Private Server Client Authentication

Place for people to discuss public servers, and also for admins to lay out the details of their servers
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Private Server Client Authentication

Post by deliot »

Hello,

I have a private server set up, and it is working well. We play at lunch at school and have between 15 and 25 kids show up to play BZ Flag once a week. The issue I am having is, I'd like to be able to use the CALLSIGN and PASSWORD input for login **WITHOUT** using the global server. We are playing this game on a LAN, and we have the public list server (and forum) blocked for various reasons.

Can anybody suggest a simple way I could set this up?

I understand MySQL, I have PHPmyadmin available and know how to use it, I can edit PHP code if necessary, and can install PHPbb3 if necessary.

A deeper question is, how exactly does the client authenticate? Is there a command line switch I could enable to point the client to a database of my choice?

Thanks,
Dan
User avatar
Cobra_Fast
Dev Monkey
Dev Monkey
Posts: 322
Joined: Sat Oct 07, 2006 11:51 am
Location: Germany
Contact:

Re: Private Server Client Authentication

Post by Cobra_Fast »

You could set up a custom UserDB, PassDB and GroupDB for your server. (http://my.bzflag.org/w/BZFS_Command_Line_Options -> -userdb -passdb -groupdb) which will allow people to /register and /identify.
I don't know if this makes use of the password field on the "Join Game" screen.
User avatar
enrico123
Private First Class
Private First Class
Posts: 91
Joined: Tue Jul 14, 2009 10:49 am
Contact:

Re: Private Server Client Authentication

Post by enrico123 »

Cobra_Fast wrote: -userdb -passdb -groupdb) which will allow people to /register and /identify.
I don't know if this makes use of the password field on the "Join Game" screen.
Using the above this will not make use of the password field on the "Join Game" screen
"See a need fill a need"-(Bigweld from the movie "Robots")
User avatar
mrapple
Sergeant Major
Sergeant Major
Posts: 460
Joined: Wed May 27, 2009 11:59 am
Location: Unknown
Contact:

Re: Private Server Client Authentication

Post by mrapple »

Use -public but then just add -advertise none.

This will still use the list server, but people won't be able to see it.
Image
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Private Server Client Authentication

Post by blast »

mrapple wrote:Use -public but then just add -advertise none.

This will still use the list server, but people won't be able to see it.
Since they are at a school, that will not work. I'm fairly sure the admin of the network won't poke a hole in the firewall for that. ;)


In any case, you could run a copy of the list server if you so choose. The source code for the list server is in our SVN repository under trunk/db/, and there was also the start of a rewrite under trunk/web/bzfls2/. I'm doubting that either of them are documented about how to set them up (and I can't quite remember what all worked/didn't work on bzfls2). I'd probably say stick to the one in db since that one is actually known to work. Of that directory, you only need a handful of files. The bzfls.php file is the actual list server. It pulls in a config file, a file for handling bans, and a handful of (large) files from phpBB3.

So basically, you need to install phpBB, and set up the config and paths for the list server. We alias db/ to bzfls.php as well, which is optional (you can point your client directly to the list)

You also need to add a few columns to the phpBB3 user's table:

Code: Select all

  `user_token` int(10) unsigned NOT NULL default '0',
  `user_tokendate` int(10) unsigned NOT NULL default '0',
  `user_tokenip` varchar(40) collate utf8_bin NOT NULL default '',
Once you have that all set up, edit your BZFlag config file to use the list on the LAN. Or you can pass the new list URL to bzflag via the command line option -list. Do the same thing for your local server via the -publiclist option.

For instance, if you have the list installed at http://192.168.20.2/bzfls.php, just set that as the list. Then register a user on your forum and try to auth.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
User avatar
mrapple
Sergeant Major
Sergeant Major
Posts: 460
Joined: Wed May 27, 2009 11:59 am
Location: Unknown
Contact:

Re: Private Server Client Authentication

Post by mrapple »

My school doesn't block bzflag in general, guess I'm just lucky :)
Image
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

blast wrote: In any case, you could run a copy of the list server if you so choose. The source code for the list server is in our SVN repository under trunk/db/...
Thanks. This makes a lot of sense and really helps!

