Log-in verification on bots

[-0- D i o r -0-]

So people who are not members don't use the bots.

[ya bish]

I second this.

[-0- D i o r -0-]

I know in LG's olden days they had this. I'm not sure how easy it is to implement.

[323]

They had this before. Now it's broken, you can log into any old bots with any credentials lol. It was a great system though, extremely good. Got us more members too.

[Mota]

Yeah it would be good to gain get members to join.

[The Unintelligible]

Just ask GAMEchief or someone with admin access to the forum to do it. All you would need to do is create an API to validate the users and have the client send requests to said API. Simplest way to do this would be to use PHP or another server side language.

Something like this - https://gist.github.com/Protozoid/3702049

This is fundamentally what you're talking about, just made in Lua.

[Stapled]

I had a LG login on one of my bots in UG.

[The Unintelligible]

I had a LG login on one of my bots in UG.

That's no good. We need a global LG login or validation system. That's why it's something that should be employed by GAMEchief or Artificial.

A flagship, universal, official, LG endorsed setup. That way it isn't language specific or anything like that. Could be located somewhere like logicalgamers.com/auth.php or something along those lines. Then you just send your credentials to that url (i.e. /auth.php?user=foo&pass=bar). Have it return a response the client checks for or just a standard HTTP status that signifies success.

[Stapled]

That's no good. We need a global LG login or validation system. That's why it's something that should be employed by GAMEchief or Artificial.

A flagship, universal, official, LG endorsed setup. That way it isn't language specific or anything like that. Could be located somewhere like logicalgamers.com/auth.php or something along those lines. Then you just send your credentials to that url (i.e. /auth.php?user=foo&pass=bar). Have it return a response the client checks for or just a standard HTTP status that signifies success.

There was something like this available in the programmer section. I was never able to get it trk but I'm sure it could be looked at.

[Artificial]

It's already been done. We just need a client side authentication module written. We'd already started writing one in C++ which I'll probably finish sometime this...semester :p

[The Unintelligible]

It's already been done. We just need a client side authentication module written. We'd already started writing one in C++ which I'll probably finish sometime this...semester :p

That's interesting. Why is the client side authentication module necessary? Is that written in C++ as well?

Why the use of C++ instead of Python (what you typically use I believe) or something simpler? Just out of curiosity.

[Artificial]

Because the server side authentication isn't as straightforward as sending your username and password and being authenticated. I can't actually find the thread that was in the programming forum that explains it all (as its been moved/deleted, I'll have to restore from a backup most likely sometime this week), but I suppose I can go in to it briefly.

Essentially the idea was to give more control to the developers. In that sense, developers are able to generate a unique key for each program, and for that key/program specify a set of permissions and parameters. i.e. whitelist/blacklist specific usergroups/members, need to be member for (x) days, min. (x) posts, min(x) posts in last (y) days, charge (x) LGG to use, etc. Due to the extended control, it's therefore more important to ensure it's not easily crackable. The last thing we want is for someone to release a crack for the authentication system and thereby give them the ability to freely distribute all programs. There's therefore more security in place on the server which, unless you have inside information on how it works (as would be the case if we merely released documentation and put the responsibility on the developers to write the client side auth), or unless you're able to reverse engineer the client, it would be very difficult to crack (as far as the server is concerned, at the end of the day it's always going to come down to client implementation). Because of that, we wanted to write one main client module/library, compile/obfuscate it, and permit it to be used across a range of programming languages. In that way, we can instead release documentation on how to use the client side module/library for each language in a way which is secure and not easy to crack.

[GAMEchief]

I could make the server-side for this extremely easily. e.g. just connect to logicalgamers.com/validate-login.php?username=x&password=md5(y). The problem with these kinds of things, though, is people can use them to brute force passwords.

And making anti-brute-force logins is difficult. After all, this website practically revolves around that fact.

[Artificial]

I could make the server-side for this extremely easily. e.g. just connect to logicalgamers.com/validate-login.php?username=x&password=md5(y). The problem with these kinds of things, though, is people can use them to brute force passwords.

And making anti-brute-force logins is difficult. After all, this website practically revolves around that fact.

Please read post just before yours. Bruteforcing has been easily dealt with as well.

[To Give You This Gun]

Those are great ,But i wish i was UG when I joined way back when . because you had some killer bots D: . rare fisher was a bot back than .

[-0- D i o r -0-]

Those are great ,But i wish i was UG when I joined way back when . because you had some killer bots D: . rare fisher was a bot back than .

I don't think it ever worked for me. Or they patched it by the time I got here

[GAMEchief]

Please read post just before yours. Bruteforcing has been easily dealt with as well.

I did read it. But it was like 3am so I didn't comprehend it.