¤ The Complete PW Package ¤

[343]

So after searching around. i have come up empty handed. When i try to access pwAdmin from the host, apache tomcat blocks me out. is there a way to access the pwAdmin without being on the same IP as the server .-.

--
More detailed: when i goto access pwAdmin while the host server is running it brings me to an apache error page that looks like this (

You must be registered to see links

) basically what i understand is that error 403 is basically telling me that apache tomcat is blocking all "foreign IP's" from accessing this page or something along those lines. Is there a way to allow my IP into apache so i can access pwAdmin?

Yep, add your (specific) IP to the list of allowed IP's. By default the package only accepts connections to pwAdmin from either 127.0.0.1 or a LAN address. This can be found in context.xml (in meta-inf) within the pwAdmin directory (same for iweb if you want to use it ). More specifically you're going to be editing the following line, edit as follows:

from:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" allow="127.*.*.*,10.*.*.*,192.*.*.*,172.*.*.*" />

to:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" allow="127.*.*.*,10.*.*.*,192.*.*.*,172.*.*.*,x.x.x.x" />

Where x.x.x.x == the WAN IP you want to permit/allow access...



You may also want to edit the .htaccess in /opt/lampp/htdocs/admin/ to allow connections from your IP as well.

Just add x.x.x.x (your IP) under the line "allow from 172.0.0.0/255.0.0.0" (add "allow from x.x.x.x")

 

[Fluzzy]

Yep, add your (specific) IP to the list of allowed IP's. By default the package only accepts connections to pwAdmin from either 127.0.0.1 or a LAN address. This can be found in context.xml (in meta-inf) within the pwAdmin directory (same for iweb if you want to use it ). More specifically you're going to be editing the following line, edit as follows:

from:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" allow="127.*.*.*,10.*.*.*,192.*.*.*,172.*.*.*" />

to:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="*" allow="127.*.*.*,10.*.*.*,192.*.*.*,172.*.*.*,x.x.x.x" />

Where x.x.x.x == the WAN IP you want to permit/allow access...



You may also want to edit the .htaccess in /opt/lampp/htdocs/admin/ to allow connections from your IP as well.

Just add x.x.x.x (your IP) under the line "allow from 172.0.0.0/255.0.0.0" (add "allow from x.x.x.x")

Thank you again 343, dont know what i would do without the help.

 

[whitewof]

I just wanted to state as far as my question about new quests and what not the problem was I didn't copy the right elements.data to the client so the client was not showing them as actually being there.
343
I know I asked this but I did try and search but did not find anything. Is it possible to update your 1.3.6 version to 1.3.8 and are there tools on your dev disc that allows for development of that version? I figured I would ask before wasting my time in trying to get a 1.3.8 client.

 

[Fluzzy]

I just wanted to state as far as my question about new quests and what not the problem was I didn't copy the right elements.data to the client so the client was not showing them as actually being there.
@343
I know I asked this but I did try and search but did not find anything. Is it possible to update your 1.3.6 version to 1.3.8 and are there tools on your dev disc that allows for development of that version? I figured I would ask before wasting my time in trying to get a 1.3.8 client.

Well as stated before i believe in this thread, the "1.3.6 version" of pw in this release is actuall 1.3.1 using a 1.3.6 client, tho im not sure of the differences between those two versions i am not sure you can update i could be wrong.

I am currently having an issue tho with the pwAdmin, everytime i go to load a template for the classes (so i can set their spawn and stuff of that nature) i get a load template error or something like that. Link to a picture:

You must be registered to see links

and xml mode does not load for me .-.

 

[343]

No, do not update to 138 (well, I've never tried, see no point) - try at your own risk...

Well as stated before i believe in this thread, the "1.3.6 version" of pw in this release is actuall 1.3.1 using a 1.3.6 client, tho im not sure of the differences between those two versions i am not sure you can update i could be wrong.

I am currently having an issue tho with the pwAdmin, everytime i go to load a template for the classes (so i can set their spawn and stuff of that nature) i get a load template error or something like that. Link to a picture:

You must be registered to see links

and xml mode does not load for me .-.

I didn't even bother looking at the error SS to be honest. You cannot edit them until after you've logged in as them

 

[Fluzzy]

No, do not update to 138 (well, I've never tried, see no point) - try at your own risk...



I didn't even bother looking at the error SS to be honest. You cannot edit them until after you've logged in as them

Unless I am being completely dumb at the moment (probably am anyway but moving on) it still does not load the templates and i have logged in as each class .-. the error im getting is "Loading Character Data Failed" when trying to load it, I have tried with and without the server on. so i am at a loss with that, I still have yet to try a different pwAdmin that i find from forums here but im not sure its a problem with pwAdmin itself.

