Skip to content

Instantly share code, notes, and snippets.

@PEMapModder
Last active March 13, 2016 11:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save PEMapModder/5a79c280a399b6398783 to your computer and use it in GitHub Desktop.
Save PEMapModder/5a79c280a399b6398783 to your computer and use it in GitHub Desktop.

Before player logs in, player visits a website or tells the app to notify the database that he is going to join this server. Database logs his IP address.

When player joins the server:

  • Server opens a TCP client-socket to the database server-socket.
  • Server sends a string that identifies which server the data are from.
  • If identified, database responds with a secret token (secret between database and that specific server) that confirms that the database is valid.
  • If server finds the token correct, it sends a batch of username and other relevant information of the player (e.g. IP address) to the database, using the JSON syntax.
  • Database responds with a line like this:
    • If player is using the correct IP address and enables IP auth: SUCCESS <message to send to player>. Server should send the message as-is.
    • If player is disables IP auth: NEEDPASS <message to send to player>. Server should send the message as-is. Then, server should wait for client to send a temp token.
      • After player enters a temp token, server forwards the token to database: PASS <temp token>. Server should satinize the temp token to make sure that it does not contain \n (security vulnerability).
    • If player is not registered: NOTFOUND.
      • If server forces the player to register first, kick the player with a message: Join server at example.com port 19132 to register your account.
      • If server doesn't force the player to register first, do nothing.

Lines are delimited with the \n byte.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment