-
Posts
39 -
Joined
-
Last visited
-
Feedback
0%
Content Type
Forums
Store
Third Party - Providers Directory
Feature Plan
Release Notes
Docs
Events
Posts posted by HattanBinNassar
-
-
UPDATE :
0126 09:18:39907 :: CArea::Load File Load metin2_map_aeon\000000\AreaData.txt ERROR 0126 09:18:39907 :: CArea::Load File Load metin2_map_aeon\000000\AreaAmbienceData.txt ERROR 0126 09:18:39907 :: CMapOutdoor::LoadTerrain AreaProperty Read Error
-
UPDATE :
0126 03:04:15634 :: CMapBase::LoadProperty(FileName=metin2_map_aeon\MapProperty.txt) - LoadMultipleTextData ERROR File not found. 0126 03:04:15634 :: CMapManager::LoadMap() Invalid Map Type 0126 03:04:15634 :: CPythonBackground::SelectViewDistanceNum(int eNum=0) mc_pcurEnvironmentData is NULL
-
hey ! ,,
i'm facing this error when i try to install a map i made :
SYSERR: Jan 25 21:56:32 :: WarpSet: cannot find map location index 0 x 166900 y 116700 name Hattan
* Note : the map is in the same core as my GM account in the same core as the map and the map is allowed in the config and registerd in index in the server side
-
4 hours ago, Karbust said:
No one should face fear when starting, we all start somewhere, sometimes is just trial and error.
I read a lot of blog entries (mostly all on medium) and documentation for something I'm learning or trying to achieve or trying to compare to alternatives and see which one is the most performant and/or more secure.
I have a lot of books, some which I have personally used for both college and personal projects, you can find them here: https://ebooks.karbust.me/Technology/
Thanks tho , that helpful ,i will let you know when i finished my website ( i found a really great idea for it )
-
5 hours ago, Karbust said:
SQL Injection, bad handling of sessions and/or authentication cookies/tokens, remote code execution
If you don't sanitize every single thing you get from the frontend and it's supposed to end up in a database, then you are open to the risk of SQL Injection. I recommend the use of ORMs, since it already handles almost all the boring part of sanitizing input.
If you don't write good code and end up doing some sketchy shit that executes commands on the server running the website, then your are fucked...
Authentication is some of the hard parts of doing a good website, there are discussions on where should the information be saved, either cookies or local storage and manually attach it to every request. I work with JWT, and I always put the token on cookies so it goes attached to every request when CORS with Allow Credentials set to true. Also make sure you use strict true so it doesn't go on requests to other domains. Obviously cookies can be grabbed by some third party trick, but it's hard and if you put a expire date on JWT and use refresh tokens and IP validation, then you are better served.
So informative , thanks a lot ,, my fear of building a website has increased to the roof
-
1 hour ago, Karbust said:
account.account can have insert, select and update, not only to email and password like you referenced.
player.guild only select
player.player can have select and update (in case you have an unbug function, otherwise only select)
player.item or player.item_award only insert, depending on which table you use
Other tables related to item shop and purchases should have, at least, insert and select
Nice , this informative , what do you think as a web dev is the most potential risk of a website ?
-
Soo , you're willing to build a website for your server ?
So you must link your database with your website but that have a lot of risks ,
to optimise the potential risk one of the things That you need to do is " limited privileges user " ,
So the discussion question is :
What's the privileges That you would use for your website user ?
For me :
i think (
for registration & login process : Account.account.password & Email : update & Select , For players ranking system : Player.player: select For guild ranking system : Player.guild: select For itemsshope : Player.item_award: insert + Other account for ' Coins ' linked with PayPal
)
What about your privileges choice ?
SpoilerImportant **** ( never ever give your user full privileges )
SpoilerImportant *** ( you're root password complexity is important )- 1
- 1
-
Hey ! I have a question ,
How to delay a code from execution in a quest ? ,
I'm using :
local delayValue = math.random(800,1500) say("[DELAY value; " . . delayValue . . "]. . . . . . . . . . .[/DELAY]")
to delay say(" ")
But it's have no effect other than slow the chat even the code after say("") start preform faster than the delay ,
Any ideas ?
-
i'm facing an error with this quest ,,
( unfinished string )
quest top10players begin state start begin when 20355.chat." ÊÑÊíÈ ÇááÇÚÈíä " begin local query=[[ SELECT player.player.name as m_name, player.player.level as m_level, player.player.exp as m_exp FROM player.player, account.account WHERE player.player.name not like '[%]%' AND date_sub(now(), interval 1 day) < player.player.last_play AND player.player.account_id=account.account.id AND account.account.status='OK' ORDER BY player.player.level DESC, player.player.exp DESC, player.player.name ASC LIMIT 10; ]] function escape_sqli(source) local replacements = { ['"'] = '\\"', ["'"] = "\\'" } return source:gsub( "['\"]", replacements ) end local query=escape_sqli(query) local res1, res2 = mysql_direct_query(query) say_title("ÇÚáì "..res1.." áÇÚÈíä.") for num1, str1 in ipairs(res2) do say_reward(num1.."\t"..str1.m_name.."\t"..str1.m_level.."\t"..str1.m_exp) end end end end
help will be apprenticed
-
Hey !
What's the bast way to implement (" in game registration ") through my client ?
( With the ability to recover passwords , Change warehouse password , email verification )
* I'm trying to do something new and do not make a website at all
-
Hey !
