Donate to the B3 fund!

"even a small donation helps!"
Donate with PayPal!
The creator of these plugins has not shown activity in a while. Posting in this board may not result in a fast reply or a reply at all. [ Read the full Support Disclaimer here ]
Most of the plugins here are made by B3 users and the authors may not visit frequently. If you need support for plugins or if questions remain unanswered, you will have to contact the author directly. Read the full Support Disclaimer here

NOTE: Do not attach plugins to your forumtopics! Attachements are periodically removed by maintenance tasks. Upload your plugins to our Downloads section instead!

Author Topic: Dynamic Login  (Read 20805 times)

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Dynamic Login
« on: August 09, 2010, 04:06:25 AM »
Hello there,

First, cheers to the B3 team who has done a great job making this great framework.
Secondly, thank's to this post, it saved me a lot of time :
http://www.bigbrotherbot.net/forums/the-code-bin/converting-simple-modifications-into-plugins/msg0/?boardseen#new

Third, thank's to Courgette for his fast replies and his dedication.

And last : here's my plugin.

Dynamic Login v0.8.1 (2010-08-17)

Download
Primary : http://www.bigbrotherbot.net/forums/downloads/?sa=view;down=73
Mirror : http://superbots.org/modules.php?name=Downloads&op=getit&lid=27

Description

This plugin basically fills the login and password fields in the database with !regaccount
and when you issue a !loginaccount, it gives you the privileges associated with your old account, by either duplicating them, or either by merging your new account with the old one ( by replacing your old IP and GUID with your current one, and place your current name as an alias, so you get your privileges back while permitting the tracking of the alias).

This permits you to create a secure login system for virtually any game that B3 can parse.

Features

Three login system types :
* 0 : No saving (aka rcon-like) : several users can use the same account at the same time and _don't store_ the privileges in the database. User will have to issue a !loginaccount each time he connects to the server to get his privileges.
* 1 : No duplicate mode : only one user can use the same account at a time. Merge current account with old one, and fix all the aliases (redirect new aliases to the old account). More secure as it avoid leaving the old account with an old IP and guid (so noone but the last logged user can use this account).
* 2 : Duplicate mode : several users can use the same account at the same time and _store_ the privileges, so logged user won't have to relog anymore. Don't merge the accounts, keep the old account but give the same privileges as old account to the current one. Less secure because if someone luckily gets your old IP or guid, one can use your old account. But it permits to set generic accounts : you set one login and password that you give to all your admins, and they will be able to associate their current account to the privileges, without an admin being present on server.

Manage accounts :
* Easily create/edit/register/login accounts in-game

Secure :
* Use /tell or /m to privately send your login infos to the bot
* Accounts duplication and merging are logged in a history.

* Security fallback measure on public revealing of an account credentials :
          .If someone inadvertently use /say or /say_team instead of /tell, then there are great chances the account is leaked, and anyone can use its credentials.
          .With this feature enabled, if the script detect that such a leak is possible, the account password is automatically changed to the securitysecretpass and an alert is outputted in the log for an admin to verify it.
          .You can customize the expression that will be checked for a security fallback.

Changelog
Code: [Select]
2010-08-09 - v0.6 - GrosBedo
- first public release, with 3 different login types.

2010-08-09 - v0.7 - GrosBedo
- added login history for type 0
- added !setaccount to change account's passwords
- added a security fallback measure if someone publicly reveals its account password
- login history now checks that old account id is not already associated with current user (avoid duplicates)
- fixed a minor bug in generating timestamp for the login history db

2010-08-11 - v0.8 - GrosBedo
- added !createaccount command to create dummy accounts for duplication (login system type 0 and 2)

2010-08-17 - v0.8.1 - GrosBedo
 - moved security fallback regexp to xml config file, and can now add more than one
 - commands moved to the config file

Enjoy !

GrosBedo

[attachment deleted by maintenance]
« Last Edit: August 18, 2010, 12:14:18 AM by grosbedo »

Offline Courgette

  • Senior Dev.
  • Hero Member
  • *
  • Posts: 4883
    • Github repository
Re: Dynamic Login
« Reply #1 on: August 09, 2010, 08:11:12 AM »

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #2 on: August 09, 2010, 01:17:30 PM »
nice work. http://www.bigbrotherbot.net/forums/downloads/?sa=view;down=73

Thank's :D

Ah and just to precise : this work is under the same license as B3 (GPL v2 ?).

Offline Courgette

  • Senior Dev.
  • Hero Member
  • *
  • Posts: 4883
    • Github repository
Re: Dynamic Login
« Reply #3 on: August 09, 2010, 01:32:04 PM »
As a matter of fact, B3 being under GPLv2, all plugins developped for B3 must have a GPL compatible license. More info on : http://www.bigbrotherbot.net/forums/plugin-developers/b3-and-the-gnu-general-public-license/msg8476/#msg8476

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #4 on: August 09, 2010, 11:34:42 PM »
Released v0.7, which adds 2 major features :

- !setaccount to change an account password depending on the login supplied and your rights (you can only change the password of an account lower or equal in privileges to yours).

- Security fallback measure : prevents leakage of accounts, by changing password automatically if someone use /say or /say_team instead of /tell or /m. Of course, the validity of the submitted informations is verified, so that noone can abuse of the system by resetting all accounts. Thank's to Heap for the idea.

