Warning: preg_replace_callback(): Requires argument 2, '$func['entity_fix']('\2')', to be a valid callback in /nfs/c01/h06/mnt/10927/domains/dragonprime.net/html/Sources/Load.php(225) : runtime-created function on line 3

Warning: preg_replace_callback(): Requires argument 2, '$func['entity_fix']('\2')', to be a valid callback in /nfs/c01/h06/mnt/10927/domains/dragonprime.net/html/Sources/Load.php(225) : runtime-created function on line 3

Warning: preg_replace_callback(): Requires argument 2, '$func['entity_fix']('\2')', to be a valid callback in /nfs/c01/h06/mnt/10927/domains/dragonprime.net/html/Sources/Load.php(225) : runtime-created function on line 3
Latest posts of: Nightborn
DragonPrime - LoGD Resource Community
Welcome Guest
  • Good afternoon, Guest.
    Please log in, or register.
  • September 19, 2019, 12:35:07 PM
Home Forums News Downloads Login Register Advanced Search
* *
DragonPrime Menu
Login
 
 
Resource Pages
Search

  Show Posts
Pages: [1] 2 3 ... 15
1  Core Code Development Discussions / Core Development Discussion / Re: AJAX based chat on: July 27, 2019, 04:13:48 AM
Hi,

I'm the necromancer Wink jk

I implemented an ajax-based chat refresh using jaxon-php. I didn't write a composer for the core, because many just want to upload the files to a website and have no console access (mostly because of additional costs).

Core edits are necessary though, in lib/pageparts.php to correctly separate talklink+buttons from the chat above. It's a hassle to refresh everything due to the way the chats were programmed.

If interest persists, I can write a quick how-to, and a dp-coder can patch the 1.1.2 to work with that.
2  Coding Support / Coding Support Desk / Re: Racial Hitpoints on: July 25, 2019, 06:02:20 AM
The starting "10" is basically a bit scattered in the code, but you could manage this if you wanted to.

[line numbers may be off]

in dragon.php
Code:
198         $session['user']['maxhitpoints'] = 10 + $hpgain['dkpoints'] +
199                 $hpgain['extra'];
This handles the calc after the dragonkill.
it's bad to edit directly, but you can use the hook "hprecalc" which is defined in line 102. You can set the array $hpgain in it:
Code:
95         $hpgain = array(
 96                         'total' => $session['user']['maxhitpoints'],
 97                         'dkpoints' => $dkpoints,
 98                         'extra' => $session['user']['maxhitpoints'] - $dkpoints -
 99                                         ($session['user']['level']*10),
100                         'base' => $dkpoints + ($session['user']['level'] * 10),
101                         );

As for char creation (or whatever you want to start from), you need to set the inital 10 hp on level 1.
That is done in the mysql table, as the user creation just uses some defaults.
Edit in your database the DEFAULT field.
I also recommend to change your table defintions in lib/all_tables:

Code:
 78                 'hitpoints'=>array(
  79                         'name'=>'hitpoints', 'type'=>'int(11)', 'default'=>'10' //user hitpoints he currently has
  80                         ),
Above line won't change anything live, but in case of an updated core version, better have it if you do a table sync.

Lastly, train.php also increments HP for each level by 10 (hardcoded).
Code:
182                         $session['user']['maxhitpoints']+=10;

On whatever condition you want to set the hp, keep in mind many modules calculate stuff with 10*level = base hp.

So, in summary, what Aeolus said:

0. if you want a different starting value on level 1, either do above OR
0.1 write a module
0.2 hook into newday
0.3 check if a user is level 1 with 0 days (first login)
0.4 set maxhitpoints accordingly

1. write a module
2. hook into hprecalc
3. calculate what you need and set the hp gain
4. output to the user possibly info on why

3  Core Code Development Discussions / Core Development Discussion / Re: Compressing the SQL traffic on: July 13, 2019, 10:14:18 AM
I see your point(s) ^^ they are valid.

With the current installations, I think bottlenecks are generally different.
Some have slow mysql hosting, great web server speed. Others quite the opposite.

