All magazines I’ve read says FB is easy to hack. It’s only recent they get an https thing for account editing…
OpenWolf
But they don’t use URL(s) to insert data to database(s).
I could just insert some nonsense to URL request and cause database crashing.
[QUOTE=Indloon;392809]But they don’t use URL(s) to insert data to database(s).
I have nothing against PHP,but just saying…do not use URLs for data inserting :([/QUOTE]
The point is that the scipt is as safe as the programmer makes it. You can make ****ty scripts in PHP and Python.
Well It depends of how you actually are good and how you write PHP code. You cannot change address of master server unless you edit and (re)compile code. Only thing what you can do is to insert another PHP server (max 5). Engine is treating PHP master server as regular server.
This is one more example of OpenWolf<->PHP website integration. On shown pictures (provided two), you can see new download command.
Basic idea is that you can requesting maps from an online repository, where of course all maps would be uploaded and presented to client.
Client can query some PHP webpage from engine and request any map what is uploaded there (on online repo) with /download command. Depending on actually settings in game, it will be place downloaded files in MAIN folder (renamed ETMAIN) or mod folder.
In that way, at least on my opinion, it would be very simplified redistribution of new and improved maps and/or new files for mods (assets, new versions of mods …) common stuff. Because of second MOTD system provided PHP (engine is capable to query that info also and show client after downloading map) possibilities are endless. Just problem is how good are you PHP coder.
In ET before there was whole system based on FTP settings provided inside engine. So when client while connecting on server it is downloading all maps what are on pure list and mod related files. My approach to that is little different but basic idea is almost the same :).
Because of MySQL feature what I have added inside engine and now possibility that you can query PHP, I can move whole data to MySQL and enabled to be read in PHP
With that I can do some stuff like enabling console, scoreboard … like I said to be read from site
Example :
dushan, any word on adding stereoscopic support for those who play in 3D mode?
it shouldn’t be that hard to code it, as quake 3 already had a mod for this.
when you are used to play in 3D mode (like me), it is hard to go back to those fake 2D displays…
BTW, like I said, console is fully customize, so you can change that also So at least for me it isn’t real problem
This is working NQ inside OpenWolf. I have fixed mod compatibility with OpenWolf and in pictures is shown working NoQuarter 1.2.8. I have found some source on net what somebody uploaded so I based this work on that.
And ofc, you can see problems with missing textures,shaders
EDIT: Added one more photo
Just to share one more update about Newton Dynamics inside OpenWolf
Last time when I posted video and screenshots, it was problem because I have loaded other mod
Well, this is more improved version and I believe that now there will be problems
This is my latest work at this moment.
I have little reorganized whole crash stuff and added possibility to report crash in case that happen. Client should on crash bug generate screenshot and console dump.
I am also working for UI stuff for reporting bug inside mod. User should in case that crash happend add little info -> mapname, mod, summary, description and steps to reproduce. In that way engine can report bug immediately on some matis services.
Perhaps a bit off-topic, but can you add make the game run in widescreen format, like 16:9 instead of 4:3?
Would matter a lot I think
I already have something Just dont know how it will run. I dont have widescreen monitor. What I have is simply engine read resolution of what client is using on desktop and set that in game
I know Source can detect the available resolution, maybe you can try to implement something which will analyse the graphic driver properties to see which res are available? Not sure it works this way though
Edit:
Or just two menus, one with 4/3 - 16/9 - 16/10, and the other with the related res, maybe with detection as said before
[QUOTE=Mateos;393361]
Or just two menus, one with 4/3 - 16/9 - 16/10, and the other with the related res, maybe with detection as said before :)[/QUOTE]
Don’t know how that could be done with two menus. Must investigate and ofc must see what can be done there. I hate game logic (cgame, qagame and ui)
Just to return on crash report. Engine maintainer if crash happens and whole application is attached he will get new message box where he can choose does he want really to debug application or to create crash dump.
If he decide to create crash dump, his files will be located in Users(username)\My Documents\OpenWolf\Bugs folder. Inside that folder he will get 5 files (dump0000.build, dump0000.con, dump0000.dmp, dump0000.include, and dump0000.info). Like its shown in picture.
What is most important and he should know is that
dump0000.con file is console dump
dump0000.include is list of include files on time when crash actually happened
dump000.dmp is crash dump file. File what need to be loaded into Visual Studio.
When you select at the top of System a level of graphic quality, you’ve automatically other settings switching. And if you tweak one, it goes “Custom”: maybe start on this basis but with restriction about the list? Like if ResRatio = 0 (For 4/3), just display renders r_mode 1/2/3 etc (The 4/3 ones)?
OK I believe its time to share something with community and others
Index: server.h
===================================================================
--- server.h (revision 1)
+++ server.h (working copy)
@@ -241,6 +241,15 @@
qboolean connected;
} challenge_t;
+typedef struct {
+ netadr_t adr;
+ int time;
+} receipt_t;
+
+// MAX_INFO_RECEIPTS is the maximum number of getstatus+getinfo responses that we send
+// in a two second time period.
