SUCS Game Server Auth System v2 =============================== imranh@sucs.org ripp_@sucs.org What is it? ----------- An authentication system to ensure only SUCS members and plus whoever we want can connect and play games on the game server. How's it work? -------------- It's written in php and it's done in the style of a SPA. If a member wishes to connect to a game, they visit games.sucs.org, enter their SUCS username + password, and they are then granted access to the server. The page uses AJAX to keep them logged in (or a HTTP Refresh header if javascript is disabled) The timeout can be fiddeled with in index.php, refresh.js and gameauth-task.php Every time the page is accessed (or AJAX posted to endpoint.php), the member's entry in a sqlite db is updated and a hole poked in the firewall on the game server for their IP (if there's not already a hole there) How to add new game information? -------------------------------- See the file in games for an idea of how it works. How does it know when a user times out? --------------------------------------- A cron job runs every minute on the server to close the holes in the firewall associated with the IPs of people who have not refreshed the web page in the last 1 minute. What if a user logs in twice from 2 different IPs? -------------------------------------------------- Then the IP that did the most recent refresh overwrites the old one. A user can only connect from one IP at a time. Should stop people giving their login details to their friends. What if two different people from the same IP login? ---------------------------------------------------- This is ok - 2 entries will be added to the db and the firewall, so if one user disconnects, it won't affect the other user. What if we want to open the server to the world for a special event? -------------------------------------------------------------------- Currently we are restricting this to only allow Swansea University students, rename the uni.deny file in /home/game-server to uni.allow to allow SUCS + Swansea Univerity students and rename it back to uni.deny only allow SUCS members. Why was it rewritten? --------------------- The old system didn't work. What is wrong with Apache LDAP Auth? ------------------------------------ It doesn't give us the ability to customise the login form.
"git@projects.sucs.org:sucssite/gameauth.git" did not exist on "7b847726015f6856edfe55fa84db98f999760aa7"
Imran Hussain
authored
| Name | Last commit | Last update |
|---|---|---|
| css | ||
| fonts | ||
| games | ||
| js | ||
| res | ||
| resources | ||
| README | ||
| TODO | ||
| allow_ip.sh | ||
| controll_2.php | ||
| deny_ip.sh | ||
| endpoint.php | ||
| firewall.service | ||
| firewall.sh | ||
| gameauth | ||
| gameauth-apache.conf | ||
| gameauth-task.php | ||
| index.php | ||
| ldap-auth.php | ||
| refresh.js |