GESIOR 2012 - ideas, bug reports

Mogex · Oct 13, 2012

averatec said:
missing call to Account::setGroupId in createaccount.php

How to patch it so?

Samme · Oct 13, 2012

Gesior.pl said:
Added geolocation script. When people register it geolocates their IP and save in table `accounts`, column 'flag' [2 letters country code]. Geolocation takes around 0.0002 second [uses 38 files with information about IPs location, all together got 4MB, it loads one file for one geolocation]. No more stupid question 'where are you from?' and list of 200 countries.
Added 'flag' (image) to highscores.php, characters.php, whoisonline.php (method that doesn't use any extra query, not like popular old version.. [400 SQL queries per 1 highscore page])
Geolocation is in class 'Website', code:

PHP:

public static function getCountryCode($IP) { $a = explode(".",$IP); if($a[0] == 10) // IPs 10.0.0.0 - 10.255.255.255 = private network, so can't geolocate return ''; if($a[0] == 127) // IPs 127.0.0.0 - 127.255.255.255 = local network, so can't geolocate return ''; if($a[0] == 172 && ($a[1] >= 16 && $a[1] <= 31)) // IPs 172.16.0.0 - 172.31.255.255 = private network, so can't geolocate return ''; if($a[0] == 192 && $a[1] == 168) // IPs 192.168.0.0 - 192.168.255.255 = private network, so can't geolocate return ''; if($a[0] >= 224) // IPs over 224.0.0.0 are not assigned, so can't geolocate return ''; $longIP = $a[0] * 256 * 256 * 256 + $a[1] * 256 * 256 + $a[2] * 256 + $a[3]; // we need unsigned value $countries = unserialize(file_get_contents('cache/flags/flag' . bcdiv($longIP, 100000000, 0))); // load file $lastCountryCode = ''; foreach($countries as $fromLong => $countryCode) { if($fromLong > $longIP) break; $lastCountryCode = $countryCode; } return $lastCountryCode; }

Data (IPs location) prepared by script:

PHP:

$lines = file('GeoIPCountryWhois.csv'); $lastIP = 0; $lastCountry = ''; $fileC = -1; $data = array(); foreach ($lines as $line_num => $line) { $info = explode(",", $line, 6); $iIP = trim($info[2], '"'); $iC = trim($info[4], '"'); if(bcdiv($iIP, 100000000, 0) != $fileC) { $fileC = bcdiv($iIP, 100000000, 0); $data[$fileC][$lastIP] = $lastCountry; } $data[$fileC][$iIP] = strtolower($iC); $lastIP = $iIP; $lastCountry = strtolower($iC); } foreach($data as $i => $dat) { file_put_contents('flags/flag' . $i, serialize($dat)); }

Newest list of IPs location (that you must parse by script above and add to folder /cache/flags/ in acc. maker) you can get free:
MaxMind - GeoLite Databases | Free IP Geolocation Database
Get 'GeoLite Country' [not city] in '.csv' format (in .zip, unzip before you run PHP script).

Files updated!
.zip
http://ots.me/gesior/Gesior_2012_beta_0.3.6_2012_10_07.zip
file viewer
GESIOR 2012 ver. 1.0.0 BETA for 0.3.6

And what is the point of using the bcdiv function which is rare and there are newer (and better) functions that could be used in this case (and at the same would make the code alot shorter)?
By default, PHP is not configured with

Code:

--enable-bcmath

, so whats your point? Seems like you've found this somewhere in the internet and now you are trying to bring it back to life, lol.

Gesior.pl · Oct 13, 2012

Samme said:

there are newer (and better) functions that could be used in this case
...
By default, PHP is not configured with

Code:

--enable-bcmath[/CODE[/QUOTE]
Then tell me what function should I use to divide [B]unsigned 32bit number[/B] with precision up to '1'? You mean operations on string and not divide anything?
I found BCMath library few years ago when I tried to calculate some BIG numbers [and it was in XAMPP, no problems to install/enable it]  and about 2 years ago I had problem with values over 2 billions and 'int' in PHP, so this time I decided to use BCMath. I didn't know that it will be problem for anyone.
[QUOTE=http://www.php.net/manual/en/bc.requirements.php]Requirements
Since PHP 4.0.4, libbcmath is bundled with PHP. You don't need any external libraries for this extension.[/QUOTE]

[COLOR="silver"]- - - Updated - - -[/COLOR]

Fixed characters creation (bugs found on anderion.net).
Now new characters got 'save on' characters, not 'save off' and it copys items and skills.

