Page 1 of 2
Private Server Client Authentication
Posted: Fri Oct 29, 2010 2:41 pm
by deliot
Hello,
I have a private server set up, and it is working well. We play at lunch at school and have between 15 and 25 kids show up to play BZ Flag once a week. The issue I am having is, I'd like to be able to use the CALLSIGN and PASSWORD input for login **WITHOUT** using the global server. We are playing this game on a LAN, and we have the public list server (and forum) blocked for various reasons.
Can anybody suggest a simple way I could set this up?
I understand MySQL, I have PHPmyadmin available and know how to use it, I can edit PHP code if necessary, and can install PHPbb3 if necessary.
A deeper question is, how exactly does the client authenticate? Is there a command line switch I could enable to point the client to a database of my choice?
Thanks,
Dan
Re: Private Server Client Authentication
Posted: Fri Oct 29, 2010 3:52 pm
by Cobra_Fast
You could set up a custom UserDB, PassDB and GroupDB for your server. (
http://my.bzflag.org/w/BZFS_Command_Line_Options -> -userdb -passdb -groupdb) which will allow people to /register and /identify.
I don't know if this makes use of the password field on the "Join Game" screen.
Re: Private Server Client Authentication
Posted: Fri Oct 29, 2010 4:35 pm
by enrico123
Cobra_Fast wrote: -userdb -passdb -groupdb) which will allow people to /register and /identify.
I don't know if this makes use of the password field on the "Join Game" screen.
Using the above this will
not make use of the password field on the "Join Game" screen
Re: Private Server Client Authentication
Posted: Fri Oct 29, 2010 8:56 pm
by mrapple
Use -public but then just add -advertise none.
This will still use the list server, but people won't be able to see it.
Re: Private Server Client Authentication
Posted: Fri Oct 29, 2010 10:59 pm
by blast
mrapple wrote:Use -public but then just add -advertise none.
This will still use the list server, but people won't be able to see it.
Since they are at a school, that will not work. I'm fairly sure the admin of the network won't poke a hole in the firewall for that.
In any case, you
could run a copy of the list server if you so choose. The source code for the list server is in our
SVN repository under trunk/db/, and there was also the start of a rewrite under trunk/web/bzfls2/. I'm doubting that either of them are documented about how to set them up (and I can't quite remember what all worked/didn't work on bzfls2). I'd probably say stick to the one in db since that one is actually known to work. Of that directory, you only need a handful of files. The bzfls.php file is the actual list server. It pulls in a config file, a file for handling bans, and a handful of (large) files from phpBB3.
So basically, you need to install phpBB, and set up the config and paths for the list server. We alias db/ to bzfls.php as well, which is optional (you can point your client directly to the list)
You also need to add a few columns to the phpBB3 user's table:
Code: Select all
`user_token` int(10) unsigned NOT NULL default '0',
`user_tokendate` int(10) unsigned NOT NULL default '0',
`user_tokenip` varchar(40) collate utf8_bin NOT NULL default '',
Once you have that all set up, edit your BZFlag config file to use the list on the LAN. Or you can pass the new list URL to bzflag via the command line option -list. Do the same thing for your local server via the -publiclist option.
For instance, if you have the list installed at
http://192.168.20.2/bzfls.php, just set that as the list. Then register a user on your forum and try to auth.
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 1:40 am
by mrapple
My school doesn't block bzflag in general, guess I'm just lucky
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 3:12 am
by deliot
blast wrote:
In any case, you
could run a copy of the list server if you so choose. The source code for the list server is in our
SVN repository under trunk/db/...
Thanks. This makes a lot of sense and really helps!
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 12:59 pm
by blast
mrapple wrote:My school doesn't block bzflag in general, guess I'm just lucky
Your school may not block you from playing, but it should certainly block you from hosting a public server.
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 3:02 pm
by mrapple
Don't think it does. I'll have to try it out on monday
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 10:26 pm
by Cobra_Fast
The school's computer room I'm in charge of only let's through port 80 and 8080 so you're able to see the list but won't be able to join any games.
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 11:05 pm
by deliot
OK, getting back to the ORIGINAL discussion:
Here's what I did on Ubuntu:
(1) Installed PHPBB3 and got it working via Synaptic Package Manager.
