Securing Your Server Without Master Server Authentication

[Legacy_Sadira of Tyr]

               Thank you Funky.
               
               

               
            

[Legacy_FunkySwerve]

               Here's a sample modification of VerifyPlayernameAgainstCDKey that handles the Good Old Games public cd key:

int VerifyPlayernameAgainstCDKey(object oPlayer) {
    int nBoot = FALSE;
    string sUnencoded = GetPCPlayerName(oPlayer);
    string sPlayer = SQLEncodeSpecialChars(sUnencoded);
    string sKey = GetPCPublicCDKey(oPlayer);
    string sStoredKey, sAddingKey;
    string sSQL = "SELECT val, tag FROM pwdata WHERE name='PlayernameKey" + sPlayer + "'";
    object oMessenger = GetMessenger();
    SQLExecDirect(sSQL);

    /* there's at least one key stored already */

    if (SQLFetch() == SQL_SUCCESS) {
        sStoredKey = SQLGetData(1);
        sAddingKey = SQLGetData(2);

        /* they indicated that they wanted to add a key this login */

        if (sAddingKey == "Adding") {

            /* their current key is not in the key string, add it unless at 7 keys already */
            if (FindSubString(sStoredKey, sKey) == -1) {
                int nKeyLength = GetStringLength(sStoredKey);

                if (sKey == "Q7RREKF3") {

                    DelayCommand(19.0, FloatingTextStringOnCreature("WARNING! You are using a public cd key from GoG. Check your chat log for more information", oPlayer, FALSE));
                    DelayCommand(20.0, SendChatLogMessage(oPlayer, COLOR_RED +
                "We do not store the public key provided by Good Old Games, because it would allow anyone with that key to log in to your account. The key will not be added to your list of allowed cd keys." + COLOR_END, oMessenger));

                    /* must mark as no longer adding */
                    sSQL = "UPDATE pwdata SET tag='Set' WHERE name='PlayernameKey" + sPlayer + "'";
                    SQLExecDirect(sSQL);

                } else if (nKeyLength > 61) { /* allow 7 keys max key-key-key-key-key-key-key    6 spacers + 7x8 keys = 62 */
                    nBoot = TRUE;

                    /* must mark as no longer adding */
                    sSQL = "UPDATE pwdata SET tag='Set' WHERE name='PlayernameKey" + sPlayer + "'";
                    SQLExecDirect(sSQL);

                    /* add the key to the string */
                } else {
                    sSQL =
                        "UPDATE pwdata SET tag='Set',val='" + sStoredKey + "-" + sKey + "' WHERE name='PlayernameKey" + sPlayer +
                        "'";
                    SQLExecDirect(sSQL);
                    DelayCommand(25.0, FloatingTextStringOnCreature("New CD Key Successfully Added!", oPlayer, FALSE));
                }


                /* let them know they already had this key in their string */
            } else {
                DelayCommand(25.0,
                    FloatingTextStringOnCreature("CD Key Addition Failed! This key already listed for this account!", oPlayer,
                        FALSE));

                /* must mark as no longer adding */
                sSQL = "UPDATE pwdata SET tag='Set' WHERE name='PlayernameKey" + sPlayer + "'";
                SQLExecDirect(sSQL);
            }


            /* they are not adding, and the cd key doesnt match those listed - boot and log */
        } else if (FindSubString(sStoredKey, sKey) == -1) {
            string sReport = "INCORRECT CD KEY DETECTED! ID: " + sUnencoded + "; Name: " +
                GetName(oPlayer) + "; CD Key: " + sKey + "; IP: " + GetPCIPAddress(oPlayer) +
                ":" + IntToString(GetPCPort(oPlayer));

            WriteTimestampedLogEntry(sReport);
            SendMessageToAllDMs(sReport);
            SendMessageToPCDMs(sReport);
            SendMessageToPCAdmins(sReport);

            nBoot = TRUE;
        }


        /* new account, add the key */

    } else {
        if (sKey == "Q7RREKF3") {
            DelayCommand(19.0, FloatingTextStringOnCreature("WARNING! You are using a public cd key from GoG. Check your chat log for more information", oPlayer, FALSE));
            DelayCommand(19.5, SendChatLogMessage(oPlayer, COLOR_RED +
                "Everyone who buys a copy of NWN from Good Old Games gets the cd key you are using. This can cause many problems, including an inability to log in whenever anyone else is using the key. You should refer to our Installation Guide at http://wiki.hgweb.org/wiki/Installation_Guide for instrucitons on how to obtain a private cd key form GoG." + COLOR_END, oMessenger));
            DelayCommand(20.0, SendChatLogMessage(oPlayer, COLOR_RED +
                "We do not store the public key provided by Good Old Games, because it would allow anyone with that key to log in to your account. The key will not be added to your list of allowed cd keys, and anyone will be able to log in to your account, until you obtain a private key." + COLOR_END, oMessenger));
        } else {

