Steam-fællesskab :: ARK Join Control

Butiksside

ARK: Survival Evolved

Alt Diskussioner Skærmbilleder Illustrationer Broadcasts Videoer Værksted Nyheder Guider Anmeldelser

ARK: Survival Evolved > Værksted > Billy Boolas værksted > ARK Join Control > Diskussioner

ARK Join Control

Beskrivelse Diskussioner1 Kommentarer93 Ændringsbemærkninger

Vil du gerne deltage i diskussionen? Du skal logge ind eller oprette en konto.

Dato opslået: 17. juni 2017 kl. 22:29

Indlæg: 7

Start en ny diskussion

Diskussionsregler og retningslinjer

Denne tråd er blevet fastgjort, så den er sikkert vigtig

Billy Boola [udvikler] 17. juni 2017 kl. 22:29

Example PHP code for JoinControl

This code assumes a MYSQL database with a Table named 'player' and columns 'steam_id' and 'allowed'

<?php if ($_GET["steam_id"]) { } else { http_response_code(404); die("Bad Input"); } // get the HTTP method, path and body of the request $method = $_SERVER['REQUEST_METHOD']; // connect to the mysql database $link = mysqli_connect('localhost', 'user', 'pass', 'dbname'); mysqli_set_charset($link,'utf8'); // create SQL $sql = "SELECT `steam_id`, `allowed` FROM `player` WHERE steam_id='".$_GET["steam_id"]."' "; // excecute SQL statement $result = mysqli_query($link,$sql); // die if SQL statement failed if (!$result) { http_response_code(404); die(mysqli_error()); } // print results if ($method == 'GET') { if (mysqli_num_rows($result) == 0) { echo ('{"steam_id":"' . $_GET["steam_id"] . '","allowed":"0"}'); } else { echo ($i>0?',':'').json_encode(mysqli_fetch_object($result)); } } // close mysql connection mysqli_close($link);

Sidst redigeret af Billy Boola; 17. juni 2017 kl. 22:31

< >

Viser 1-7 af 7 kommentarer

Toooni

22. juni 2017 kl. 1:58

I recommend doing it with pdo. The above code is old/unsecure.

<?php
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8mb4', 'username', 'password');

Billy Boola [udvikler] 22. juni 2017 kl. 2:09

It would be old, I havn't used any PHP in years, but as an example it works. I chose PHP as an example simply because it is so easy to setup PHP and MYSQL on any Linux server. But of course you could use any language and DB, or even a text file in place of the DB.

Toooni

14. juli 2017 kl. 5:41

Oprindeligt skrevet af Anu Zababa:
It would be old, I havn't used any PHP in years, but as an example it works. I chose PHP as an example simply because it is so easy to setup PHP and MYSQL on any Linux server. But of course you could use any language and DB, or even a text file in place of the DB.

What i posted above is php code to connect to your DB.
The code you used (mysqli) is unsecure. mysqli is deprecated.

Unknown

14. juli 2017 kl. 13:42

He's right. Your code is injectable. I wouldn't provide this as an example. Anyone who uses this is begging to have some random 12 year old script kiddie hijack their website.

P.S. Injection prevention has been a thing since GET variables were created. Your code is not the product of being away for a few years, it's the product of being extremely green to scripting and not knowing the risks and dangers out there.

Sidst redigeret af Unknown; 14. juli 2017 kl. 13:44

Billy Boola [udvikler] 14. juli 2017 kl. 14:33

Bummer, so I don't know ♥♥♥♥ about PHP and some script kiddie is going to inject SQL into a web server they do not know the address of? This is the internet after all :)

Will this allow them to send a JSON response back to the ark server? I don't know the answer to that, maybe you do?

And as I said before, use Python or Ruby or some monks in a monastery in Hungry tapping out the JSON in morse code. This mod does not require that you use PHP.

It does not care how you receive and process the request, the web server (can and should be for performance be at 127.0.0.1) address is not needed by the clients who are connecting. It is all handled on the ark server, not the ark client. So unless it is an inside job I don't see how they can even begin to inject their SQL.

Finally, you do not need to use any database, no need for SQL, all your web server needs to to is return to the server the appropriate JSON

If you have more feedback please let me know, not just for my education but for any one else who reads these posts when setting up the mod fore them selves.

Cheers,

Sidst redigeret af Billy Boola; 15. juli 2017 kl. 13:37

Toooni

19. juli 2017 kl. 8:33

Here is a more secure version of your example:

<?php header('Content-Type: application/json'); if ($_GET["steam_id"]) { $steamid = $_GET["steam_id"]; } else { http_response_code(404); die("Bad Input"); } //Create DB connection $pdo = @new PDO('mysql:host=YOURDBHOST;dbname=DBNAME', 'DBUSER', 'DBPW'); //Check Player $statement = $pdo->prepare("SELECT steam_id, allowed FROM player WHERE steam_id = ? LIMIT 1"); $statement->execute(array($steamid)); $row = $statement->fetchAll(); //Json Response if ($row[0]['accepted'] == "1"){ echo ('{"steam_id":"'.$_GET["steam_id"].'","allowed":"1"}'); }else{ echo ('{"steam_id":"'.$_GET["steam_id"].'","allowed":"0", "kick":"You are not allowed to join this server"}'); } ?>

=FS=Kaliber har ARK: Survival Evolved

15. apr. 2022 kl. 0:16

change >> if ($row[0]['accepted'] == "1"){ << to >> if ($row[0]['allowed'] == "1"){ than it works ;)

< >

Viser 1-7 af 7 kommentarer

Per side: 1530 50

ARK: Survival Evolved

Rediger links

Rapporter dette indlæg