+- Mirage Source (https://mirage-engine.uk/forums)
+-- Forum: Mirage Source (Nostalgia) (https://mirage-engine.uk/forums/forumdisplay.php?fid=61)
+--- Forum: Archive (2006-2011) (https://mirage-engine.uk/forums/forumdisplay.php?fid=18)
+---- Forum: Resources (https://mirage-engine.uk/forums/forumdisplay.php?fid=49)
+---- Thread: Correct Client for Server (/showthread.php?tid=815)
Correct Client for Server - William - 09-03-2007
Introduction
This is very basic, what it will do is upon login. It will send a code with that packet checking if that code is the same on the client as on the server. The code can be as long as you wish it to be.
Do not use the same security code as on this example.
Client Side
Find:
Code:
Sub SendLogin(ByVal Name As String, ByVal Password As String)
Dim Packet As String
Packet = "login" & SEP_CHAR & Trim(Name) & SEP_CHAR & Trim(Password) & SEP_CHAR & App.Major & SEP_CHAR & App.Minor & SEP_CHAR & App.Revision & SEP_CHAR & END_CHAR
Call SendData(Packet)
End SubCode:
& SEP_CHAR & "code35FO36F"Code:
Sub SendLogin(ByVal Name As String, ByVal Password As String)
Dim Packet As String
Packet = "login" & SEP_CHAR & Trim(Name) & SEP_CHAR & Trim(Password) & SEP_CHAR & App.Major & SEP_CHAR & App.Minor & SEP_CHAR & App.Revision & SEP_CHAR & "code35FO36F" & SEP_CHAR & END_CHAR
Call SendData(Packet)
End SubServer Side
Inside:
Code:
' ::::::::::::::::::
' :: Login packet ::
' ::::::::::::::::::
If LCase(Parse(0)) = "login" ThenCode:
If IsMultiAccounts(Name) Then
Call AlertMsg(Index, "Multiple account logins is not authorized.")
Exit Sub
End IfCode:
If Trim$(Parse$(6)) "code35FO36F" Then
Call AlertMsg(Index, "Your client do not match the servers security code.")
Exit Sub
End If- Robin - 09-03-2007
Still, people can just sniff it in plain text and see that a little bit has been added at the end and then add it to a blank ms.
- William - 09-03-2007
As I said, it will give a little bit security
And by adding the XOR Encryption a little bit more security is added on top of that.
- Joost - 09-03-2007
I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think.
- William - 09-03-2007
Joost Wrote:I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think.Might be, I dont have any knowledge when it comes to snipping up packets. Why not have it both ways then. With different codes. So if the client code is correct, like this example. It send one back again
Kinda useless actually since if the first check is correct, the client is correct.. but still.
- Robin - 10-03-2007
William Wrote:Kinda useless actually since if the first check is correct, the client is correct.. but still.
Erm, no it's not
- William - 10-03-2007
Joost, didnt write that.. I did, and whats the meaning on making it check first if the client is correct for the server. And after that check if the server is correct for the client =/
- Robin - 10-03-2007
No, we check if the client is right for the server, then check if the client is right for the server, but using a server packet instead
Also, that quote messed up and I don't know why o.o
Re: Correct Client for Server - El_Dindonnier - 13-06-2008
Thanks you, it's work perfectly :wink:
Re: Correct Client for Server - William - 14-06-2008
Of course it works
Re: Correct Client for Server - Tosuxo - 14-11-2008
sorry for the 6-month bump, but I have some pretty good ideas for improvement:
if you used a code generator such as:
((version * subversion / revision) * day * week / month) / variable
(random * / + etc)
variable is sent by the server on attempt at login, the server stores the outcome it should receive back, and if the number from the client is different then it kicks them
obviously use a different combination for each version and revision of your game so the script kiddies really have to work to get their number, and since the variable is random from the server it just gives them more problems... if you make it take more than 1 minute's work then they'll get bored and move on normally
what you think? obviously I haven't put the code in here 'cos it's only a theory I have at the moment
of course there's a slight flaw, with the date possibly being different in different places, but you can see where i'm coming from, maybe just the full version number should be used?
Re: Correct Client for Server - William - 14-11-2008
Or you could just add XOR Encryption or another simple encryption to the actual key.