- Central banning system
- Feedback system
14th Feb 05 - First version
15th Feb 05 - Updates to backend, you need to verify your address to get in and security fixes
16th Feb 05 - Typo fixes / registrations work (cheers Owen) and binaries