294 réponses à ce sujet

[kalbaern]

Lomondra wrote...

That's an overload, I can't do that, I guess than the aforementioned safeguard to Local Authentication was only meant for DM's and Developers, and not for the User. I didn't get that, sorry. I wish someone could do something for us poor schmucks.

Forum thread is titled NWN Authentication Down, but I am not familiar with the acronym GoG?

The task of safeguarding your PW Character Vaults is something only the Admins/Scripters/Builders of the PW(s) you play on can take care of themselves. Most are doing so now or plan to as well.

[FunkySwerve]

Here's a system to link cd keys to playernames using the native bioware database.

When a character logs in, it will automatically check their cd key from oncliententer, and compare it to a Campaign variable stored in the database. If that variable is not set, this is the first time that playername has logged in (at least since this system was installed). The key will be linked to their account by setting that variable, and they can proceed with play as normal, unaware that anything has happened. If the variable is already set, however, and it does not match they key they are using, they are booted. This setup allows you to accumulate CD Key info as you go, and assumes that the first login of an account is ligit - an assumption that held true on our server. It's technically possible someone else could get to it first, but the chances are small, since most need to see the account name in use first in order to steal it (unless it's known already). Generally, I think this is far preferable to server passwording, as it's less of an impediment to players, an the chances of a  non-legitimate first logger are quite small, and can be addressed as soon as the legitimate logger posts on the forums of your server reporting the account lockout.

This system is a little more complex than that, though. It also allows addition of multiple keys, up to 7, for a playername - you'd be amazed at how many players use more than one. On our server, it's done via a conversation fired from a item they get when they enter the docks. The conditional checks to make sure they don't already have 7 keys added (this one returns FALSE if they do).


int StartingConditional()
{
    object oPC = GetPCSpeaker();
    string sStoredKey = GetCampaignString("PlayernameKey", GetPCPlayerName(oPC));
    if (sStoredKey != "") {
        int nLength =  GetStringLength(sStoredKey);
        if (nLength > 65) /* allow 7 keys max SET-key-key-key-key-key-key-key   SET/ADD + 7 spacers + 7x8 keys = 66 */
            return FALSE;
    }
    return TRUE;
}


If they do not have the maximum allowed already, their account is marked as ready to accept a new key, and they are asked to logout, swap to the new key, and log in again. This is the action taken script for that line:


void main()
{
    object oPC = GetPCSpeaker();
    string sStoredKey = GetCampaignString("PlayernameKey", GetPCPlayerName(oPC));
    string sKeys = "ADD" + GetStringRight(sStoredKey, GetStringLength(sStoredKey) - 3);//mark as adding
    SetCampaignString("PlayernameKey", GetPCPlayerName(oPC), sKeys);
}


Here is the oncliententer code I mentioned at the outset, which should make more sense now that you know the procedure for adding keys:



int VerifyPlayernameAgainstCDKey(object oPlayer) {
    int nBoot = FALSE;
    string sPName = GetPCPlayerName(oPlayer);
    string sKey = GetPCPublicCDKey(oPlayer);

    string sNewKey, sAddingKey, sStoredKey = GetCampaignString("PlayernameKey", sPName);

    /* there's at least one key stored already */

    if (sStoredKey != "") {
        sAddingKey = GetStringLeft(sStoredKey, 3);
        sStoredKey = GetStringRight(sStoredKey, GetStringLength(sStoredKey) - 3);

        /* they indicated that they wanted to add a key this login */

        if (sAddingKey == "ADD") {

            /* their current key is not in the key string, add it unless at 7 keys already */
            if (FindSubString(sStoredKey, sKey) == -1) {
                int nKeyLength = GetStringLength(sStoredKey);

                /* allow 7 keys max SET-key-key-key-key-key-key-key   SET/ADD + 7 spacers + 7x8 keys = 66 */
                if (nKeyLength > 65) {
                    nBoot = TRUE;

                    /* must mark as no longer adding */
                    SetCampaignString("PlayernameKey", sPName, "SET" + sStoredKey);

                    /* add the key to the string */
                } else {
                    sNewKey = "SET" + sStoredKey  + "-" + sKey;
                    SetCampaignString("PlayernameKey", sPName, sNewKey);
                    DelayCommand(25.0, FloatingTextStringOnCreature("New CD Key Successfully Added!", oPlayer, FALSE));
                }

                /* let them know they already had this key in their string */
            } else {
                DelayCommand(25.0,
                    FloatingTextStringOnCreature("CD Key Addition Failed! This key already listed for this account!", oPlayer,
                        FALSE));

                /* must mark as no longer adding */
                SetCampaignString("PlayernameKey", sPName, "SET" + sStoredKey);
            }


            /* they are not adding, and the cd key doesnt match those listed - boot and log */
        } else if (FindSubString(sStoredKey, sKey) == -1) {
            string sReport = "INCORRECT CD KEY DETECTED! ID: " + sUnencoded + "; Name: " +
                GetName(oPlayer) + "; CD Key: " + sKey + "; IP: " + GetPCIPAddress(oPlayer);

            WriteTimestampedLogEntry(sReport);
            SendMessageToAllDMs(sReport);

            nBoot = TRUE;
        }


        /* new account, add the key */
    } else {
        SetCampaignString("PlayernameKey", sPName, "SET-" + sKey);
    }

    return nBoot;
}
void main() {

    object oPC = GetEnteringObject();

    /* verify CD keys and double logins to stop hackers */
    if (VerifyPlayernameAgainstCDKey(oPC)) {
        if (GetIsObjectValid(oPC))
            BootPC(oPC);
        return;
    }
}

Funky

Modifié par FunkySwerve, 09 juillet 2011 - 03:43 .

[IronRook]

Thanks FunkySwerve !!! I will install tonight when I get home .

[Lomondra]

This is wonderful, I hope the Sys Admins take advantage of your generosity. Thank you.

[Judge Dead]

The system is good but only if you start from an empty servervault.

The problem with the master server down is that your account isn't protected. Let me show yo the problem.

The admin instal the stuff on he's PW. PLAYER A log in and since no key are stored for this account, script link the account with the key, well, no one else can log onto the account of PLAYER A. Then, PLAYER A (who is a bag guy) decide to log onto the account of PLAYER G, who has not logged in until the last update of the admin, Account of player G isn't stored yet in campain, so server will link the account of PLAYER G to the CD key of PLAYER A. Account of PLAYER G is now the one of PLAYER A.

With this system, you will become propretair of the account (on the server only) of anyone that didn't logged in befor you.

[Judge Dead]

Modifié par Judge Dead, 08 juillet 2011 - 11:02 .

[Judge Dead]

Bha, bug double posted message :/

[Balduvard]

Judge Dead wrote...

With this system, you will become propretair of the account (on the server only) of anyone that didn't logged in befor you.

That is correct, a feature of which makes it immediately recognizable by the true account holder when they cannot connect with their own account on the server, enabling them to take action by contacting the server administrator, whereas otherwise they would be unaware of any activity on their account unless they noticed changes to their characters.

[FunkySwerve]

Judge Dead wrote...

The system is good but only if you start from an empty servervault.

The problem with the master server down is that your account isn't protected. Let me show yo the problem.

The admin instal the stuff on he's PW. PLAYER A log in and since no key are stored for this account, script link the account with the key, well, no one else can log onto the account of PLAYER A. Then, PLAYER A (who is a bag guy) decide to log onto the account of PLAYER G, who has not logged in until the last update of the admin, Account of player G isn't stored yet in campain, so server will link the account of PLAYER G to the CD key of PLAYER A. Account of PLAYER G is now the one of PLAYER A.

With this system, you will become propretair of the account (on the server only) of anyone that didn't logged in befor you.

If you had read my post, you would see that I discussed this scenario, and noted that it's exceedingly rare - rare enough that it didn't occur on our server at all. It's also exceedingly easy to fix as soon as its reported, if it is. There is absolutely no need to start with an empty servervault. Likewise, there's absolutely no reason to wait until account verification is back up.

Funky

[Judge Dead]

FunkySwerve wrote...

If you had read my post, you would see that I discussed this scenario, and noted that it's exceedingly rare - rare enough that it didn't occur on our server at all. It's also exceedingly easy to fix as soon as its reported, if it is. There is absolutely no need to start with an empty servervault. Likewise, there's absolutely no reason to wait until account verification is back up.

Funky

Erf, Do not take it bad Funk ^^ I was not saying your stuff wont work at all, i just want to make you notice that both situation are totaly different, you havn't put your system on when master server was down for weeks, so it gave time to your module to build a large data base of valide account played by the real propretair.

