OpenWolf

All magazines I’ve read says FB is easy to hack. It’s only recent they get an https thing for account editing…

But they don’t use URL(s) to insert data to database(s).

I could just insert some nonsense to URL request and cause database crashing.

[QUOTE=Indloon;392809]But they don’t use URL(s) to insert data to database(s).

I have nothing against PHP,but just saying…do not use URLs for data inserting :([/QUOTE]

The point is that the scipt is as safe as the programmer makes it. You can make ****ty scripts in PHP and Python.

True.

But a good programmer can’t escape from exploits.

Well It depends of how you actually are good and how you write PHP code. You cannot change address of master server unless you edit and (re)compile code. Only thing what you can do is to insert another PHP server (max 5). Engine is treating PHP master server as regular server.

This is one more example of OpenWolf<->PHP website integration. On shown pictures (provided two), you can see new download command.

php download #1.jpg1051×810 82.9 KB

php download #2.jpg1039×802 83.7 KB

Basic idea is that you can requesting maps from an online repository, where of course all maps would be uploaded and presented to client.
Client can query some PHP webpage from engine and request any map what is uploaded there (on online repo) with /download command. Depending on actually settings in game, it will be place downloaded files in MAIN folder (renamed ETMAIN) or mod folder.
In that way, at least on my opinion, it would be very simplified redistribution of new and improved maps and/or new files for mods (assets, new versions of mods …) common stuff. Because of second MOTD system provided PHP (engine is capable to query that info also and show client after downloading map) possibilities are endless. Just problem is how good are you PHP coder.
In ET before there was whole system based on FTP settings provided inside engine. So when client while connecting on server it is downloading all maps what are on pure list and mod related files. My approach to that is little different but basic idea is almost the same :).
Because of MySQL feature what I have added inside engine and now possibility that you can query PHP, I can move whole data to MySQL and enabled to be read in PHP
With that I can do some stuff like enabling console, scoreboard … like I said to be read from site

Example :

localhost console.jpg1278×954 48.9 KB

dushan, any word on adding stereoscopic support for those who play in 3D mode?
it shouldn’t be that hard to code it, as quake 3 already had a mod for this.

when you are used to play in 3D mode (like me), it is hard to go back to those fake 2D displays…

BTW, new console is too transparent IMO.

BTW, like I said, console is fully customize, so you can change that also So at least for me it isn’t real problem

This is working NQ inside OpenWolf. I have fixed mod compatibility with OpenWolf and in pictures is shown working NoQuarter 1.2.8. I have found some source on net what somebody uploaded so I based this work on that.

OpenWolf NQ #1.jpg1120×869 73.9 KB

OpenWolf NQ #2.jpg1056×792 88.6 KB

And ofc, you can see problems with missing textures,shaders

EDIT: Added one more photo

OpenWolf NQ #3.jpg942×728 88.9 KB

Just to share one more update about Newton Dynamics inside OpenWolf

Last time when I posted video and screenshots, it was problem because I have loaded other mod
Well, this is more improved version and I believe that now there will be problems

OpenWolf_2012-02-09_231815_000.jpg1118×839 83.5 KB

OpenWolf_2012-02-10_003451_000.jpg1151×863 77.2 KB

newton picture.jpg1149×888 87.7 KB

ET Newton #1.jpg935×725 89.9 KB

ET Newton #2.jpg902×694 91.5 KB

This is my latest work at this moment.

I have little reorganized whole crash stuff and added possibility to report crash in case that happen. Client should on crash bug generate screenshot and console dump.

I am also working for UI stuff for reporting bug inside mod. User should in case that crash happend add little info -> mapname, mod, summary, description and steps to reproduce. In that way engine can report bug immediately on some matis services.

crash report utility.jpg1039×802 80.9 KB

OpenWolf bug report.jpg808×624 94.6 KB

Perhaps a bit off-topic, but can you add make the game run in widescreen format, like 16:9 instead of 4:3?

