Add /openra/link route for ingame key registration.#57
Add /openra/link route for ingame key registration.#57pchote wants to merge 1 commit intoOpenRA:masterfrom
Conversation
| WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; | ||
| if (!($result = $this->db->sql_query($sql))) | ||
| { | ||
| return $this->get_response("Error: authentication failed"); |
There was a problem hiding this comment.
maybe we could reuse this string everywhere?
There was a problem hiding this comment.
I guess so, but I don't think there is a standard pattern for this elsewhere in phpBB to copy. I'm not convinced this would make things clearer.
| $user_login_attempts = (is_array($row) && $this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']); | ||
| if ($ip_login_attempts || $user_login_attempts) | ||
| { | ||
| return $this->get_response("Error: too many login attempts"); |
There was a problem hiding this comment.
is there a way to call this much earlier? WIth as few database accesses as possible? Also could whe do a query that would do both, increment login attempts and fetch it? It's different for every database, I dunno what resource center uses
There was a problem hiding this comment.
This is copied from the standard phpBB login flow. In principle we could change it, but without having a good handle in all the intricacies of php/phpBB I don't think that would be a good idea - the experts have probably done it like this for a reason.
|
|
||
| if ($duplicates) | ||
| { | ||
| return $this->get_response("Error: key exists"); |
There was a problem hiding this comment.
what does this mean? why do we want to fail here?
There was a problem hiding this comment.
This can't happen in the normal game flow (the game only calls this end point after it's confirmed that the key doesn't already exist) so is a sign that someone is trying to do something malicious.
| return $this->get_response("Error: banned"); | ||
| } | ||
|
|
||
| if (!$this->passwords_manager->check($password, $row['user_password'], $row)) |
There was a problem hiding this comment.
I assume this is already hashed and salted password?
There was a problem hiding this comment.
yes, that is all handled internally by the password manager.
2 participants
/openra/linkaccept a POST request with username, password, and the public key generated by the game. This enables linking to be performed ingame, improving player experience.It will return with one of: