HattanBinNassar

Solved , #Close

UPDATE :
 

0126 09:18:39907 ::  CArea::Load File Load metin2_map_aeon\000000\AreaData.txt ERROR
0126 09:18:39907 ::  CArea::Load File Load metin2_map_aeon\000000\AreaAmbienceData.txt ERROR
0126 09:18:39907 :: CMapOutdoor::LoadTerrain AreaProperty Read Error

UPDATE :
 

0126 03:04:15634 :: CMapBase::LoadProperty(FileName=metin2_map_aeon\MapProperty.txt) - LoadMultipleTextData ERROR File not found.
0126 03:04:15634 :: CMapManager::LoadMap() Invalid Map Type
0126 03:04:15634 :: CPythonBackground::SelectViewDistanceNum(int eNum=0) mc_pcurEnvironmentData is NULL

hey ! ,,

i'm facing this error when i try to install a map i made :

SYSERR: Jan 25 21:56:32 :: WarpSet: cannot find map location index 0 x 166900 y 116700 name Hattan

* Note : the map is in the same core as my GM account in the same core as the map and the map is allowed in the config and registerd in index in the server side

4 hours ago, Karbust said:

No one should face fear when starting, we all start somewhere, sometimes is just trial and error.

I read a lot of blog entries (mostly all on medium) and documentation for something I'm learning or trying to achieve or trying to compare to alternatives and see which one is the most performant and/or more secure.

I have a lot of books, some which I have personally used for both college and personal projects, you can find them here: https://ebooks.karbust.me/Technology/

Thanks tho , that helpful ,i will let you know when i finished my website ( i found a really great idea for it )

5 hours ago, Karbust said:

SQL Injection, bad handling of sessions and/or authentication cookies/tokens, remote code execution

If you don't sanitize every single thing you get from the frontend and it's supposed to end up in a database, then you are open to the risk of SQL Injection. I recommend the use of ORMs, since it already handles almost all the boring part of sanitizing input.

If you don't write good code and end up doing some sketchy shit that executes commands on the server running the website, then your are fucked...

Authentication is some of the hard parts of doing a good website, there are discussions on where should the information be saved, either cookies or local storage and manually attach it to every request. I work with JWT, and I always put the token on cookies so it goes attached to every request when CORS with Allow Credentials set to true. Also make sure you use strict true so it doesn't go on requests to other domains. Obviously cookies can be grabbed by some third party trick, but it's hard and if you put a expire date on JWT and use refresh tokens and IP validation, then you are better served.

 

So informative , thanks a lot ,, my fear of building a website has increased to the roof

1 hour ago, Karbust said:

account.account can have insert, select and update, not only to email and password like you referenced.

player.guild only select

player.player can have select and update (in case you have an unbug function, otherwise only select)

player.item or player.item_award only insert, depending on which table you use

Other tables related to item shop and purchases should have, at least, insert and select

Nice , this informative , what do you think as a web dev is the most potential risk of a website ?

Soo , you're willing to build a website for your server ? 

So you must link your database with your website but that have a lot of risks ,

to optimise the potential risk one of the things That you need to do is " limited privileges user " ,

So the discussion question is :

What's the privileges That you would use for your website user ?

For me :

i think ( 
 

for registration & login process :

Account.account.password & Email : update & Select ,



For players ranking system :

Player.player: select



For guild ranking system :

Player.guild: select



For itemsshope :

Player.item_award: insert 

+ Other account for ' Coins ' linked with PayPal

)

What about your privileges choice ?

Hey ! I have a question ,

How to delay a code from execution in a quest ? ,

I'm using :

local delayValue = math.random(800,1500)
say("[DELAY value; " . . delayValue . . "]. . . . . . . . . . .[/DELAY]")

to delay say(" ")

But it's have no effect other than slow the chat even the code after say("") start preform faster than the delay ,

Any ideas ?

i'm facing an error with this quest ,,

( unfinished string )

quest top10players begin
    state start begin
		when 20355.chat." ÊÑÊíÈ ÇááÇÚÈíä " begin
			
			local query=[[
			SELECT player.player.name as m_name, player.player.level as m_level, player.player.exp as m_exp
			FROM player.player, account.account
			WHERE
				player.player.name not like '[%]%' AND
				date_sub(now(), interval 1 day) < player.player.last_play AND
				player.player.account_id=account.account.id AND
				account.account.status='OK'
			ORDER BY player.player.level DESC, player.player.exp DESC, player.player.name ASC
			LIMIT 10;
			]]

			function escape_sqli(source)
				local replacements = { ['"'] = '\\"', ["'"] = "\\'" }
				return source:gsub( "['\"]", replacements ) 
			end
			
			local query=escape_sqli(query)
			
			local res1, res2 = mysql_direct_query(query)
			say_title("ÇÚáì "..res1.." áÇÚÈíä.")
			for num1, str1 in ipairs(res2) do
				say_reward(num1.."\t"..str1.m_name.."\t"..str1.m_level.."\t"..str1.m_exp)
			end
		end
	end
end

help will be apprenticed

Hey !

What's the bast way to implement (" in game registration ") through my client ?

( With the ability to recover passwords , Change warehouse password , email verification )

 * I'm trying to do something new and do not make a website at all

Hey ! 

I'm writing a quest my self rn , i would like to ask :

- what's the functions in ( lua ) that can do some interaction with mysql tables and get information from it and do changes on it as well

What's the functions ? And what's the best way to implement it ?

note * one of my quest intentions is take information from my sql table than delete the information and put it in other log as ( used information )

28 minutes ago, Karbust said:

Yes to both questions.

