Owsap

No, it's free to use and now open source. Updated to Version 4.0 (Open Source) Updated Proto V25.0.5.0 Improved import performance by 90% Added Romanian language support. Reorganized project structure. With open-source code, you can now add your own items. Updated to Version 4.1 Fixed character encoding and unset language due to null session. Download added to the main topic.

Example

//STATEMANAGER.SaveRenderState(D3DRS_ZENABLE, FALSE); // This would make the circle render on top of everything. STATEMANAGER.SetRenderState(D3DRS_FOGENABLE, FALSE); STATEMANAGER.SetRenderState(D3DRS_LIGHTING, FALSE); static CScreen s_kScreen; s_kScreen.SetDiffuseColor(0.0f, 1.0f, 1.0f); s_kScreen.RenderCircle2d(0, 0, 0, 300, 50); //STATEMANAGER.RestoreRenderState(D3DRS_ZENABLE); STATEMANAGER.SetRenderState(D3DRS_FOGENABLE, TRUE); STATEMANAGER.SetRenderState(D3DRS_LIGHTING, TRUE);

You must use screen position, not the position of the instance. Since the main instance is located always at the center of the screen you can use: RenderCircle2d(0, 0, 0, 200);

For a player to accumulate enough damage to overflow a int32 without killing a boss with 50M health points, the boss must regenerate more than 32.4% of its health per minute (that is already too much), that is, over 16.2M health points per minute. Under these conditions, the player can keep dealing damage indefinitely without ever defeating the boss, eventually reaching the 2,147,483,647 damage cap. At 90k damage per hit and 3 hits per second, this would take around 2 hours of nonstop combat. Note that the lower the damage output, the longer it will take to reach the overflow point. While this is technically possible, it’s practically unrealistic, any sane player would have quit long before, seeing no progress against the boss. Additionally, if multiple players are involved, each one tracks their own damage separately. This means each player can independently reach their own overflow, as long as the boss regenerates enough to prevent death. For example, with two players doing identical damage, the boss would need to regenerate more than 64.8% of its health points per minute to remain unkillable, but each player would still take the same ~2h to hit the int32 limit individually. I'm not saying it's impossible, I'm just giving my own observation, but of course it's better to change all int32 to int64_t for such conditions.

Update Also add this, What has changed? Fixed issue with accessory sockets causing "cannot find item by vnum" and not properly adjusting the width. Fixed issue with default bonuses not adjusting the tooltip width. Fixed issue with real time equipment (Quiver, Young Heroes Weapons, etc...) Added support for item description and summary. (I don't think it's really needed on the default font, so you can remove it if you want) Support for bigger fonts.

I've been curious about this and I've spent a little time debunking if player damages really get overflowed and guess what I've discovered, it's a yes and no. Overflow? Yes, int overflow is technically possible, but only under extremely unrealistic conditions, and these are: A monster with 2B+ HP and/or with health regeneration. A player dealing 10M+ damage per hit. In theory, int is enough. In practice, overflow will never occur under normal server settings. Once the monster dies, the damage map is instantly cleared, so no lingering accumulation. On official servers: The highest health monsters are the "World Boss" event mobs, with 50M health points. They have no health regeneration. Player damages aren't unrealistic. Therefore, the total sum of all player damage will always be close to the monster's health points (no matter if 1 or 50 players are attacking it). As long as the monster's health points stay under 2B, you are safe using int. That said, for safety and future-proofing, I recommend changing only this: int total_dam -> int64_t total_dam If you also want to make the changes that you mentioned they're valid and adapted for unusually high single-player damage values. Item Ownership Logic The 10% threshold doesn't scale when many players are involved or when the monster regenerates a lot. It's not a bug, just a flawed design assumption. while (!pq.empty() && pq.top().first * 10 >= total_dam) Suggested Fix for Ownership Instead of individual 10% checks, you can make all players whose combined damage >= X% of total damage eligible, like so: accumulated_damage * 100 < total_damage * X Example: use X = 30 to allow the top damage dealers up to 30% of total damage but I would leave it at 10. What I Tested I ran simulations with: 1 player, up-to 50 players. 2B+ monster health points. 10M+ player damage per hit. Monster regenerating every few cycles. 10K+ Simulations. The tests confirm that overflow on player or total damage is possible, but only under unrealistic conditions...

I reworked the entire dungeon some time ago after this release, and I can confirm that this is the correct solution to ensure the dungeon progresses normally, even without players in the SECTREE.

