Player names / edit / restore

Discussions about Coding and Scripting
User avatar
Fraxter
Novice
Posts: 18
Joined: Wed Jul 01, 2020 5:44 pm
Location: Hvalsoe, Zealand, Denmark.

Player names / edit / restore

Post by Fraxter »

I was up to make a code that checks a players playername and match it against a predefined text string and see if it contained any characters out of what I will allow them to use on my server.

for first let me post the code:

Code: Select all

function CheckLegitName(Pawn P)
{
local string LegitCharacters,Name;
local int NameLength, i;
local bool bLegitName;

	LegitCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789()[]-";
	Name = P.PlayerReplicationInfo.PlayerName;
	NameLength = Len(Name);
	bLegitName = True;
	
	for ( i=0; i<NameLength+1; i++ )
		{
		if (InStr(LegitCharacters, Left(Name,1)) != -1)
			{
			Name = Right(Name, NameLength - i);
			}
		else
			{
			bLegitName = False;
			i = 999;
			}
		}
	if ( !bLegitName)
		log (P.PlayerReplicationInfo.PlayerName$" is using illegal characters!");
}
My question is, if I alter a players name when it enters my server, I am also changing the players name in his user.ini file which is not good. So, my question is if there is a way I can reverse the players name when he again leaves my server?

The above code is from Dane but he is on vacation so I cant ask him and I want to finish this fast.

Thank you for any suggestion you may have.
User avatar
esnesi
Godlike
Posts: 1018
Joined: Mon Aug 31, 2015 12:58 pm
Personal rank: Dialed in.

Re: Player names / edit / restore

Post by esnesi »

There is something like that here as well:
viewtopic.php?f=3&t=13728&p=117195&hili ... me#p117195
User avatar
Fraxter
Novice
Posts: 18
Joined: Wed Jul 01, 2020 5:44 pm
Location: Hvalsoe, Zealand, Denmark.

Re: Player names / edit / restore

Post by Fraxter »

I looked that link. It does not make what I want to do.

I dont want example "@$®©" characters in my server as it looks childish and can cause errors in my code sorting scores and leveling database.

If player "$t@©ke®" enters my server I want to change the name into "Stacker" and storage that name in its database. That will change the players name in user.ini if I do it by setting name. I want to store players login name and change it and when player leaves server I want him to have back his login name again.
User avatar
Barbie
Godlike
Posts: 2792
Joined: Fri Sep 25, 2015 9:01 pm
Location: moved without proper hashing

Re: Player names / edit / restore

Post by Barbie »

Fraxter wrote: Sat Jul 04, 2020 12:10 pm

Code: Select all

function CheckLegitName(Pawn P)
...
for ( i=0; i<NameLength+1; i++ )
{
	...
	bLegitName = False;
	i = 999;
}
Of course it works, but the break command was invented to exit loops. ;)
Fraxter wrote: Sat Jul 04, 2020 12:10 pmif there is a way I can reverse the players name when he again leaves my server?
What should your server do if the client just powers off his machine? Or closes UT by windows functions? ("X") Or UT crashes? So I think in general this won't work.
"Multiple exclamation marks," he went on, shaking his head, "are a sure sign of a diseased mind." --Terry Pratchett
User avatar
Fraxter
Novice
Posts: 18
Joined: Wed Jul 01, 2020 5:44 pm
Location: Hvalsoe, Zealand, Denmark.

Re: Player names / edit / restore

Post by Fraxter »

Barbie wrote: Mon Jul 06, 2020 12:15 amWhat should your server do if the client just powers off his machine? Or closes UT by windows functions? ("X") Or UT crashes? So I think in general this won't work.
If we just focus on reversing the name if the player disconnects as suposed to do. Nothing works if the players just powers off or shut down a game in a way it is not designed to be shutted down. Ethic I am happy if we can return the login name when disconnecting.

Alternatively we will have to make players using strange characters not able to take use of the database and the benefits herefrom.
User avatar
Barbie
Godlike
Posts: 2792
Joined: Fri Sep 25, 2015 9:01 pm
Location: moved without proper hashing

Re: Player names / edit / restore

Post by Barbie »

Database? Can you tell more of that? Maybe you can solve your problem by using a hash that contains only valid characters for your database.
"Multiple exclamation marks," he went on, shaking his head, "are a sure sign of a diseased mind." --Terry Pratchett
Buggie
Godlike
Posts: 2698
Joined: Sat Mar 21, 2020 5:32 am

Re: Player names / edit / restore

Post by Buggie »

Just use some encoding for your database like url encoding with percentage.
User avatar
TheDane
Masterful
Posts: 660
Joined: Tue Feb 12, 2008 2:47 pm
Personal rank: Happy fool :-)

Re: Player names / edit / restore

Post by TheDane »

I Got an idea my friend, check your mail:-)
Retired.
User avatar
Fraxter
Novice
Posts: 18
Joined: Wed Jul 01, 2020 5:44 pm
Location: Hvalsoe, Zealand, Denmark.