Note : Of course, you can disable and tweak all those settings in the provided conf/dynamiclogin.xml
For example, you can still permit people to use /say and /say_team to login by setting "security" parameter to False (default).

Can someone update the official download page by updating the package and linking to this thread please ?
« Last Edit: August 09, 2010, 11:37:18 PM by grosbedo »

Offline Courgette

  • Senior Dev.
  • Hero Member
  • *
  • Posts: 4883
    • Github repository
Re: Dynamic Login
« Reply #5 on: August 09, 2010, 11:47:45 PM »
you can update the files in the download section yourself

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #6 on: August 10, 2010, 01:38:55 AM »
you can update the files in the download section yourself

Weird, I tried the other day but couldn't find the way to do it ?

/Edit : I still can't figure out how, there's no edit button anyway, and in MyFiles i can only add a new file.
Do I make a new download and it will replace the old one ?
« Last Edit: August 10, 2010, 02:24:28 AM by grosbedo »

Offline Courgette

  • Senior Dev.
  • Hero Member
  • *
  • Posts: 4883
    • Github repository
Re: Dynamic Login
« Reply #7 on: August 10, 2010, 07:59:41 AM »
there should be a edit link somewhere. I'll get Xlr8or attention on that matter.

Offline xlr8or

  • [ www.xlrstats.com ]
  • Project Lead
  • Hero Member
  • *
  • Posts: 2057
    • The Art of Tactical Gaming
Re: Dynamic Login
« Reply #8 on: August 10, 2010, 08:59:34 AM »
Okay, you should be able to edit your own downloads now.

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #9 on: August 10, 2010, 03:04:22 PM »
Ok, updated, thank's ! It just waits for approval now :)

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #10 on: August 12, 2010, 11:45:07 AM »
Updated v0.8, added a !createaccount command to easily create dummy accounts ingame.

Supplied a readme too.

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #11 on: August 18, 2010, 12:15:11 AM »
Update v0.8.1 :

2010-08-17 - v0.8.1 - GrosBedo
 - moved security fallback regexp to xml config file, and can now add more than one
 - commands moved to the config file

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
Re: Dynamic Login
« Reply #12 on: August 19, 2010, 12:40:37 PM »
A small change of the regexp that I will not put in the archive because Im too lazy to repackage everything for that :

In conf/dynamiclogin.xml, change
Code: xml [Select]
<regexp>.*($action!lo[g]+ina[c]+ount)\s+($username[a-z0-9_]+)\s+($password[a-z0-9_]+).*</regexp>


Into :
Code: xml [Select]
<regexp>.*($action(!|@)?lo[g]+ina[c]+ount)\s+($username[a-z0-9_]+)\s+($password[a-z0-9_]+).*</regexp>


This will permit to detect cases where the user forget to put the !...

Offline learco

  • Full Member
  • ***
  • Posts: 124
Re: Dynamic Login
« Reply #13 on: August 30, 2010, 07:14:43 PM »
i can't understand different between *0 *1 and *2;
in *2 several accounts have to change ip in order to relog?
in *0 every time do you join on the server?
in *1 only an account can use an old account?
is this about?

Offline grosbedo

  • Moderator
  • Sr. Member
  • *
  • Posts: 258
3
« Reply #14 on: August 31, 2010, 07:57:54 PM »
in *0 every time do you join on the server?

Yes, just like a RCON, you do have to login each time you rejoin the server.

This is kind of different from how B3 usually works : normally, an admin setup an account once (with !putgroup), and then the user gets automatically his privileges each time he connects to the server. With DynamicLogin set to type 0, this system won't be used (you can still use it at the same time though), and instead, you give a password to each of your members, and they have to login each time they want to get their privileges.

On the other way, the two other types of DynamicLogin works in a similar way than B3 normal behaviour.

in *1 only an account can use an old account?

Yes, let's put an example : you are a superadmin, but you have a dynamic IP and guid. You set a username and password with !regaccount.

When your IP and guid change, B3 won't recognize you as a superadmin anymore. Then, you simply have to use !loginaccount with your previously set username and password, and you get back all your superadmin status and privileges !

What technically happens is that, with type 1, when you login, the database will be updated with your new ip and guid.

Since the database is updated, next time you reconnect to the server, you won't have to relogin (except if your ip and guid change), B3 will automatically recognize you (even if you disable the plugin).

in *2 several accounts have to change ip in order to relog?

No, type 2 is similar to type 1, in the sense that it will update the database informations. But here, instead of updating, it will duplicate the privileges to you.

The effect is the same : once you !loginaccount with type 2, you get automatically recognized by B3 next time.

The difference here with type 1, is that with type 2, several different players can get the same privileges, while with type 1, only one will at a time.

An example : you play with 3 different computers : one at home, one at school and one at work. Thus, you have 3 different IPs and GUIDs, but you want to get your privileges back from each of these locations. With type 1, each time you change location, you will have to !loginaccount to get your rights (because each time you login, you will remove your previous location informations and update with new ones). With type 2, you !loginaccount once for each location (so 3 times in total), and then you will never have to !loginaccount again ! (because here you duplicate the informations, so the old ones are still valid).

---------------------------------

I think that for most uses, type 0 fits. It's the simplest to use and to apprehend.
« Last Edit: August 31, 2010, 08:00:24 PM by grosbedo »

 


Rate this page +1 at Google Search