• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Tibia 11 Discussion(+Tutorial how to able to use it)

when I enter the game, the client closes, someone help?

EngineID: 1
HardwareID: 57dccb24dd4b3ea1bb46edd0c1f89afa3f67d9ea
OperatingSystem: Windows 7
Position: [32369,32235,7]
ProductName: Tibia Client
Timestamp: 1477964376
Version: 11.01.3987
 
Currently working on the loginWebService, not quite happy about sending account name and password as session key. (or secret). What data do we actually get from cipsoft there?

Hmm perhaps the loggedin session id so you can manage your account on tibia.com without logging in twice?
What about login to an account that requires authenticator?
I don't see a field for token during login, which may indicate that an error id must be returned for it to be prompted. (6?) Edit: Yes, errorCode 6 will make the tibia client ask user for token.

PHP:
$response = array(
    'session' => array(
        'sessionkey' => '???', // '.$accountName.'\n'.$password.'\n'.$secret.'\n'.(floor(time() / 30)).'
        'lastlogintime' => 0,
        'ispremium' => false, // ($Premdays > 0 || $freePremium ? "true" : "false")
        'premiumuntil' => 0, // ($freePremium ? "0" : time() + ($Premdays * 86400))
        'status' => 'active'
    ),
    'playdata' => array(
        'worlds' => array(
            array(
                'id' => 1,
                'name' => 'OTserv',
                'externaladdress' => $_SERVER["SERVER_ADDR"],
                'externalport' => 7172,
                'previewstate' => 0
            )
        ),
        'characters' => array(
            //array( 'worldid' => ASD, 'name' => asd ),
        )
    )
);
foreach ($players as $player) {
    $response['playdata']['characters'][] = array('worldid' => 1, 'name' => $player['name']);
}
echo json_encode($response);
die();

Tip: Build the response data as a regular php array, convert it to json with json_encode later. Makes it easier to manage.
 
Last edited:
Currently working on the loginWebService, not quite happy about sending account name and password as session key. (or secret). What data do we actually get from cipsoft there?

I didn't quite understand the question, in this case you're asking what session key Tibia returns to the client?
If it is, I would guess it's something like account, password and token encrypted using RSA, since their private key is a secret.

I don't quite like using this method for OT session key too, I would suggest that TFS accepts RSA encrypted session keys and instruct ot owners to generate their own private keys, and you could support this on Znote AAC. :D
 
I tried removing it entirely and the client refused to connect.
This session key seems to work for TFS:
PHP:
'sessionkey' => $username."\n".$jsonObject->password."\n".$token."\n".floor(time() / 30)
Which is better at least, the token is being sent, not the secret key.
Now TFS returns client invalid, which I think means success. I just need to compile TFS with proper client definitions. I'm gonna do this in Linux since 2FA system is bugged in windows.

For those who are interested in the loginwebsservice with Two-factor authentication support that don't like Znote AAC, you can use this rfc6238 class:
https://github.com/Znote/ZnoteAAC/blob/master/engine/function/rfc6238.php
PHP:
<?php
require_once("engine/function/rfc6238.php");
if (TokenAuth6238::verify($secret, $token)) {
    // Validation success
}
?>
<img
src="<?php echo TokenAuth6238::getBarCodeUrl($accountName, $_SERVER["HTTP_HOST"], $secret, $serverName); ?>"
alt="Two-Factor Authentication QR code image for this account."
/>
 
Last edited:
Why's that?
No idea, I suck at using a debugger. And I don't want to install Microsoft Visual Studio.
https://github.com/otland/forgottenserver/issues/1964

Edit: Progress:
fefd4272-b04c-11e6-88e2-e66cef8f0cb3.png


Znote AAC will probably have Tibia client 11 support this weekend.
 
Last edited:
Znote AAC will probably have Tibia client 11 support this weekend.
Since I have no clue how Tibia 11 works and I never tried it out. What do you mean with "Znote AAC will have tibia client 11 support" ? isn't it like the other version that use some kind of ip changer?
 
Since I have no clue how Tibia 11 works and I never tried it out. What do you mean with "Znote AAC will have tibia client 11 support" ? isn't it like the other version that use some kind of ip changer?

