(Mateos) #201

All magazines I’ve read says FB is easy to hack. It’s only recent they get an https thing for account editing…

(Indloon) #202

But they don’t use URL(s) to insert data to database(s).

I could just insert some nonsense to URL request and cause database crashing.

(lamps) #203

[QUOTE=Indloon;392809]But they don’t use URL(s) to insert data to database(s).

I have nothing against PHP,but just saying…do not use URLs for data inserting :([/QUOTE]

The point is that the scipt is as safe as the programmer makes it. You can make ****ty scripts in PHP and Python.

(Indloon) #204


But a good programmer can’t escape from exploits.

(Dushan) #205

Well :slight_smile: It depends of how you actually are good and how you write PHP code. You cannot change address of master server unless you edit and (re)compile code. Only thing what you can do is to insert another PHP server (max 5). Engine is treating PHP master server as regular server.

This is one more example of OpenWolf<->PHP website integration. On shown pictures (provided two), you can see new download command.

Basic idea is that you can requesting maps from an online repository, where of course all maps would be uploaded and presented to client.
Client can query some PHP webpage from engine and request any map what is uploaded there (on online repo) with /download command. Depending on actually settings in game, it will be place downloaded files in MAIN folder (renamed ETMAIN) or mod folder.
In that way, at least on my opinion, it would be very simplified redistribution of new and improved maps and/or new files for mods (assets, new versions of mods …) common stuff. Because of second MOTD system provided PHP (engine is capable to query that info also and show client after downloading map) possibilities are endless. Just problem is how good are you PHP coder.
In ET before there was whole system based on FTP settings provided inside engine. So when client while connecting on server it is downloading all maps what are on pure list and mod related files. My approach to that is little different but basic idea is almost the same :).
Because of MySQL feature what I have added inside engine and now possibility that you can query PHP, I can move whole data to MySQL and enabled to be read in PHP :slight_smile:
With that I can do some stuff like enabling console, scoreboard … like I said to be read from site :slight_smile:

Example :

(IndyJones) #206

dushan, any word on adding stereoscopic support for those who play in 3D mode?
it shouldn’t be that hard to code it, as quake 3 already had a mod for this.

when you are used to play in 3D mode (like me), it is hard to go back to those fake 2D displays… :stuck_out_tongue:

(Dragonji) #207

BTW, new console is too transparent IMO.

(Dushan) #208

BTW, like I said, console is fully customize, so you can change that also :slight_smile: So at least for me it isn’t real problem :stuck_out_tongue:

This is working NQ inside OpenWolf. I have fixed mod compatibility with OpenWolf and in pictures is shown working NoQuarter 1.2.8. I have found some source on net what somebody uploaded so I based this work on that.

And ofc, you can see problems with missing textures,shaders :slight_smile:

EDIT: Added one more photo

(Dushan) #209

Just to share one more update about Newton Dynamics inside OpenWolf

Last time when I posted video and screenshots, it was problem because I have loaded other mod :slight_smile:
Well, this is more improved version and I believe that now there will be problems :slight_smile:

(Dushan) #210

This is my latest work at this moment.

I have little reorganized whole crash stuff and added possibility to report crash in case that happen. Client should on crash bug generate screenshot and console dump.

I am also working for UI stuff for reporting bug inside mod. User should in case that crash happend add little info -> mapname, mod, summary, description and steps to reproduce. In that way engine can report bug immediately on some matis services.

(Shownie) #211

Perhaps a bit off-topic, but can you add make the game run in widescreen format, like 16:9 instead of 4:3?

Would matter a lot I think :slight_smile:

(Dushan) #212

I already have something :slight_smile: Just dont know how it will run. I dont have widescreen monitor. What I have is simply :slight_smile: engine read resolution of what client is using on desktop and set that in game :slight_smile:

(Mateos) #213

I know Source can detect the available resolution, maybe you can try to implement something which will analyse the graphic driver properties to see which res are available? Not sure it works this way though :confused:

Or just two menus, one with 4/3 - 16/9 - 16/10, and the other with the related res, maybe with detection as said before :slight_smile:

(Dushan) #214

Or just two menus, one with 4/3 - 16/9 - 16/10, and the other with the related res, maybe with detection as said before :)[/QUOTE]

Don’t know how that could be done with two menus. Must investigate and ofc must see what can be done there. I hate game logic (cgame, qagame and ui)

Just to return on crash report. Engine maintainer if crash happens and whole application is attached he will get new message box where he can choose does he want really to debug application or to create crash dump.

If he decide to create crash dump, his files will be located in Users(username)\My Documents\OpenWolf\Bugs folder. Inside that folder he will get 5 files (, dump0000.con, dump0000.dmp, dump0000.include, and Like its shown in picture.

What is most important and he should know is that

dump0000.con file is console dump
dump0000.include is list of include files on time when crash actually happened
dump000.dmp is crash dump file. File what need to be loaded into Visual Studio.

(Mateos) #215

When you select at the top of System a level of graphic quality, you’ve automatically other settings switching. And if you tweak one, it goes “Custom”: maybe start on this basis but with restriction about the list? Like if ResRatio = 0 (For 4/3), just display renders r_mode 1/2/3 etc (The 4/3 ones)?

