ET Lua Login System

Hi, I’d like to learn how I can create something that will work with ET via lua scripting.

Ok, This is a project I would like to try out
Simply Put:

You sign up at the website aka the database
You get a id number or guid or whatever
You go to the server running your lua script
Login, And Play! (Meaning you have to login to be able to play on the server) So if banned you can’t play!

What to get out of it: IP, GUID HARDWARE NUMBER, PLAYER STATS, SERVER TRACKING?

Things thinking about: Client online can use his hardware number once per account, to stop access of cheaters creating multiple accounts, Clients cannot join teams without logging in,

My question is? I know somewhat linking a login to a database via lua is possible but how would you link it to an online database by a site sign up? Like many of the AC clients do -

Let me know if you guys can help me understand how to do it or can by any chance help with this project!

I don’t know much about it from experience, but from googling I don’t think you’re able to get the hardware number through lua. Here is the stuff you can get from a client (if I understand it right): http://wolfwiki.anime.net/index.php/Userinfo

So you need a database probably mysql or postgresql. You can connect to the databse from your website and from the gameserver. If you look for some webhosts, most of the time they offer a package that includes a certain amount of databases and they aren’t hard to set up. You’ll need some kind of CMS on your website to create users or make something yourself.

So then you have a website and you can create users. Then you need to connect to the database from the server through lua. Once you’ve decided on the database you want to use you can google something like: “mysql lua connect” or tutorials. So you set up a connection to your DB with lua and then can make some login system.

The biggest problem is what happens when somebody joins your server and they’re not in your DB? From your explanation you ban them, but then how do you ever find new players. It sounds like an interesting project to learn from, but I don’t think you’ll be able to increase security without making it hard for new players to join the system.

FYI you won’t need to spend a dime to try this out. You can run everything you need on your computer. I recently tried XAMP: http://www.apachefriends.org/en/xampp.html which allows you to easily set up a webserver & DB system on your computer. Lua you can find by googling and setting up a server isn’t too hard either. All it takes is time and dedication, but sounds like a cool project you could learn a lot from.

Thanks man! Will check this out and about the player thing, we won’t ban them and it will have more to this Just creating the background stuff of the client aka this lua database, the rest will be added after the base is setup

But heloo?!

An admin should be nice and generous

Do you want players at all, lol?

Ive been kicked once, i played on a server with friendly fire and, oops 6 teamkills,
The server kicked me and i connected again and said sorry and the admins said youre elcome

So why are you kick so many?!?!
Be friendly instead, and play

Banning random people will make the game boring and then the game will die…

for me it seem to be a system to get more web users :), better off not doing this… you will sit with no players
as oveove says… be nice and you have players…

It would be interesting to see how to code this; As stated above, general behaviour will be players going somewhere else to directly play

Basically a whitelisted server, right?

Simple. You have a website and a database. You create an account on the website and when you log in you receive an ID. You use this ID ingame (for example /setu randomid thisIsTheIDYouReceivedFromTheWebpage). On client connect server checks if client has an ID and it matches one in the database. If it matches one -> accept, else kick.

You can do like IRC’s registrations.
You let the player enter the server but you force him to stay in spec until he do
something like !register username=ododo, email=ododo@something.com
You can kick him if he is not registered after 5minutes for example.
He can join the server and can ask admin for help, it is more fun and you still have him in your database.

Hi!

Disturbers can fake Names, they can change of GUID (already included in some cheats), IP (generally not fixed) / Country, Mac Address… Some cheats have also some special Unban features…

A disturber can register, grab guid and identity of your players and disturb to make you kick/ban your own players that have done nothing bad

I am sorry but this is fact… you risk to ban good players that are honest players

But I like what you speak about, I have already thinked about some possibilities… rest to see if it is not a lot of work… all depend if you want to learn & love coding OR if you already have a lot of players

getplayerguid = string.upper(et.Info_ValueForKey( et.trap_GetUserinfo( CLIENTSLOTNUMBER ), "cl_guid" ))

getplayerip = et.Info_ValueForKey( et.trap_GetUserinfo( CLIENTSLOTNUMBER ), "ip" )

Think you guys make to much hazzle out of it, There will (sadly) always be cheaters.And whatever you do they will find a way around it.
And I am just afraid a more complex system will scare even more players off. Anyway the simplest way to do this would be to put password on server and to get the password they would have to register to your site…

Hi!

