Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
SentryRaven
Chaos Faction
|
Posted - 2006.09.29 17:52:00 -
[1]
I have written a php/mysql online tracker that can be accessed from the IGB and keeps track which members are online and active and which have went into the abyss of inactivity.
The file can be found on SourceForge.net via the link:
http://sourceforge.net/projects/eveactive/
Have fun playing with the tool.
SentryRaven
Ship Idea: Small Freighters EVE Activity Tracker |
Jinx Barker
Gallente Federal Bank
|
Posted - 2006.09.29 18:25:00 -
[2]
This indeed sounds like an excellent tool. However, I am aprehensive about downloading anything that might mess with my account. Sorry, but I am a paranoid bastard. What I will do is keep an eye on this thread, and see how things go, and if it is all kosher, then I will DL it as well.
Definatley a good tool. I wish CCP would implement something like this in game.
|
SentryRaven
Chaos Faction
|
Posted - 2006.09.29 18:36:00 -
[3]
Originally by: Jinx Barker This indeed sounds like an excellent tool. However, I am aprehensive about downloading anything that might mess with my account. Sorry, but I am a paranoid bastard. What I will do is keep an eye on this thread, and see how things go, and if it is all kosher, then I will DL it as well.
Definatley a good tool. I wish CCP would implement something like this in game.
To take the fear away from you, this is not a tool that is used by the member, but an PHP script that is inserted into the corp homepage and accessed from the IGB. Since I do not take any account info from you or anything that the IGB doesnt allow me to take, like your name your picture or your corpname.... I cannot do any damage to you.
And if you are still not convinced, it's all opensource and php. Take a look and see yourself if something is wrong there.
To give a breakdown how it works.
You open your homepage (corp) and the script kicks in. it looks if you are already in the DB and if you are, it sets your last login date onto the homepage to the date we currently have. Now your director comes along and checks this member list in the IGB and sees: "Oh damn! Jinx hasnt been on for 10 days. What's up here?" So he knows that you havent opened the page from ingame for 10 days and can take appropriate steps.
That's all to the program. It doesnt take your account data at all.
Ship Idea: Small Freighters EVE Activity Tracker |
Johnathan Roark
Caldari Quantum Industries Prime Orbital Systems
|
Posted - 2006.09.29 18:56:00 -
[4]
Id does look useful, I have tried installing it, but seams to not actually do anything.
Also, looking through the code, it does not appear to be very secure. No checks require a password that I can see in the code. Also, found at last one place that looks like an SQL injection attack could take place. Granted, Im not the best with MySQL or PHP, so...
Corporation Management Improvement |
Marko Debreault
0utbreak
|
Posted - 2006.09.29 19:06:00 -
[5]
I like the idea a lot ~
One wish would be that it would interface to the killboard database my corp is using, the source code for which is contained here. Then you could extend the activity tracker from just logging in and out, to measuring pvp activity, with all kinds of useful statistics.
And as long as I am dreaming of the ultimate corp tracking tool, add a location tracker funtionality to it. Character location is available to trusted sites through the IGB.
That would make a pretty sweet suite of EVE management tools.
|
Nez Perces
Amarr Black Spot.
|
Posted - 2006.09.29 19:12:00 -
[6]
Edited by: Nez Perces on 29/09/2006 19:12:31
.. hearing Marko talk about statistics and activity trackers turns me on...
|
SentryRaven
Chaos Faction
|
Posted - 2006.09.29 19:24:00 -
[7]
Originally by: Johnathan Roark Id does look useful, I have tried installing it, but seams to not actually do anything.
Also, looking through the code, it does not appear to be very secure. No checks require a password that I can see in the code. Also, found at last one place that looks like an SQL injection attack could take place. Granted, Im not the best with MySQL or PHP, so...
How did you experience the "it does nothing"?
And where yould you insert those passwords?
Point to me where I have done something similar?
Ship Idea: Small Freighters EVE Activity Tracker |
SwindonBadger
0utbreak
|
Posted - 2006.09.29 19:27:00 -
[8]
lol help marko might see me at the roids! please tell me the code dosnt show how many roids u popped./
|
SentryRaven
Chaos Faction
|
Posted - 2006.09.29 19:28:00 -
[9]
Originally by: SwindonBadger lol help marko might see me at the roids! please tell me the code dosnt show how many roids u popped./
Doesnt record location or anything with asteroids..