+#define MAX_INFO_RECEIPTS 48
+
typedef struct tempBan_s {
netadr_t adr;
int endtime;
@@ -267,6 +276,7 @@
entityState_t *snapshotEntities; // [numSnapshotEntities]
int nextHeartbeatTime;
challenge_t challenges[MAX_CHALLENGES]; // to prevent invalid IPs from connecting
+ receipt_t infoReceipts[MAX_INFO_RECEIPTS];
netadr_t redirectAddress; // for rcon return messages
tempBan_t tempBanAddresses[MAX_TEMPBAN_ADDRESSES];
Index: sv_main.c
===================================================================
--- sv_main.c (revision 1)
+++ sv_main.c (working copy)
@@ -643,6 +643,97 @@
/*
===============
+SV_CheckDRDoS
+
+DRDoS stands for "Distributed Reflected Denial of Service".
+See here: http://www.lemuria.org/security/application-drdos.html
+
+Returns qfalse if we're good. qtrue return value means we need to block.
+If the address isn't NA_IP, it's automatically denied.
+===============
+*/
+qboolean SV_CheckDRDoS(netadr_t from)
+{
+ int i;
+ int globalCount;
+ int specificCount;
+ receipt_t *receipt;
+ netadr_t exactFrom;
+ int oldest;
+ int oldestTime;
+ static int lastGlobalLogTime = 0;
+ static int lastSpecificLogTime = 0;
+
+ // Usually the network is smart enough to not allow incoming UDP packets
+ // with a source address being a spoofed LAN address. Even if that's not
+ // the case, sending packets to other hosts in the LAN is not a big deal.
+ // NA_LOOPBACK qualifies as a LAN address.
+ if (Sys_IsLANAddress(from)) {
+ return qfalse;
+ }
+
+ exactFrom = from;
+
+ if (from.type == NA_IP) {
+ from.ip[3] = 0; // xx.xx.xx.0
+ } else {
+ // So we got a connectionless packet but it's not IPv4, so
+ // what is it? I don't care, it doesn't matter, we'll just block it.
+ // This probably won't even happen.
+ return qtrue;
+ }
+
+ // Count receipts in last 2 seconds.
+ globalCount = 0;
+ specificCount = 0;
+ receipt = &svs.infoReceipts[0];
+ oldest = 0;
+ oldestTime = 0x7fffffff;
+ for (i = 0; i < MAX_INFO_RECEIPTS; i++, receipt++) {
+ if (receipt->time + 2000 > svs.time) {
+ if (receipt->time) {
+ // When the server starts, all receipt times are at zero. Furthermore,
+ // svs.time is close to zero. We check that the receipt time is already
+ // set so that during the first two seconds after server starts, queries
+ // from the master servers don't get ignored. As a consequence a potentially
+ // unlimited number of getinfo+getstatus responses may be sent during the
+ // first frame of a server's life.
+ globalCount++;
+ }
+ if (NET_CompareBaseAdr(from, receipt->adr)) {
+ specificCount++;
+ }
+ }
+ if (receipt->time < oldestTime) {
+ oldestTime = receipt->time;
+ oldest = i;
+ }
+ }
+
+ if (globalCount == MAX_INFO_RECEIPTS) { // All receipts happened in last 2 seconds.
+ if (lastGlobalLogTime + 1000 <= svs.time){ // Limit one log every second.
+ Com_Printf("Detected flood of getinfo/getstatus connectionless packets
");
+ lastGlobalLogTime = svs.time;
+ }
+ return qtrue;
+ }
+ if (specificCount >= 3) { // Already sent 3 to this IP in last 2 seconds.
+ if (lastSpecificLogTime + 1000 <= svs.time) { // Limit one log every second.
+ Com_Printf("Possible DRDoS attack to address %i.%i.%i.%i, ignoring getinfo/getstatus connectionless packet
",
+ exactFrom.ip[0], exactFrom.ip[1], exactFrom.ip[2], exactFrom.ip[3]);
+ lastSpecificLogTime = svs.time;
+ }
+ return qtrue;
+ }
+
+ receipt = &svs.infoReceipts[oldest];
+ receipt->adr = from;
+ receipt->time = svs.time;
+ return qfalse;
+}
+
+/*
+===============
SVC_RemoteCommand
An rcon packet arrived from the network.
@@ -748,8 +839,14 @@
Com_DPrintf( "SV packet %s : %s
", NET_AdrToString( from ), c );
if ( !Q_stricmp( c,"getstatus" ) ) {
+ if (SV_CheckDRDoS(from)) {
+ return;
+ }
SVC_Status( from );
} else if ( !Q_stricmp( c,"getinfo" ) ) {
+ if (SV_CheckDRDoS(from)) {
+ return;
+ }
SVC_Info( from );
} else if ( !Q_stricmp( c,"getchallenge" ) ) {
SV_GetChallenge( from );
2nd patch
And I believe that is it so far. You have fix for major bugs -> “getstatus”, “getinfo” and “userinfo”.