(Dushan) #216

OK :slight_smile: I believe its time to share something with community and others :slight_smile:

Index: server.h
--- server.h	(revision 1)
+++ server.h	(working copy)
@@ -241,6 +241,15 @@
 	qboolean connected;
 } challenge_t;
+typedef struct {
+	netadr_t  adr;
+	int       time;
+} receipt_t;
+// MAX_INFO_RECEIPTS is the maximum number of getstatus+getinfo responses that we send
+// in a two second time period.
+#define MAX_INFO_RECEIPTS  48
 typedef struct tempBan_s {
 	netadr_t adr;
 	int endtime;
@@ -267,6 +276,7 @@
 	entityState_t   *snapshotEntities;      // [numSnapshotEntities]
 	int nextHeartbeatTime;
 	challenge_t challenges[MAX_CHALLENGES]; // to prevent invalid IPs from connecting
+	receipt_t infoReceipts[MAX_INFO_RECEIPTS];
 	netadr_t redirectAddress;               // for rcon return messages
 	tempBan_t tempBanAddresses[MAX_TEMPBAN_ADDRESSES];
Index: sv_main.c
--- sv_main.c	(revision 1)
+++ sv_main.c	(working copy)
@@ -643,6 +643,97 @@
+DRDoS stands for "Distributed Reflected Denial of Service".
+See here:
+Returns qfalse if we're good.  qtrue return value means we need to block.
+If the address isn't NA_IP, it's automatically denied.
+qboolean SV_CheckDRDoS(netadr_t from)
+	int         i;
+	int         globalCount;
+	int         specificCount;
+	receipt_t  *receipt;
+	netadr_t    exactFrom;
+	int         oldest;
+	int         oldestTime;
+	static int  lastGlobalLogTime = 0;
+	static int  lastSpecificLogTime = 0;
+	// Usually the network is smart enough to not allow incoming UDP packets
+	// with a source address being a spoofed LAN address.  Even if that's not
+	// the case, sending packets to other hosts in the LAN is not a big deal.
+	// NA_LOOPBACK qualifies as a LAN address.
+	if (Sys_IsLANAddress(from)) { 
+		return qfalse; 
+	}
+	exactFrom = from;
+	if (from.type == NA_IP) {
+		from.ip[3] = 0; // xx.xx.xx.0
+	} else {
+		// So we got a connectionless packet but it's not IPv4, so
+		// what is it?  I don't care, it doesn't matter, we'll just block it.
+		// This probably won't even happen.
+		return qtrue;
+	}
+	// Count receipts in last 2 seconds.
+	globalCount = 0;
+	specificCount = 0;
+	receipt = &svs.infoReceipts[0];
+	oldest = 0;
+	oldestTime = 0x7fffffff;
+	for (i = 0; i < MAX_INFO_RECEIPTS; i++, receipt++) {
+		if (receipt->time + 2000 > svs.time) {
+			if (receipt->time) {
+				// When the server starts, all receipt times are at zero.  Furthermore,
+				// svs.time is close to zero.  We check that the receipt time is already
+				// set so that during the first two seconds after server starts, queries
+				// from the master servers don't get ignored.  As a consequence a potentially
+				// unlimited number of getinfo+getstatus responses may be sent during the
+				// first frame of a server's life.
+				globalCount++;
+			}
+			if (NET_CompareBaseAdr(from, receipt->adr)) {
+				specificCount++;
+			}
+		}
+		if (receipt->time < oldestTime) {
+			oldestTime = receipt->time;
+			oldest = i;
+		}
+	}
+	if (globalCount == MAX_INFO_RECEIPTS) { // All receipts happened in last 2 seconds.
+		if (lastGlobalLogTime + 1000 <= svs.time){ // Limit one log every second.
+			Com_Printf("Detected flood of getinfo/getstatus connectionless packets
+			lastGlobalLogTime = svs.time;
+		}
+		return qtrue;
+	}
+	if (specificCount >= 3) { // Already sent 3 to this IP in last 2 seconds.
+		if (lastSpecificLogTime + 1000 <= svs.time) { // Limit one log every second.
+			Com_Printf("Possible DRDoS attack to address %i.%i.%i.%i, ignoring getinfo/getstatus connectionless packet
+				exactFrom.ip[0], exactFrom.ip[1], exactFrom.ip[2], exactFrom.ip[3]);
+			lastSpecificLogTime = svs.time;
+		}
+	return qtrue;		
+	}
+	receipt = &svs.infoReceipts[oldest];
+	receipt->adr = from;
+	receipt->time = svs.time;
+	return qfalse;
 An rcon packet arrived from the network.
@@ -748,8 +839,14 @@
 	Com_DPrintf( "SV packet %s : %s
", NET_AdrToString( from ), c );
 	if ( !Q_stricmp( c,"getstatus" ) ) {
+		if (SV_CheckDRDoS(from)) {
+			return; 
+		}
 		SVC_Status( from  );
 	} else if ( !Q_stricmp( c,"getinfo" ) ) {
+		if (SV_CheckDRDoS(from)) {
+			return;
+		}
 		SVC_Info( from );
 	} else if ( !Q_stricmp( c,"getchallenge" ) ) {
 		SV_GetChallenge( from );

(Dushan) #217

2nd patch :slight_smile:
And I believe that is it so far. You have fix for major bugs -> “getstatus”, “getinfo” and “userinfo”.