Normally any webhosting platform can run lotgd and not break a sweat, page gen times <1s.

The complexity you introduce needs to be balanced towards a potential gain.
4  Core Code Development Discussions / Core Development Discussion / Re: Compressing the SQL traffic on: June 23, 2019, 11:18:43 AM
"Servers can handle a lot" ... you need to know that scaling from 1-30 users hitting a site every second is not really an issue with this sentence.
If you go to 100, or 200... or you have users who hyper through sites...

I give you 40kb.
Say you have 100 ppl hitting it per second. 40*100 = 4000, that's 4MB/sec to save in your DB.
Just the page hits. Nothing else. No useful data. That is just *if the user has a badnav* or *logs in again after timeout/logout*

So, let's say you have that all day. 24*60*60.
I'll let you do the math. =)

It's fine if you have low traffic, but this stuff there saved me tons of needless data transfers. =)
5  LotGD Around the World - Language and Translation Support / Board fr allgemeine Spieldiskussionen (Support in German) / Re: Translation Wizard on: June 23, 2019, 11:14:23 AM
Kurze Checkliste:

- hast Du Deine Sprache auf Deutsch gestellt?
- war der Pull lt. Wizard erfolgreich? (falls ja, hast Du die Daten in der Datenbank)
- hast Du danach auch "Insert missing translations" gemacht? (ein Pull holt erstmal alles in eine Zwischentabelle)

Er spielt Dir das alles nicht live ein. Das wirds vermutlich auch sein, also der letzte Punkt.
6  Game Administration, Installation and Configuration / Installation and Configuration Assistance / Re: Translation Wizard on: June 23, 2019, 11:11:43 AM
Some things said were great, other were not Smiley I'll sum up:

- You *can* translate anything that is translateable in the game (+modules) with it.
(that comes from the game translation functionalty).
- Modules may be poorly writting and break that function, needs to be fixed in that module
- existing translation are sadly outdated, so many modules you may have are not pre-translated if you "pull" them in.

o/

(side note: I switched hosts today so you may have to wait a few hours to pull)
7  Core Code Development Discussions / RAID! (Core Code Bug Reports and Patches) / Re: SQL injection bug in motd.php on: April 28, 2019, 02:22:44 PM
Yeah, sure, that's shorter and better =)
8  Core Code Development Discussions / RAID! (Core Code Bug Reports and Patches) / Re: SQL injection bug in motd.php on: April 27, 2019, 11:13:00 AM
It's pretty much the same, you'd need to rewrite the queries afterwards then or you have to concat the month+year together again.
Or you check if both are originally integer values, which would be more lines of code.

Pretty much the same I think, regex might be a bit quicker.

Any fix is good as long as it is fixed.
motd.php is accessible from outside the game, making it worse.
9  Core Code Development Discussions / RAID! (Core Code Bug Reports and Patches) / SQL injection bug in motd.php on: April 26, 2019, 10:10:10 AM
I got a rather interesting sql injection attack on my server, which is (as I just downloaded the bugfixed 2017 version) also present in lotgd core.

motd.php has the following code:

Code:
$m = httpget("month");
if ($m > ""){
$sql = "SELECT " . db_prefix("motd") . ".*,name AS motdauthorname FROM " . db_prefix("motd") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("motd") . ".motdauthor WHERE motddate >= '{$m}-01' AND motddate <= '{$m}-31' ORDER BY motddate DESC";
$result = db_query_cached($sql,"motd-$m");
}else{
$sql = "SELECT " . db_prefix("motd") . ".*,name AS motdauthorname FROM " . db_prefix("motd") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("motd") . ".motdauthor ORDER BY motddate DESC limit $newcount,".($newcount+$count);
if ($newcount=0) //cache only the last x items
$result = db_query_cached($sql,"motd");
else
$result = db_query($sql);
}

As you can see, $m is entered by httpget() and patched without escape right into the query.