 

[AngryVix]

Hey 343, what are your thoughts on a situation like this:

Say you want to have a "beta" PW server where some users register and play some time, get and use cubis, test for bugs, etc. Then some time later you want to launch the "release" PW server (on the same physical server), from scratch, but want to only preserve the registered accounts and nothing else (so those users don't have to register again), without any of the former characters, cubis, gold, etc. Only the blank accounts.

How would you approach this?

I have some ideas that i think might probably work but wanted to know your input as well

Thanks

 

[343]

Simple - delete the gameDB

 

[AngryVix]

That was one of my options, but wouldn't that delete the accounts as well?
I'm having a little trouble figuring out what-gets-placed-where in regards to the accessible Mysql database and the gameDB "balck box" database.
I believed that the gameDB had ALL the info (accounts, chars, inventory, whatever) and the Mysql one was just a "mirror" of what is accessible to us of that "black box" just to make it easier to navigate through that info.
Am i wrong with this assumption? because if i delete the gameDB then im left to believe that the account information is only stored on the Mysql DB, right?

 

[Fluzzy]

That was one of my options, but wouldn't that delete the accounts as well?
I'm having a little trouble figuring out what-gets-placed-where in regards to the accessible Mysql database and the gameDB "balck box" database.
I believed that the gameDB had ALL the info (accounts, chars, inventory, whatever) and the Mysql one was just a "mirror" of what is accessible to us of that "black box" just to make it easier to navigate through that info.
Am i wrong with this assumption? because if i delete the gameDB then im left to believe that the account information is only stored on the Mysql DB, right?

From what i understand, the authd is what stores the accounts.

 

[AngryVix]

Ohh ok, that makes sense.
What about the cubis each account has? is this stored in the gameDB or with the account information?

 

[Fluzzy]

I am going to go on a limb and say yes it is. However i cannot verify that currently.

 

[AngryVix]

Ok great thanks.
Lets wait for 343, see if he can shed some light on this.

 

[343]

The MySQL DB does not contain anything pertinent to the game data. The MySQL DB contains user accounts, almost exclusively. Account ID, username, password, and some other non pertinent data (such as create time, email address etc). It also contains the functions necessary to operate the DB, and say, a registration page (IE the procedure ADDUSER). The MySQL DB can (may) also contain SOME character data, but this is limited to data we've intentionally "extracted" (from the GameDB) to be used for "website" purposes. IE: the table "uwebplayers" and "roles" contains certain (character) data for use in/with pwAdmin or a web-page for "ranking" info.

The GameDB contains EVERYTHING else, characters, their names, inventories, XML etc - EVERYTHING about them (down to their location and quests they've done)!

Now, the way "gold" or "cubi" works is, upon first getting "gold" or "cubi" that data is entered into MySQL (IE, say you "addgold" from pwAdmin). This info FIRST goes into the MySQL DB, but then at specified intervals is 'transferred' into the GameDB data. This is the reason your "gold" or "cubi" isn't "INSTANTLY" there after adding it. I don't know if you can even control the interval when this 'transfer' happens, at least I have not located it to date... But, when you first acquire your "gold" or "cubi" it will go into the MySQL DB table => usecashnow, all the entries you see sitting in "usecashnow" are "gold" or "cubi" /about/ to be transferred into a characters account (actually "sent to their toons" in the GameDB). Once this 'transaction' is complete the data can be found in "usecashlog". So, that being said, any actual "gold" or "cubi" the "account" has cannot be controlled through MySQL, other than adding (never tried it but you may be able to add a NEGATIVE amount to take away "gold"/"cubi"). But once the 'transaction' has left MySQL "usecashnow" that information is actually in the gameDB, and there's only a "log" of it in "usecashlog".

That being said, at least to an extent, the two DB's work in tandem. If you start with both empty, or delete BOTH - obviously you'll have a "clean" server. That is, NO accounts, NO characters, etc... NO data... Now, as you run a server (no matter what kind, public or not) the two DBs become populated together. IE: The first account you create gets assigned the account ID 1024, the first toon created (on said account) gets assigned the toon ID 1024. So, what happens if you delete ONE DB and NOT the other??? Well, if you delete the MySQL DB and NOT the GameDB, when you start with a fresh MySQL DB, there will be no accounts (you just wiped them all by clearing the MySQL DB), but, when the first person/account signs up - ID 1024, there will already be a character with that ID (assuming one was made in the first place - any preexisting toons will still be there after a MySQL wipe), so whoever creates that account, gets that toon(s), and everything about it (money, gold/cubi etc)... How about the other way around: lets say you delete the GameDB and NOT the MySQL DB, well now you've cleared out all game data, but all the accounts that were previously made will still be there. So if account 1024 signs in, he'll sign in to having NO toons, and will have to start from scratch (character creation).

