|
You last visited: Today at 05:16
Advertisement
[Request]website parameters
Discussion on [Request]website parameters within the Shaiya Private Server forum part of the Shaiya category.
11/13/2014, 21:26
|
#1
|
elite*gold: 0
Join Date: May 2010
Posts: 342
Received Thanks: 87
|
[Request]website parameters
Hello,
In follow of that tutorial from Castor ->
where the rerol online cant be access if there is not log session ON...
i am searching the same kinda of processing to make one link of page unvailable IF you are not passed by the Home page. (if its possible) or eventually one link.
i explain :
exemple... shaiya evaliaria get
HOMEpage as [ ]if you want to see pvp rank, you just need to clic on menu. OR second solution could be to get directly the link as [ ] and valid. OR
third solution to get the source and [ ] to valid.
What i search is the possibility when you try to connect to [ ] is unvailable but Allow only by connexion via the site. i means to force the player to see the main page of the site then to make his staff...
the same process i saw on Castor web site configuration if you try removing the menu or other from the reroll side, the script doesnt work.
i think there is something to put in header page or via Htaccess...but i dont know and i would ask some help
Thank you for reading and hope its understanding -_-''
kind regards,
|
|
|
11/14/2014, 00:28
|
#2
|
elite*gold: 0
Join Date: Jul 2010
Posts: 511
Received Thanks: 513
|
You could use something like this:
Code:
<?php
$vrefer = $_SERVER["HTTP_REFERER"];
//Check referer contains evaliariashaiya.com
if (strpos($vrefer ,'evaliariashaiya.com') !== false) {
} else {
echo 'You can't see this page directly, please visit http://www.evaliariashaiya.com';
exit;
}
It's very basic, but it should work. You can add some redirection also.
|
|
|
11/14/2014, 01:23
|
#3
|
elite*gold: 0
Join Date: Dec 2010
Posts: 717
Received Thanks: 3,359
|
this is usually handled by a test of the running session.
[context]
a php application echanges cookies with the client browser as soon as a session is started (with ()).
a modern & politically correct website should ask the user if he/she accepts cookies before sending them ... but of course, all appls starts to read cookies (and potentially perform undocumented saves) before asking.
[/context]
you can use the same principle:
in all pages BUT the regular homepage(s), you include as the very first lines of the page a small script, eg:
Code:
<?
include('validateSession.php');
?>
the validateSession.php script is defined as:
Code:
<?
// enable cookies session
session_start();
// check a flag (a dummy or usefull one)
if (!isset($_SESSION['isValid'])){
header("Location: index.php");
exit();
}
// process required steps, if any, when a valid session is opened
// ...
?>
in the homepage, you will define:
Code:
<?
// enable cookies session
session_start();
// record valid session
$_SESSION['isValid'] = true;
// define page content
// ...
?>
Edit: also note that the context of an application is limited to a given host; there you are loading in a iframe a page of another webserver known by its IP; you shall NOT process this way.
Since that host is your MS-SQL svr, and likely the game server, you SHALL allow requests on port 80 (http request) to at most ONE client: your own web server (23.229.134.180). You will, in such case, request the ranks table from a server-side script (asking it with some PHP code to the game-svr) and then flushing the received html code into the requested page. (classical client-server-server chain).
|
|
|
11/14/2014, 12:14
|
#4
|
elite*gold: 0
Join Date: May 2010
Posts: 342
Received Thanks: 87
|
2 interesting answer i will try to make some test of this both and i will post result ^^ because at view it sound clear and simple BUT in practise the results are all the time different in my side
Thanks to you both its kind
EDIT :
@Castor,
Code:
you SHALL allow requests on port 80 (http request) to at most ONE client: your own web server (23.229.134.180).
In that case i should to open it in a new browser windows and not to put as iframe ? i means if i want to use that method i should doing that ?
in more with what propose Sominus, what will be the difference of result ?
and the code php should be indroduce to each page of website ?
|
|
|
11/14/2014, 23:57
|
#5
|
elite*gold: 0
Join Date: Jul 2010
Posts: 511
Received Thanks: 513
|
What I said, is more to prevent direct access to a page from outside the main site. In cases where you use IFRAMEs. (of course it needs more custom development).
