How can I make a command require the player to be logged in via RCON in order to execute it? I wish to do this for security reasons.
The method IsPlayerAdmin(playerid) will return 1 if the player is logged in via RCON and 0 if the player isn't. To use this for a command, go into the command body and add an if-statement around the part of the command you wish to protect. For example:
if(IsPlayerAdmin(playerid))
{
//do stuff here
}
else
{
//do nothing, explain security settings to user
}
Related
We have a Play app, currently using version 2.6. We are trying to prevent dictionary attacks against our login by delaying a "failed login" message back to our users when they provide a failed password. We currently hash and salt and have all the best practices, but we are not sure if we are delaying correctly. So we have in our Controller:
public Result login() { return ok(loginHtml) }
and we have a:
public Result loginAction()
{
// Check for user in database
User user = User.find.query()...
// Was the user found?
if (user == null) {
// Wrong password! Delay and redirect
Thread.sleep(10000); <<-- how do delay correctly?
return redirect(routes.Controller.login())
}
// User is not null, so all good!
...
}
We are not sure if Thread.sleep(10000) is the best way to delay a response since this might hang other requests that come in, or use too many thread from the default pool. We have noticed that under 80+ hits per second the Play Framework does not route our HTTP calls to the Routes. That is, if we receive a HTTP POST request, our app will not even send that request to the Controller until 20+ seconds later, HOWEVER, in the SAME time period if we get a HTTP GET request, our app will process that GET instantly!
Currently we have 300 threads as the min/max in our Akka settings for the default fork pool. Any insights would be appreciated. We run a t2.xlarge AWS EC2 instance running Ubuntu.
Thank you.
Thread.sleep causes current thread blocking, please, try to avoid using it in production code as much as possible.
What you need to use, is CompletionStage / CompletableFuture or any abstraction for deeling with async programming and asynchronous action.
Please, take a look for more details about asynchronios actions: https://www.playframework.com/documentation/2.8.x/JavaAsync
In your case solution would look like something too (excuse me, please, this might have mistakes - I'm Scala engineer primary):
import play.libs.concurrent.HttpExecutionContext;
import play.mvc.*;
import javax.inject.Inject;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
public class LoginController extends Controller {
private HttpExecutionContext httpExecutionContext;
// Create and inject separate ScheduledExecutorService
private ScheduledExecutorService executor;
#Inject
public LoginController(HttpExecutionContext ec,
ScheduledExecutorService executor) {
this.httpExecutionContext = ec;
this.executor = executor;
}
public CompletionStage<Result> loginAction() {
User user = User.find.query()...
if (user == null) {
return executor.schedule(() -> {redirect(routes.Controller.login());}, 10, TimeUnit.SECONDS);
} else {
// return another response
}
}
}
Hope this helps!
I don't like this approach at all. This hogs threads for no reason and can probably cause your entire system to lock up if someone finds out you are doing this and they have malicious ideas. Let me propose a better approach:
In the User table store a nullable LocalDateTime of the last login attempt time.
When you fetch the user from the DB check the last attempt time (compare to LocalDateTime.now()), if 10 secs have passed since last attempt perform the password comparison.
If passwords don't match store the last attempt time as now.
This can also be handled gracefully on the front end if you provide good error responses.
EDIT: If you want to delay login attempts NOT based on the user, you could create an attempt table and store last attempt by IP address.
If you really want to do your way which I don't recommend you need to read up on this first: https://www.playframework.com/documentation/2.8.x/ThreadPools
I have next problem: I have same environment for site on work and home PC, but I have different database records inside it.
So in that case for test requests on my local environment I constantly need to change tested values.
Postman has different scopes for variables (see documentation)
In my case in collection scope is saved production variables. On environment scope I rewrite this values by my local configuration.
Collection variables
SITE_DOMAIN - https://www.prod.com/
USER_ID - 1234567890
Environment variable
SITE_DOMAIN - https://dev.loc/
USER_ID - 123
At home I have the same domain, but another user id and I need to change it in Environment variable every time when I wanna run request at home.
I wanna setup USER_ID to another value only at home local machine.
Recorded interface example
Is it possible to rewrite variable with local machine scope? There is local layer, but it isn't described in documentation.
If I understand the question correctly:
You could add a value into the local environment file local_dev or something, to run a check to see if it’s there - then have some logic in the pre-request script that looks for the value, if it exists, then change the USER_ID variable to the one you want before the request is made and if not, do nothing.
Roughly, something kind of like this but more elegant:
if(pm.environment.get('local_dev') === 'some_value') {
pm.environment.set('USER_ID', 1234)
}
I might have totally misunderstood the question though.
As I see, local variable is that variable which we setup in Pre-request Script section in pm.variables scope.
So we can override environment value without changing it by
pm.variables.set("VAR_NAME", "VAR_VALUE");
Unfortunately it will run in all PC's on each send request. So we need to add some logic to it.
As it supposed by #Danny Dainton we can add some environment variable for dev PC position.
So as a workaround I add variable PC_ENV to Local environment and put some logic for this in Pre-request Script section.
if (pm.environment.get('PC_ENV') === 'home') {
pm.variables.set("USER_ID", "35");
}
How can we use this? When we start work with Postman we go to our environment and setup PC_ENV value to home or office depends on where we are now.
Recorded example
If we don't want to run Pre-script section every time we can add all local variables values for each PC and run it only once at the beginning of the work by setup required condition.
const needSetupEnvironment = true;//change to false when setup is finished
if (needSetupEnvironment) {
const currentEnvironment = 'home';//setup environment before start work
let userId;
switch (currentEnvironment) {
case 'home':
userId = 35;
break;
default:
userId = 123;
break;
}
pm.environment.set('USER_ID', userId);
}
We can enable script when we need to change environment variables, and than disable it after setup run it once with correct environment.
Recorded example
San Andreas Multiplayer (GTA) uses PAWN as its programming language. I'm an owner of a server on SA-MP and I'm not that pro so I'd like to get some help if possible. Basically, I have a command that checks player's statistics when he/she is online, but I'd like to have a command to check them when they're offline. That's the code of the commmand which checks player's statistics when he's online.
CMD:check(playerid, var[])
{
new user;
if(!Logged(playerid)) return NoLogin(playerid);
if(Player[playerid][pAdmin] >= 2 || Player[playerid][pStaffObserver])
{
if(sscanf(var,"us[32]", user, var))
{
SendClientMessage(playerid, COLOR_WHITE, "{00BFFF}Usage:{FFFFFF} /check [playerid] [checks]");
SendClientMessage(playerid, COLOR_GRAD2, "** [CHECKS]: stats");
return 1;
}
if(!strcmp(var, "stats", true))
{
if(!Logged(user)) return NoLoginB(playerid);
ShowStats(playerid, user);
}
}
else
{
NoAuth(playerid);
}
return 1;
}
I use ZCMD command processor and Dini saving system. So I'd like to make CMD:ocheck that would display the stock ShowStats and it'll work like /ocheck [Firstname_Lastname].
Any help? Please help if possible.
Thanks
~Kevin
For the command that you require, you'll have to load data from the player's userfile.
You'll obviously begin with
if(!Logged(playerid)) return NoLogin(playerid);
if(Player[playerid][pAdmin] >= 2 || Player[playerid][pStaffObserver])
{
To check if the player using this is authorized to use this command.
Following this,
if(str, "s[32]", name))
You cannot use 'u' as a formatter here, simply because you're checking an offline player's statistics.
After this, you need to check if the user is actually registered
If he isn't, you return that error the user of this command
If he is, then check if he is online already. If he is online, return error to admin to use this command instead of 'ocheck'
If he's offline, then you can safely proceed to load his statistics (you can use the code used for loading data when a player logs in, except this time it should only be printed
for eg,
format(str, sizeof(str),
"Score: %s, Money: %d",
dini_Int(file, "score"), dini_Int(file, "score") );
Yes, basically, you have to get all the information from the file, so ShowStats will not work, because I suppose it gets all the information from enumerations and such, you have to write a brand new function, of getting all the offline info.
I'm following a tutorial on programming with Flash / Flex and Facebook (see http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html). This is a desktop app that connects to Facebook, rather than a web app.
When first testing the ability to read statuses I allowed the app to read them (obviously) when asked, so that worked just fine.
For the hell of it, I then revoked permission and when it asked me again, said Skip. It was still allowed to read them! (result object was valid, fail object was null).
So I then tried again (and it asked me again, since it still did not have permission), and this time I specifically clicked the cross to deny permission... and it was still able to read them!
Have I perhaps missed something? This is the code I'm using:
private function showStatus(): void
{
FacebookDesktop.requestExtendedPermissions(onGetStatusGranted,"read_stream");
}
private function onGetStatusGranted(resultData: Object, failData: Object): void
{
FacebookDesktop.api("/me/statuses", onGotStatus);
}
private function onGotStatus(resultData: Object, failData: Object): void
{
if (failData != null && failData.error.code == 200)
{
// User didn't allow it.
return ; **** Doesn't get here! ****
}
if (failData == null && resultData != null && resultData.length > 0)
this.userStatusLabel.text = "Status: " + resultData[0].message ; **** Always gets here ***
}
You most likely encountered a bug. Statuses require read_stream permission, unless you are a public page.
I have set up some basic routing in my app by using the examples at http://emberjs.com/guides/outlets/#toc_the-router
Within the root I have some events that trigger from view actions e.g:
gotoStepOne: Ember.Route.transitionTo('stepOne'),
gotoStepTwo: Ember.Route.transitionTo('stepTwo'),
gotoStepThree: Ember.Route.transitionTo('stepThree'),
gotoStepFour: Ember.Route.transitionTo('stepFour'),
gotoStepFive: Ember.Route.transitionTo('stepFive'),
Full example router code at http://jsfiddle.net/hellosmithy/WdjXT/
This all works fine at the moment. The problem is that I'd like to add other code into these events. For example:
gotoStepOne: function() {
if (someCondition) {
Ember.Route.transitionTo('stepOne');
}
someOtherFunction();
}
However doing this breaks the routing without throwing any errors. It just no longer transitions.
Specifically I only want transitions to happen if a certain state is met - something has been selected or input by the user at each stage before they can proceed. Is there a workaround for this, or should I be abstracting this functionality elsewhere?
The way I understand the router is, that it is the representation of the application's state.
Specifically I only want transitions to happen if a certain state is met - something has been selected or input by the user at each stage before they can proceed.
So the user inputting or selecting something puts your application in a certain state which is reflected by the router.
IMHO it should be something like this in a view (or controller):
userDidSomething: function(condition) {
if (condition) {
App.get('router').send('stepOne');
}else{
someOtherFunction();
}
}