[BETA] Activity / Arcade Mod 2.1.2

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
User avatar
defender-uk
Registered User
Posts: 380
Joined: Tue Jun 01, 2004 9:06 am
Location: London, UK
Contact:

Post by defender-uk »

whoo wrote: defender, cheat fix???
are you allowing the http_gets for score submissions? pfft. there is nothing that is going to circumvent that (short of modding flash files to send random hashes, yadda yadda yadda, ad nauseum). We spent weeks on fixes in the other thread. Mind you being alerted to it is great I guess.. but if you have reverted to allowing those again, im disappointed to say the least. i will wiegh in and say that having more games at that cost isnt really worth it, especially when ANY game that uses the http_get can be quickly changed to use the other more secure method.



Err, Me, Would I.. [EDIT's CODE]

MaddoxX
Registered User
Posts: 450
Joined: Sat May 15, 2004 4:43 pm
Location: Russia

Post by MaddoxX »

I also noticed there is a bug with the scores that ppl still can cheat :(

anyone knows where i can get . yeti 0,1,2,5 for this mod ? thanks :D
Can u make an additional BAN User for only the games section??
:D

whoo
Registered User
Posts: 575
Joined: Fri Mar 07, 2003 4:12 am

Post by whoo »

ppl can cheat because theyre probably playing games that you go off spidys site, that send scores via the http_get method, AND he put back in the ability to send scores using that method. Its not impossible to cheat using the http_post however its VERY hard. Why either defender or austin would put that back in is beyond me-- i will NOT be changing the way my games send the score (via an http_post) so my games (atleast) will be "nearly" uncheatable. I am not going to revisit trying to thwart cheaters when the code that so easily allowed it had been removed, ie, problem solved.

I reiterate what i said in my last post-- doing that isnt moving forward, its going backwards. :(

Actually, I just looked and your not using spidys games.. but heres the catch, because he allows the http_get, you can send a score, even If the game doesnt send a score that way .. for instanice, just because the game tetris uses a http_post, doesnt mean that newscore.php needs the game to send the score.. you can send it, basically pretending you are the game, and newscore.php takes it just fine. bad bad tsk tsk

edit: image removed, i hate stretching the pages

/me walks off in disgust.
Last edited by whoo on Sat Jul 03, 2004 6:54 pm, edited 1 time in total.

User avatar
defender-uk
Registered User
Posts: 380
Joined: Tue Jun 01, 2004 9:06 am
Location: London, UK
Contact:

Post by defender-uk »

Well, Whoo.

I have sorted the code back out AND I have made it harder to find out the game name.

So far I have NOT been able to get round the code I have added, and would like people to TRY :)


The code will NOT be released until it has been fully tested, as the export routine is building files all over the server, mainly the main PHP install dir, and I think that most ISP's will kick you off the system if you fill THIER space up with text file outputs :)

whoo
Registered User
Posts: 575
Joined: Fri Mar 07, 2003 4:12 am

Post by whoo »

lol, the game name is very easily found, ill happily test it if you like, of course i already know the game names.. but thats not to say anyone cant figure them out. Im not going to start using cryptic names for games either when the variables are sent.

Heres my question. The reason you put it back was because..? To support games that use that method? IF thats so, the submission of ONE score is all thats required to retrieve the game name .. SEE the image, there is the game_name, that URL is exaclty what a game using that method would send. ITs not transparent. Additionally, IF thats the reason you did it, like Ive said 100 times before, ALL of the games that currently use the http_get can be changed. I for one, havent recieved a single direct request to change ANY specific game on spidy's site. Am I going to go through and do them all?, without being asked, of course not.

IF, on the other hand you put that back in, to alleviate the template loadfile error, well then you are barking up the wrong tree. The removal of how the score is sent, or not sent, is not the cause of that error.

Fact is, its stupid, and it irritates me more that its been done everytime I think about it. Obviously, neither you or austin have read through the 30 or so pages of complaints about cheaters, and then the next 20 pages where fixes were discussed. I cant speak for alegis, but i am going to say, that it takes alot of my motivation away, as far as continuing to add games.

The ONLY solution that _might_ work without the remodding of ALL of the games (blah blah blah) is using some sort of wrapper before newscore.php sees the the score submission. But then I ask again, why?