Re: Player names / edit / restore

Post by Fraxter »

Barbie wrote: Mon Jul 06, 2020 4:03 pm Database? Can you tell more of that?
We link to a MySQL Database where we handle stuff like players progress and level and such. Doing queries with characters like "$#." can go wrong when shipped from Uscript to MySQL via PHP script on website. History shows that players do not just play they also want to find any weakness and exploit to mess up the game for others Dane has had that issue every time he ran servers in past. We study old logs of players and see this but is not able to fix it without disalowing these characters. We just will build a new server with new look for our old closed clan to have fun at and open to public invitation so they can try new things and look of sniper games.
Buggie
Godlike
Posts: 2698
Joined: Sat Mar 21, 2020 5:32 am

Re: Player names / edit / restore

Post by Buggie »

You definitely wrong worked with incoming data if any input can harm something. Especially if you have full power of PHP. Maybe better learn PHP better rather then make car with square wheels?
User avatar
Feralidragon
Godlike
Posts: 5489
Joined: Wed Feb 27, 2008 6:24 pm
Personal rank: Work In Progress
Location: Liandri

Re: Player names / edit / restore

Post by Feralidragon »

If by exploits you mean SQL injection and other stuff like that, limiting the characters someone can use is absolutely the wrong way to go about it.

There's one 100% guaranteed way of protecting your database from SQL injection, and that is to use prepared statements, where you pass user input as variables of the query, instead of being part of the query.
Since these variables are never considered or parsed as part of the SQL queries themselves, it's completely impossible to be able to perform SQL injection attacks towards a database this way.

From here, this way you get protected from SQL injection, but there are plenty of other attacks that can be performed against any database, which will mostly depend how you do the queries themselve, and how you handle database errors, especially in languages like PHP.

For instance, depending on how you do a query I could get more info than what I should, without using SQL injection, but by exploiting how certain expressions are evaluated in the database even from variables (such as the LIKE operator).
And depending on how you are handling the database errors, and how your PHP install is configured overall for production, I may be able to get your database details, like its full DSN, password, etc, and connect directly to it if it's exposed to the Internet.

As far as player names are concerned, if you do the necessary steps to protect against SQL injection, use proper queries and handle/configure your errors well, the only last step you should do is establish some basic rules for the player name, not to protect the database from mishaps, but to make sense to you logically, such as: having a min and max number of characters allowed, trimming the name from whitespace, and so on.

If you do these steps, you don't have to concern yourself about any issues on the database itself based simply of name characters.
Restrict only the characters based on what makes sense to you overall.

Just one last note: use UTF8 encoding for your database, it makes no sense using anything else, since UTF8 is good and universal enough to represent every unicode character anyone wants.
Buggie
Godlike
Posts: 2698
Joined: Sat Mar 21, 2020 5:32 am

Re: Player names / edit / restore

Post by Buggie »

Based on which characters are listed, I think the problem is in regular expressions. Either the REGEXP statement from MySQL, or the preg_* functions from PHP or (ereg_* if all going such bad xD).

All of this is solvable.

In any case, until the topic starter shows the code and states the real problem, we can only guess. We cannot help him.

In general, this is a known XY problem.
https://en.wikipedia.org/wiki/XY_problem
User avatar
Fraxter
Novice
Posts: 18
Joined: Wed Jul 01, 2020 5:44 pm
Location: Hvalsoe, Zealand, Denmark.

Re: Player names / edit / restore

Post by Fraxter »

Can we return to my question about if it is possible to return players login name when the player leaves? We got the database part we need not to focus on that part. Part of reason to unwated characters are listet it is not just security but also because we do not want players using childish playernames. We accept the characters used for most common clannames like []() but not name spoofing if you are named Jason you are not named J@$on. We may be foolish but our server is with our rules and optional to play for all.
Buggie
Godlike
Posts: 2698
Joined: Sat Mar 21, 2020 5:32 am

Re: Player names / edit / restore

Post by Buggie »

Just deny enter to server if name not suit you. Problem will be solved.
User avatar
Barbie
Godlike
Posts: 2792
Joined: Fri Sep 25, 2015 9:01 pm
Location: moved without proper hashing

Re: Player names / edit / restore

Post by Barbie »

I think the function "Logout()" in GameInfo is the best place to implement that. If you use NexGen, there should also be a similar function.
"Multiple exclamation marks," he went on, shaking his head, "are a sure sign of a diseased mind." --Terry Pratchett
Post Reply