What Castor said, is about sessions (security stuff), wich your site should implement if you use any stuff that requires the user to be logged in (change password, gm rerolls, webmall, etc). In that case, you should first read the php manual to understand how it works, from the link castor provided.
I see you used some template on that site. It would be better if you code the site from scratch. That way you control exactly how each section works.
Also a sugestion: In that pvp rank, you could disable the popup window that shows toon details (it's jquery ttip), because some ppl would spend the day consulting that list, wich results in constants requests. I didn't check if all the content is preloaded, but if it's not, it would be better to disable it.
|
|
|
11/15/2014, 21:07
|
#6
|
elite*gold: 0
Join Date: Dec 2010
Posts: 717
Received Thanks: 3,359
|
Quote:
Originally Posted by _Diavolino_
Code:
you SHALL allow requests on port 80 (http request) to at most ONE client: your own web server (23.229.134.180).
In that case i should to open it in a new browser windows and not to put as iframe ? i means if i want to use that method i should doing that ?
|
No, I repeat: only the web server IP: 23.229.134.180 (registered domain name: ) should be allowed to send a http request to the game server host (IP: 167.114.0.133).
For all clients (but 23.229.134.180 and optionally your own private IP), the host 167.114.0.133 shall NOT be reachable as a web server.
I understand that "you want" to manage requests this way, and I repeat that it's not a safe way to process and it shall not be done this way.
Quote:
Originally Posted by _Diavolino_
in more with what propose Sominus, what will be the difference of result ?
and the code php should be indroduce to each page of website ?
|
an iframe has no referrer.
all security related data are relevant for one web application on one host, any authentication (weak by cookies or strong by user password) can not be shared / transmitted from 1 host to another.
yes, the php test shall be inserted in all pages, like all the code common to all pages; I hope you didn't (manually?) insert the following header:
<!DOCTYPE html>
<!--[if IE 6]>
<html id="ie6" lang="en-US">
<![endif]-->
<!--[if IE 7]>
<html id="ie7" lang="en-US">
<![endif]-->
<!--[if IE 8]>
<html id="ie8" lang="en-US">
<![endif]-->
<!--[if !(IE 6) | !(IE 7) | !(IE 8) ]><!-->
<html lang="en-US">
<!--<![endif]-->
<head>
<meta charset="UTF-8" />
<title>Evaliaria | Shaiya Private Server</title>
<link rel="pingback" href="http://www.evaliariashaiya.com/xmlrpc.php" />
<!--[if lt IE 9]>
<script src="http://www.evaliariashaiya.com/wp-content/themes/Divi/js/html5.js" type="text/javascript"></script>
<![endif]-->
<script type="text/javascript">
document.documentElement.className = 'js';
</script>
<link rel="alternate" type="application/rss+xml" title="Evaliaria » Feed" href="http://www.evaliariashaiya.com/feed/" />
<link rel="alternate" type="application/rss+xml" title="Evaliaria » Comments Feed" href="http://www.evaliariashaiya.com/comments/feed/" />
<meta content="Divi v.2.1.4" name="generator"/><link rel='stylesheet' id='svegliat-buttons-css' href='http://www.evaliariashaiya.com/wp-content/plugins/svegliat-buttons/stylebuttons.css?ver=3.9.2' type='text/css' media='all' />
<link rel='stylesheet' id='bootstrap_funBox_style-css' href='http://www.evaliariashaiya.com/wp-content/plugins/wp-visual-slidebox-builder/bootstrap.min.css?ver=3.9.2' type='text/css' media='all' />
<link rel='stylesheet' id='custom_funBox_style-css' href='http://www.evaliariashaiya.com/wp-content/plugins/wp-visual-slidebox-builder/custom-fun-box.css?ver=3.9.2' type='text/css' media='all' />
<link rel='stylesheet' id='animated_css-css' href='http://www.evaliariashaiya.com/wp-content/plugins/wp-visual-slidebox-builder/animate-custom.css?ver=3.9.2' type='text/css' media='all' />
