[ABD] phpBB Arcade 1.0.RC10

Any abandoned MODs will be moved to this forum.

WARNING: MODs in this forum are not currently being supported or maintained by the original MOD author. Proceed at your own risk.
Forum rules
IMPORTANT: MOD Development Forum rules

WARNING: MODs in this forum are not currently being supported nor updated by the original MOD author. Proceed at your own risk.
User avatar
keith10456
Registered User
Posts: 2315
Joined: Thu Feb 24, 2005 6:55 pm
Contact:

Re: Help fix a vulnrability!

Post by keith10456 » Wed Dec 22, 2010 5:49 pm

damienhbg wrote:Somehow users are able to edit the browsers cache before submitting a score. This is how a member was able to play duckhunt for 1 minute, and manage a score of 13 million.

Image


Is there no protection for this? i'd hate to have to spend my days removing invalid scores from the arcade tables.
I would PM JRSweets with any/all information that you have on how the members were able to do it.

Please don't publicly post it :idea:

User avatar
JRSweets
Registered User
Posts: 2047
Joined: Wed Apr 14, 2004 8:37 pm
Location: Massachusetts

Re: Help fix a vulnrability!

Post by JRSweets » Wed Dec 22, 2010 6:20 pm

damienhbg wrote:Somehow users are able to edit the browsers cache before submitting a score. This is how a member was able to play duckhunt for 1 minute, and manage a score of 13 million.

Image


Is there no protection for this? i'd hate to have to spend my days removing invalid scores from the arcade tables.
Unfortunately there are tools out that that make doing that very easy. Not much that can be done. You can just delete the score in the arcade ACP it will remove all traces of it, then ban the user. Sorry, wish I had a better answer.

User avatar
JRSweets
Registered User
Posts: 2047
Joined: Wed Apr 14, 2004 8:37 pm
Location: Massachusetts

Re: [RC] phpBB Arcade 1.0.RC9

Post by JRSweets » Wed Dec 22, 2010 6:23 pm

Another quick update. If everything goes according to plan I will have the new version out tomorrow.

wykydz1
Registered User
Posts: 25
Joined: Thu Nov 11, 2010 10:56 pm
Contact:

Re: [RC] phpBB Arcade 1.0.RC9

Post by wykydz1 » Wed Dec 22, 2010 6:29 pm

ultimate point wont work on the arcade all seting i checked i used another name they work on the forum for post and stuff just not the acade .any ideas

damienhbg
Registered User
Posts: 255
Joined: Thu May 08, 2008 8:45 pm
Location: Central PA
Contact:

Re: Help fix a vulnrability!

Post by damienhbg » Wed Dec 22, 2010 7:06 pm

JRSweets wrote:
damienhbg wrote:Somehow users are able to edit the browsers cache before submitting a score. This is how a member was able to play duckhunt for 1 minute, and manage a score of 13 million.

Image


Is there no protection for this? i'd hate to have to spend my days removing invalid scores from the arcade tables.
Unfortunately there are tools out that that make doing that very easy. Not much that can be done. You can just delete the score in the arcade ACP it will remove all traces of it, then ban the user. Sorry, wish I had a better answer.

I tried as you said JrSweets, i removed the high score from the arcade_scores table in database, but now , when someone submits, they still told they have not beatin the high score of 13,million when i erased it from database. Also on arcade index, its listing dude as aving a high score, when in fact he does not.

I thought removing the highscore would erase all instances of it :(

thanks for the help btw.
My coolest mods: My Page; User Reminder; PJIRC CHAT

User avatar
KillBill.
Registered User
Posts: 600
Joined: Tue Jun 02, 2009 4:07 pm
Contact:

Re: Help fix a vulnrability!

Post by KillBill. » Wed Dec 22, 2010 7:20 pm

damienhbg wrote: I tried as you said JrSweets, i removed the high score from the arcade_scores table in database, but now , when someone submits, they still told they have not beatin the high score of 13,million when i erased it from database. Also on arcade index, its listing dude as aving a high score, when in fact he does not.

I thought removing the highscore would erase all instances of it :(

thanks for the help btw.
Acp/Arcade/edit scores/ reset user score

I think this is the best solution.

damienhbg
Registered User
Posts: 255
Joined: Thu May 08, 2008 8:45 pm
Location: Central PA
Contact:

Re: [RC] phpBB Arcade 1.0.RC9

Post by damienhbg » Wed Dec 22, 2010 8:25 pm

Thx Killbill, that worked for most part.

I did notice though too however, that some games do not allow the scores to be manipulated. duck hunt does, but an irritating game does not, sends an error.
My coolest mods: My Page; User Reminder; PJIRC CHAT

Angry_Sun
Registered User
Posts: 430
Joined: Fri Aug 01, 2008 2:17 am
Location: Dry Dry Desert
Contact:

Re: [RC] phpBB Arcade 1.0.RC9

Post by Angry_Sun » Wed Dec 22, 2010 8:28 pm

I'm a fan of either the subsilver2 joystick, or the prosilver arcade icon.