Password is for everyone… it is a problem because all the players are using the same password :o

To make that strategy to work, you need to be able to Track & Trace :

1. Let player register with email on your website

2. Furnish a personal password to player, example :
   74584546565464

3. Player just need to bind it on a key for example :
   /bind J password 74584546565464

4. As spectator each player can activate the password by pressing J Key & they can join game to play
   => Message : Personal Entry activated please push L key to join a Team

You can easily store who connect with what NAME, GUID, IP & Password

• store at connection to server
• store at activation
  => to compare if player try to change of name

& refuse player to join with no GUID > send a message : example install PunkBuster & GUID-ETKEY

• I just say that because I use something similar since more than 2,5 years…
  With that solution you can link who abuse, because : player email and password are linked. Easy to do

But… Without a good Anticheat software (not exist anymore) it is hard to catch new cheaters : when they play they look like a real player : they can use Humanized Cheats

Rest a Problem in all the cases : it do not exist anymore a real good updated anticheat.
To be clear : you cannot detect cheaters without an effective anticheat that no more exist
Only the very brutal cheaters or disturbers can be easily detected…

I hope it will help

Have Fun

So the password client-side is written in a non-encrypted text file and it is communicated through the game to the database? o.o

Why to the database ?
From Database to a file that could be used in LUA (the reverse is not important : mean other way not necessary).
New client added : update the file used in LUA (if no new client no reason to update the codes list)
example : you can use a cron Batch / Bash to update the file that contain the valid authorized code/password list that can be used in LUA

In that case Why to encrypt a password that is already a password ? Want to rewrite the C/C++ code of the game ?

If some have time to code : Feel free to develop some new game versions with encrypted protocol to prevent Game Hack / Cheats & other things like that. Good Idea : Just Do It
I have already spoken of possible encrypted protocol with Mods Makers for that… but nobody seem to have time for doing it…

• Feel free to rewrite a “new Punkbuster alternative” for doing that…

If system is well done and thinked : No problem in case of thief (they must be really motivated) & you can automatically send new codes to the client by emails…
*** Finally… Where is the problem ?

Example, For more than 90% of the Mutualized hosting : you connect with communication protocol that are sending passwords in clear with no encryption in the FTP Data Streams… Because they simply not propose it for free or it is not implemented…
It can be surprising you only use FTP encrypted connections … and in all the cases if you search so far… For sure : all can always be hacked.

I have waited the moment that someone will speak of that : I can see it coming a mile off haha
If someone do not like the ideas : simply Don’t do it

Yeah interesting remark But it bring nothing more that already exist

• Reality do not propose a better solution : the best solution is always the one of the best compromise

:stroggtapir:

Because it is unsecured ^^’

Without considering flooding the login command also.

You don’t really need to write it in a config file if you’re worried about non-encrypted text files containing passwords. Even if you didn’t there’s always a possibility of somebody eavesdropping your connection since ET doesn’t encrypt the data, but that’s not very likely.

It’s not a very simple task to make a very secure connection on top of ET’s unsecure connection. I don’t think it’s even necessary considering users can’t do that much with stolen credentials.

[QUOTE=Mateos;488646]Because it is unsecured ^^’

Without considering flooding the login command also.[/QUOTE]

You can easily add a flood protect system that only allows client to try to login once every x seconds.

@BigBear
I don’t know what server hosts you’ve been using but the ones I’ve used before provided SFTP access.
Oh and I believe we’ve had this discussion before: cheats only use data that every legit client gets. You can’t somehow force the server to sent random (normally inaccessible) data by modifying client. Encrypted connection wouldn’t prevent cheats from working.