Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
SUCS Game Server Auth System v2
===============================
imranh@sucs.org
What is it?
-----------
An authentication system to ensure only SUCS members and plus whoever we want
can connect and play games on the game server.
How's it work?
--------------
It's written in php and it's done in the style of a SPA. If a member wishes
to connect to a game, they visit games.sucs.org, enter their SUCS username +
password, and they are then granted access to the server.
The page uses a HTTP Refresh: header with a timeout of 30 seconds to keep them
logged in. this timeout can be fiddeled with in index.php and in
gameauth-task.php
Every time the page is accessed, the member's entry in a sqlite db is updated
and a hole poked in the firewall on the game server for their IP (if there's
not already a hole there)
How does it know when a user times out?
---------------------------------------
A cron job runs every minute on the server to close the holes in the firewall
associated with the IPs of people who have not refreshed the web page in the
last 1 minute.
What if a user logs in twice from 2 different IPs?
--------------------------------------------------
Then the IP that did the most recent refresh overwrites the old one.
A user can only connect from one IP at a time. Should stop people giving their
login details to their friends.
What if two different people from the same IP login?
----------------------------------------------------
This is ok - 2 entries will be added to the db and the firewall, so if one user
disconnects, it won't affect the other user.
What if we want to open the server to the world for a special event?
--------------------------------------------------------------------
Currently we are restricting this to only allow Swansea University students,
rename the uni.deny file in /home/game-server to uni.allow to allow SUCS +
Swansea Univerity students and rename it back to uni.deny only allow SUCS
members.
Why was it rewritten?
---------------------
The old system didn't work.
What is wrong with Apache LDAP Auth?
------------------------------------
It doesn't give us the ability to customise the login form.