I'm writing a quest my self rn , i would like to ask :
- what's the functions in ( lua ) that can do some interaction with mysql tables and get information from it and do changes on it as well
What's the functions ? And what's the best way to implement it ?
note * one of my quest intentions is take information from my sql table than delete the information and put it in other log as ( used information )
-
28 minutes ago, Karbust said:
Yes to both questions.
For the first you need to make changes in the source, somewhere in input_login, maybe, never did it.
For the second, assuming you are doing it in PHP, I have no idea how to do it, just search for route rate limit in php on google. In NodeJS (ExpressJS or others) would be a lot easier.
What the odds ,, i was moment ago reading one of yours questions and because of it i got to know how to secure my root.epk/eix , thanks tho !
-
Hey lovely ppl in Metin2dev ,,
i have couple of questions :
1 - is it possible to limit the client login attempts to 1 per 10 minutes ?
2 - is it possible to limit the login & create accounts to 2 per ip ?
3 - what's the cost of putting the registration to the game through the client it self instead of the website and what's the best way to do it ? ( I want to learn how to script it my self )
thanks !
-
Solved ! by marty tutorial
-
hey ! ,,
here is my Alchamy.quest by @ TMP4 :quest dragon_soul_activation begin state start begin when login or levelup or enter with pc.get_level() >= 30 begin set_state(information) end end state information begin when letter begin send_letter(gameforge.dragon_soul._1010_sendLetter) local v = find_npc_by_vnum(20001) if 0 != v then target.vid("__TARGET__", v, mob_name(20001)) end end when 20001.chat." ÊÝÚíá ÇáßíãÇÆí " begin target.delete("__TARGET__") say(" Êã ÇáÊÝÚíá ") ds.give_qualification() char_log(pc.get_player_id(), 'DS_QUALIFICATION', 'SUCCESS') set_state(__complete) end end state __complete begin end end
what i face is from the client side syserr :
0115 23:44:05712 :: Traceback (most recent call last): 0115 23:44:05712 :: File "game.py", line 735, in BINARY_NEW_AddAffect 0115 23:44:05712 :: File "game.py", line 1720, in BINARY_DragonSoulGiveQuilification 0115 23:44:05712 :: File "interfaceModule.py", line 1025, in DragonSoulGiveQuilification 0115 23:44:05712 :: AttributeError 0115 23:44:05712 :: : 0115 23:44:05712 :: 'NoneType' object has no attribute 'SetToolTipText' 0115 23:44:05712 ::
and that cost crashes on the client ,,
help will be appreciated -
hey ! ,, i made this quest :
quest dragon_soul_activation begin state start begin when levelup or letter with pc.level >= 30 begin send_letter(gameforge.dragon_soul._1010_sendLetter) local v = find_npc_by_vnum(20001) if 0 != v then target.vid("__TARGET__", v, mob_name(20001)) end end when 20001.chat." ÊÝÚíá ÇáßíãÇÆí " begin target.delete("__TARGET__") say(" Êã ÇáÊÝÚíá ") ds.give_qualification() char_log(pc.get_player_id(), 'DS_QUALIFICATION', 'SUCCESS') end end end
for the ds.give_qualification() to be active on level 30 , the problem is ( the quset never end even when you have the - ds.give_qualification() - and already talk to the npc and keep reload when you login or change char )
-
for some reasons i encounter a lot of ( Handshake phase does not handle packet ) issues in my syserr :
Handshake phase does not handle packet 32 Handshake phase does not handle packet 1 Handshake phase does not handle packet 3 Handshake phase does not handle packet 71
it always come with ( UNKNOWN HEADER ) issues as well ,
these errors happned when noone even in the server ( my server is in testing and developing phase ) ( keep in mind that the files i use is paid filles ) , any help will be appreciated . -
Hey lovley ppl in metin2dev ! for some reasons i'm facing this problame in my syserr ( the only error i have ) ,
SYSERR: Jan 13 08:54:09 :: Analyze: Handshake phase does not handle packet 1 (fd 23) SYSERR: Jan 13 08:54:09 :: Process: UNKNOWN HEADER: 46, LAST HEADER: 1(49), REMAIN BYTES: 56, fd: 23
help will be appreciated
-
hey lovely ppl at metin2dev !
i'm facing this problem when i try to use my putty key to login to my sql server ,, " photo "
and thanks a lot ! -
Hey lovely people in Metin2Dev !
1 - I'm searching for a well scripted website for my Metin2 server ,, where i could get one ? And what's the best providers for website script for Metin2 ?
2 - should i put the server and website together on one freebsd ? Or spreat them ?
Thanks a lot
- 1
- 1
-
13 minutes ago, DemOnJR said:
i already solve it using Google ,, thanks a lot
- 1
-
hey lovely ppl at Metin2Dev !
i'm trying right now to secure my freebsd so i tried to use putty private key and disable the passwords and root login ,,
the problem is i do not know how to config/etc/ssh/sshd_config
to allow my second user to use ssh to the server i made ,,
i followed this tutorialbut the part where she config :
/etc/ssh/sshd_config
is missing ,, can someone help me ?
and thanks a lot ! -
17 minutes ago, DemOnJR said:
You can just use ipv6 https://docs.ovh.com/sg/en/hosting/configure-ipv6-for-your-website/ idk if it will help.
Like use it for the MySql ip ? I think it's accepte only ipv4 ,, I'm i right ?
-
5 minutes ago, DemOnJR said:
How will you point an domain name to an dynamic IP without propagation time? (.com take 12/48hours)
Silly me ,, i realize Right now
[ERROR] when installing a map
in Community Support - Questions & Answers
Posted
Solved , #Close