Index: server.h
===================================================================
--- server.h (revision 1)
+++ server.h (working copy)
@@ -190,6 +190,7 @@
{
clientState_t state;
char userinfo[MAX_INFO_STRING]; // name, etc
+ char userinfobuffer[MAX_INFO_STRING]; //used for buffering of user info
char reliableCommands[MAX_RELIABLE_COMMANDS][MAX_STRING_CHARS];
int reliableSequence; // last added reliable message, not necesarily sent or acknowledged yet
@@ -234,6 +235,7 @@
int deltaMessage; // frame last client usercmd message
int nextReliableTime; // svs.time when another reliable command will be allowed
+ int nextReliableUserTime; // svs.time when another userinfo change will be allowed
int lastPacketTime; // svs.time when packet was last received
int lastConnectTime; // svs.time when connection started
int nextSnapshotTime; // send another snapshot when svs.time >= nextSnapshotTime
@@ -492,6 +494,7 @@
void SV_ExecuteClientMessage(client_t * cl, msg_t * msg);
void SV_UserinfoChanged(client_t * cl);
+void SV_UpdateUserinfo_f(client_t * cl);
void SV_ClientEnterWorld(client_t * client, usercmd_t * cmd);
void SV_FreeClient(client_t *client);
@@ -523,6 +526,7 @@
void SV_SendMessageToClient(msg_t * msg, client_t * client);
void SV_SendClientMessages(void);
void SV_SendClientSnapshot(client_t * client);
+void SV_CheckClientUserinfoTimer( void );
//bani
void SV_SendClientIdle(client_t * client);
Index: sv_client.c
===================================================================
--- sv_client.c (revision 1)
+++ sv_client.c (working copy)
@@ -1747,8 +1747,16 @@
SV_UpdateUserinfo_f
==================
*/
-static void SV_UpdateUserinfo_f(client_t * cl)
+void SV_UpdateUserinfo_f(client_t * cl)
{
+ if ( (sv_floodProtect->integer) && (cl->state >= CS_ACTIVE) && (svs.time < cl->nextReliableUserTime) ) {
+ Q_strncpyz( cl->userinfobuffer, Cmd_Argv(1), sizeof(cl->userinfobuffer) );
+ SV_SendServerCommand(cl, "print \"^7Command ^1delayed^7 due to sv_floodprotect.\"");
+ return;
+ }
+ cl->userinfobuffer[0]=0;
+ cl->nextReliableUserTime = svs.time + 5000;
+
Q_strncpyz(cl->userinfo, Cmd_Argv(1), sizeof(cl->userinfo));
SV_UserinfoChanged(cl);
Index: sv_main.c
===================================================================
--- sv_main.c (revision 1)
+++ sv_main.c (working copy)
@@ -1487,6 +1487,9 @@
// check timeouts
SV_CheckTimeouts();
+ // check user info buffer thingy
+ SV_CheckClientUserinfoTimer();
+
// send messages back to the clients
SV_SendClientMessages();
Index: sv_snapshot.c
===================================================================
--- sv_snapshot.c (revision 67)
+++ sv_snapshot.c (working copy)
@@ -1139,3 +1139,23 @@
}
// -NERVE - SMF
}
+
+void SV_CheckClientUserinfoTimer( void ) {
+ int i;
+ client_t *cl;
+ char bigbuffer[ MAX_INFO_STRING * 2];
+
+ for (i=0, cl = svs.clients ; i < sv_maxclients->integer ; i++, cl++) {
+ if (!cl->state) {
+ continue; // not connected
+ }
+ if ( (sv_floodProtect->integer) && (svs.time >= cl->nextReliableUserTime) && (cl->state >= CS_ACTIVE) && (cl->userinfobuffer[0]!=0) ) {
+ //We have something in the buffer
+ //and its time to process it
+ sprintf(bigbuffer,"userinfo \"%s\"",cl->userinfobuffer);
+
+ Cmd_TokenizeString(bigbuffer);
+ SV_UpdateUserinfo_f(cl);
+ }
+ }
+}
\ No newline at end of file
[QUOTE=iDan;393140]Hi, I’ve got nothing to add to this but GOOD WORK.[/QUOTE]…
Sorry, but I don’t get your point, and I don’t want to troll or something like that. What you wanted to show here? You quoted post from your topic and posted here with “…” as add-on? I don’t see any logic inside your post except that you want to show that for me [because you used quote from your topic] “your” project is superior, and that you get more feedback. I might be wrong, so I would like to see your explanation about this. If I got this wrong, I am sorry. But in future you should post more details.
Hehe, you are a real Sherlock Holmes. Figuring all that out from 10 dots
But you are wrong, I just wanted to say the same thing iDan said: Hi, I’ve got nothing to add to this but GOOD WORK.
As for the dots - there is a 10 char minimum requirement for a post :-).