Mutliplayer Assembly Package - Official Launch
by Robert Fritzen · 02/02/2013 (3:34 pm) · 15 comments
I have great news for everyone! My first pack, the Multiplayer Assembly Package, is now complete and released!
http://www.phantomdev.net/Torque3D/MAP/index.php
I'm very excited to finally have this done and ready for your use, and I'm sure everyone will be happy with what I have to offer.
So, the final list of offerings from this pack:
* Full Tutorial Installation of the new XXZ568 authentication package, now with cURL
* Seven Tutorials for developing systems using MAP:
** Creating a Client-Side Rank System
** Creating a Server-Side Rank System
** Developing new T3D Classes and integrating them with this pack (Remember This? :))
** News System
** Cryptography Checklist
** Server Controlled Events (Remember this? :))
** Using cURL and Torque3D.
* cURL & crypto++ library integration
So, as I promised in my last blog, two things I asked about in the past have come back to you in tutorial form.
Now, please be aware that this IS my first pack, and even though I have fully tested (to the extent I can) the scripts on the PHP server for payment -> pack download process, I cannot fully guarantee it will work on the first day, so if you don't get your pack download link after registering, please send me and email and I will sort this out as quickly as I can. Also, the main reason I'm releasing it today is so I can help you guys out tomorrow (while of course, I cheer on my Baltimore Ravens). But, I do have the best interests of ensuring everything runs smoothly, so make sure you make use of the new section of my forums that you will have access to when purchasing my pack to ask questions about the pack.
All, in all, I've been looking forward to this for quite some time, and I'm happy to say it's finally done!
Screenshots:
The Generic Login Window
The Generic Registration Window & Image Indicators
The News Dialog (One of the Seven Tutorials)
Hashing Algorithms / AES Encryption
AES Encrypted File
http://www.phantomdev.net/Torque3D/MAP/index.php
I'm very excited to finally have this done and ready for your use, and I'm sure everyone will be happy with what I have to offer.
So, the final list of offerings from this pack:
* Full Tutorial Installation of the new XXZ568 authentication package, now with cURL
* Seven Tutorials for developing systems using MAP:
** Creating a Client-Side Rank System
** Creating a Server-Side Rank System
** Developing new T3D Classes and integrating them with this pack (Remember This? :))
** News System
** Cryptography Checklist
** Server Controlled Events (Remember this? :))
** Using cURL and Torque3D.
* cURL & crypto++ library integration
So, as I promised in my last blog, two things I asked about in the past have come back to you in tutorial form.
Now, please be aware that this IS my first pack, and even though I have fully tested (to the extent I can) the scripts on the PHP server for payment -> pack download process, I cannot fully guarantee it will work on the first day, so if you don't get your pack download link after registering, please send me and email and I will sort this out as quickly as I can. Also, the main reason I'm releasing it today is so I can help you guys out tomorrow (while of course, I cheer on my Baltimore Ravens). But, I do have the best interests of ensuring everything runs smoothly, so make sure you make use of the new section of my forums that you will have access to when purchasing my pack to ask questions about the pack.
All, in all, I've been looking forward to this for quite some time, and I'm happy to say it's finally done!
Screenshots:
The Generic Login Window
The Generic Registration Window & Image Indicators
The News Dialog (One of the Seven Tutorials)
Hashing Algorithms / AES Encryption
AES Encrypted File
About the author
Illinois Grad. Retired T3D Developer / Pack Dev.
#2
02/02/2013 (3:55 pm)
Sure, Let me get some screenshots and update the blog. 
#4
02/03/2013 (2:03 am)
This seems like something worth well over $20! Not that I'm complaining, of course ;)
#5
@Bryce: I'm just that nice... :)
02/03/2013 (8:42 am)
Thanks for the comments everyone. I'm glad I could deliver this exactly the way I intended.@Bryce: I'm just that nice... :)
#6
The problem here is that you are not doing any checking on the inserted parameter and as such you can perform SQL Injection on this call.
SQL Injection
Protecting MySQL from SQL Injection Attacks with PHP
I know you are using real_escape_string:
mysql - sql injection prevention
But this is not always enough to prevent SQL Injection.
Why mysql_real_escape_string() isn���¢ï¿½ï¿½t enough to stop SQL injection attacks!
Bypassing mysql_real_escape_string() and magic_quotes_gpc
You should instead look at using prepared statements.
Free PHP Tutorials
SQL Injection Tutorial: Learn About Injection Attacks, Vulnerabilities and How to Prevent SQL Injections
It was just something that I observed and might help other users out there. Other then that, the package is well worth the $20.00 and I am quite happy to have paid for it. I will be using JEE/JSP and PostgreSQL on my backend instead of PHP and MySQL ... but that is because I have already written a large portion of my ESB (Enterprise Service Bus) already.
I was keen on the Curl and Cryptography portion of the code and integration.
Thanks
Q
p.s. This is just my personal opinion ... please don't flame me ... was not intended as a stab at the software ... just meant as a community message.
p.s.s. I have found prepared statements in both JSP and PHP to be the 100% Silver Bullet way of preventing SQL Injection. Once again ... just my opinion.
