Camera cooldown for Comet Server

[ovflowd]

Upload to imgur, problem solved if you cannot afford to buy extra HDD space.

I personally wouldn't recommend that. In first aspect you're redirecting your entirely Camera "file database" to an external Image Provider, that in any time can change their API (way to access directly the images (changed already in this year)), and the Photos can simply being deleted or removed. Also this violates Imgur Terms of Use that strictly says to not use Imgur as a Hotlink provider. Other point it's that they can acuse you of uploading multiple photos or simply block your access.

Also that doesn't solve the real problem of the Camera Flood. What actually happens it's that the amount of external requests maybe can create lag in the emulator or maybe a big queue of requests. Anyways will create a lot of data in the Database.
Anyways, was comported that using this way of external hosting isn't good. (Proved by Leon's attempt of change the Habbo.swf way of how Camera works).. I don't know how Comet actually does camera, if continues using the way of Leon, that doesn't ever validate the input data, or if actually works with an third-party/external API to process the jSON data.
I really don't know a user that in real Habbo takes Camera Photograph in an interval of less 30secs. Either in Habbo Official Events users doesn't do that.

#ontopic Jonteh a little question to you, since i didn't understood correctly what is happening here (i don't have Comet Source code, and to much lazy to look it)... The checks that this Release injects, are in the process of Image Pre-Visualization? I mean when the API does the work of generating the Image? (Before confirm purchase)? Or it's this checks added before the Confirm Purchase?

I think an additional check that maybe will work it's the following task:
1. It's stored the last time of when a Photo was generated, in Yupi Emulator i was doing the job of two tables in Database the purchased images and the pre-rendered images, those two have a timestamp column. What i'm proposing: When you click to generate, a row is inserted in the Database with a timestamp (better than simple storing in the Emulator... (data loss prevention), and when the purchase it's confirmed a query to migrate from the RAW table to the "Purchased/Final" table happens. So you can check in generation time and purchasing time if the interval of generating/purchasing it's less than XX seconds. I think people can also do flood in the Purchase packet..
2. People never take photos with the exactly range of bits/jSON values. You can do a check in the pre-generation (depending how Comet does the generation of time image) to check if the Image/Bits/jSON it's exactly equal of the previously. Don't really need check the entirely jSON but only the Root Squares (Root Items in case of jSON), or the first amount set of bytes in case of non-jSON generation. If the image is exactly equal in those aspects, something is wrong. People can also try to flood only by clicking multiple times the button. This check will store the first generated image in the RAW table, but ignore the consequent requests. And if in sometime the purchase it's confirmed, simply do the query that moves the row in the "purchased/final" table. You also can create a procedure in the Emulator to every boot or shutdown erase the RAW table.

Sorry of my bad english, but this was my idea. If you're in trouble to understand what i says, please tell me, i really want to give some points or ideas.

#ontopic2
Good release, i think Comet it's a great emulator (for the actual emulators) and some fixes are good to be released. I remember that the emulator with biggest amount of released fixes was Swift Emulator.

#offtopic2 The General, Jonten didn't was rude when said Arcturus isn't the best solution for now. But Arcturus in my opinion is under development and it' only maintained by you. Comet it's used a lot more time and a ton of bugs was already reported by the community. So Comet it's more ready for the Community since had a big help by the community (ideas/bugs/suggestions)...

Thanks!

 

[Jonteh]

I am not going to quote you but I'll try my best to answer you.

The API does the work in one foul swoop. You press purchase (which is formerly the Preview button) and it generates the image and adds it to your account.

It's not a complete replica of Habbo, if that's what you're asking. It is some sort of workaround (idk, I didn't code it.)

I get what you're saying, I think if there is many users on the hotel I develop for having issues or problems with this solution, I would look at comparing images in several different ways to ensure it doesn't create replicas. This was just the easiest and first way that came to mind.

And yea, we store timestamp for the photo in the database as well. I just didnt want to have to fetch it and compare it, as performing a query or a loop through the users inventory is more taxing then a simple timestamp.

Thx man :~)

 

[ovflowd]

Agree with you. If Comet was using ORM technique, we could say that entirely Data Models (Database content) are inside the Emulator. So will likely access it in the memory. But i think Comet doesn't do that, since you answered "access through queries".

Yes will be bad querying the database many times.
But we can confirm that this type of "attack" it' like how RUDY DoS attacks works. Using "Forms" (in this case the Camera) to abuse the server.

One last question, does Comet filter the Packets? I mean:
1. Comet check if it's a valid Habbo Packet? And if not immediately closes connection?
2. Comet checks if is an CORS Policy Request (the famous XML of the begin of the conversation between client / emulator) or if the Packet it's an Handshake? In Yupi we check if the first packet of an Active Endpoint Connection it's the CORS, and if the second it's the Crypto Handshake..
3. Comet detects if the sent Packet it's corrupted? (Data loss and Damage prevention) (Also Emulator Crash prevention).. RUDY uses that....
4. I saw Comet does check of Active User Connection.. So in terms Comet it's clean for Injections? Azure wasn't.. Plus also... Idk if Yupi is.