For the first you need to make changes in the source, somewhere in input_login, maybe, never did it.

For the second, assuming you are doing it in PHP, I have no idea how to do it, just search for route rate limit in php on google. In NodeJS (ExpressJS or others) would be a lot easier.

What the odds ,, i was moment ago reading one of yours questions and because of it i got to know how to secure my root.epk/eix , thanks tho !

Hey lovely ppl in Metin2dev ,,

i have couple of questions :

1 - is it possible to limit the client login attempts to 1 per 10 minutes ?

2 - is it possible to limit the login & create accounts to 2 per ip ?

3 - what's the cost of putting the registration to the game through the client it self instead of the website and what's the best way to do it ? ( I want to learn how to script it my self )

thanks ! 

Solved ! by marty tutorial

hey ! ,,

here is my Alchamy.quest by @ TMP4 :

quest dragon_soul_activation begin
	state start begin
		when login or levelup or enter with pc.get_level() >= 30 begin
			set_state(information)
		end
	end
	state information begin
		when letter begin
			send_letter(gameforge.dragon_soul._1010_sendLetter)
			local v = find_npc_by_vnum(20001)
			if 0 != v then
				target.vid("__TARGET__", v, mob_name(20001))
			end
		end
		when 20001.chat." ÊÝÚíá ÇáßíãÇÆí " begin
			target.delete("__TARGET__")
			say(" Êã ÇáÊÝÚíá ")
			ds.give_qualification()
			char_log(pc.get_player_id(), 'DS_QUALIFICATION', 'SUCCESS')
			set_state(__complete)
		end
	end
	state __complete begin
	end
end

what i face is from the client side syserr :
 

0115 23:44:05712 :: Traceback (most recent call last):

0115 23:44:05712 ::   File "game.py", line 735, in BINARY_NEW_AddAffect

0115 23:44:05712 ::   File "game.py", line 1720, in BINARY_DragonSoulGiveQuilification

0115 23:44:05712 ::   File "interfaceModule.py", line 1025, in DragonSoulGiveQuilification

0115 23:44:05712 :: AttributeError
0115 23:44:05712 :: : 
0115 23:44:05712 :: 'NoneType' object has no attribute 'SetToolTipText'
0115 23:44:05712 :: 

and that cost crashes on the client ,,
help will be appreciated

hey ! ,, i made this quest :
 

quest dragon_soul_activation begin
    state start begin
		when levelup or letter with pc.level >= 30 begin
			send_letter(gameforge.dragon_soul._1010_sendLetter)
			local v = find_npc_by_vnum(20001)
			
			if 0 != v then
				target.vid("__TARGET__", v, mob_name(20001))
			end
		end
	
        when 20001.chat." ÊÝÚíá ÇáßíãÇÆí " begin
			target.delete("__TARGET__")
            say(" Êã ÇáÊÝÚíá ")
			ds.give_qualification()
            char_log(pc.get_player_id(), 'DS_QUALIFICATION', 'SUCCESS')
        end
    end
end

for the ds.give_qualification() to be active on level 30 , the problem is ( the quset never end even when you have the - ds.give_qualification() - and already talk to the npc and keep reload when you login or change char )

for some reasons i encounter a lot of ( Handshake phase does not handle packet ) issues in my syserr :

Handshake phase does not handle packet 32
Handshake phase does not handle packet 1
Handshake phase does not handle packet 3
Handshake phase does not handle packet 71

it always come with ( UNKNOWN HEADER ) issues as well ,
these errors happned when noone even in the server ( my server is in testing and developing phase ) ( keep in mind that the files i use is paid filles ) , any help will be appreciated .

Hey lovley ppl in metin2dev ! for some reasons i'm facing this problame in my syserr ( the only  error i have ) ,
 

SYSERR: Jan 13 08:54:09 :: Analyze: Handshake phase does not handle packet 1 (fd 23)
SYSERR: Jan 13 08:54:09 :: Process: UNKNOWN HEADER: 46, LAST HEADER: 1(49), REMAIN BYTES: 56, fd: 23

help will be appreciated

hey lovely ppl at metin2dev !

i'm facing this problem when i try to use my putty key to login to my sql server ,, " photo "

and thanks a lot !

Hey lovely people in Metin2Dev !

1 - I'm searching for a well scripted website for my Metin2 server ,, where i could get one ? And what's the best providers for website script for Metin2 ?

2 - should i put the server and website together on one freebsd ? Or spreat them ?

Thanks a lot

13 minutes ago, DemOnJR said:

Just search on google:

This is the hidden content, please

• Sign In
• or
• Sign Up

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-freebsd-server

i already solve it using Google ,, thanks a lot

hey lovely ppl at Metin2Dev !

i'm trying right now to secure my freebsd so i tried to use putty private key and disable the passwords and root login ,,

the problem is i do not know how to config

/etc/ssh/sshd_config

to allow my second user to use ssh to the server i made ,,

i followed this tutorial

 but the part where she config :
 

/etc/ssh/sshd_config

is missing ,, can someone help me ?

and thanks a lot !

17 minutes ago, DemOnJR said:

You can just use ipv6 https://docs.ovh.com/sg/en/hosting/configure-ipv6-for-your-website/ idk if it will help.

Like use it for the MySql ip ? I think it's accepte only ipv4 ,, I'm i right ?

5 minutes ago, DemOnJR said:

How will you point an domain name to an dynamic IP without propagation time? (.com take 12/48hours)

Silly me ,, i realize Right now