:D
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Private Server Client Authentication

Post by blast »

mrapple wrote:My school doesn't block bzflag in general, guess I'm just lucky :)
Your school may not block you from playing, but it should certainly block you from hosting a public server.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
User avatar
mrapple
Sergeant Major
Sergeant Major
Posts: 460
Joined: Wed May 27, 2009 11:59 am
Location: Unknown
Contact:

Re: Private Server Client Authentication

Post by mrapple »

Don't think it does. I'll have to try it out on monday :)
Image
User avatar
Cobra_Fast
Dev Monkey
Dev Monkey
Posts: 322
Joined: Sat Oct 07, 2006 11:51 am
Location: Germany
Contact:

Re: Private Server Client Authentication

Post by Cobra_Fast »

The school's computer room I'm in charge of only let's through port 80 and 8080 so you're able to see the list but won't be able to join any games.
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

OK, getting back to the ORIGINAL discussion:

Here's what I did on Ubuntu:

(1) Installed PHPBB3 and got it working via Synaptic Package Manager.
(2) Downloaded and put into the PHPBB3 folder (/usr/share/phpbb3/www/) the following files:

Code: Select all

       
bzfls.php
serversettings.php
banfunctions.php
(3) Entered values for serversettings.php (password replaced with ******:

Code: Select all

<?php
$dbhost  = "localhost";
$dbname  = "phpbb3";
$dbuname = "phpbb3";
$dbpass  = "********";
$bbdbname = 'phpbb3';
?>
(4) Did a bit of tweaking to the bzfls.php since my locations are different than the default:

Code: Select all

$phpbb_root_path = '/usr/share/phpbb3/www/';
$phpEx = 'php';
include($phpbb_root_path.'includes/functions.'.$phpEx);
include($phpbb_root_path.'includes/utf/utf_tools.'.$phpEx);
include($phpbb_root_path.'includes/utf/utf_normalizer.'.$phpEx);
include($phpbb_root_path.'serversettings.'.$phpEx);
include($phpbb_root_path.'banfunctions.'.$phpEx);
(5) added in missing fields to phpbb_user table:

Code: Select all

 `user_token` int(10) unsigned NOT NULL DEFAULT '0',
  `user_tokendate` int(10) unsigned NOT NULL DEFAULT '0',
  `user_tokenip` varchar(40) COLLATE utf8_bin NOT NULL DEFAULT '',
(6) Recieved errors in bzfls.php regarding a missing table for SERVERBANS, so I made educated guesses about that table and created it, tweaked until errors went away:

Code: Select all

CREATE TABLE IF NOT EXISTS `phpbb_serverbans` (
  `type` varchar(40) NOT NULL DEFAULT '',
  `value` int(10) NOT NULL,
  `owner` varchar(40) NOT NULL DEFAULT '',
  `reason` varchar(40) NOT NULL DEFAULT '',
  `active` int(10) NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
(7) Edited mybzconfig.txt file to include the following:

Code: Select all

-publiclist http://10.14.101.15/phpbb/bzfls.php
(8) Edited the command line on my BZflag Windows XP client to include the -list value:

Code: Select all

C:\BZFlag\bzflag.exe -mute -window -list http://10.14.101.15/phpbb/bzfls.php -configdir c:\bzflag\config\
Did a few trial runs, and while there were no errors, there were also no sucessful logins. The user table showed no updates to the new fields. There were no logins to the game based on the board USERNAME and PASSWORD.

My guesses regarding errors would be:
(1) There are TWO tables listed under settings, DBNAME and BBDBNAME. I'm not sure what to put for DBNAME, assuming that BBDBNAME would be phpbb3 (the database I created on my MySQL server).
(2) I need more files from the DB trunk folder, I only used three (bzfls, serversettings, banfunctions) that were included in bzfls.php.
(3) the SERVERBANS table is messed up and is somehow causing problems.
(4) I missed something else.

Suggestions are welcome :-)

Dan
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Private Server Client Authentication

Post by blast »

There should be a log file for bzfls.php defined somewhere in there. You may have to enable it.

Also, you can access the bzfls.php page directly in your browser to verify it is working and then try to do an auth there. Set it to do a LIST or GETTOKEN and fill in the username and password fields (at a minimum) and see if a token gets returned.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

blast wrote:There should be a log file for bzfls.php defined somewhere in there. You may have to enable it.
Not sure how to "enable" the log file other than uncomment it. I already checked the PHP code and put the log file where it was suggested. So far the log file is blank.
blast wrote:Also, you can access the bzfls.php page directly in your browser to verify it is working and then try to do an auth there. Set it to do a LIST or GETTOKEN and fill in the username and password fields (at a minimum) and see if a token gets returned.
Good call on the browser verify, thanks! I already get the HTML page to come up WITHOUT ERROR in my browser, but I didn't understand how to test it or if I'd actually get any results since it was a DEV interface. I just experimented with the "actual" bzfls.php found here and tested it on a real USER:

Code: Select all

http://my.bzflag.org/bzfls.php
Putting in a real user and doing a GETTOKEN, I then recieved up to a 10 digit token back:

Code: Select all

TOKEN: 0123456789
I also found that, once you get a token, you can try the CHECKTOKENS box by filling in the USER and token box such as:

Code: Select all

checktokens:
USER=0123456789
and you should get a reply something like:

Code: Select all

MSG: checktoken callsign=USER, ip=, token=0123456789  group=Group0 group=Group1
TOKGOOD: USER
BZID: 12345 USER
I'll try all of this on my server later today, and see what happens. Thanks Blast.