Which leads to somebody actively trying to get the db connection (and therefore access to user data) producing this error:

Code:
fopen(/var/datacache/datacache_motd-cast2828SELECT20dblink-connect28chr28104297C7Cchr28111297C7Cchr28115297C7Cchr28116297C7Cchr2861297C7Cchr2854297C7Cchr28121297C7Cchr28112297C7Cchr28116297C7Cchr28115297C7Cchr2851297C7Cchr28107297C7Cchr28100297C7Cchr28115297C7Cchr28110297C7Cchr28110297C7Cchr2849297C7Cchr28108297C7Cchr28106297C7Cchr28100297C7Cchr28114297C7Cchr2899297C7Cchr28120297C7Cchr28120297C7Cchr28107297C7Cchr2899297C7Cchr28115297C7Cchr28117297C7Cchr28106297C7Cchr28101297C7Cchr2897297C7Cchr28103297C7Cchr28105297C7Cchr2898297C7Cchr28102297C7Cchr2897297C7Cchr28111297C7Cchr2853297C7Cchr28118297C7Cchr28102297C7Cchr2851297C7Cchr28109297C7Cchr28114297C7Cchr28107297C7Cchr28101297C7Cchr28106297C7Cchr2856297C7Cchr28107297C7Cchr2846297C7Cchr28114297C7Cchr2856297C7Cchr2855297C7Cchr2846297C7Cchr28109297C7Cchr28101297C7Cchr2832297C7Cchr28117297C7Cchr28115297C7Cchr28101297C7Cchr28114297C7Cchr2861297C7Cchr2897297C7Cchr2832297C7Cchr28112297C7Cchr2897297C7Cchr28115297C7Cchr2 8115297C7Cchr28119297C7Cchr28111297C7Cchr28114297C7Cchr28100297C7Cchr2861297C7Cchr2897297C7Cchr2832297C7Cchr2899297C7Cchr28111297C7Cchr28110297C7Cchr28110297C7Cchr28101297C7Cchr2899297C7Cchr28116297C7Cchr2895297C7Cchr28116297C7Cchr28105297C7Cchr28109297C7Cchr28101297C7Cchr28111297C7Cchr28117297C7Cchr28116297C7Cchr2861297C7Cchr285029292920as20numeric29): failed to open stream: File name too long in /var/www/html/naruto/lib/datacache.php (62)
Call Stack:
2: fopen("/var/datacache/...", "w") called from /var/lib/datacache.php on line 62
3: updatedatacache("motd-cast((SELECT dblink_...", Array()) called from /var/lib/dbwrapper_mysqli_proc.php on line 65
4: db_query_cached("SELECT motd.*,name AS mot...", "motd-cast((SELECT dblink_...") called from /var/motd.php on line 64

I used (I think this should work on your systems too) following git patch:

Code:
diff --git a/motd.php b/motd.php
index 48b2b6d..a034a2a 100644
--- a/motd.php
+++ b/motd.php
@@ -58,10 +58,16 @@ if ($op=="") {
        /*
        motditem("Beta!","Please see the beta message below.","","", "");
        */
-       $m = httpget("month");
-       if ($m > ""){
-               $sql = "SELECT " . db_prefix("motd") . ".*,name AS motdauthorname FROM " . db_prefix("motd") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("motd") . ".motdauthor WHERE motddate >= '{$m}-01' AND motddate <= '{$m}-31' ORDER BY motddate DESC";
-               $result = db_query_cached($sql,"motd-$m");
+       $month_post = httpget("month");
+       //SQL Injection attack possible -> kill it off after 7 letters as format is i.e. "2000-05"
+       $month_post = substr($month_post,0,7);
+       if (preg_match("/[0-9][0-9][0-9][0-9]-[0-9][0-9]/",$month_post)!==1) {
+               //hack attack
+               $month_post="";
+       }
+       if ($month_post > ""){
+               $sql = "SELECT " . db_prefix("motd") . ".*,name AS motdauthorname FROM " . db_prefix("motd") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("motd") . ".motdauthor WHERE motddate >= '{$month_post}-01' AND motddate <= '{$month_post}-31' ORDER BY motddate DESC";
+               $result = db_query_cached($sql,"motd-$month_post");
        }else{
                $sql = "SELECT " . db_prefix("motd") . ".*,name AS motdauthorname FROM " . db_prefix("motd") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("motd") . ".motdauthor ORDER BY motddate DESC limit $newcount,".($newcount+$count);
                if ($newcount=0) //cache only the last x items
@@ -97,7 +103,7 @@ if ($op=="") {
        while ($row = db_fetch_assoc($result)){
                $time = strtotime("{$row['d']}-01");
                $m = translate_inline(date("M",$time));
-               rawoutput ("<option value='{$row['d']}'".(httpget("month")==$row['d']?" selected":"").">$m".date(", Y",$time)." ({$row['c']})</option>");
+               rawoutput ("<option value='{$row['d']}'".($month_post==$row['d']?" selected":"").">$m".date(", Y",$time)." ({$row['c']})</option>");
        }
        rawoutput("</select>".tlbutton_clear());
        $showmore=translate_inline("Show more");