Thanks!

 

[Jonteh]

Agree with you. If Comet was using ORM technique, we could say that entirely Data Models (Database content) are inside the Emulator. So will likely access it in the memory. But i think Comet doesn't do that, since you answered "access through queries".

Yes will be bad querying the database many times.
But we can confirm that this type of "attack" it' like how RUDY DoS attacks works. Using "Forms" (in this case the Camera) to abuse the server.

One last question, does Comet filter the Packets? I mean:
1. Comet check if it's a valid Habbo Packet? And if not immediately closes connection?
2. Comet checks if is an CORS Policy Request (the famous XML of the begin of the conversation between client / emulator) or if the Packet it's an Handshake? In Yupi we check if the first packet of an Active Endpoint Connection it's the CORS, and if the second it's the Crypto Handshake..
3. Comet detects if the sent Packet it's corrupted? (Data loss and Damage prevention) (Also Emulator Crash prevention).. RUDY uses that....
4. I saw Comet does check of Active User Connection.. So in terms Comet it's clean for Injections? Azure wasn't.. Plus also... Idk if Yupi is.

Thanks!

Idk how Comet filters packets, I haven't looked at how it handles packets, we have had no scripting or attacks so far, and many large hotels use this server.

The users inventory is stored in memory and photos are considered items, though I would still have to do a loop through that data to check for duplicates or timestamps. I could either do that or a query to get the data required. Just don't think there is much of a point.

 

[Luis Bello]

You can download the source from my file archive:

You must be registered to see links

Can you please share the whole swf pack of comet, i only have the habbo.swf. Thanks

and how i run it? i dont find the bat file.

 

[Jonteh]

Can you please share the whole swf pack of comet, i only have the habbo.swf. Thanks

and how i run it? i dont find the bat file.

You can run it with this command in command prompt, providing you are cd'd to the correct directory:

java -jar -Dfile.encoding=UTF8 Comet-Server-1.4.2-ALPHA2.jar

Modify Comet-Server-1.4.2-ALPHA2 to your version. Dfile.encoding=UTF8 allows non-english characters to be used in client. I also can't provide a full SWF pack, however, a PlusEmu SWF pack with the Habbo.swf for Comet Server will work fine.

Feel free to hotlink from epichotel.net.

 

[Konquer]

Since people are throwing in their suggestions as to how this should have been made differently, I'll add another one.

Having a 30 second cooldown between every single picture might get annoying if you want to take one or two more because the first one didn't turn out as you wanted it to. A possible solution could be to only allow users to take x amount of pictures every x sesonds. This way they can still take a few photos quickly after each other, but not spam the system completely.

Nice release anyhows, definitely gets the job done.

 

[Jonteh]

Since people are throwing in their suggestions as to how this should have been made differently, I'll add another one.

Having a 30 second cooldown between every single picture might get annoying if you want to take one or two more because the first one didn't turn out as you wanted it to. A possible solution could be to only allow users to take x amount of pictures every x sesonds. This way they can still take a few photos quickly after each other, but not spam the system completely.

Nice release anyhows, definitely gets the job done.

That's a good idea, x photos per x seconds would be just as easy to accomplish. And you raise a good point, people may want to try out different filters etc in quick succession.

I may release another quick code edit later on for that. Thanks!

 

[The General]

Honestly I think the way you changed it has a negative effect on the usability however I do understand that you not want to code the camera image generator itself and use this as a workaround.

If you are smart you just generate a hash on the requested image and then checks if it already exists. Return that image if it does.

 

[Jonteh]

Honestly I think the way you changed it has a negative effect on the usability however I do understand that you not want to code the camera image generator itself and use this as a workaround.

If you are smart you just generate a hash on the requested image and then checks if it already exists. Return that image if it does.

I already thought of using hashes, which Quackster and I discussed before. Reading is good for the mind

 

[ElMayor]

That's a good idea, x photos per x seconds would be just as easy to accomplish. And you raise a good point, people may want to try out different filters etc in quick succession.

I may release another quick code edit later on for that. Thanks!

got an error: "'java' is not recognized as an internal or external command,operable program or batch file."

nvm i had to install java lol.

 

[Jonteh]

got an error: "'java' is not recognized as an internal or external command,operable program or batch file."

nvm i had to install java lol.

Because your PATH probably was not set up properly. Programs like CCleaner like to rid the PATH of any custom environment variables, so refrain from running those on your server if you want to maintain an easy setup.

 

[N0tis]

It would be awesome if you actually released the camera files because (almost) no one has this version of Comet. 1.3.1 is the one thats released and it doesn't have the Camera files in it.