• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[MODULE] Account/Character registration through the client.

skulls

Well-Known Member
Joined
Aug 28, 2010
Messages
42
Reaction score
60
You are joking, right? How an argument that you need an account to check stuff like item shop and donation prices makes no sense? Are you high or something?
This is Tibia we are talking about. It makes more sense than any of these dumb "BUT MOBILE GAMES" arguments.
Don't tell me that the first thing you do when you visit server website isn't checking exactly that, Shop and Donations? A lot of these servers are restricting access to them by requiring you to login first. That means you would have to download whole client and create an account there. If they allow you to create account on the website then as I said before, what's the point of account creator in the client?

Lmao, don't use OTClient then cause this is how it is done, login protocol is purely in lua, sending login packet, receiving character list and all that.
Again, you can do server side validation. Nothing you said is client side, it doesn't really matter. You should be able and find ok doing those kind of requests from client, its your server the one that need to care about it.
Im not sure why u got upset, i gave you real examplrs and argumentation, you're just throwing random angry bitching about something that, honestly, you don't appear to know much at all, based on your flaw arguments.
 

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
Again, you can do server side validation. Nothing you said is client side, it doesn't really matter. You should be able and find ok doing those kind of requests from client, its your server the one that need to care about it.
The hell are you talking about? Who and where said anything about the client doing any validation at all?
 

skulls

Well-Known Member
Joined
Aug 28, 2010
Messages
42
Reaction score
60
The hell are you talking about? Who and where said anything about the client doing any validation at all?
You said:
Account creation should NOT be in the client, not a single game does this for a reason. Also with your implementation it's very easy to abuse
You can use whatever character name you desire, be it "God", "Admin", "GM XYZ", swear word etc.
I'm saying those are not true, you can do server side validation and web or game client both are clients, that doesn't really matter. You can sploit in both cases, if your server side is not well built.
Also, for the second case he is already doing name validations in the server side, you just need to improve it as you wish, it's up to you to define what kind of security measures you want. It's fine if you add it as suggestions/things to improve, but please stop bitching about with anger and trying to discredit nice innitiatives.
Lmao, don't use OTClient then cause this is how it is done, login protocol is purely in lua, sending login packet, receiving character list and all that.
Well just because things are done poorly it doesn't mean we can't improve. I only said that "I wouldn't make it a new protocol and I would move them out from lua" and that's all.
 

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
You said:


I'm saying those are not true, you can do server side validation and web or game client both are clients, that doesn't really matter. You can sploit in both cases, if your server side is not well built.
Also, for the second case he is already doing name validations in the server side, you just need to improve it as you wish, it's up to you to define what kind of security measures you want. It's fine if you add it as suggestions/things to improve, but please stop bitching about with anger and trying to discredit nice innitiatives.

Well just because things are done poorly it doesn't mean we can't improve. I only said that "I wouldn't make it a new protocol and I would move them out from lua" and that's all.
That's completely not what I meant, wtf. I meant the possibility of creating an account in the client and not on the website.
I also misunderstood OP statement in first post about completely ditching running a website, now I understand that he meant just for the process of messing with TFS and OTC locally, not for a real server.
 
Last edited:

oen432

Legendary OT User
Joined
Oct 3, 2014
Messages
1,428
Solutions
49
Reaction score
1,524
Location
Poland
GitHub
Oen44
Great work, however I think it wasn't necessary to use C++, as it could be done 100% in Lua.

Anyone more experienced than me can confirm this?
You would still need source edits to move it to Lua. TFS doesn't have support for handling protocols/connections in pure Lua like OTC does.
 

skulls

Well-Known Member
Joined
Aug 28, 2010
Messages
42
Reaction score
60
That's completely not what I meant, wtf. I meant the possibility of creating an account in the client and not on the website.
I also misunderstood OP statement in first post about completely ditching running a website, now I understand that he meant just for the process of messing with TFS and OTC locally, not for a real server.
But you could run a server without website, I can't see a problem on that if you do it properly. You just need a dedicated login server with load balance, proxy and proper rate limiter/security, completely isoleted from the game server. That's feasible and actually pretty ok.
 

josejunior23

read&read&read
Joined
Apr 13, 2008
Messages
756
Solutions
3
Reaction score
80
Location
Portugal
Great work, however I think it wasn't necessary to use C++, as it could be done 100% in Lua.

Anyone more experienced than me can confirm this?
I'm not more experienced than you, but I do confirm that it is possible as I've done it myself. I do not confirm it's 100% safe tho! <3
 

Drazyn1291

Member
Joined
Nov 18, 2015
Messages
18
Reaction score
6
Good job! Personally, I would prefer use HTTP/HTTPS requests to validate the data instead of using the own server side. Anyway, really good job.
 
Last edited:
Top