Page 1 of 2
OpenTTD Login System [Now with binaries]
Posted: 14 Apr 2005 21:44
by lucaspiller
I promissed it, so here it is! A centeral authentication login system thingy-ma-bob for OpenTTD.
How it works
Here is what happens when a user tries to connect to a game server:
- The client sends a request to the login server with their username and password. Originally I was hoping to send the password encyrpted but I cannot figure out how to use the md5 stuff built into OpenTTD.
- The login server checks this version against the encrypted version in the database. If the password is wrong or there is an incorrect username it sends an error message, otherwise it sends a key.
- The client sends a request to the game server with its key at the end of a packet requesting to join. It doesn't check whether the server supports the system or not, because if it doesn't it will just ignore it. Also the client doesn't check the result from the login server to make sure it has actually got a key - but you won't get in if you ain't.
- The game server then sends a request to the login server with the users name and key. It will then be processed and returned whether it is correct or not. This was a potential for a security flaw, they have your key so they don't need your password to request a new one, so whenever your key is verified as correct a new one (that isn't given out) is generated. The server then lets the client in, or sends it an error message.
- If the client is let in then that is it and it continues on its long journey. If it wasn't though that isn't quite it. Have a think about it, somebody could write a program that pretends to be the server but just nicks your key. So if the client isn't allowed in, then a new key is requested.
How to get it going
1) Download the patch below, and merge it against your copy of the code.
2) Compile your fantastic new copy.
or
1 + 2) Download a binary below.
3) Visit
http://www.tom-h.com/~ysflight/ottd/ and register, then verify your email address by clicking the link.
4) Open up openttd.cfg for editing and add / modify these values in the [network] section:
Code: Select all
player_name - <The user name you just registered>
player_pass - <The password you just registered>
login_url = http://www.tom-h.com/~ysflight/ottd/
login_server = www.tom-h.com
login_enabled = true
If you are just running a dedicated server you do not need to register or enter a username / password.
5) Fire up and enjoy!
Other features
(More soon)
- You should be able to connect to servers of the same revision (including the m bit) without the patch
- Users can be banned by putting their username into the banning section of openttd.cfg - as they cannot change their username now they will not be able to get back in
Known bugs
(Probably more soon)
- Users without the patch do not see any information about your server in the list
Coming soon
- Central banning system
- Feedback system
Updates
14th Feb 05 - First version
15th Feb 05 - Updates to backend, you need to verify your address to get in and security fixes
16th Feb 05 - Typo fixes / registrations work (cheers Owen) and binaries
Binaries
Windows:
OTTD-win32-r2206m.zip
Linux:
OTTD-linux-r2206m.tar.bz2
Posted: 14 Apr 2005 21:55
by Born Acorn
wow
If this was developed more and put into the trunk, and had an ingame registration, it would be amazing! It would finally put an end to the jerks who ruin MP games
Posted: 14 Apr 2005 22:03
by markr
I suggested this about a week ago.
I'd be interested to see how you did it, how it works (I may look at the patch later).
Anyway, I agree that you need in-game registration. People shouldn't have to use a web browser to register.
People also should not have to edit the configs manually under normal circumstances.
I assume that this patch also stops the passwords being sent to the openttd servers, instead using some sort of temporary session ID which is checked with the auth server. This was my main concern, about spoofed servers being used to obtain players' passwords.
Cheers
Mark
Posted: 14 Apr 2005 23:08
by Born Acorn
maybe in future Games stay hosted by the master server so if the hoster leaves the game stays open. ALso it should be possible to choose a saved password in account settings or similar and it be automatically applied to every game you are in
Posted: 15 Apr 2005 06:09
by lucaspiller
In game registration is planned, but for now it was easier just to setup a site. Also it is PHP based, so that made it easier.
markr wrote:
I assume that this patch also stops the passwords being sent to the openttd servers, instead using some sort of temporary session ID which is checked with the auth server. This was my main concern, about spoofed servers being used to obtain players' passwords.
[See "How it works" above]
How's that for an explanation at 7 in the morning?
Also if you want to ban users for now, just add their username to the banlist normally.
Posted: 15 Apr 2005 20:34
by orudge
Typo alert in your registration script!
Fatal error: Call to undefined function: addslahes() in
/home/ysflight/public_html/ottd/register.php on line
36
Sounds good, otherwise!
Posted: 16 Apr 2005 08:34
by lucaspiller
I added that last night and didn't do much testing, so I expected there to be some bugs. Cheers Owen.
I was hoping to do a bit more last night but we had a damn power cut.
Also I am afraid I won't be able to put any Windows binaries up because whenever I try and cross compile it Zlib ends up messing up. It can read and save its own savegames, and other versions can read its savegames, but it cannot read other versions save games.
The error is "Load game: inflate() failed", just in case anyone has an idea - both versions were compiled with the same version of zlib so I cannot understand what the problem is.
I probably won't be able to get much done over the coming week because I have loads of coursework to do, 3 pieces due in Wednesday, all of which I have barely started.
EDIT: OK fixed the problem now, appears to be something with linking zlib statically. Windows binary eta <10 mins.
EDIT #2: Binaries up now, I have also put a server up "Login_Test" (it may not work due to port forwarding being wrong so post here if so).