Would matter a lot I think

I already have something Just dont know how it will run. I dont have widescreen monitor. What I have is simply engine read resolution of what client is using on desktop and set that in game

I know Source can detect the available resolution, maybe you can try to implement something which will analyse the graphic driver properties to see which res are available? Not sure it works this way though

Edit:
Or just two menus, one with 4/3 - 16/9 - 16/10, and the other with the related res, maybe with detection as said before

[QUOTE=Mateos;393361]
Or just two menus, one with 4/3 - 16/9 - 16/10, and the other with the related res, maybe with detection as said before :)[/QUOTE]

Don’t know how that could be done with two menus. Must investigate and ofc must see what can be done there. I hate game logic (cgame, qagame and ui)

Just to return on crash report. Engine maintainer if crash happens and whole application is attached he will get new message box where he can choose does he want really to debug application or to create crash dump.

crash report #2.jpg866×670 93 KB

If he decide to create crash dump, his files will be located in Users(username)\My Documents\OpenWolf\Bugs folder. Inside that folder he will get 5 files (dump0000.build, dump0000.con, dump0000.dmp, dump0000.include, and dump0000.info). Like its shown in picture.

crash report #1.jpg1123×201 29 KB

What is most important and he should know is that

dump0000.con file is console dump
dump0000.include is list of include files on time when crash actually happened
dump000.dmp is crash dump file. File what need to be loaded into Visual Studio.

When you select at the top of System a level of graphic quality, you’ve automatically other settings switching. And if you tweak one, it goes “Custom”: maybe start on this basis but with restriction about the list? Like if ResRatio = 0 (For 4/3), just display renders r_mode 1/2/3 etc (The 4/3 ones)?

OK I believe its time to share something with community and others

Index: server.h
===================================================================
--- server.h	(revision 1)
+++ server.h	(working copy)
@@ -241,6 +241,15 @@
 	qboolean connected;
 } challenge_t;
 
+typedef struct {
+	netadr_t  adr;
+	int       time;
+} receipt_t;
+
+// MAX_INFO_RECEIPTS is the maximum number of getstatus+getinfo responses that we send
+// in a two second time period.
+#define MAX_INFO_RECEIPTS  48
+
 typedef struct tempBan_s {
 	netadr_t adr;
 	int endtime;
@@ -267,6 +276,7 @@
 	entityState_t   *snapshotEntities;      // [numSnapshotEntities]
 	int nextHeartbeatTime;
 	challenge_t challenges[MAX_CHALLENGES]; // to prevent invalid IPs from connecting
+	receipt_t infoReceipts[MAX_INFO_RECEIPTS];
 	netadr_t redirectAddress;               // for rcon return messages
 	tempBan_t tempBanAddresses[MAX_TEMPBAN_ADDRESSES];
 
Index: sv_main.c
===================================================================
--- sv_main.c	(revision 1)
+++ sv_main.c	(working copy)
@@ -643,6 +643,97 @@
 
 /*
 ===============
+SV_CheckDRDoS
+
+DRDoS stands for "Distributed Reflected Denial of Service".
+See here: http://www.lemuria.org/security/application-drdos.html
+
+Returns qfalse if we're good.  qtrue return value means we need to block.
+If the address isn't NA_IP, it's automatically denied.
+===============
+*/
+qboolean SV_CheckDRDoS(netadr_t from)
+{
+	int         i;
+	int         globalCount;
+	int         specificCount;
+	receipt_t  *receipt;
+	netadr_t    exactFrom;
+	int         oldest;
+	int         oldestTime;
+	static int  lastGlobalLogTime = 0;
+	static int  lastSpecificLogTime = 0;
+	
+	// Usually the network is smart enough to not allow incoming UDP packets
+	// with a source address being a spoofed LAN address.  Even if that's not
+	// the case, sending packets to other hosts in the LAN is not a big deal.
+	// NA_LOOPBACK qualifies as a LAN address.
+	if (Sys_IsLANAddress(from)) { 
+		return qfalse; 
+	}
+	
+	exactFrom = from;
+	
+	if (from.type == NA_IP) {
+		from.ip[3] = 0; // xx.xx.xx.0
+	} else {
+		// So we got a connectionless packet but it's not IPv4, so
+		// what is it?  I don't care, it doesn't matter, we'll just block it.
+		// This probably won't even happen.
+		return qtrue;
+	}
+	
+	// Count receipts in last 2 seconds.
+	globalCount = 0;
+	specificCount = 0;
+	receipt = &svs.infoReceipts[0];
+	oldest = 0;
+	oldestTime = 0x7fffffff;
+	for (i = 0; i < MAX_INFO_RECEIPTS; i++, receipt++) {
+		if (receipt->time + 2000 > svs.time) {
+			if (receipt->time) {
+				// When the server starts, all receipt times are at zero.  Furthermore,
+				// svs.time is close to zero.  We check that the receipt time is already
+				// set so that during the first two seconds after server starts, queries
+				// from the master servers don't get ignored.  As a consequence a potentially
+				// unlimited number of getinfo+getstatus responses may be sent during the
+				// first frame of a server's life.
+				globalCount++;
+			}
+			if (NET_CompareBaseAdr(from, receipt->adr)) {
+				specificCount++;
+			}
+		}
+		if (receipt->time < oldestTime) {
+			oldestTime = receipt->time;
+			oldest = i;
+		}
+	}
+	
+	if (globalCount == MAX_INFO_RECEIPTS) { // All receipts happened in last 2 seconds.
+		if (lastGlobalLogTime + 1000 <= svs.time){ // Limit one log every second.
+			Com_Printf("Detected flood of getinfo/getstatus connectionless packets
");
+			lastGlobalLogTime = svs.time;
+		}
+		return qtrue;
+	}
+	if (specificCount >= 3) { // Already sent 3 to this IP in last 2 seconds.
+		if (lastSpecificLogTime + 1000 <= svs.time) { // Limit one log every second.
+			Com_Printf("Possible DRDoS attack to address %i.%i.%i.%i, ignoring getinfo/getstatus connectionless packet
",
+				exactFrom.ip[0], exactFrom.ip[1], exactFrom.ip[2], exactFrom.ip[3]);
+			lastSpecificLogTime = svs.time;
+		}
+	return qtrue;		
+	}
+	
+	receipt = &svs.infoReceipts[oldest];
+	receipt->adr = from;
+	receipt->time = svs.time;
+	return qfalse;
+}
+
+/*
+===============
 SVC_RemoteCommand
 
 An rcon packet arrived from the network.
@@ -748,8 +839,14 @@
 	Com_DPrintf( "SV packet %s : %s
", NET_AdrToString( from ), c );
 
 	if ( !Q_stricmp( c,"getstatus" ) ) {
+		if (SV_CheckDRDoS(from)) {
+			return; 
+		}
 		SVC_Status( from  );
 	} else if ( !Q_stricmp( c,"getinfo" ) ) {
+		if (SV_CheckDRDoS(from)) {
+			return;
+		}
 		SVC_Info( from );
 	} else if ( !Q_stricmp( c,"getchallenge" ) ) {
 		SV_GetChallenge( from );

2nd patch
And I believe that is it so far. You have fix for major bugs -> “getstatus”, “getinfo” and “userinfo”.

Index: server.h
===================================================================
--- server.h	(revision 1)
+++ server.h	(working copy)
@@ -190,6 +190,7 @@
 {
 	clientState_t   state;
 	char            userinfo[MAX_INFO_STRING];	// name, etc
+	char		userinfobuffer[MAX_INFO_STRING]; //used for buffering of user info
 
 	char            reliableCommands[MAX_RELIABLE_COMMANDS][MAX_STRING_CHARS];
 	int             reliableSequence;	// last added reliable message, not necesarily sent or acknowledged yet
@@ -234,6 +235,7 @@
 
 	int             deltaMessage;	// frame last client usercmd message
 	int             nextReliableTime;	// svs.time when another reliable command will be allowed
+	int		nextReliableUserTime; // svs.time when another userinfo change will be allowed
 	int             lastPacketTime;	// svs.time when packet was last received
 	int             lastConnectTime;	// svs.time when connection started
 	int             nextSnapshotTime;	// send another snapshot when svs.time >= nextSnapshotTime
@@ -492,6 +494,7 @@
 