<link rel='stylesheet' id='divi-fonts-css' href='http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic ,800italic,400,300,700,800&subset=latin,latin-ext' type='text/css' media='all' />
<link rel='stylesheet' id='et-gf-open-sans-css' href='http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic ,700italic,800italic,400,300,600,700,800&subs et=latin,latin-ext' type='text/css' media='all' />
<link rel='stylesheet' id='divi-style-css' href='http://www.evaliariashaiya.com/wp-content/themes/Divi/style.css?ver=2.1.4' type='text/css' media='all' />
<link rel='stylesheet' id='et_lb_modules-css' href='http://www.evaliariashaiya.com/wp-content/plugins/elegantbuilder/style.css?ver=2.4' type='text/css' media='all' />
<link rel='stylesheet' id='et-shortcodes-css-css' href='http://www.evaliariashaiya.com/wp-content/themes/Divi/epanel/shortcodes/css/shortcodes.css?ver=3.0' type='text/css' media='all' />
<link rel='stylesheet' id='et-shortcodes-responsive-css-css' href='http://www.evaliariashaiya.com/wp-content/themes/Divi/epanel/shortcodes/css/shortcodes_responsive.css?ver=3.0' type='text/css' media='all' />
<script type='text/javascript' src='http://www.evaliariashaiya.com/wp-includes/js/jquery/jquery.js?ver=1.11.0'></script>
<script type='text/javascript' src='http://www.evaliariashaiya.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>
<script type='text/javascript' src='http://www.evaliariashaiya.com/wp-content/plugins/wp-visual-slidebox-builder/js/fun_box.js?ver=3.9.2'></script>
<script type='text/javascript' src='http://www.evaliariashaiya.com/wp-content/plugins/wp-visual-slidebox-builder/js/bootstrap.min.js?ver=3.9.2'></script>
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.evaliariashaiya.com/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.evaliariashaiya.com/wp-includes/wlwmanifest.xml" />
<link rel='prev' title='Maintenance News' href='http://www.evaliariashaiya.com/maintenance-news/' />
<link rel='next' title='Community' href='http://www.evaliariashaiya.com/community/' />
<meta name="generator" content="WordPress 3.9.2" />
<link rel='canonical' href='http://www.evaliariashaiya.com/' />
<link rel='shortlink' href='http://www.evaliariashaiya.com/' />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" /> <style>
a { color: #2EA3F2; }
body { color: #666666; }
.et_pb_counter_amount, .et_pb_featured_table .et_pb_pricing_heading, .et_quote_content, .et_link_content, .et_audio_content { background-color: #2ea3f2; }
#main-header, #main-header .nav li ul, .et-search-form, #main-header .et_mobile_menu { background-color: #ffffff; }
#top-header, #et-secondary-nav li ul { background-color: #2ea3f2; }
.woocommerce a.button.alt, .woocommerce-page a.button.alt, .woocommerce button.button.alt, .woocommerce-page button.button.alt, .woocommerce input.button.alt, .woocommerce-page input.button.alt, .woocommerce #respond input#submit.alt, .woocommerce-page #respond input#submit.alt, .woocommerce #content input.button.alt, .woocommerce-page #content input.button.alt, .woocommerce a.button, .woocommerce-page a.button, .woocommerce button.button, .woocommerce-page button.button, .woocommerce input.button, .woocommerce-page input.button, .woocommerce #respond input#submit, .woocommerce-page #respond input#submit, .woocommerce #content input.button, .woocommerce-page #content input.button, .woocommerce-message, .woocommerce-error, .woocommerce-info { background: #2ea3f2 !important; }
#et_search_icon:hover, .mobile_menu_bar:before, .footer-widget h4, .et-social-icon a:hover, .comment-reply-link, .form-submit input, .et_pb_sum, .et_pb_pricing li a, .et_pb_pricing_table_button, .et_overlay:before, .entry-summary p.price ins, .woocommerce div.product span.price, .woocommerce-page div.product span.price, .woocommerce #content div.product span.price, .woocommerce-page #content div.product span.price, .woocommerce div.product p.price, .woocommerce-page div.product p.price, .woocommerce #content div.product p.price, .woocommerce-page #content div.product p.price, .et_pb_member_social_links a:hover { color: #2ea3f2 !important; }
.woocommerce .star-rating span:before, .woocommerce-page .star-rating span:before, .et_pb_widget li a:hover, .et_pb_bg_layout_light .et_pb_promo_button, .et_pb_bg_layout_light .et_pb_more_button, .et_pb_filterable_portfolio .et_pb_portfolio_filters li a.active, .et_pb_filterable_portfolio .et_pb_portofolio_pagination ul li a.active, .et_pb_gallery .et_pb_gallery_pagination ul li a.active, .wp-pagenavi span.current, .wp-pagenavi a:hover, .et_pb_contact_submit, .et_pb_bg_layout_light .et_pb_newsletter_button, .nav-single a, .posted_in a { color: #2ea3f2 !important; }
.et-search-form, .nav li ul, .et_mobile_menu, .footer-widget li:before, .et_pb_pricing li:before, blockquote { border-color: #2ea3f2; }
#main-footer { background-color: #222222; }
#top-menu a { color: #666666; }
#top-menu li.current-menu-ancestor > a, #top-menu li.current-menu-item > a, .bottom-nav li.current-menu-item > a { color: #2ea3f2; }
body, input, textarea, select { font-family: 'Open Sans', Helvetica, Arial, Lucida, sans-serif; } </style>
<link rel="shortcut icon" href="http://www.evaliariashaiya.com/wp-content/uploads/2014/09/10441404_1431149027152171_8129805705520261924_n.jp g" /><style type="text/css" id="custom-background-css">
body.custom-background { background-color: #ffffff; }
</style>
</head>
<body class="home page page-id-314 page-template-default custom-background et_fixed_nav et_secondary_nav_enabled et_secondary_nav_two_panels windows et_full_width_page gecko et_includes_sidebar">
<div id="page-container">
in all pages, but that you're yet using an "include myHeaderStuff.php".
|
|
|
11/16/2014, 00:02
|
#7
|
elite*gold: 0
Join Date: May 2010
Posts: 342
Received Thanks: 87
|
Oh thats clear, evaliaria is not my server its one server that "click" me for one exemple. because i saw some way simple in source so was good to present as exemple for me.
After no i am using for my own site one program where i could manage to inserated in all page the concern code.
Your explanation was like all the time clear and help to understand the situation where i want to arrive...
and in what i could understand out of one iframe, we should using one new browser windows to secure better the exchange between side and server by the unique autorisation between both ?
and now, rest to me to find the right code to implemented !
Thanks you for your advise tips and helps !
Regard,
|
|
|
11/16/2014, 21:04
|
#8
|
elite*gold: 0
Join Date: Jul 2010
Posts: 511
Received Thanks: 513
|
Let's say your DB server is on 10.0.0.1 and your web site is on 20.0.0.1
Your DB server should allow HTTP requests ONLY from 20.0.0.1 (and 127.0.0.1 ofc) and block any other IP.
Some ppl open the DB to the outside, so they can use Navicat or SQL SMS, but that's a bad idea (even worst, some ppl use the default Shaiya123 passw).
It's better to have a custom (still protected) web Control Panel, to manage the DB.
|
|
|
11/16/2014, 22:43
|
#9
|
elite*gold: 0
Join Date: May 2010
Posts: 342
Received Thanks: 87
|
surely !
but for my case all (the whole folder of php script) will be in host side, that means i just need to put one "include" in the document to execute the correspondant script than the site will communicate with the server.
as the host get php configurate i dont need to inserated iframe.
after its true the exemple of evaliaria is with configuration on game server with them server configuration on port.
me its not because all rest on host.
@Castor,
what do you means by
"// process required steps, if any, when a valid session is opened
// ..."
wich new step we should to add to that to make it complete ?
sorry for question i am to be expert in webmaster xD
Thanks much
|
|
|
11/18/2014, 00:52
|
#10
|
elite*gold: 0
Join Date: May 2010
Posts: 342
Received Thanks: 87
|
php redirect
it Work well (without iframe) just try it and its nice xD it redirect to homepage.
Thank You again *_*
an other point about that iframe, i dont understand what you explain here about "flushing the code" when receiving the request from server. and in that case wich method to apply to have that system to come by the home page in case of iframe.
Since that host is your MS-SQL svr, and likely the game server, you SHALL allow requests on port 80 (http request) to at most ONE client: your own web server (23.229.134.180). You will, in such case, request the ranks table from a server-side script (asking it with some PHP code to the game-svr) and then flushing the received html code into the requested page. (classical client-server-server chain).
|
|
|
11/18/2014, 02:14
|
#11
|
elite*gold: 0
Join Date: Dec 2010
Posts: 717
Received Thanks: 3,359
|
I was writing a detailled answer, but the smart coder of this page considers it's nice to ajax-refresh it time to time (losing any edited message of course), I was bored enough to not retype all the mess.
what I was dealing with is a client-client-server request.
the end-user (1st client) request the PVP ranks to the regular web server.
that web server requests, for instance with PHP code using cURL API, the page to the game server, so acts as a 2nd client. The PHP code requests a html page, it formats it (more or less) and paste (write / ouput) it into the page is about to return.
the http daemon of the game server is setup to only respond to the web server (otherwise you will always find smart guys or hackers to directly send requests (and attacks) to the different components of game server (incl. the http daemon, the MS-SQL listener and so on).
|
|
|
|
Similar Threads
|
[Dev]Server.cfg parameters
11/24/2016 - SRO Private Server - 6 Replies
more will be added later!
Global Manager:
MaxUserForNonePCBangIP 1
Max number of connections per IP.
Download Server
USER_LIMIT 1000
Max concurrent connections, to prevent overload.
|
[Request]Minecraft website, LoL website
04/15/2012 - Web Development - 2 Replies
Greetings guys,
My name is Martin, and I wanna ask you, If there is some willing person, who can do some webpage for me.
I'm programming in C#, and I specialize at game launcher, patchers, etc..
I can't anything from php,css,html... so If somebody can do this for me, for free, or for some C# application, I can do it for you...
I need website for League of Legends and Minecraft server..
Pm me if interested, copyrights will be shown on this page ofc.. ^^
Thanks for reading, Martin
|
G1's 9D startup parameters
11/18/2010 - 9Dragons - 5 Replies
This one may be useless but if you want to start G1's 9D w/o a launcher try these codes - pass then as parameters:
-C2EZWTWTCTRCC5T3956JWA43XU
-Q2NWVUHQBJR3F6N390C0Q5N3XU
-A2CSOEI3RVRCENT393BCCSG3XU
-U2BZAV1QBCRQX0Q39NO5SQ23XU
-Q2DOUQ8S6GR0IQ0Q90NSRU63XU
-A2NRSTXC3HRQ6UA39SC0ZZY3XU
-E2NRTO2CNQRSRDJQ9T3JSNG3XU
-U2RCD50TQVRNINCQ9QO0ASI3XU
|
Parameters?
10/15/2009 - Cabal Online - 2 Replies
This is the reply from Nova I got when I asked what some things did... and quite honestly I didn't fully understand his reply, to my knowledge basically only parameter 4 is the only one that is needed to be changed but my issue is that every time I craft a get a different "EBP+0x0546: Return Address of Calling Function" the only real constant that I notice between the different SocketTrace tests is the "flag" which according to Nova would be EBP+0x27 <<<<<<<<<<<<&l t; yes that's the REAL numbers I...
|
what are the Parameters of being banned
07/26/2009 - Grand Chase Philippines - 25 Replies
just want to know up to what extent of hacking will you be banned
what are the process
and is there a safe way to hack? (not to mention public hacking?)
thanks
|
All times are GMT +2. The time now is 05:16.
|
|