Secure Hosts.

BYOND Forums

Announcements · BYOND Help · Bug Reports · Feature Requests · Beta Testers · Beta Bugs · Developer Help · Design Philosophy · Demos & Libraries · Tutorials & Snippets · Art & Sound · Classified Ads · Game Updates · Contests & Events · Linux Talk · On Topic · Off Topic

Secure Hosts.

ID:93244

Mar 21 2010, 1:02 pm (Edited on Mar 21 2010, 2:16 pm)

Keywords: block, host, owner, verify

Leur

This uses time to update the hash to make sure both the Server, and the updating host file match. You will have to modify one or the other to synchronize them if using different TimeZones or whatever.

This is not foolproof it is just a way to make it harder on the host. If you own the game, take control of it make sure you control what you own.

host.php

<?php
if(isset($_GET["a"])){
$day = date("D");
$second = substr(date("s"),0,1);
$minute = date("i");
$Year = date("Y");
$Day = date("d");
$Month = date("M");
$hash = $day . $Year . $Day . $minute . $Month . $second;
$hash = md5("Salt1" . $hash . "Salt2");//Will NEVER be seen by the public.
echo substr($_GET["a"],0,3) . "=" . substr($hash,0,9) . "&YourKey=t&OldHostKey=f";//f = used to be a host, but is no longer. t = true
}
?>

DM File:

var/verif = 0
world
    New()
        ..()
        Cycle() //Start the Cycle
    OpenPort(p)
        if(verif) //If the server is verified
            ..() //allow them to open it
            world<<"Server opened on port [p]. Host: [world.host]"
        else
            world<<"This server has not passed verification. You may not host."
            return
    proc
        Cycle()
            var/h = world.host
            if(!h) return //If there isnt a host don't bother verifying it.
            var
                day=time2text(world.timeofday,"DDD")
                Month=time2text(world.timeofday,"MMM")
                Day=time2text(world.timeofday,"DD")
                second=copytext(time2text(world.timeofday,"ss"),1,2) //modified to make it update the hash every 10 seconds
                Year=time2text(world.timeofday,"YYYY")
                minute=time2text(world.timeofday,"mm")
                time = day + Year + Day + minute + Month + second
            var/hret = rand(111,999) //Random 3 Digit Code that will get passed to the webserver
            var/http[] = world.Export("http://www.example.com/host.php?a=[hret]") //URL Hidden + Hidden Hash Tag
            if(!http)//If there is an error connecting to the website
                spawn(rand(80,600)) Cycle() //Cycle again randomly 8-60 seconds.
                return
            var/F = http["CONTENT"]
            var/nvar[] = params2list(file2text(F)) //contains all params
            var/hact = copytext(md5("Salt1" + time + "Salt2"),1,10)//Generates the hash to be compared with that returned from the webserver
            if(nvar["[hret]"] != hact) //if the hashes don't match, kill the server
                del(world)
                return
            if(h in nvar)//if the host is listed in the file
                if(nvar[h]!="t") //If he/she isn't a host
                    del(world)//kill
                    return
                else
                    verif = 1 //verified
            else
                del(world) //kill
                return

Again, this is not foolproof, there is way's to get around it, just do not post them in the comment's they will be removed. (If possible, I'm not sure if I can do that or not.)

May 15 2011, 10:53 am
Inushi	Hey.