I would say the subsilver2 machine icon, but it's too small to make out. Great icons by the way!

User avatar
eman80
Registered User
Posts: 327
Joined: Tue Aug 19, 2008 1:49 pm

Re: [RC] phpBB Arcade 1.0.RC9

Post by eman80 » Wed Dec 22, 2010 8:43 pm

Hi JRSweets :)

I hope that there will be an instructions update from version 1.1.RC1 to version 1.0.RC10 , because I did the update from 1.0.RC9 to 1.1.RC1 when I saw it in your site.

please let me assure

thanks in advance
welcome to my forum:
http://www.elibrary4arab.com

p@@t
Registered User
Posts: 23
Joined: Wed Dec 22, 2010 8:38 pm

Re: [RC] phpBB Arcade 1.0.RC9

Post by p@@t » Wed Dec 22, 2010 8:57 pm

Hello

The language changes by providing a version phpBB Arcade 1.0.RC9?

Soon

Angry_Sun
Registered User
Posts: 430
Joined: Fri Aug 01, 2008 2:17 am
Location: Dry Dry Desert
Contact:

Re: [RC] phpBB Arcade 1.0.RC9

Post by Angry_Sun » Wed Dec 22, 2010 8:57 pm

1.0.RC10 is now out? Cool. When do you think the mod will ever be validated? :)

Tuxman
Registered User
Posts: 420
Joined: Sun Jun 08, 2003 6:24 pm
Location: Germany
Contact:

Re: [RC] phpBB Arcade 1.0.RC9

Post by Tuxman » Wed Dec 22, 2010 9:12 pm

Updated German language file to 1.0.RC10 :)
[ randomly phpBBing ]

User avatar
JRSweets
Registered User
Posts: 2047
Joined: Wed Apr 14, 2004 8:37 pm
Location: Massachusetts

Re: [RC] phpBB Arcade 1.0.RC9

Post by JRSweets » Thu Dec 23, 2010 2:07 am

eman80 wrote:Hi JRSweets :)

I hope that there will be an instructions update from version 1.1.RC1 to version 1.0.RC10 , because I did the update from 1.0.RC9 to 1.1.RC1 when I saw it in your site.

please let me assure

thanks in advance
Yes I have created a script. You can either run this script or just go into the arcade config table in the db and change the version number to 1.0.RC9 before you try to update.

The script is located at:
http://www.assembla.com/code/phpBB_Arca ... 10RC10.php
Last edited by JRSweets on Thu Dec 23, 2010 2:22 am, edited 1 time in total.

User avatar
JRSweets
Registered User
Posts: 2047
Joined: Wed Apr 14, 2004 8:37 pm
Location: Massachusetts

Re: Help fix a vulnrability!

Post by JRSweets » Thu Dec 23, 2010 2:12 am

damienhbg wrote:
JRSweets wrote:
damienhbg wrote:Somehow users are able to edit the browsers cache before submitting a score. This is how a member was able to play duckhunt for 1 minute, and manage a score of 13 million.

Image


Is there no protection for this? i'd hate to have to spend my days removing invalid scores from the arcade tables.
Unfortunately there are tools out that that make doing that very easy. Not much that can be done. You can just delete the score in the arcade ACP it will remove all traces of it, then ban the user. Sorry, wish I had a better answer.

I tried as you said JrSweets, i removed the high score from the arcade_scores table in database, but now , when someone submits, they still told they have not beatin the high score of 13,million when i erased it from database. Also on arcade index, its listing dude as aving a high score, when in fact he does not.

I thought removing the highscore would erase all instances of it :(

thanks for the help btw.
That is not what I said. I said to remove the score from inside the Arcade ACP. Never just delete it from the db directly, you won't get it all. ;) There is an Edit Scores module in the ACP and it could be deleted from there or as KillBill suggested reset all the scores of that user. Also, if you delete the user all their scores will be removed also. Any of these methods will remove all the scores from the db.

Some game types are easier to manipulate the scores than others. IBProV3 games seem to be the hardest.

User avatar
JRSweets
Registered User
Posts: 2047
Joined: Wed Apr 14, 2004 8:37 pm
Location: Massachusetts

Re: [RC] phpBB Arcade 1.0.RC9

Post by JRSweets » Thu Dec 23, 2010 2:14 am

Angry_Sun wrote:1.0.RC10 is now out? Cool. When do you think the mod will ever be validated? :)
Its not out yet. Should be tomorrow.

The plan is to submit this version to the MODDB and start work on the next version.

Locked

Return to “[3.0.x] Abandoned MODs”