PS: your forum will not let me register therefore I cannot test this useless fix

ultima528
Registered User
Posts: 100
Joined: Tue Apr 06, 2004 8:24 pm

Post by ultima528 »

Well, I just tested it at defender's site, and it says
CHEAT - Webmaster Informed - CHEAT

Apparently, his fix *seems* to be working.

whoo
Registered User
Posts: 575
Joined: Fri Mar 07, 2003 4:12 am

Post by whoo »

give me your login, and let me try :P
Last edited by whoo on Fri Jun 25, 2004 1:01 am, edited 1 time in total.

ultima528
Registered User
Posts: 100
Joined: Tue Apr 06, 2004 8:24 pm

Post by ultima528 »

Lemme PM it to you =)

whoo
Registered User
Posts: 575
Joined: Fri Mar 07, 2003 4:12 am

Post by whoo »

well it works.. until he releases the code, then the wrapper hes using to hide the game_name is in the public domain, duh! the fact is, you have to release the code so that it can be used, therefore the wrapping method is exposed. So, gee, how useful is that?

And again, I ask why? its NOT needed.

Oh and guess what, it caught me cheating when i submitted the score after playing a game too.

ultima528
Registered User
Posts: 100
Joined: Tue Apr 06, 2004 8:24 pm

Post by ultima528 »

lol I can't submit scores anymore. Oh well =P

Mayan Obsidian
Registered User
Posts: 78
Joined: Sun Aug 17, 2003 7:12 am
Location: Madison, wI
Contact:

Post by Mayan Obsidian »

Sorry fellas, I'm with whoo on this one:
making cheating more difficult > 20 more games
It's better to fail at doing something then to excel at doing nothing.

User avatar
defender-uk
Registered User
Posts: 380
Joined: Tue Jun 01, 2004 9:06 am
Location: London, UK
Contact:

Post by defender-uk »

whoo wrote: well it works.. until he releases the code, then the wrapper hes using to hide the game_name is in the public domain, duh! the fact is, you have to release the code so that it can be used, therefore the wrapping method is exposed. So, gee, how useful is that?

And again, I ask why? its NOT needed.

Oh and guess what, it caught me cheating when i submitted the score after playing a game too.


Well, the game is no longer linked to the image :) Whoo, I did that a long time ago :) the image can be on mars for all the mod cares.

The game description is used everywhere the game name used to be used, in all the windows etc, and the game_id is used on all the url's.


And yes, I know that the sumit multi times runs through the code twice and then it thinks you've cheated becuase your user_id is not longer playing games.

The template load error, Nope, was not the reason it went in, thats caused by the above, plus the fact that the code used to update the 'user table' directly, but the session information is held in the 'session table', which was then checked to see what was goin on?


And yes, I have admitted that I did not read through all the original thread, but then, just by writing this one message, I am now late for work again, and I only found the thread a few hours before downloading the code, and work begain. But i'll stop coding for a few weeks and will read though it now.
ultima528 wrote: lol I can't submit scores anymore. Oh well =P


U been cheating then :)

bennyvo
Registered User
Posts: 56
Joined: Wed Mar 31, 2004 6:05 am

Post by bennyvo »

hi, i currently install Activity mod 2.1, its work great. I wonder if they plan to add Trophy features? I have look at activity plus but i just wonder if trophy feature will be add to this mod.

User avatar
defender-uk
Registered User
Posts: 380
Joined: Tue Jun 01, 2004 9:06 am
Location: London, UK
Contact:

Post by defender-uk »

bennyvo wrote: hi, i currently install Activity mod 2.1, its work great. I wonder if they plan to add Trophy features? I have look at activity plus but i just wonder if trophy feature will be add to this mod.


Currently There is no plan to have the trophies feature in this mod, that is the foundation of the plus feature, if you require trophies, then please use aUsTiNs plus mod.

What's in the FIRST post is what you will get.

I was going to do a 'Tournament' feature, that set up a challange between a group of people, best of 5 games, but aUsTiN is to include a feature like that in the plus mod, so thats not on the cards.

User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

defender, plz read , as of this post, my last post in the plus topic, by the time you get to it, it might not be my last, but it is the post referring to trying to beat cheating. Input is why i would like you to read it.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!

Post Reply

Return to “[2.0.x] MODs in Development”