GF Protos 25.0.5 Alternative download links → MEGA I did not include the item proto mask types and sub types. [Hidden Content]

For those using the new costumes from the latest patches (since oct. 2024), there's now additional settings ("SourceSkinSpecular", "SourceSkin2Specular") to disable specular on certain skins. Previously, even if you reduced the specular strength in the proto, it would also affect the body strength. Below is the code to remove the specular effect from the source skin. Preview

Like you said, it's very unlikely a man in the middle would want to extract this data, there is nothing really interesting. The only stress here was about the credentials being sent too, which I understand. However, I've explained that already many times during this topic and for whatever it's worth, for years there hasn't been a single problem with this and I would never do things to damage my name and reputation. I could have done things differently, this was probably a mistake, we live and learn but no harm was ever done. Regardless, I still propose the same as I mentioned before, both for the review of the system and as for the removal of my license system.

As I mentioned, I didn't want to send the plain text in the URI string so I used Base64 to encode the credentials, then on the backend I decoded it. It was just my way of saying (reversible format, encode / decode). Yes, I could have hashed the credentials and compared the hashes, which would have been more secure for transmitting the data via HTTP. However, that would still require an explanation as to why I'm reading the credentials from the library file and sending them via an HTTP request, bringing us back to the beginning of this topic. The usage of that sql data was and is simple, a direct comparison to check if they are the default credentials, nothing more. As for the rest of the data (ip, key, hostname, port, etc...), I believe they're self explanatory.

Before anything, I would like to state that the decompiled library is from an older version. I used Base64 encoding as a simple and fast solution to avoid sending the credentials in a raw form within the URI string. I know Base64 doesn't provide any encryption or protection so in newer versions of the library I added XOR encryption with a key and before you say it, I know it isn't the best solution either but it does the job and for the purpose I didn't need something to robust because I had to reverse the process. Regardless, on the backend (PHP), the Base64 string is decoded and the system verifies whether the provided username and password match the default credentials for the server which are: "localhost", "mt2", and "mt2!@#". Yes, I use HTTP and still do (I was working on another version but I canceled it) but I don't think it's necessary to encrypt an IP address, Channel, Port and a default publicly available Metin2 database credential which by default you cannot access remotely unless you manually change it. Regardless, on newer version of the library the full URI is encrypted with XOR, you would not see plain text. I understand this approach might seem questionable at first and sketchy while looking at the library request. However, I did it this way to "enforce" the use of these default database credentials. This is necessary because the database setup (script to install the database tables) and operation rely on these specific credentials. Sure they can change it but they need to know what they're doing. As long as these default credentials are strictly assigned to "localhost," I believe this approach is secure and ensures proper installation and functioning of the database. I have no problem sharing this small procedure with everyone, but I can’t reveal every single line of code publicly just to prove that I'm not doing anything harmful with the data or storing it. Even if I did, some people still wouldn't believe me. I've already messaged the forum administrator to offer a full review of the "system" if they're interested, but I'm not going to share it publicly here.

The purpose of the license system is straightforward, like any license verification system, it transmits the essential information needed to verify the legitimacy of those who have purchased my services. Does it help? Yes, to some extent, it helps in maintaining control, though it does not completely prevent misuse or bypassing and I understand that it can be useless to some but as I said before it helps detecting who uses my project fairly. I believe everyone who has purchased my project is aware of this licensing approach. While I may not explicitly specify on my terms which data is sent to my remote server, it should be clear to them what kind of information is involved. If I had anything to hide, I would have implemented the system differently. I am aware that my license system could have been decompiled and that the query it executes would be visible. However, I stand by the fact that it operates transparently and doesn't harm any of my customers or their servers. Everything is open source except my license system so it is clearly visible to everyone who holds a copy of my project to see if there are any malicious code. Regardless, if my license system is perceived as problematic, I am willing to open a poll on its removal within my projects community. If the majority agrees, I can remove it today through a simple and quick update. That being said, I want to reassure everyone that this system has never caused any harm to anyone or any server. To address concerns and accusations of dishonesty, I am willing to provide additional proof, even though I am not obligated to do so. Specifically, I can share the complete code of my license system, including its backend, with the forum administration for review so that people don't call me a liar.

I honestly don't understand all these accusations, especially when there's no concrete proof to support them. I've explained how my license system works, detailed the purpose of the HTTP request, and even shown my database logs to prove that I don’t store any SQL credentials. Honestly, why would I even want to store those in the first place? Despite all this, you still choose not to believe me. It's clear you've already made up your mind, assuming I'm doing something wrong. What's most frustrating is that no actual customers of mine have raised these concerns, only people who don't work with me seem to be making these complaints. So many developers here have already added license systems to their work without facing such criticism. Why am I being singled out? I have always responded to accusations against me and made every effort to prove otherwise. I've never ignored any claims, because doing so would suggest indifference to my reputation and I care deeply about it. Someone who values their reputation doesn't act in ways that would harm it. Everything I do I always think both sides of it to prevent such problems but it seems that whatever I do there will always be such criticism. However, no matter how much I try to defend myself or provide evidence, people still assume I'm lying or a being a manipulator. It feels like my efforts to preserve my reputation are disregarded entirely. I've done everything I can to explain and prove my point, yet it seems usless. I really don't know what you want from me.