 void            SV_ExecuteClientMessage(client_t * cl, msg_t * msg);
 void            SV_UserinfoChanged(client_t * cl);
+void            SV_UpdateUserinfo_f(client_t * cl);
 
 void            SV_ClientEnterWorld(client_t * client, usercmd_t * cmd);
 void            SV_FreeClient(client_t *client);
@@ -523,6 +526,7 @@
 void            SV_SendMessageToClient(msg_t * msg, client_t * client);
 void            SV_SendClientMessages(void);
 void            SV_SendClientSnapshot(client_t * client);
+void            SV_CheckClientUserinfoTimer( void );
 
 //bani
 void            SV_SendClientIdle(client_t * client);
Index: sv_client.c
===================================================================
--- sv_client.c	(revision 1)
+++ sv_client.c	(working copy)
@@ -1747,8 +1747,16 @@
 SV_UpdateUserinfo_f
 ==================
 */
-static void SV_UpdateUserinfo_f(client_t * cl)
+void SV_UpdateUserinfo_f(client_t * cl)
 {
+	if ( (sv_floodProtect->integer) && (cl->state >= CS_ACTIVE) && (svs.time < cl->nextReliableUserTime) ) {
+		Q_strncpyz( cl->userinfobuffer, Cmd_Argv(1), sizeof(cl->userinfobuffer) );
+		SV_SendServerCommand(cl, "print \"^7Command ^1delayed^7 due to sv_floodprotect.\"");
+		return;
+	}
+	cl->userinfobuffer[0]=0;
+	cl->nextReliableUserTime = svs.time + 5000;
+
 	Q_strncpyz(cl->userinfo, Cmd_Argv(1), sizeof(cl->userinfo));
 
 	SV_UserinfoChanged(cl);
Index: sv_main.c
===================================================================
--- sv_main.c	(revision 1)
+++ sv_main.c	(working copy)
@@ -1487,6 +1487,9 @@
 	// check timeouts
 	SV_CheckTimeouts();
 
+	// check user info buffer thingy
+	SV_CheckClientUserinfoTimer();
+
 	// send messages back to the clients
 	SV_SendClientMessages();
 
Index: sv_snapshot.c
===================================================================
--- sv_snapshot.c	(revision 67)
+++ sv_snapshot.c	(working copy)
@@ -1139,3 +1139,23 @@
 	}
 	// -NERVE - SMF
 }
+
+void SV_CheckClientUserinfoTimer( void ) {
+	int			i;
+	client_t	*cl;
+	char bigbuffer[ MAX_INFO_STRING * 2];
+
+	for (i=0, cl = svs.clients ; i < sv_maxclients->integer ; i++, cl++) {
+		if (!cl->state) {
+			continue; // not connected
+		}
+		if ( (sv_floodProtect->integer) && (svs.time >= cl->nextReliableUserTime) && (cl->state >= CS_ACTIVE) && (cl->userinfobuffer[0]!=0) )  {
+			//We have something in the buffer
+			//and its time to process it
+			sprintf(bigbuffer,"userinfo \"%s\"",cl->userinfobuffer);
+			
+			Cmd_TokenizeString(bigbuffer);
+			SV_UpdateUserinfo_f(cl);
+		}
+	}
+}
\ No newline at end of file

[QUOTE=iDan;393140]Hi, I’ve got nothing to add to this but GOOD WORK.[/QUOTE]…

Sorry, but I don’t get your point, and I don’t want to troll or something like that. What you wanted to show here? You quoted post from your topic and posted here with “…” as add-on? I don’t see any logic inside your post except that you want to show that for me [because you used quote from your topic] “your” project is superior, and that you get more feedback. I might be wrong, so I would like to see your explanation about this. If I got this wrong, I am sorry. But in future you should post more details.

Hehe, you are a real Sherlock Holmes. Figuring all that out from 10 dots

But you are wrong, I just wanted to say the same thing iDan said: Hi, I’ve got nothing to add to this but GOOD WORK.

As for the dots - there is a 10 char minimum requirement for a post :-).