• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[MODULE] Account/Character registration through the client.

Kazumaki

Member
Joined
Apr 8, 2015
Messages
2
Reaction score
9
Hello OTLand, this is my first thread here, and I want to share a tutorial teaching how to create an account register module, tried to create a tutorial but the 25k characters limit of the forum didn't let me, sad. I started messing with TFS and OTclient recently and the necessity to launch a website to register an account was pissing me off. Then I've decided to create a module that would help me with that.

After some days of researches and studies of the source code I've come up with a solution, that's basically a creation of new protocols to handle account and character creation.

IMPORTANT NOTES: I'm not an experienced C++ programmer, use it at your own risk. Most of the C++ code has been made looking through the sources, then you probably will find some bugs and security-related problems, feel free to share them with us.

Here's the repository containing all the created/modified files: GitHub repo

OTclient sources: GitHub repo
TFS sources: GitHub repo

Preview:
otclientmodule.gif

Thank you, hope you enjoy it. Give me your feedback and let me know if you need help implementing it.
 

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
1. Account creation should NOT be in the client, not a single game does this for a reason. Also with your implementation it's very easy to abuse.
2. You can use whatever character name you desire, be it "God", "Admin", "GM XYZ", swear word etc.
3. No way to select character sex.
4. No way to select character starting town/vocation.

Found at least 3 vulnerabilities.
1. You can spam account and character creation. If someone writes simple script for that, your database can be filled with GBs of data within minutes.
2. You can use very long character names.
3. You can use spaces to fill character name (use only spaces, use spaces after last character, use spaces between characters)

Example of proper character creator. Outfit, name, vocation, town, sex.
1624098000195.png
Also deleting character is nice to have.
1624098127041.png
 
Last edited:

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
What is the reason behind it?
I see no reason for why not either, if you know how to write code then no one will abuse it :)
If you are adding account creation because you don't want to use it on the website (god knows for what reason). Then it would be appropriate to add account management, like changing password, password recovery etc. That means you need better protections, you can't use something as simple as reCaptcha so it's still easy to abuse. Then there is email verification, your GAME SERVER needs a way to send emails. Then you need to verify it and so you still end up visiting the website anyway.

Then there are statistics and user experience related issues.
No client = no account = less numbers. If you have account creation on the website AND in the client then I have no idea why it's in the client, ofc 99.9% of accounts will be created on the website. If you don't have account creation on the website then some parts of your website are restricted because you have to be logged in, that leads to people just giving up and simply ignoring your server because you can't visit Item Shop, you can't check Donation prices etc.
 

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
Lol you do realize the client can hit rest api
Then you are just one step away from account creation on the website, all you need is front end, the easiest part. It all comes down to same thing, there is no reason at all to do that in the client.
 

Sir Sezago

Scripter/Developer
Joined
Aug 28, 2017
Messages
414
Solutions
3
Reaction score
80
If you are adding account creation because you don't want to use it on the website (god knows for what reason). Then it would be appropriate to add account management, like changing password, password recovery etc. That means you need better protections, you can't use something as simple as reCaptcha so it's still easy to abuse. Then there is email verification, your GAME SERVER needs a way to send emails. Then you need to verify it and so you still end up visiting the website anyway.

Then there are statistics and user experience related issues.
No client = no account = less numbers. If you have account creation on the website AND in the client then I have no idea why it's in the client, ofc 99.9% of accounts will be created on the website. If you don't have account creation on the website then some parts of your website are restricted because you have to be logged in, that leads to people just giving up and simply ignoring your server because you can't visit Item Shop, you can't check Donation prices etc.
It useful at create char no waste time to open website but there is no reason for create account on client except u can just use account manager
 

esigma94

Well-Known Member
Joined
Nov 1, 2009
Messages
108
Solutions
17
Reaction score
86
I think that account creation procedure is taken out of the client due to some reason, but not just because it is antipattern.
Sometimes there is a launcher which allows you to create an account (and use it across owner's apps). Sometimes you can use external service to authenticate. Sometimes you have just to provide an email, password and confirm the email using a link or code. Why not to keep such simple way/form in the client as well? You can have every request processed on a backend and just communicate through HTTP requests on the client side (as Azakelis suggested). Matter of poor code quality? Even webservers/webpages have bugs so it can be fixed/made better.

ofc 99.9% of accounts will be created on the website
Sure, just because it is the way tibia community used to. When you want to play a new mobile game you always has to visit account create webpage? No. It is not like mobile games are a different piece of software... everything works the same way under the hood.
Moreover, you know that when you download a mobile game, then you won't need any account creation procedure. You'll be logged in through some google play or anything else and you can play.

