Author Topic: 2020/05/20 - Blockland r2023-r2031  (Read 17192 times)

Seems like I can't join my passworded server on 2026, it does not even appear orange on the list. Is there something other than $Pref::Server::Password to set now?

Also, this page: https://blockland.us/steam-dToken.php has a link to a 404 from the old steam convert page.

Badspot

  • Administrator
Only the first line of the server list shows up, and this one line flickers between different server/owner names while the server list is being populated, but remains on one when it's done populating. I know this snapshot shows addons on it, but trust me when I say it did the exact same thing after disabling any and all addons that could modify the server list, including but not limited to JSGUI+ and Glass.

Sorry for taking so long to respond, by the way.

https://i.imgur.com/HKH1cl0.png

You have to actually remove the add-ons that have client side scripts, there's no way to disable them.  I'm pretty sure.

I'm gonna have to rename my own gui to defend it against old add-ons.

i have two accounts bought through amazon
and another account that i have no idea what email i bought under all i have are the keys and the amazon account, will this be accounted for?
sry to repost this but will i be able to retrieve those accounts at some point?

Badspot

  • Administrator
let non-compromised users link to steam using their key, and let compromised users do so only from their locked IP.

Yes this is the obvious solution.  Do you understand the concept of linear time?  I cannot create everything simultaneously.  I can see you already have your key tied to steam.  This doesn't even effect you.  You're just being mad for other people.

Badspot

  • Administrator
sry to repost this but will i be able to retrieve those accounts at some point?

Sure, just give me a minute here.  I've gotta rename all of my own guis and functions to prevent add-ons from breaking them. 


>Yes this is the obvious solution.
So why steam and not e-mail?

>I can see you already have your key tied to steam.  This doesn't even affect you.  You're just being mad for other people.
I don't like steam.

Names.

Badspot

  • Administrator
i am sort of stumped about how you go about checking whether a user is legitimate or not now that authQuery.php is gone completely.
In what context?  A web page?

honestly i just don't see any reason for authQuery.php to be removed at all, it was working fine a few hours ago even with the new steam auth implemented.
There is a similar page on the new master server, but it uses login tokens.  One issue with the old IP based system is that anyone who had their TCP and UDP traffic routed differently would be unable to play the game because their web traffic and game traffic would come from different IPs. 

I've attempted to set my dedi up on my account "Elega" using the token system you provided but I keep getting this error:

"Posting to master failed: No steamID found for provided dToken/blid pair"



I hope I'm not just misunderstanding how I'm suppose to be implementing this token. I put it in the dedi.bat file.

Badspot

  • Administrator
So why steam and not e-mail?
2 factor.  Support.  It automatically works for new users without them receiving and typing in a key (a major sticking point believe it or not). 

I don't like steam.
Ok.

You have to actually remove the add-ons that have client side scripts, there's no way to disable them.  I'm pretty sure.

I'm gonna have to rename my own gui to defend it against old add-ons.

By disabled, I meant I removed them completely from the folder temporarily using cut and pasted it into a random desktop folder

Badspot

  • Administrator
I've attempted to set my dedi up on my account "Elega" using the token system you provided but I keep getting this error:

"Posting to master failed: No steamID found for provided dToken/blid pair"



I hope I'm not just misunderstanding how I'm suppose to be implementing this token. I put it in the dedi.bat file.

You're missing the profile path argument.  -profilePath ends up eating -dtoken

In what context?  A web page?
Really just any context outside of server joining. The token system is fine and does fix some issues, but in order to validate users for outside services (such as blockland glass) we need an endpoint that lets us check if a steamID owns a certain BL_ID, at the very least. Without this logging in with steam's openID doesn't do anything for us.

Edit: On a side note, you could probably dedicate more space to the 'Admin' and 'Gamemode' columns in the new join server gui. Server names are still clamped to a relatively small size, so there isn't any reason to not leave more ample room for long host or gamemode names.
« Last Edit: May 20, 2020, 12:20:09 PM by Pecon »

Names

2 factor.  Support.  It automatically works for new users without them receiving and typing in a key (a major sticking point believe it or not). 
Ok.

Ok, so don't totally remove steam support. Obviously. Why remove non-steam support and rework the entire auth system? All compromised users were of course key users, so it's not like it would be extra work to recover their keys through two platforms.

You're missing the profile path argument.  -profilePath ends up eating -dtoken

Ah, thanks.

Was setting bl_id on the client removed on purpose? I think most people used getBLID() but it might break some add-ons.

I think more room is needed for server admin names as well:

Maybe the "Pass" field could be removed completely and we can just know by the orange colors?