So:
Delete both - like starting all over with a completely new/blank server, no accounts - no toons/money
Delete MySQL - no accounts, YES toons/money
Delete GameDB - YES accounts, no toons/money



So, for your case/idea of running a "beta" server, then wiping all data except accounts when you move into "production" is completely possible and actually quite simple. You simply create the new/fresh server and launch it in your "beta" phase. You can be very liberal with your "beta" phase (as they normally are) such as passing out tons of free poop. Then when you want to move into the "production" phase simply delete the GameDB (and uniquenamed DB). Of course you need to be clear on this intent to your player-base or you will almost be guaranteed to wind up with a LOT of pissed off people, and probably lose quite a few too. So, make sure to be open about it @ launch! Something along the lines of "BETA" and a full disclosure that when the server moves into "production" phase EVERYTHING WILL BE WIPED. I'd even broadcast exactly that ON the sign up page! Then of course warn again before actually doing it! I'd say at least a week or two in advance (as not everyone can play every day). In game auto announce would be most suited as even if you run a forum, there are MANY players out there who actually PLAY games rather than waste their time in a forum! (I know I'm one of em)! Then, whenever you say you're going to do it, DO IT. Just make sure that you never do it again once you make claims to have left said "beta" phase (for "production" phase)!

 

[cosminx13]

Hello , is there any way to host a 1.2.6 server ?

 

[343]

Hello , is there any way to host a 1.2.6 server ?

That's what the server used to be (for "v136"), we used 126/136. However it has since been silently updated and is now v131 (v7 -vs- v10 elements) 131/136.

 

[AngryVix]

Thanks for your extremely detailed and helpful reply 343, really appreciated!
Now everything is much clear on how things work.

The only question that i have now is: If the accounts are solely managed in the MySql DB (like as you mentioned, if i delete the gameDB the accounts still exists in the Mysql one) then how does autentication work? I mean when the player tries to log in, does the authentication only check with the Mysql DB?
Im asking this mostly because i noticed that the way to store passwords is to encrypt them with MD5, which is not the most secure way to do this kind of things nowadays.
If i change the way the password is stored (eg: another encryption algorithm, or a salt-hash method) where is the part that handles the authentication with this data? Or is the client already expecting it to be handled that way (login+pwd MD5)?


Now going into another topic: your suggestions about the beta (thanks for that as well) regarding notifiing the players about the wiping and all, made me remember about this thread that i posted to a couple of days ago: https://forum.ragezone.com/f756/welcomemessage-1017723/
So i thought it would be nice to mention this info to the players also via the login chat message that im having trouble with in that thread. If you can give me some input on that as well, i would really appreciate it!

Thanks

 

[Fluzzy]

Authentication happens in the authentication daemon (authd)

 

[343]

Authentication happens in the authentication daemon (authd)

^this^

You're not changing the HASHING (coughnotencryptioncough) method without changing the AUTHD too. Of course you could put (register with) whatever you want in the DB, but unless you rewrite AUTHD too - this would not work! That being said md5 is the only one "out there". There are a few variants but all are md5 of the login+password. These are all the ones I've seen for PW (different AUTHD's), note they're all MD5 (first set, which this release is, - MD5 of login+pass in ascii/binary ; second one - MD5 of login+pass in HEX representation ; third one - same thing as second one with an added "0x" in front ; fourth set - MD5 of login+pass encoded in base64).

"0x".md5($Login.$Pass) = "ëg@”}ßHªàÁ,Æñp"
md5($Login.$Pass, TRUE) = "ëg@”}ßHªàÁ,Æñp"

md5($Login.$Pass) = "eb186740947ddf48aae0c12cc6f11170"

'0x'.md5($Login.$Pass) = "0xeb186740947ddf48aae0c12cc6f11170"

base64_encode(md5($Login.$Pass, true)) = "6xhnQJR930iq4MEsxvERcA=="
base64_encode(md5($Login.$Pass)) = "6xhnQJR930iq4MEsxvERcA=="

So the basic answer to your question, "no", you're not going to be able to use anything different than md5! It may not be the best method, it may be heavily "dated", but bear in mind, * SO is this game *! That being said, it's "just a game" so "security" is NOT of my top concerns anyway (it's not like you're running an online BANK or something)!

 

[AngryVix]

Wow, with most people calling encryption to any form of alteration, i must have read "MD5 encryption" somewhere and never actually checked whether it actually was an encryption mechanism and unintentionally jumped on the same wagon. I can imagine your pain while reading my post
Yeah, i know its actualy not that important given that it is a game, but just wanted to ask out of curiosity.
I would have probably left it like that anyways :laugh:

Anyhow, thanks very much for the explanation and all your help 343. You da real mvp!