(2) Downloaded and put into the PHPBB3 folder (/usr/share/phpbb3/www/) the following files:
Code: Select all
bzfls.php
serversettings.php
banfunctions.php
(3) Entered values for serversettings.php (password replaced with ******:
Code: Select all
<?php
$dbhost = "localhost";
$dbname = "phpbb3";
$dbuname = "phpbb3";
$dbpass = "********";
$bbdbname = 'phpbb3';
?>
(4) Did a bit of tweaking to the bzfls.php since my locations are different than the default:
Code: Select all
$phpbb_root_path = '/usr/share/phpbb3/www/';
$phpEx = 'php';
include($phpbb_root_path.'includes/functions.'.$phpEx);
include($phpbb_root_path.'includes/utf/utf_tools.'.$phpEx);
include($phpbb_root_path.'includes/utf/utf_normalizer.'.$phpEx);
include($phpbb_root_path.'serversettings.'.$phpEx);
include($phpbb_root_path.'banfunctions.'.$phpEx);
(5) added in missing fields to phpbb_user table:
Code: Select all
`user_token` int(10) unsigned NOT NULL DEFAULT '0',
`user_tokendate` int(10) unsigned NOT NULL DEFAULT '0',
`user_tokenip` varchar(40) COLLATE utf8_bin NOT NULL DEFAULT '',
(6) Recieved errors in bzfls.php regarding a missing table for SERVERBANS, so I made educated guesses about that table and created it, tweaked until errors went away:
Code: Select all
CREATE TABLE IF NOT EXISTS `phpbb_serverbans` (
`type` varchar(40) NOT NULL DEFAULT '',
`value` int(10) NOT NULL,
`owner` varchar(40) NOT NULL DEFAULT '',
`reason` varchar(40) NOT NULL DEFAULT '',
`active` int(10) NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
(7) Edited mybzconfig.txt file to include the following:
Code: Select all
-publiclist http://10.14.101.15/phpbb/bzfls.php
(8) Edited the command line on my BZflag Windows XP client to include the -list value:
Code: Select all
C:\BZFlag\bzflag.exe -mute -window -list http://10.14.101.15/phpbb/bzfls.php -configdir c:\bzflag\config\
Did a few trial runs, and while there were no errors, there were also no sucessful logins. The user table showed no updates to the new fields. There were no logins to the game based on the board USERNAME and PASSWORD.
My guesses regarding errors would be:
(1) There are TWO tables listed under settings, DBNAME and BBDBNAME. I'm not sure what to put for DBNAME, assuming that BBDBNAME would be phpbb3 (the database I created on my MySQL server).
(2) I need more files from the DB trunk folder, I only used three (bzfls, serversettings, banfunctions) that were included in bzfls.php.
(3) the SERVERBANS table is messed up and is somehow causing problems.
(4) I missed something else.
Suggestions are welcome
Dan
Re: Private Server Client Authentication
Posted: Sat Oct 30, 2010 11:46 pm
by blast
There should be a log file for bzfls.php defined somewhere in there. You may have to enable it.
Also, you can access the bzfls.php page directly in your browser to verify it is working and then try to do an auth there. Set it to do a LIST or GETTOKEN and fill in the username and password fields (at a minimum) and see if a token gets returned.
Re: Private Server Client Authentication
Posted: Sun Oct 31, 2010 3:22 pm
by deliot
blast wrote:There should be a log file for bzfls.php defined somewhere in there. You may have to enable it.
Not sure how to "enable" the log file other than uncomment it. I already checked the PHP code and put the log file where it was suggested. So far the log file is blank.
blast wrote:Also, you can access the bzfls.php page directly in your browser to verify it is working and then try to do an auth there. Set it to do a LIST or GETTOKEN and fill in the username and password fields (at a minimum) and see if a token gets returned.
Good call on the browser verify, thanks! I already get the HTML page to come up WITHOUT ERROR in my browser, but I didn't understand how to test it or if I'd actually get any results since it was a DEV interface. I just experimented with the "actual" bzfls.php found here and tested it on a real USER:
Putting in a real user and doing a GETTOKEN, I then recieved up to a 10 digit token back:
I also found that, once you get a token, you can try the CHECKTOKENS box by filling in the USER and token box such as:
and you should get a reply something like:
Code: Select all
MSG: checktoken callsign=USER, ip=, token=0123456789 group=Group0 group=Group1
TOKGOOD: USER
BZID: 12345 USER
I'll try all of this on my server later today, and see what happens. Thanks Blast.
Dan
Re: Private Server Client Authentication
Posted: Sun Oct 31, 2010 7:10 pm
by deliot
Update...
got bzfls.php to return a valid token, and did a checktoken and that worked. Also, the token ends up in the MySQL database for the user.