Added:
[PHP]$reg_account->setGroupID(1);[/PHP]
in [B]createaccount.php[/B]
Thank you for report [B][I]averatec[/I][/B]

Geolocation script changed to:
[PHP]
	public static function getCountryCode($IP)
	{
		$a = explode(".",$IP);
		if($a[0] == 10) // IPs 10.0.0.0 - 10.255.255.255 = private network, so can't geolocate
			return '';
		if($a[0] == 127) // IPs 127.0.0.0 - 127.255.255.255 = local network, so can't geolocate
			return '';
		if($a[0] == 172 && ($a[1] >= 16 && $a[1] <= 31)) // IPs 172.16.0.0 - 172.31.255.255 = private network, so can't geolocate
			return '';
		if($a[0] == 192 && $a[1] == 168) // IPs 192.168.0.0 - 192.168.255.255 = private network, so can't geolocate
			return '';
		if($a[0] >= 224) // IPs over 224.0.0.0 are not assigned, so can't geolocate
			return '';
		$longIP = $a[0] * 256 * 256 * 256 + $a[1] * 256 * 256 + $a[2] * 256 + $a[3]; // we need unsigned value
		$countries = unserialize(file_get_contents('cache/flags/flag' . $a[0])); // load file
		$lastCountryCode = '';
		foreach($countries as $fromLong => $countryCode)
		{
			if($fromLong > $longIP)
				break;
			$lastCountryCode = $countryCode;
		}
		return $lastCountryCode;
	}[/PHP]
Genarator:
[PHP]
$lines = file('GeoIPCountryWhois.csv');
$lastIP = 0;
$lastCountry = '';
$fileC = -1;
$data = array();
foreach ($lines as $line_num => $line)
{
	$info = explode(",", $line, 6);
	$nIP = trim($info[0], '"'); // from IP human format
	$iIP = trim($info[2], '"'); // from IP long
	$iC = trim($info[4], '"'); // country code
	$startOfIP = explode('.', $nIP);
	if($startOfIP[0] != $fileC)
	{
		$fileC = $startOfIP[0];
		$data[$fileC][$lastIP] = $lastCountry;
	}
	$data[$fileC][$iIP] = strtolower($iC);
	$lastIP = $iIP;
	$lastCountry = strtolower($iC);

}
foreach($data as $i => $dat)
{
	file_put_contents('flags/flag' . $i, serialize($dat));
}
[/PHP]

[COLOR="silver"]- - - Updated - - -[/COLOR]

Added folder with changed files to make acc. maker work with TFS 0.4 without problems [salt in accounts table]:
http://gesior2012.ots.me/?dir=account+maker/trunk/TFS_0_4_rev_any

Added 'readme.txt' files on gesior2012.ots.me with instructions what/why/how change in acc. maker to install 'thing that is in this folder'.

Mogex · Oct 17, 2012

Won't be a admin panel for add news or shop items?
You said that shop admin is bugged, but you won't edit nothing more?Like Add news and some more things?

Gesior.pl · Oct 17, 2012

News - only admin can create new thread on forum on board 'News'. First post from these threads is visible on 'latestnews'. In first post on forum on board News you can use HTML (and BB code).
Creatures / Spells pages are not available, so there is no button to reload their info in admin panel.
In new shop script you can sell ONLY items and containers with items. Script to add items and containers you can find in 'LUA -> Talkactions':
http://otland.net/f81/add-items-sms-shop-116887/ (that link is also on page shopadmin.php in current acc. maker).

Evil Puncker · Oct 17, 2012

Gesior.pl said:
News - only admin can create new thread on forum on board 'News'. First post from these threads is visible on 'latestnews'. In first post on forum on board News you can use HTML (and BB code).
Creatures / Spells pages are not available, so there is no button to reload their info in admin panel.
In new shop script you can sell ONLY items and containers with items. Script to add items and containers you can find in 'LUA -> Talkactions':
http://otland.net/f81/add-items-sms-shop-116887/ (that link is also on page shopadmin.php in current acc. maker).

hows progress so far? what is still to be done? I want to use it!!!

:w00t:

StreamSide · Oct 17, 2012

PhoOwned said:
Then code it/share code and I will add to acc. maker.
I don't see any reason to waste few hours to make new shop when on 90% of otses admins dont even config item images. People don't care about how shop looks like, they just want good items and low prices. Want better shop? Offer someone (ME!) 10-20 euro and you will get it

// Gesior.pl

Mmm... something i learned over time is that you catch more attention with something attractive than with something ugly so i can pay 10-20 EUR for that ShopSys code BUT when you release this project and have more free time

And also i will think on release it (new shop sys)
Good job Gesior, waiting for the new release.

bok · Oct 18, 2012

'll have to use the old pages in this new website?

angelobodj · Oct 18, 2012

bok said:
'll have to use the old pages in this new website?

What do you mean with "the old pages"???

bok · Oct 19, 2012

angelobodj said:
What do you mean with "the old pages"???

he made the first AAC?

angelobodj · Oct 19, 2012

bok said:
he made the first AAC?