02/04/2013 (12:28 am)
Hi Robert. I bought the pack and I am fairly impressed ... you however need to be careful of SQl Injection in your PHP files.$result = sqlCall($sql, "SELECT * FROM Accounts WHERE guid='$guid' AND signature='$cert'") or die("$MAP"."$INTERNAL_ERRORn");The problem here is that you are not doing any checking on the inserted parameter and as such you can perform SQL Injection on this call.
SQL Injection
Protecting MySQL from SQL Injection Attacks with PHP
I know you are using real_escape_string:
$guid = $sql->real_escape_string($guid);
mysql - sql injection prevention
But this is not always enough to prevent SQL Injection.
Why mysql_real_escape_string() isn���¢ï¿½ï¿½t enough to stop SQL injection attacks!
Bypassing mysql_real_escape_string() and magic_quotes_gpc
You should instead look at using prepared statements.
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();Free PHP Tutorials
SQL Injection Tutorial: Learn About Injection Attacks, Vulnerabilities and How to Prevent SQL Injections
It was just something that I observed and might help other users out there. Other then that, the package is well worth the $20.00 and I am quite happy to have paid for it. I will be using JEE/JSP and PostgreSQL on my backend instead of PHP and MySQL ... but that is because I have already written a large portion of my ESB (Enterprise Service Bus) already.
I was keen on the Curl and Cryptography portion of the code and integration.
Thanks
Q
p.s. This is just my personal opinion ... please don't flame me ... was not intended as a stab at the software ... just meant as a community message.
p.s.s. I have found prepared statements in both JSP and PHP to be the 100% Silver Bullet way of preventing SQL Injection. Once again ... just my opinion.
#7
Why would I flame you, lol... you're helping everyone out.
02/04/2013 (7:30 am)
Thanks for that, I'll be sure to make the changes and send out an update to everyone.Why would I flame you, lol... you're helping everyone out.
#9
02/05/2013 (2:38 am)
Would love to help out on the PHP side :) 
#10
Sidenote: u might want to check your forum link, when i checked out with paypal and returned to your page - as i didnt made a forum account it gave me a error message and pointing me to your forum/ where the link seems to be broken.
anyways its all fine and thx for creating such great thing :)
btw regarding your next project, is it going to be like sahara (thinkin about gettin that one) or are u aiming for something different?
02/05/2013 (3:11 am)
Just purchased it :)Sidenote: u might want to check your forum link, when i checked out with paypal and returned to your page - as i didnt made a forum account it gave me a error message and pointing me to your forum/ where the link seems to be broken.
anyways its all fine and thx for creating such great thing :)
btw regarding your next project, is it going to be like sahara (thinkin about gettin that one) or are u aiming for something different?
#11
The next pack.. I'm not entirely sure about the structure of it yet. It's really just an initial WIP right now with me playing around with T3D and experimenting with my results to get what I want, more blogs on this to come soon.
My main focus right now is developing a patching solution for this pack so I can send out hotfixes to little problems (such as one found yesterday) in my documentation. And then there's the pesky MySQL stuff that seems to be evil to the forums inserting users into the correct group, but still, everyone is getting the correct download link, so no real problems there.
I'm hoping to have everything running smoothly for this by the end of this weekend, then I can turn focus to pack #2.
@Christian: Any help would be greatly appreciated, just pop me a message on my forums sometime.
02/05/2013 (9:34 am)
I might have made a mistake with my forum link, easy fix if I did :)The next pack.. I'm not entirely sure about the structure of it yet. It's really just an initial WIP right now with me playing around with T3D and experimenting with my results to get what I want, more blogs on this to come soon.
My main focus right now is developing a patching solution for this pack so I can send out hotfixes to little problems (such as one found yesterday) in my documentation. And then there's the pesky MySQL stuff that seems to be evil to the forums inserting users into the correct group, but still, everyone is getting the correct download link, so no real problems there.
I'm hoping to have everything running smoothly for this by the end of this weekend, then I can turn focus to pack #2.
@Christian: Any help would be greatly appreciated, just pop me a message on my forums sometime.
#12
Did this get an update for the potential sql injection issue? That is all I am waiting for before I buy ;)
Cheers,
Andy
02/08/2013 (11:32 am)
Hi,Did this get an update for the potential sql injection issue? That is all I am waiting for before I buy ;)
Cheers,
Andy
#13
Once I've got those fixed, I'll get the SQL code reworked and send out an update for that. I'll post back here when it's done.
02/08/2013 (5:37 pm)
I'm working on that currently. I'm dealing with a few linker errors on certain versions of MSVS, but those are just about done.Once I've got those fixed, I'll get the SQL code reworked and send out an update for that. I'll post back here when it's done.
#14
Enjoy!
02/09/2013 (9:13 pm)
I just updated MAP to version 1.2 which addresses these SQL Injection issues.Enjoy!
#15
03/18/2013 (10:49 am)
Your link above doesn't work Robert. Should it be index.php instead of index.html?
Associate Chris Calef
BrokeAss Games
Do you have any screen shots or anything to give us an idea what it looks like in practice?