Also we know that ots webpages are made in a way similar to wikipedia or some other knowledge center. But most people don't even use it except account creation. It is unnecessary due to similarity to regular tibia or ingame tips. And I think account management is also the most important part of such webpage as there is lack of related mobile application and it is useful to have some account management available even without access to the PC. Anyway it still does not mean that adding such functionality into the client is wrong.

It could be also interesting to see if people would use such functionality 🤔...
 

Geekbuddys

Member
Joined
Mar 15, 2014
Messages
165
Reaction score
19
Hello OTLand, this is my first thread here, and I want to share a tutorial teaching how to create an account register module, tried to create a tutorial but the 25k characters limit of the forum didn't let me, sad. I started messing with TFS and OTclient recently and the necessity to launch a website to register an account was pissing me off. Then I've decided to create a module that would help me with that.

After some days of researches and studies of the source code I've come up with a solution, that's basically a creation of new protocols to handle account and character creation.

IMPORTANT NOTES: I'm not an experienced C++ programmer, use it at your own risk. Most of the C++ code has been made looking through the sources, then you probably will find some bugs and security-related problems, feel free to share them with us.

Here's the repository containing all the created/modified files: GitHub repo

OTclient sources: GitHub repo
TFS sources: GitHub repo

Preview:
View attachment 59710

Thank you, hope you enjoy it. Give me your feedback and let me know if you need help implementing it.
Thanks for sharing to community mate.
 

skulls

Well-Known Member
Joined
Aug 28, 2010
Messages
42
Reaction score
60
1. Account creation should NOT be in the client, not a single game does this for a reason. Also with your implementation it's very easy to abuse.
2. You can use whatever character name you desire, be it "God", "Admin", "GM XYZ", swear word etc.
3. No way to select character sex.
4. No way to select character starting town/vocation.

Found at least 3 vulnerabilities.
1. You can spam account and character creation. If someone writes simple script for that, your database can be filled with GBs of data within minutes.
2. You can use very long character names.
3. You can use spaces to fill character name (use only spaces, use spaces after last character, use spaces between characters)

Example of proper character creator. Outfit, name, vocation, town, sex.
View attachment 59712
Also deleting character is nice to have.
View attachment 59713
You argumentation makes no sense. Every application in the world if you wanna create an account or edit/add stuff to it that's requested from the client, doesn't matter if your client is a game client, a web client, another application or anything else. Malicious requests via script can be done in any way, that is not exclusive of this implementation.

Also, validation must be done server side (as he indeed does some), not client side, otherwise it can be easily exploited (just don't use the client directly or change the lua file to not perform validations.

@topic
Nice initiative, I don't fully agree with the implementation you did. Not sure why a whole new protocol is needed and I definitely wouldnt keep it in lua, as a I wouldn't keep none of the login flows in there. But in general, it's a good idea.

You can add some rate limiter for character creation account based, to avoid people flodding your server and database and add a limit of characters per account.

The deletion idea is also a nice suggestion.
 

Night Wolf

I don't bite.
Joined
Feb 10, 2008
Messages
470
Solutions
6
Reaction score
710
thanks for the initiative! a very good idea indeed and you're already brought an almost finished version. Just a few tweaks to avoid exploitation and it should be perfect!
 

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
You argumentation makes no sense.
You are joking, right? How an argument that you need an account to check stuff like item shop and donation prices makes no sense? Are you high or something?
This is Tibia we are talking about. It makes more sense than any of these dumb "BUT MOBILE GAMES" arguments.
Don't tell me that the first thing you do when you visit server website isn't checking exactly that, Shop and Donations? A lot of these servers are restricting access to them by requiring you to login first. That means you would have to download whole client and create an account there. If they allow you to create account on the website then as I said before, what's the point of account creator in the client?
Not sure why a whole new protocol is needed and I definitely wouldnt keep it in lua, as a I wouldn't keep none of the login flows in there
Lmao, don't use OTClient then cause this is how it is done, login protocol is purely in lua, sending login packet, receiving character list and all that.
 

Night Wolf

I don't bite.
Joined
Feb 10, 2008
Messages
470
Solutions
6
Reaction score
710
You are joking, right? How an argument that you need an account to check stuff like item shop and donation prices makes no sense? Are you high or something?
This is Tibia we are talking about. It makes more sense than any of these dumb "BUT MOBILE GAMES" arguments.
Don't tell me that the first thing you do when you visit server website isn't checking exactly that, Shop and Donations? A lot of these servers are restricting access to them by requiring you to login first. That means you would have to download whole client and create an account there. If they allow you to create account on the website then as I said before, what's the point of account creator in the client?

Lmao, don't use OTClient then cause this is how it is done, login protocol is purely in lua, sending login packet, receiving character list and all that.
you're thinking small, but that's ok.

The main reason to have a open server community is allow customizations and try out new things. Your arguments are all based on how things are NOW, try to think a little beyond than the current view you have.

It's definetely not everyone that wants to follow cip formula, some of the people that are here wants to build custom games using TFS/others as engines for game development. Can't you see that the way you're acting is bad and prevent others to try new things?


Again, it is not because you can't find an use that something is not useful, the world doesn't orbit around you or your views, and that's awesome!
Let others innovate, if we ever move to a point where otserverlist moves to otclient and you can do everything through otclient directly than this will become very handy. Chill out my friend. Not a year ago you were developing a lot of custom content, and I liked that version of you way more. Not sure what happened because ever since you just demotivate people and try to bring us all to status quo over and over again. Is everything ok?
 

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
you're thinking small, but that's ok.

The main reason to have a open server community is allow customizations and try out new things. Your arguments are all based on how things are NOW, try to think a little beyond than the current view you have.

It's definetely not everyone that wants to follow cip formula, some of the people that are here wants to build custom games using TFS/others as engines for game development. Can't you see that the way you're acting is bad and prevent others to try new things?


Again, it is not because you can't find an use that something is not useful, the world doesn't orbit around you or your views, and that's awesome!
Let others innovate, if we ever move to a point where otserverlist moves to otclient and you can do everything through otclient directly than this will become very handy. Chill out my friend.
I'm mostly taking about this particular case, not in general, that's why I mentioned what else would be needed to make it work properly cause it lacks a lot and people that come here will just download it without any knowledge, install and then beg for help because something is breaking their server. I'm trying to protect them from going blindly into unknown.
I've posted the idea of server list like a year ago, Should OtLand Open New OtServerlist site? (https://otland.net/threads/should-otland-open-new-otserverlist-site.272217/#post-2622029). It would be great to have such list where gaining players is not done by spending money on otservlist. And yes, account creator then would be awesome, everything within one window. It's just a matter of client issue, original OTC is not production ready, OTC 1.0 from mehah is no longer supported and with bugs so we are left with OTCv8, imo the best option anyway. v8 supports downloading files out of the box and has updater build-in so that's 60% of the work done.
Not a year ago you were developing a lot of custom content, and I liked that version of you way more. Not sure what happened because ever since you just demotivate people and try to bring us all to status quo over and over again. Is everything ok?
Ye, everything is fine, I just gave up on this community. I'm occasionally helping on Discord and that's it. When I joined, I wasn't aware how bad it is. Give them a finger and they'll take the whole hand, that's my experience. Well, I'm not the only one thinking that, big brains left OT because of this same reason.
 

mrianuraa

Member
Joined
Dec 5, 2019
Messages
54
Reaction score
19
More mad people here please. Regarding topic, i think that account manager on client side is a good idea. Even more - i think that Wiki should also be embeded in client.
 
Last edited:

esigma94

Well-Known Member
Joined
Nov 1, 2009
Messages
108
Solutions
17
Reaction score
86
It makes more sense than any of these dumb "BUT MOBILE GAMES" arguments.
Keep being closed minded on that. Mobile games are just an example of how you can avoid making website registration. And it was an answer to your "not a single game does this for a reason". It wasn't attempt to make you mad. Chill... There are different games not only tibia. Also you should be able to see trend of making otses different, leaving tibia mechanics behind. Even if this account creator script has some bugs it still can be improved and some can make use of it. Also this is the opensource community should go. Good initiative imo.
 
Last edited:

slaw

Developer
Joined
Aug 27, 2007
Messages
3,282
Solutions
101
Reaction score
767
Location
Germany
GitHub
slawkens
Great work, however I think it wasn't necessary to use C++, as it could be done 100% in Lua.

Anyone more experienced than me can confirm this?
 

Night Wolf

I don't bite.
Joined
Feb 10, 2008
Messages
470
Solutions
6
Reaction score
710
Ye, everything is fine, I just gave up on this community. I'm occasionally helping on Discord and that's it. When I joined, I wasn't aware how bad it is. Give them a finger and they'll take the whole hand, that's my experience. Well, I'm not the only one thinking that, big brains left OT because of this same reason.
sad to hear that you were having bad experiences here, in my persoal point of view try to de-attach from your creations and only work on what you're interested with. The forum should be more of a place to encourage discussions rather than support/develop for others.
 
Top