Instead of connecting to the login server at port 7171, it sends an HTTP request to a "loginWebService", which responds to the client with character list. I am adding this loginWebService to Znote AAC, so you can use @Jo3Bingham Client 11 IP changer and target http://otserver.com/login.php to connect to the game.
 
someone can post the code working ?
I get always errors
my code right now:
Code:
<?php
//really ugly script, feel free to release a better one :)
// be aware that we don't even test the password in this script
$host = "server.com"; 
$user = "root";
$passwd = "root";
$db = "otserv";

$lnk = mysql_connect("$host", "$user", "$passwd") or die ('ERROR MySql: ' . mysql_error());
mysql_select_db("$db", $lnk) or die ('ERROR MySql: ' . mysql_error());    

$request_body = file_get_contents('php://input');
$result = json_decode($request_body, true);

$acc = $result["accountname"];
$password = $result["password"];

$dbResource = mysql_query("SELECT `id` FROM `accounts` WHERE `name` = '$acc' LIMIT 1;");

if(!$dbResource) {
    die("failed to get account.");
}

$dbRet = mysql_fetch_array($dbResource);

$accId = $dbRet[0];

$dbResource = mysql_query("SELECT `name` FROM `players` WHERE `account_id` = '$accId';");
if(!$dbResource) {
    die("failed to get charactters.");
}

$accArray = array();

while ($dbRet = mysql_fetch_array($dbResource, MYSQL_BOTH)) {
    $dict = array("worldid" => 0, "name" => $dbRet["name"]);
    $accArray[] = $dict;
}

$data = array();

$session = array(
    "sessionkey" => $acc . "\n" . $password,
    "lastlogintime" => 1461290246,
    "ispremium" => true,
    "premiumuntil" => 1463788913,
    "status" => "active"   
);

$data["session"] = $session;

$playerData = array();

$world = array(
    "id" => 0,
    "name" => "Server",
    "externaladdress" => "149.56.98.00", // masked ;>
    "externalport" => 7172,
    "previewstate" => 1
);

$worlds = array($world);
$playerData["worlds"] = $worlds;
$playerData["characters"] = $accArray;


$data["playdata"] = $playerData;

echo json_encode($data);


//echo '{   "session": {     "sessionkey": "DhZUxAPjDFQqwCy65z2JQKB145750y",     "lastlogintime": 1461290246,     "ispremium": true,     "premiumuntil": 1463788913,     "status": "active"   },   "playdata": {     "worlds": [       {         "id": 0,         "name": "Amera",         "externaladdress": "127.0.0.1",         "externalport": 7172,         "previewstate": 0       },       {         "id": 1,         "name": "Chrona",         "externaladdress": "127.0.0.1",         "externalport": 7172,         "previewstate": 0       },       {         "id": 2,         "name": "Eldera",         "externaladdress": "127.0.0.1",         "externalport": 7172,         "previewstate": 0       }     ],     "characters": [       {         "worldid": 0,         "name": "Paladin"       },       {         "worldid": 1,         "name": "Sorcerer"       },       {         "worldid": 2,         "name": "Druid"       }     ]   },   "survey": {     "id": 759822,     "invitationtext": "Dear Tibian! A few days ago, you have received an email invitation to join the Beta phase of Tibia 11. We\'d love to hear about your experiences with client version 11.0 so please help us with your feedback by completing this survey.",     "invitationtoken": "9ILillainoj7CsWxxoCRgOqSnGtt3L",     "endtimestamp": 1461535200   } }';

/*
example json
{
  "session": {
    "sessionkey": "DhZUxAPjDFQqwCy65z2JQKB145750y",
    "lastlogintime": 1461290246,
    "ispremium": true,
    "premiumuntil": 1463788913,
    "status": "active"
  },
  "playdata": {
    //an array/list of worlds and theirs data
    "worlds": [
      {
        "id": 0,
        "name": "Amera",
        "externaladdress": "66.150.54.19",
        "externalport": 7171,
        "previewstate": 0
      },
      {
        "id": 1,
        "name": "Chrona",
        "externaladdress": "193.200.156.112",
        "externalport": 7171,
        "previewstate": 0
      },
      {
        "id": 2,
        "name": "Eldera",
        "externaladdress": "66.150.54.94",
        "externalport": 7171,
        "previewstate": 0
      }
    ],
    "characters": [
      {
        "worldid": 0,
        "name": "Paladin"
      },
      {
        "worldid": 1,
        "name": "Sorcerer"
      },
      {
        "worldid": 2,
        "name": "Druid"
      }
    ]
  },
  //i believe this can just be removed, not needed
}
*/
?>
 
Say ilegal value or invalid value when i try to enter to my account.. so the last php script works 50/50 i can enter to the Character select on tibia client 11 but cant enter to the game (Gameworld connecting.... and nothing more)

Any idea? You can try to enter http://kicksoft.ddns.net
 
Last edited:
with new tibia client 12.00 (10)
57584fca6806224dfe066b8082461844.png


static constexpr auto CLIENT_VERSION_MIN = 1097;
static constexpr auto CLIENT_VERSION_MAX = 1200;
static constexpr auto CLIENT_VERSION_STR = "1200";

Client crash when enter to the game.
who have solution?
and tibia new client works fine with milice script :D
 
@Tampek
Try with CLIENT_VERSION_MIN = 1000;
and tell me.
of course not will work (already tested)
the problem is with some new things, such as the new system of prey, some bytes, new stuff need to made in the source
 
Back
Top