Gesior made Gesior AAC

but you will be able to use this version (1.0.0) when it is released.

Gesior.pl · Oct 19, 2012

@bok
Pages from old acc will work in new, but in new acc. maker all pages are updated/fixed/checked [sql injection]. Better use new scripts.
Post old custom scripts in this thread, I will check them and add to new acc. maker.

- - - Updated - - -
1. Ufff.. Done! After 2 hours [553.000 bytes/letters of code checked!] I did escape (htmlspecialchars, urlencode) all variables in acc. maker that could be used in XSS [CSS] attack on server website.
After that big edit all 'player name', 'guild name', 'guild rank name' and variables 'from website user' should show 'safe', so even if player has name <script>alert(1);</script> it shouldn't execute JavaScript code at any page.

2. Powergamers and Online Time ready:
http://anderion.net/?subtopic=powergamers
http://anderion.net/?subtopic=onlinetime

3. Direct access to all .php files blocked:
in classes:

PHP:

<?php
if(!isset($GLOBALS['initialized']))
	exit;

in pages and layout:

PHP:

<?php
if(!isset($initialized))
	exit;

4. Whoisonline modified
http://anderion.net/?subtopic=whoisonline&world=0
Now it uses image from private-servlist.com, not otslist.eu.

5. Updated files:
http://gesior2012.ots.me/?dir=account+maker/trunk

Evil Puncker · Oct 20, 2012

hey gesior don't make it display bbcodes on the "small description" here

Forum - Anderion

Gesior.pl · Oct 20, 2012

Powergamers and Online Time pages fixed (missed ) after htmlspecialchars(

).
Forum 'first 50 letters of post' fixed:
Forum - Anderion

Now I'm waiting for Amoaz XSS attack to get report 'is site safe'.

sn3ejk · Oct 20, 2012

For "geolocation" you should use external server with always current data - of course this is only my humble opinion.
Example of script (of course, you should implement cache system, or save it somewhere):

PHP:

<?php
	$response = file_get_contents("http://api.hostip.info/get_json.php?ip=74.122.197.102");
	if (!$response)
		return "UN" /*Unknown*/;
		
	return json_decode($response)->country_code;
?>

Gesior.pl · Oct 20, 2012

sn4ake said:
For "geolocation" you should use external server with always current data - of course this is only my humble opinion.
Example of script (of course, you should implement cache system, or save it somewhere):

PHP:

<?php $response = file_get_contents("http://api.hostip.info/get_json.php?ip=74.122.197.102"); if (!$response) return "UN" /*Unknown*/; return json_decode($response)->country_code; ?>

I could also load images of items from my server (ots.me), not tell people to download them in .zip to their dedics, but I don't trust external services. If it goes offline someday/get ddosed all acc. maker users on all OTSes will get 1-5 seconds [server config] load time of ots website [PHP waits for answer from hostip.info].

What if someone hack hostip.info and in place of country code put '<script>here some baad code</script>'? Hack ots users?

If someone want get always current version of geolocation data he should do what I wrote in short tutorial:
http://gesior2012.ots.me/?show=&dir=geolocation+data&file=readme.txt

hostip.info uses same database as acc. maker, one update per month:

http://www.maxmind.com/en/geolite said:
GeoLite Country and GeoLite City are free IP geolocation databases, updated on the first Tuesday of each month.

Diath · Oct 20, 2012

Gesior.pl said:
What if someone hack hostip.info and in place of country code put '<script>here some baad code</script>'? Hack ots users?

This kind of code wouldn't pass json_decode.

Gesior.pl · Oct 21, 2012

@up
OK, but I will not use data from external servers anyway.

Are there any scripts missing in new acc. maker?

I will write today tutorial how to install and configure new acc. maker [except payment systems, if you don't know how to configure paypal/zaypay scripts, you do not deserve money].

Evil Puncker · Oct 22, 2012

Gesior.pl said:
Are there any scripts missing in new acc. maker?

bugtracker/changelog?

conde2 · Oct 23, 2012

Server Info, Bans/Namelocks are missing

There is a little bug in the template, if the player have more mana then max mana for exemple:

Player Mana: 55333080/12302280

The "mana shower" goes out bound
Check in Anderion search for GOD Feddo character and you will see

GESIOR 2012 - ideas, bug reports

Active Member

.::EmmaS-SammE::.

Mega Noob&LOL 2012

Active Member

Mega Noob&LOL 2012

Evil Puncker

Guest

Joseluis Gonzalez

Member

Lazy OT Researcher

Member

Lazy OT Researcher

Mega Noob&LOL 2012

Evil Puncker

Guest

Mega Noob&LOL 2012

This account is inactive.

Mega Noob&LOL 2012

ＤＩＡＴＨ

Mega Noob&LOL 2012

Evil Puncker

Guest

Active Member

Similar threads