            sSQL = "INSERT INTO pwdata (val,name) VALUES" + "('" + sKey + "','PlayernameKey" + sPlayer + "')";
            SQLExecDirect(sSQL);
        }
    }

    return nBoot;
}

Funky
               
               

               
            

[Legacy_slappy_the_ringthief]

               seems like a great system. I was just looking into this as I'm putting my server back up, after auth servers were closed.

Not to take anything away from this, but could a much simpler (but less robust) version simply write the cdkey onto the character persistently (nwnx2) and check using that and a much smaller script?

Just considering my options
               
               

               
            

[Legacy_Lightfoot8]

               

slappy_the_ringthief wrote...

seems like a great system. I was just looking into this as I'm putting my server back up, after auth servers were closed.

Not to take anything away from this, but could a much simpler (but less robust) version simply write the cdkey onto the character persistently (nwnx2) and check using that and a much smaller script?

Just considering my options

THat would only lock a   character to a CD key.    It would not secure a players vault(USER NAME)   to the player.  

So if slappy_the_ringthief  was playing a thief one day, you would not know if it was the same player playing slappy_the_ringthief  the fighter the next.
               
               

               
            

[Legacy_Squatting Monk]

               That's easy to get around, of course.

The benefit of this system, though, is that you can link multiple CD keys to a player, and allow the player to add new ones. I've cooked up a slimmer system that uses a custom table. No string manipulation required to parse results.
               
               

               
            

[Legacy_slappy_the_ringthief]

               

Lightfoot8 wrote...

slappy_the_ringthief wrote...

seems like a great system. I was just looking into this as I'm putting my server back up, after auth servers were closed.

Not to take anything away from this, but could a much simpler (but less robust) version simply write the cdkey onto the character persistently (nwnx2) and check using that and a much smaller script?

Just considering my options

THat would only lock a   character to a CD key.    It would not secure a players vault(USER NAME)   to the player.  

So if slappy_the_ringthief  was playing a thief one day, you would not know if it was the same player playing slappy_the_ringthief  the fighter the next.

True, I had not thought of it that way. My characters would be safe but not my identity
               
               

               
            

[Legacy_slappy_the_ringthief]

               What is the oMessenger stuff in the last one that doesn't compile? Am I dumb?
               
               

               

                     Modifié par slappy_the_ringthief, 18 décembre 2013 - 02:41 .
                     
                  

            

[Legacy_Squatting Monk]

               That's from SIMTools. You don't need to use that (or the SendChatLogMessage() function, which can be replaced with SendMessageToPC()). This is just an example of how Funky's server does it, not a canned one for other people's use.
               
               

               

                     Modifié par Squatting Monk, 18 décembre 2013 - 08:25 .
                     
                  

            

[Legacy_Vincent07]

               

I implemented this system some time ago, before the exception for the generic GoG key was put in.

 

I now have a problem where there are a few accounts with that key bound to them.

 

Will adding that final else segment let them log in, or is there a further alteration that will be needed so they can at least log in until they get a new key?  ie: I need it to purge the GoG key from their entry.

               
               

               
            

[Legacy_RustyNail]

               

Can anyone help me please, I am very Noob at scripting. And I am in the need of this script but I cant seem to get it to work properly.

 

if anyone is up to it I just need a script I can put in conversation with a NPC that's binds the cd key when they choose to answer yes.

 

I don't want the key to bind until they talk to the npc and do it manually, and multiple keys are not important since so few ppl will play my server.

 

 

Please please and thank you in advance for any help I can get

 

               
               

               
            

[Legacy_Wall3T]

               

hello

 

i was recently referred to this by my fellow server members, and it looks like others are still interested in implementing this into their servers as well.

 

id like to also know: how i can implement this into my server?

 

From what ive gathered:

 

You add the OnClientEnter script,

 

then create a conversation to an npc that allows the player to add there cd key?

 

is that all there is to it? im also running off a host server, using NWN DB