In the situation today, anyone can log on any account so, it does not let a chance to build up the database.

[FunkySwerve]

Judge Dead wrote...

FunkySwerve wrote...

If you had read my post, you would see that I discussed this scenario, and noted that it's exceedingly rare - rare enough that it didn't occur on our server at all. It's also exceedingly easy to fix as soon as its reported, if it is. There is absolutely no need to start with an empty servervault. Likewise, there's absolutely no reason to wait until account verification is back up.

Funky

Erf, Do not take it bad Funk ^^ I was not saying your stuff wont work at all, i just want to make you notice that both situation are totaly different, you havn't put your system on when master server was down for weeks, so it gave time to your module to build a large data base of valide account played by the real propretair.

In the situation today, anyone can log on any account so, it does not let a chance to build up the database.

Yes, I understand what you're saying. What I'm telling you is that you're wrong, there's absolutely no reason to wait. The odds of account theft during this period are low enough that it didn't happen a single time on our server, which is one of the most active out there - and the MS had downtimes back then as well, though nothing so long (remember that they have to see the playername they're stealing somewhere). Furthermore, disabling MS verification has always been comically easy, though I won't go into detail on that, for obvious reasons. And, even if an account theft WERE to happen, it wouldn't take long to fix, and, as Baldy has pointed out, nothing would be lost that hadn't been already. The notion that server admins should wait to enable a system like this is pure folly - there's nothing but upside, even if you do need to fix a few stolen accounts. Why? Because they would've been stolen if you hadn't put the system in anyway, and passively collecting data isn't going to guarantee the right ip gets stored, so you're just prolonging the period of vulnerability with no net gain.

On a related note, I'll be posting code to remove key-account links in a bit, since you need it with the bioware database, as you can't simply use the command-line mysql/sqlite clients to undo things. We actually wind up having to remove a dozen or so playername-key links a year, due to loss of keys from moves, etc. This is yet another point at which the account would be vulnerable, and we've also not seen a single account theft there either, despite most of them being handled with public posts giving their playernames.

Funky.

Modifié par FunkySwerve, 09 juillet 2011 - 03:02 .

[IronRook]

Excellent work FunkySwerve,,, I am working on putting it in as I type this.The Master Server could be down for awhile and the lack of an update from Bioware isnt helpful.Bioware did say they were fixing it ..but gave no time table.*as soon as possible * could mean anything.there is a strong comminnity here with helpful people.This has been explained in detail IMHO .You can also redue it after the MS comes back up.




EDIT: I was unable to compile because of this line.

              ":" + IntToString(GetPCPort(oPlayer));

Modifié par IronRook, 09 juillet 2011 - 12:49 .

[Marflarian]

Dunno if this is the proper place for this but I've yet to hear of anyone else experiencing this problem, right now as it stands I'm unable to gain access to the master server which is fine n all, but everyone else tells me (stateside and non) are able to play just fine right now, yet for some reason no servers pop up under my history or favorites and direct connect does not work either, I'm not sure if this has anything to do with me being in Afghanistan or not but if everyone else can play, why can't I?


Any help would be greatly appreciated as I was hoping this problem would have settled by now.

Thank you.

PS: Good to see ya Funky, Baldy, hopefully if I get some help I'll be able to play HG again lol

Modifié par Marflarian, 09 juillet 2011 - 01:23 .

[Calvinthesneak]

Two possibilities I can think of are your game version isn't patched up to the latest version.

The other is that your incomming and outgoing traffic on your game port is blocked, not sure what military setup is like.

[FunkySwerve]

IronRook wrote...


EDIT: I was unable to compile because of this line.

              ":" + IntToString(GetPCPort(oPlayer));

Sorry about that. That's a nwnx_ linux function only - I deleted it from the script just now.

Funky

[FunkySwerve]

Marflarian wrote...

Dunno if this is the proper place for this but I've yet to hear of anyone else experiencing this problem, right now as it stands I'm unable to gain access to the master server which is fine n all, but everyone else tells me (stateside and non) are able to play just fine right now, yet for some reason no servers pop up under my history or favorites and direct connect does not work either, I'm not sure if this has anything to do with me being in Afghanistan or not but if everyone else can play, why can't I?


Any help would be greatly appreciated as I was hoping this problem would have settled by now.

Thank you.

