1. The forums are scheduled for deletion on or after December 31, 2024 (JST). Please back up or archive any data you find important to you. If you do not have an account, you cannot login or create an account.

2.1 TSWVote 2.3

Allows in-game voting using the tserverweb.com platform.

  1. Olink

    Olink Admin note: Actually a really nice person now

    Joined:
    Jul 21, 2011
    Messages:
    1,397

    Two endpoints.
    1. One to request if a player is online when they vote from the website, this would take one parameter, an IP, and use tshock functions to look up the player and see if they are online/etc you want to do, returning true/false I assume.
    2. One to inform the server that the vote is ok and valid and not totally spoofed. Param name with the IP so that the server knows who voted. You could even include info like how many times theyve voted, etc etc.
    The benefits are clear as simon pointed out: No security flaws, no extraneous data being leaked outside. Server owner can set up the config file with whatever commands they want executed. You can use a replace statement to swap in macros, like %playername% or %accountname% for usage.
     
  2. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Wow, nice thinking.
    Yes, you can instead tell people to vote on the website and then once they do - notify the server.
    Moreover - if you do this, there is even no need to query the server about the player, it would be sufficient to just send voter IP to the server and then your plugin (or any custom plugin, since vote is still happening on the website) will decide what to do with the IP (aka find the player, or user, or if there's no user - just store the IP for reward to be claimed later or just ignore it, etc...). But then, you could as well just store voter IPs and let the server query them, like *one of your competitors* does.

    But all that is still not what you want, this is not in-game voting.
     
  3. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    Dang it.. I was getting to it, but suddenly had to take a nap. You beat me to it :D
    As I was trying to say, too many security flaws..
    Anyway, I heard XGhozt likes removing valid votes... (No personal gain intended. Scientific interest)
    ♫ Shockwave Sound - Call For Heroes (Rock Mix)
     
  4. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    Vote cheater found, Terrafun has 1600 votes within no time. No way possible.

    Should ban this guy from your website.

    EDIT: 2008 votes now, raising within minutes.
     
  5. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    Please read the post above you first, okay? :D

    btw, not "no time", but 2 seconds per vote, cause rest-requests are slooow.
     
  6. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    This is exactly what I was talking about...
     
  7. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    I was trying to prove my point the whole night... But oh well. Took like 10 minutes to write a wrapper.
     
  8. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Man... Ok... At least stop now may be?
     
  9. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    Almost. It runs on its own, I can't stop it. Should be done in 10-20 minutes... (I dumped my Banlist into it)
    I'm also curious, how XGhozt will explain to me, which of those are "fake", as he claimed my old, real votes a few weeks earlier.
     
  10. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    2000+ votes and raising within seconds now, lmao cantaloupe melon.
     
  11. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    Hang in there, almost. Should stop at around 2500.
     
  12. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    At this point it is sufficient to consider all your votes fake.
     
  13. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    But I'd like to get the proof from website's point of view. Cause the requests and responses are exactly the same as of the original plugin. And all IPs are different (cause BanDB has IPs as a Primary key)
    -Done-
    Otherwise I'd like to have my old votes back (around 600)

    Disclaimer: No damage or personal gain intended. Only to describe the bugs, this plugin exposed for the website. Done with good fun and proof-of-concept. (I should be thanked for explaining the vulnerabilities of your system (c) "Social Network")
     
  14. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Don't be surprised in case all of a sudden they decide to test some of the other security flaws on you. Like, command executing and such.
     
    • Like Like x 1
  15. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    I always revert the rest user to useapi only permission... No worries ))
     
  16. Loganizer

    Plugin Developer

    Joined:
    Dec 2, 2012
    Messages:
    212
    Thank you indeed to Commaster, Olink, and Simon311. I'll talk to XGhozt when he gets online on Skype.
     
  17. Ancientgods

    Plugin Developer Zero Day Plugin Author

    Joined:
    Sep 15, 2013
    Messages:
    712
    Xghozt if you read this please come online on skype :I
     
  18. Loganizer

    Plugin Developer

    Joined:
    Dec 2, 2012
    Messages:
    212
    Send him a message a while ago. its 8:35 AM there now, so he should come on soon.

    Also, I'll have him erase all the votes since I released the plugin.
     
  19. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Can I ask a personal favor - can he erase all votes on my server? A hater has been "unliking" it for months, so I am stuck with a melonton of dislikes... (130 likes vs 111 dislikes)
     
  20. Loganizer

    Plugin Developer

    Joined:
    Dec 2, 2012
    Messages:
    212
    I'll ask him. BTW, I don't think unlikes do anything (not totally sure).