Posted: 18 Apr 2005 15:04
by PayableOnDeath
Hi
for this to work server side I just download the binary and then run the server as normal with -D ( think its -D) only started setting up a server n playing MP this morning lol
I love the MP in OTTD when me n a mate had TTD we tryed playing together but the modems didnt seem to pick up n connect to play
oh well glad to see we have go thou all that again lol
hope to see some of you on a server sometime
Posted: 18 Apr 2005 18:18
by MeusH
Some questions:
Do I need to download this if I just want to play (is it server side only)?
Whan OTTD version I must have to play? Latest nightly?
Are all servers going to support this?
Posted: 19 Apr 2005 19:08
by lucaspiller
PayableOnDeath wrote:for this to work server side I just download the binary and then run the server as normal with -D ( think its -D) only started setting up a server n playing MP this morning lol
Yep, and add the stuff into the config file - you don't need to add a username or password if you are just starting a server.
MeusH wrote: Do I need to download this if I just want to play (is it server side only)?
If you want to play on any servers with the system then yes, the server and client code is slightly modified. If not just download a nightly.
MeusH wrote: Whan OTTD version I must have to play? Latest nightly?
The version above at the moment, because it is not yet in the SVN tree.
MeusH wrote: Are all servers going to support this?
If it gets accepted into the SVN tree.
I am still thinking of some good ideas to use for the warning / banning system. If anyone has any post 'em here.
I was thinking of an Ebay style feedback system where people rank you good or bad, but I need a way to encourage users to leave good feedback for good players- trust me, nobody will do it unless they have good reason (the good of the comunity isn't good enough). An outright banning system wouldn't be very good because I would have 1000s of complaints from people who don't think they should be banned. Maybe something so that their ranking is based upon how they rank other players. Another idea could be a Halo 2 level type thing, but the only way I could think of this working could easily be faked.
Posted: 19 Apr 2005 19:17
by Sionide
I like the AIM-style Warn system the best. It's the best form of self-moderation I've seen in a long while. If enough users warn another, he gets kicked... I was thinking a 50% majority or something?
Posted: 19 Apr 2005 21:51
by xyfor
I have to say. I am somewhat worried about this. Bringing OTTD multiplayer to this level is a BIG! step. Have some experience running different game-servers, common is that there will be lots of ppl calling other ppl lamers, so a ranking system would be very hard to work, as there would be lots of unnessessary complaints.
But all this aside. A great system (in my head), but needs some sort of validating complaints?
btw! ALL HAIL TO Luca Spiller
Posted: 20 Apr 2005 18:51
by lucaspiller
Sionide wrote:I like the AIM-style Warn system the best. It's the best form of self-moderation I've seen in a long while. If enough users warn another, he gets kicked... I was thinking a 50% majority or something?
I am not familiar with the AIM system, but I highly doubt 50% of users would warn someone - it would have to be a fixed number around 10 maybe?
xyfor wrote: A great system (in my head), but needs some sort of validating complaints?
Thats the problem that is facing me, the system needs to encourage users to report abusers and to also reward good people.
Posted: 20 Apr 2005 19:06
by LKRaider
Maybe you could distribute delicious butter cookies to the people that make good reports. No one can resist that!
And I think that by 50% he meant of the people in the current game... right? 10 people in a single game is quite impossible yet, I believe.
Posted: 20 Apr 2005 19:23
by Villem
Should i register myself even if i don't play on servers with this yeat?
[edit]nevermind, i registered anyways and downloaded the binary..no servers with this yeat though
patch
Posted: 20 Apr 2005 20:29
by Welshwonder
how do you merge the patch into OTTD? im not too good with computers so try keep it simple
Posted: 20 Apr 2005 20:36
by PayableOnDeath
Akalamanaia wrote:Should i register myself even if i don't play on servers with this yeat?
[edit]nevermind, i registered anyways and downloaded the binary..no servers with this yeat though
cant get Dedi server working keeps crashing
any ideas?
Posted: 20 Apr 2005 20:47
by lucaspiller
LKRaider: The cookies idea could work... I think postage costs may be a bit OTT though. I don't think 50% of people would really work, because if its just you and a cheater playing KABOOM! you are banned.
Akalamanaia: If you don't want to play on servers with this there is no point in reading this thread, let alone registering.
Welshwonder:Checkout the
Development / SVN FAQ on the wiki.
PayableOnDeath: Errrrr..... My patch does not change any of the news code, so I dunno why you are getting that. Can you reproduce it with any other versions of the game (i.e. nightlies) and can anyone else reproduce it? According to SVN (see
this) the last change to that file was before the version above (r2206m) was released; so the bug should still be there.
Posted: 20 Apr 2005 21:15
by Darkvater
PayableOnDeath wrote:Akalamanaia wrote:Should i register myself even if i don't play on servers with this yeat?
[edit]nevermind, i registered anyways and downloaded the binary..no servers with this yeat though
cant get Dedi server working keeps crashing
any ideas?
This should not happen, can you send me your openttd.cfg? After you sent it, change the 'news_display_opt' line to 0. But only after!
Posted: 20 Apr 2005 21:22
by PayableOnDeath
OpenTTD 0.3.6 works ok but crashed about onces a day
and
the nightlies seem to work ok will find out later