Dan
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

Update...

got bzfls.php to return a valid token, and did a checktoken and that worked. Also, the token ends up in the MySQL database for the user.

Still not sure that the CLIENT is getting/using the token, and the bzfls.php log (bzfls.log) is still blank.
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

I think the token system is working, but I don't think clients are using the token to AUTH. The clients have a long pause... and then they just get dumped into the game... nothing on screen about password being correct, etc.

I still think it may have something to do with a missing table in the database. If I try to list the servers from bzfls.php, I don't get my server, instead I get:

Code: Select all

Could not drop old serversTable 'phpbb3.servers' doesn't exist
Don't know if it's important to the process that my server is listed here. Perhaps it is not.

Dan
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Private Server Client Authentication

Post by blast »

Guess I forgot to mention about this:
http://bzflag.svn.sourceforge.net/viewv ... text/plain
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

blast wrote:Guess I forgot to mention about this:
http://bzflag.svn.sourceforge.net/viewv ... text/plain
Uh.... yea :-)

Thanks, that makes a lot more sense...

I kept thinking there had to be at least one more MySQL table I was missing.

I will mess with this and see what happens.

Appreciate your time Blast.

Dan
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

Ok, I think I FINALLY have everything working. The only other thing I forgot about, and had to tweak, was in the config file to enable the Groups and Users files. I enabled the Passwords file also, but that isn't being used... which makes sense since the TOKEN is what the client needs, and the password is kept safe on the PHPBB board.

In particular, the Groups file was important, otherwise, ANYBODY could join the game, even if they didn't authenticate!!

Blast, thanks for your help... I couldn't have figured this out without you. :book:

I'm going to wait a week, and make sure this works well under a heavy load of kids before I claim total victory.

Blast, would it be worth me doing a WIKI article on this?

Dan
User avatar
joevano
General
General
Posts: 1863
Joined: Sat Jun 18, 2005 1:08 pm
Location: South Bend, Indiana, USA

Re: Private Server Client Authentication

Post by joevano »

It would... please and thank you!
There is nothing worse than aggressive stupidity. -- Johann Wolfgang von Goethe
"How many legs does a dog have if you call his tail a leg? Four. Calling a tail a leg doesn't make it a leg." -- Abraham Lincoln
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

OK, my first ever BZFlag Wiki article:
http://my.bzflag.org/w/Private_List_Server
Constructive criticism and corrections welcome :-)

I hope it helps somebody...

Dan
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Private Server Client Authentication

Post by blast »

The "userdb" isn't necessary unless you are using local groups. The way the current list server works is that you can create groups in phpBB and add users to those groups, and then assign rights to those groups using the "groupdb" file. Global groups are preferred since they are tied to a user account instead of to a username (people can change their name and lose/gain rights if a userdb is used to assign groups).
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

>>The "userdb" isn't necessary unless you are using local groups.

Makes sense. I'll remove -userdb from the wiki article then. I put it in because phpbb users were showing up in the userdb file locally. I assumed as a sort of local caching of users.
User avatar
enrico123
Private First Class
Private First Class
Posts: 91
Joined: Tue Jul 14, 2009 10:49 am
Contact:

Re: Private Server Client Authentication

Post by enrico123 »

hmm, when i try and do my own Private server list the get tokens and the check tokens .etc work fine but when i do list servers it comes up blank, i changed my server setting, made sure there was no -q changed -publiclist to -publiclist http://maxhostpro.com/bb/bzfls.php, ive had a look at everything, any ideas why its not working?
"See a need fill a need"-(Bigweld from the movie "Robots")
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Private Server Client Authentication

Post by blast »

I don't see a reason for you to be running a list, enrico123, so I'm not as apt to help you with it. More so considering you can't even capitalize your I's.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
deliot
Private First Class
Private First Class
Posts: 31
Joined: Tue May 11, 2010 3:22 pm

Re: Private Server Client Authentication

Post by deliot »

enrico123 wrote:hmm, when i try and do my own Private server list the get tokens and the check tokens .etc work fine but when i do list servers it comes up blank, i changed my server setting, made sure there was no -q changed -publiclist to -publiclist http://maxhostpro.com/bb/bzfls.php, ive had a look at everything, any ideas why its not working?
Did you make sure the client is also using the private list server? I'm assuming YES since you got tokens.

EXAMPLE:
C:\BZFlag\bzflag.exe -list http:10.14.101.15/phpbb/bzfls.php -configdir c:\bzflag\config\
Or on the server site, did you do all of these settings:

EXAMPLE:
-public "My LAN BZFlag Server"
-publicaddr 10.14.101.15:5154
-p 5154
#-q
-publiclist http://10.14.101.15/phpbb/bzfls.php
including BOTH the -publiclist and -publicaddr settings as seen above?

Dan
Last edited by deliot on Tue Nov 09, 2010 7:14 pm, edited 1 time in total.
Post Reply