10  Coding Support / Coding Support Desk / Re: How To Reset The Prefs Of ALL Players on: January 13, 2019, 12:30:36 PM
I highly suggest copying your database + testing such things there =) if you don't have a test server.

On another note: Yes, your query looks sound, but you could drop "AND setting", if you want to reset ALL prefs. Else you just reset the setting "blah_blah_blah".
11  Modules, Themes and other customizations for your game / Completed Modules for version 1.x.x / Re: reCAPTCHA anti-spam for petition.php on: December 25, 2018, 12:55:52 PM
Never pass away a captcha (that can also do audio only and more).

here is my implementation, just enter your site key in the settings.
(PHP CURL is needed, though)
12  Game Administration, Installation and Configuration / The Idea Place / Re: Switch Accounts on: August 13, 2018, 02:30:06 PM
If you would do that right, you'd replace the entire login process with that, and attach characters to it. Would solve the multi-char-problem, and other numerous things.
But, you would have the replace the entire login process and so on...
13  Game Administration, Installation and Configuration / Game Administration Chat / Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd on: June 06, 2018, 01:46:13 PM
You're welcome =)

As said, what must be deleted is in my gdpr mod I added Tongue

It does hook into the creationaddon and create a link there - so you can set up a perma-delete there.

The lotgd delete function (IF you either disable the charrestorer-savefile OR hash/delete the email address+ip+id) will do just fine if somebody wants to be deleted.
As said, it's not necessary to remove any footprint he/she left, just the personal stuff that can be tied to a natural person.
14  Game Administration, Installation and Configuration / Game Administration Chat / Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd on: June 06, 2018, 11:15:18 AM
CreationAddon: http://www.orpgs.com/downloads
But it seems that's offline =/
I added my copy, but it's modified, I commented some stuff out I didn't need.

@removal of data / deletion
you *only* need to delete personal data. any items, achievements... no worries.
but email, name, cookie id, ip ... that's personal and can be requested to be deleted.

You can keep dwellings etc too...
15  Game Administration, Installation and Configuration / Game Administration Chat / Re: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd on: June 03, 2018, 01:46:05 PM
Just a few things in the posts I picked up and wanted to give my 2 cents:

 -> the cookie in lotgd (the lgi) stores i.e. the unique cookie ID which identifies PCs (last accessed) --> that *needs* to be in your data privacy statement, it is a tracker
     it also has the template i.e.the user selected stored, but that's rather uninteresting (no personal data)
 -> as soon as you store personal data, you need either a deletion date or a consent for the being-stored. If somebody deletes himself and can choose what he wants (also a statement how he can later request deletion) that is fine. But what about expired chars? There is no consent really... which is the major problem that forced me to hash the emails.
  -> The "creationaddon" is a really nice thing to put up. You should use it. (maybe expand to make all users agree as I did)

From what I have seen currently, not much is enforced - so it's a bit of a breather.

@the argument "I'm outside the EU, why should it apply" --> "do you deny EU citizens your service? if not, you have to protect their data according to GDPR"
it's that simple. A EU citizen could go to court if you don't. "could" being the word.

Pages: [1] 2 3 ... 15

*
DragonPrime Notices
Play LoGD on Dragonprime

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
74 Guests, 0 Users
Home Forums News Downloads Login Register Advanced Search