Ship Idea: Small Freighters EVE Activity Tracker |
SwindonBadger
0utbreak
|
Posted - 2006.09.29 19:29:00 -
[10]
nice that was a close one ! very nice thinking with the idear btw
|
|
Louis DelaBlanche
Cosmic Odyssey Chorus of Dawn
|
Posted - 2006.09.29 20:03:00 -
[11]
Big Brother is watching you.
|
Ocularis
Refuge of the Damned
|
Posted - 2006.09.29 21:30:00 -
[12]
Originally by: SentryRaven Point to me where I have done something similar as a "injection attack"?
From his post I would assume he means there is a part of your code that is "open" to an sql injection attack, not intentually done on your part as a way for you to exploit the details, but that another user could try and use this to exploit the sql database behind the scenes.
Ive not looked at the code yet myself so cant point you to where I would say the problem could happen. |
SentryRaven
Chaos Faction
|
Posted - 2006.09.29 22:15:00 -
[13]
Originally by: Ocularis
Originally by: SentryRaven Point to me where I have done something similar as a "injection attack"?
From his post I would assume he means there is a part of your code that is "open" to an sql injection attack, not intentually done on your part as a way for you to exploit the details, but that another user could try and use this to exploit the sql database behind the scenes.
Ive not looked at the code yet myself so cant point you to where I would say the problem could happen.
Then I'd love to know how to fix it :)
Ship Idea: Small Freighters EVE Activity Tracker |
T'Karr
|
Posted - 2006.09.30 03:48:00 -
[14]
http://cyberai.com/inputfilter/
All input should be treated as malicous, and stripped of anything which may allow arbriary sql code to be executed.
The above site contains an easy to use library to filter all input.
|
Johnathan Roark
Caldari Quantum Industries Prime Orbital Systems
|
Posted - 2006.09.30 04:10:00 -
[15]
Originally by: SentryRaven
Originally by: Ocularis
Originally by: SentryRaven Point to me where I have done something similar as a "injection attack"?
From his post I would assume he means there is a part of your code that is "open" to an sql injection attack, not intentually done on your part as a way for you to exploit the details, but that another user could try and use this to exploit the sql database behind the scenes.
Ive not looked at the code yet myself so cant point you to where I would say the problem could happen.
Then I'd love to know how to fix it :)
Baiscally you need to escape any string that is submited to the datbase two functions i've seen used are addslashes() and mysql_real_escape_string()
As far as adding passwords, id start with the admin sections.
I couldn't get it to add anything to database, but ill look later and see if I can figure out why.
Corporation Management Improvement |
Shandra Nuy'kani
Jovian Labs Chimaera Pact
|
Posted - 2006.10.04 18:53:00 -
[16]
How is this working? What are the flaws?:P
|
Raste
Shinra Lotka Volterra
|
Posted - 2006.10.04 19:15:00 -
[17]
Edited by: Raste on 04/10/2006 19:21:02
Originally by: SentryRaven
Originally by: Ocularis
Originally by: SentryRaven Point to me where I have done something similar as a "injection attack"?
From his post I would assume he means there is a part of your code that is "open" to an sql injection attack, not intentually done on your part as a way for you to exploit the details, but that another user could try and use this to exploit the sql database behind the scenes.
Ive not looked at the code yet myself so cant point you to where I would say the problem could happen.
Then I'd love to know how to fix it :)
Just from a quick glance at the source code I'm guessing what he's referring to are where some of the "WHERE" clauses get built when you're creating sql queries.
Like in this clause from the getName function in user.php: WHERE MemberID = '".$ID."'"; Someone could submit a string like "' OR '1' = '1" for the $ID variable and all of sudden it evaluates to true every time.
Most likely this kind of stuff doesn't really matter to your app though.
Anyway, just from a quick look and not knowing php, I think that's an example of what he's referring to.
|
evistin
Multiverse Corporation
|
Posted - 2006.10.05 04:25:00 -
[18]
This is an honset and good software, I am looking at it right now, and its worth the effort and time to have a serious look at it. If you honsetly worried about an attack via this method, you should also have the know how on how to put security around it. -----------
Management and Leadership û The Eve-online Guide |
Zoltharpl
Amarr Pink Bunnies
|
Posted - 2006.10.05 11:10:00 -
[19]
Ummm i'm gonna install it, I was thinking about similar idea so when I install it and test maybe i'll have more features to do and we could talk about it...