PS: Good to see ya Funky, Baldy, hopefully if I get some help I'll be able to play HG again lol

Good to see you too. This doesn't really have anything to do with the topic, if your direct connect is also not working, since it doesn't rely on the MS. Sounds like you're hitting some kind of firewall. If you're trying to connect to HG's old addy, though, that could be a problem - not sure what your situation is at present. Try direct connect to 209.99.103.44:5121 - that's the new hub 1.

Funky

[Marflarian]

I wasn't aware that there was a new patch out but seeing as I was able to login perfectly fine to all the servers (IoS, HG, amongst others) I don't think it's that and far as the second part Calvin I don't think that's it, but I appreciate the advice and will try to check out those two things, I've had nwn setup before so that it ran without error from the firewall and things like on vista as well. Also good to see ya (it's Zelieph )

[FunkySwerve]

Here's an onplayerchat event script I wrote for DMs to use ingame to wipe cdkey-playername associations - inevitably, players lose their keys, and this allows you to reset the playername to accept a new key, by entering their playername after 'dm_wipekeys'. It is meant for native bioware database users - mysql and sqlite users should have command-line access that makes such a command unnecessary, but I can code one up if someone needs it.

Example command line spoken ingame:
dm_wipekeys Funky

would wipe the key listings for playername Funky ingame, allowing that player to log in using whatever cd key they have. This is important because players DO lose keys on occasion. It will also allow you to wipe a false association by an account thief, should one manage to log in before the true owner, as discussed above.

void main() {
    string sMessage = GetPCChatMessage();
    object oPC = GetPCChatSpeaker();
    if (GetStringLeft(sMessage, 12) == "dm_wipekeys ") {
        if (!GetIsDM(oPC))
            FloatingTextStringOnCreature("Only DMs may use this command!", oPC, FALSE);
        else {
            string sPlayerName = GetStringRight(sMessage, GetStringLength(sMessage)-12);
            string sStoredKey = GetCampaignString("PlayernameKey", sPlayerName);
            if (sStoredKey != "") {
                DeleteCampaignVariable("PlayernameKey", sPlayerName);
                FloatingTextStringOnCreature("CD Key bindings for Playername: '" + sPlayerName + "' erased.", oPC, FALSE);
            } else {
                FloatingTextStringOnCreature("No CD Key bindings for Playername: '" + sPlayerName +
                    "' were found! Please check to make sure you entered the right name.", oPC, FALSE);
            }
        }
    }
}

Funky

[Marflarian]

Tried doing the direct connect to the server Funky and it didn't work out for me, I'm fairly certain that the internet firewall here isn't setup to block online games as I was able to connect to them before bioware got hacked, any other ideas?

[FunkySwerve]

Marflarian wrote...

Tried doing the direct connect to the server Funky and it didn't work out for me, I'm fairly certain that the internet firewall here isn't setup to block online games as I was able to connect to them before bioware got hacked, any other ideas?

Sorry, I don't, but I'm far from expert in such matters. I would suggest you start a new thread either here, or on the HG boards (or both) - there are many people in both places better situated to help than I.

Here's a link to the HG boards, should you opt to post there (Drunken Monk might get quicker attention than Bug/Problem Report):
HG Forums

Stay safe out there!

[Edit] I asked acaos to look at this thread if he has a moment - he's a network admin.

Funky

Modifié par FunkySwerve, 09 juillet 2011 - 10:24 .

[IronRook]

Still having trouble getting the oncliententer part to compile. I copied exactly what you had 3 times just to make sure it wasnt me because it is late here and I am tired

[Lightfoot8]

It looks like you have one var that is not declaired. It looks like it only used in the report, So you may just want to comment out its use, Like so:

string sReport = "INCORRECT CD KEY DETECTED! ID: " + /*sUnencoded +*/ "; Name: " +
GetName(oPlayer) + "; CD Key: " + sKey + "; IP: " + GetPCIPAddress(oPlayer);

[PlasmaJohn]

Hey guys?

Could you take the technical discussion to another thread? In my naive optimism I'm hoping that EA/Bioware will respond to the disposition of the Master Server and it would be a shame for that to get lost.

Thanks.

[WebShaman]

I'm digging what you are giving the Community here, Funky!

Carry on!

[Elhanan]

Not a Techie, but the Server may be working again....

Or not; may have been a one time thing. Sorry.....

Modifié par Elhanan, 10 juillet 2011 - 09:28 .