Still not sure that the CLIENT is getting/using the token, and the bzfls.php log (bzfls.log) is still blank.
Re: Private Server Client Authentication
Posted: Sun Oct 31, 2010 7:30 pm
by deliot
I think the token system is working, but I don't think clients are using the token to AUTH. The clients have a long pause... and then they just get dumped into the game... nothing on screen about password being correct, etc.
I still think it may have something to do with a missing table in the database. If I try to list the servers from bzfls.php, I don't get my server, instead I get:
Code: Select all
Could not drop old serversTable 'phpbb3.servers' doesn't exist
Don't know if it's important to the process that my server is listed here. Perhaps it is not.
Dan
Re: Private Server Client Authentication
Posted: Sun Oct 31, 2010 7:44 pm
by blast
Re: Private Server Client Authentication
Posted: Sun Oct 31, 2010 10:27 pm
by deliot
Uh.... yea
Thanks, that makes a lot more sense...
I kept thinking there had to be at least one more MySQL table I was missing.
I will mess with this and see what happens.
Appreciate your time Blast.
Dan
Re: Private Server Client Authentication
Posted: Mon Nov 01, 2010 4:17 pm
by deliot
Ok, I think I
FINALLY have everything working. The only other thing I forgot about, and had to tweak, was in the config file to enable the
Groups and
Users files. I enabled the Passwords file also, but that isn't being used... which makes sense since the
TOKEN is what the client needs, and the password is kept safe on the PHPBB board.
In particular, the
Groups file was important, otherwise,
ANYBODY could join the game, even if they didn't authenticate!!
Blast, thanks for your help... I couldn't have figured this out without you.
I'm going to wait a week, and make sure this works well under a heavy load of kids before I claim total victory.
Blast, would it be worth me doing a WIKI article on this?
Dan
Re: Private Server Client Authentication
Posted: Mon Nov 01, 2010 4:49 pm
by joevano
It would... please and thank you!
Re: Private Server Client Authentication
Posted: Tue Nov 02, 2010 5:49 am
by deliot
OK, my first ever BZFlag Wiki article:
http://my.bzflag.org/w/Private_List_Server
Constructive criticism and corrections welcome
I hope it helps somebody...
Dan
Re: Private Server Client Authentication
Posted: Wed Nov 03, 2010 5:18 pm
by blast
The "userdb" isn't necessary unless you are using local groups. The way the current list server works is that you can create groups in phpBB and add users to those groups, and then assign rights to those groups using the "groupdb" file. Global groups are preferred since they are tied to a user account instead of to a username (people can change their name and lose/gain rights if a userdb is used to assign groups).
Re: Private Server Client Authentication
Posted: Fri Nov 05, 2010 3:21 am
by deliot
>>The "userdb" isn't necessary unless you are using local groups.
Makes sense. I'll remove -userdb from the wiki article then. I put it in because phpbb users were showing up in the userdb file locally. I assumed as a sort of local caching of users.
Re: Private Server Client Authentication
Posted: Sat Nov 06, 2010 10:59 pm
by enrico123
hmm, when i try and do my own Private server list the get tokens and the check tokens .etc work fine but when i do list servers it comes up blank, i changed my server setting, made sure there was no -q changed -publiclist to -publiclist
http://maxhostpro.com/bb/bzfls.php, ive had a look at everything, any ideas why its not working?
Re: Private Server Client Authentication
Posted: Sun Nov 07, 2010 10:04 pm
by blast
I don't see a reason for you to be running a list, enrico123, so I'm not as apt to help you with it. More so considering you can't even capitalize your I's.
Re: Private Server Client Authentication
Posted: Mon Nov 08, 2010 5:57 am
by deliot
enrico123 wrote:hmm, when i try and do my own Private server list the get tokens and the check tokens .etc work fine but when i do list servers it comes up blank, i changed my server setting, made sure there was no -q changed -publiclist to -publiclist
http://maxhostpro.com/bb/bzfls.php, ive had a look at everything, any ideas why its not working?
Did you make sure the client is also using the private list server? I'm assuming YES since you got tokens.
EXAMPLE:
C:\BZFlag\bzflag.exe -list http:10.14.101.15/phpbb/bzfls.php -configdir c:\bzflag\config\
Or on the server site, did you do all of these settings:
EXAMPLE:
including BOTH the
-publiclist and
-publicaddr settings as seen above?
Dan