Salute
Pink Bunnies are recruiting new PVP pilots
|
SentryRaven
Chaos Faction
|
Posted - 2006.10.05 12:54:00 -
[20]
Originally by: evistin This is an honset and good software, I am looking at it right now, and its worth the effort and time to have a serious look at it. If you honsetly worried about an attack via this method, you should also have the know how on how to put security around it.
And if you know a way to improve the security spects, then please visit the Sourceforge project and give me some hints at how to. :)
Ship Idea: Small Freighters EVE Activity Tracker |
|
zyphentits
Sector 7
|
Posted - 2006.10.05 13:07:00 -
[21]
you need hosting for this? to display links for download or patch notes etc or are you going to get one?
---------------------------------------------
|
zyphentits
Sector 7
|
Posted - 2006.10.05 13:36:00 -
[22]
Edited by: zyphen**** on 05/10/2006 13:38:06 I posted
CREATE TABLE `config` ( `welcome` text NOT NULL, `ppp` int(11) NOT NULL default '0' ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
in phpmyadmin and in returned:
#1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'DEFAULT CHARSET=latin1' at line 4
So i tried:
CREATE TABLE `config` ( `welcome` text NOT NULL , `ppp` int( 11 ) NOT NULL default '0' )
It seemed to work hehe
---------------------------------------------
|
Frezik
Dirty Deeds Done Dirt Cheap
|
Posted - 2006.10.05 15:35:00 -
[23]
Edited by: Frezik on 05/10/2006 15:34:53
Originally by: Johnathan Roark Id does look useful, I have tried installing it, but seams to not actually do anything.
Also, looking through the code, it does not appear to be very secure. No checks require a password that I can see in the code. Also, found at last one place that looks like an SQL injection attack could take place. Granted, Im not the best with MySQL or PHP, so...
While other so-called "languages" may work around SQL injection attacks, PHP programmers have advanced to a higher plane of existance where one can simply ignore the problem.
|
SentryRaven
Chaos Faction
|
Posted - 2006.10.05 17:49:00 -
[24]
Originally by: zyphen**** you need hosting for this? to display links for download or patch notes etc or are you going to get one?
It is already up on SourceForge, thank you.
Linkage
And about that latin charset. The DB I use is some months old and I imported it from a MS Access DB so it's why it may be borked. Sorry, I'll take care of that once I am back from Vacation.
Ship Idea: Small Freighters EVE Activity Tracker |
Numinos
Cataclysm Enterprises Dusk and Dawn
|
Posted - 2006.10.05 23:16:00 -
[25]
Edited by: Numinos on 05/10/2006 23:22:28
hi, first thx for the efforts u took to do this, but i still have some questions.
i made it through the installation, and finally added me as recruit director and some other members. then i got the IGB memberlist, as soon as i told it to be trusted. so far so good.
but i stil didnt get how i actually works. am i as the added recruit director supposed to flagg all members i see in corpchat by clickin on "active"? or are they supposed to visit this site via IGB once they are online and the site will recognize that automaticly? or its just them beeing simply online, wich flags em "active" (dunno somehow magic )?
then, the main difference between ure screenshot and my IGB is, that i dont have a "PPP" and "viev ppp log" section on the /members.php site. any idea whats wrong?
that all so far
thx numinos unardiburges Geharse |
SentryRaven
Chaos Faction
|
Posted - 2006.10.06 09:29:00 -
[26]
span style= font-size:7pt i Edited by: SentryRaven on 06/10/2006 09:31:45 /i /span br BLOCKQUOTE font class=quote size=9px face= Verdana img src= /images/icon_quote_message.gif border= 0 b Originally by: /b i Numinos /i hr height=1 noshade br br but i stil didnt get how i actually works. am i as the added recruit director supposed to flagg all members i see in corpchat by clickin on active ? or are they supposed to visit this site via IGB once they are online and the site will recognize that automaticly? or its just them beeing simply online, wich flags em active dunno somehow magic [8 ] ? br hr height=1 noshade /font /BLOCKQUOTE br br Either you can use the index.php for that purpose or include the user.php somewhere in your index.php, to generate a user header with image corp and whatever. br br The main block is this: br br $sql = UPDATE br MembersMain br SET br LastUpdate = Now br WHERE br Name = .$_SERVER[ HTTP_EVE_CHARNAME."'"; $result = mysql_query($sql) OR die(mysql_error());[/code]
If that passage is somewhere on the index.php of your IGB website, then this piece of code will update the entry of a member once he opens the website in his IGB. Either this way or by editing the member and checking the box "mark as active" you will update their account with the current timestamp.