Index: server.h
--- server.h	(revision 1)
+++ server.h	(working copy)
@@ -190,6 +190,7 @@
 	clientState_t   state;
 	char            userinfo[MAX_INFO_STRING];	// name, etc
+	char		userinfobuffer[MAX_INFO_STRING]; //used for buffering of user info
 	char            reliableCommands[MAX_RELIABLE_COMMANDS][MAX_STRING_CHARS];
 	int             reliableSequence;	// last added reliable message, not necesarily sent or acknowledged yet
@@ -234,6 +235,7 @@
 	int             deltaMessage;	// frame last client usercmd message
 	int             nextReliableTime;	// svs.time when another reliable command will be allowed
+	int		nextReliableUserTime; // svs.time when another userinfo change will be allowed
 	int             lastPacketTime;	// svs.time when packet was last received
 	int             lastConnectTime;	// svs.time when connection started
 	int             nextSnapshotTime;	// send another snapshot when svs.time >= nextSnapshotTime
@@ -492,6 +494,7 @@
 void            SV_ExecuteClientMessage(client_t * cl, msg_t * msg);
 void            SV_UserinfoChanged(client_t * cl);
+void            SV_UpdateUserinfo_f(client_t * cl);
 void            SV_ClientEnterWorld(client_t * client, usercmd_t * cmd);
 void            SV_FreeClient(client_t *client);
@@ -523,6 +526,7 @@
 void            SV_SendMessageToClient(msg_t * msg, client_t * client);
 void            SV_SendClientMessages(void);
 void            SV_SendClientSnapshot(client_t * client);
+void            SV_CheckClientUserinfoTimer( void );
 void            SV_SendClientIdle(client_t * client);
Index: sv_client.c
--- sv_client.c	(revision 1)
+++ sv_client.c	(working copy)
@@ -1747,8 +1747,16 @@
-static void SV_UpdateUserinfo_f(client_t * cl)
+void SV_UpdateUserinfo_f(client_t * cl)
+	if ( (sv_floodProtect->integer) && (cl->state >= CS_ACTIVE) && (svs.time < cl->nextReliableUserTime) ) {
+		Q_strncpyz( cl->userinfobuffer, Cmd_Argv(1), sizeof(cl->userinfobuffer) );
+		SV_SendServerCommand(cl, "print \"^7Command ^1delayed^7 due to sv_floodprotect.\"");
+		return;
+	}
+	cl->userinfobuffer[0]=0;
+	cl->nextReliableUserTime = svs.time + 5000;
 	Q_strncpyz(cl->userinfo, Cmd_Argv(1), sizeof(cl->userinfo));
Index: sv_main.c
--- sv_main.c	(revision 1)
+++ sv_main.c	(working copy)
@@ -1487,6 +1487,9 @@
 	// check timeouts
+	// check user info buffer thingy
+	SV_CheckClientUserinfoTimer();
 	// send messages back to the clients
Index: sv_snapshot.c
--- sv_snapshot.c	(revision 67)
+++ sv_snapshot.c	(working copy)
@@ -1139,3 +1139,23 @@
 	// -NERVE - SMF
+void SV_CheckClientUserinfoTimer( void ) {
+	int			i;
+	client_t	*cl;
+	char bigbuffer[ MAX_INFO_STRING * 2];
+	for (i=0, cl = svs.clients ; i < sv_maxclients->integer ; i++, cl++) {
+		if (!cl->state) {
+			continue; // not connected
+		}
+		if ( (sv_floodProtect->integer) && (svs.time >= cl->nextReliableUserTime) && (cl->state >= CS_ACTIVE) && (cl->userinfobuffer[0]!=0) )  {
+			//We have something in the buffer
+			//and its time to process it
+			sprintf(bigbuffer,"userinfo \"%s\"",cl->userinfobuffer);
+			Cmd_TokenizeString(bigbuffer);
+			SV_UpdateUserinfo_f(cl);
+		}
+	}
\ No newline at end of file

(Radegast) #218

[QUOTE=iDan;393140]Hi, I’ve got nothing to add to this but GOOD WORK.[/QUOTE]…

(RazorKiller) #219

Sorry, but I don’t get your point, and I don’t want to troll or something like that. What you wanted to show here? You quoted post from your topic and posted here with “…” as add-on? I don’t see any logic inside your post except that you want to show that for me [because you used quote from your topic] “your” project is superior, and that you get more feedback. I might be wrong, so I would like to see your explanation about this. If I got this wrong, I am sorry. But in future you should post more details.

(Radegast) #220

Hehe, you are a real Sherlock Holmes. Figuring all that out from 10 dots

But you are wrong, I just wanted to say the same thing iDan said: Hi, I’ve got nothing to add to this but GOOD WORK.

As for the dots - there is a 10 char minimum requirement for a post :-).