Quote:
then, the main difference between ure screenshot and my IGB is, that i dont have a "PPP" and "viev ppp log" section on the /members.php site. any idea whats wrong?
PPP and viewPPP log are functions that my corp has. PPP stands for "Participation Points Program", a system where we reward people for coming to corp ops. However this function is useless for most members, so I removed it from my opensource. Nothing wrong here...
Ship Idea: Small Freighters EVE Activity Tracker |
SentryRaven
Chaos Faction
|
Posted - 2006.10.06 09:34:00 -
[27]
br br Either you can use the index.php for that purpose or include the user.php somewhere in your index.php, to generate a user header with image corp and whatever. br br The main block is this: br br $sql = UPDATE br MembersMain br SET br LastUpdate = Now br WHERE br Name = .$_SERVER[ HTTP_EVE_CHARNAME."'"; $result = mysql_query($sql) OR die(mysql_error());[/code]
If that passage is somewhere on the index.php of your IGB website, then this piece of code will update the entry of a member once he opens the website in his IGB. Either this way or by editing the member and checking the box "mark as active" you will update their account with the current timestamp.
Quote:
then, the main difference between ure screenshot and my IGB is, that i dont have a "PPP" and "viev ppp log" section on the /members.php site. any idea whats wrong?
PPP and viewPPP log are functions that my corp has. PPP stands for "Participation Points Program", a system where we reward people for coming to corp ops. However this function is useless for most members, so I removed it from my opensource. Nothing wrong here...
Ship Idea: Small Freighters EVE Activity Tracker |
|
Huitzilopochtli Tlaloc
Forum Moderator Interstellar Services Department
|
Posted - 2006.10.06 10:02:00 -
[28]
Sentry raven,
I deleted parts of your post that were behaving odly, They did not break any of the rules, but were creating some sort of bug on the forums and were making no sence (therfore similar to spamming).
Huitzilopochtli Tlaloc - [email protected] ____
|
|
SentryRaven
Chaos Faction
|
Posted - 2006.10.06 10:08:00 -
[29]
Edited by: SentryRaven on 06/10/2006 10:09:33
Originally by: Huitzilopochtli Tlaloc Sentry raven,
I deleted parts of your post that were behaving odly, They did not break any of the rules, but were creating some sort of bug on the forums and were making no sence (therfore similar to spamming).
Huitzilopochtli Tlaloc - [email protected]
That was why I wrote you guys an email.... thought you could fix it... but meh ok... will have to contact that dude another way....
@Nu:
in the user.php look out for the lines 90 - 96. That code sniplet is the part where the php site updated the user account in your DB with a current timestamp. If you add that somewhere to your index.php you have for your website and you have both Tables in the same DB, it should work....
Or you can edit the member and activate the checkbox: "mark as active"
Ship Idea: Small Freighters EVE Activity Tracker |
|
Huitzilopochtli Tlaloc
Forum Moderator Interstellar Services Department
|
Posted - 2006.10.06 10:16:00 -
[30]
Originally by: SentryRaven Edited by: SentryRaven on 06/10/2006 10:09:33
Originally by: Huitzilopochtli Tlaloc Sentry raven,
I deleted parts of your post that were behaving odly, They did not break any of the rules, but were creating some sort of bug on the forums and were making no sence (therfore similar to spamming).
Huitzilopochtli Tlaloc - [email protected]
That was why I wrote you guys an email.... thought you could fix it... but meh ok... will have to contact that dude another way....
@Nu:
in the user.php look out for the lines 90 - 96. That code sniplet is the part where the php site updated the user account in your DB with a current timestamp. If you add that somewhere to your index.php you have for your website and you have both Tables in the same DB, it should work....
Or you can edit the member and activate the checkbox: "mark as active"
Sentryraven,
I did try and edit it to fix it but it wasnt updating my changes, all could do was remove parts..
Regards. ____
|
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |