collapse collapse
* User Info
 
 
Welcome, Guest. Please login or register.
* Search

* Board Stats
  • stats Total Members: 989
  • stats Total Posts: 18363
  • stats Total Topics: 2500
  • stats Total Categories: 7
  • stats Total Boards: 35
  • stats Most Online: 1144

Author Topic: bugs in 0.3.4  (Read 19560 times)

0 Members and 2 Guests are viewing this topic.

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
bugs in 0.3.4
« on: June 19, 2007, 05:13:16 am »
i think i found 2 bugs in 0.3.4
New install no changed

1st is !admin del name
it crashed the bot

next is !blacklist rem name
wouldnt remove some 1, had to do it manualy

Offline Ebag333

  • Contributor
  • *******
  • Posts: 134
  • Karma: +0/-0
Re: bugs in 0.3.4
« Reply #1 on: June 19, 2007, 06:40:59 am »
Don't use !admin, instead use !adduser and !deluser.

!admin appears to be deprecated, and a comment notes that it will be going away in .5.  Not sure who added that, but I'd avoid using it.  :)

Incidentally someone needs to write help for the security module....admin should probably go away too since it's been replaced by other commands...

Offline Alreadythere

  • BeBot Maintainer
  • BeBot Hero
  • ******
  • Posts: 1288
  • Karma: +0/-0
Re: bugs in 0.3.4
« Reply #2 on: June 19, 2007, 12:33:43 pm »
Fixed the !admin del bug, and added help for the security module.

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: bugs in 0.3.4
« Reply #3 on: June 19, 2007, 02:04:37 pm »
i have now notice a security issue
with the !alts and admin to all alts
if a user who is admin does have an alt any 1 can make him an alt and become admin
i think a fix would be you cant add admin to your alt list unless you have that security level or higher

Offline Alreadythere

  • BeBot Maintainer
  • BeBot Hero
  • ******
  • Posts: 1288
  • Karma: +0/-0
Re: bugs in 0.3.4
« Reply #4 on: June 19, 2007, 02:28:14 pm »
It's a general problem with the way alts are defined. Only way would be to enforce a two-way alt adding, meaning the main and the alt have to invoke some command.

This of course would create more some complexity.

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: bugs in 0.3.4
« Reply #5 on: June 19, 2007, 03:17:28 pm »
i was hoping for somit more simple

like this

name1 - member
name2 - admin

when name1 tries to add name2 as an alt it does a check
see that name2 is admin and check is name1 same or better security level?
if no Dont do it!

Offline Khalem

  • BeBot Founder
  • Administrator
  • ********
  • Posts: 1169
  • Karma: +0/-0
    • http://www.ancarim.com
Re: bugs in 0.3.4
« Reply #6 on: June 19, 2007, 03:40:07 pm »
I was discussing this with Blue earlier and we agreed that we have two choices on this. And i think we need to address this before 0.4 as it's a critical issue.

1: A challenge system. Player A adds Player B as an alt. A random AUTH string (md5?) is generated and stored in a new databse table, lets name it auth. There we store the requesting playername, time of the request, an integer to designate the request type (to allow the table to be used for more auth related stuff in the future) and the target name.

Player B will then be sent a blob containing a brief explanation with a link to click which will then when clicked send say a /tell botname alts auth <auth string>

This should probably be coupled with a new setting which allows you to restrict adding alts to alts that are also members of the bot (to prevent abuse by doing for example !alts add Sirillion over and over. This would also go well with the second way outlined below. On a side note, to prevent spamming and abuse, you should not be able to rerequest an alt which you have an active auth pending for. And one might in addition consider having a settable enforced delay between alt add's.

2: We have a password table, put it to use. Allow setting a password, and then allowing that password to be used when adding an alt, bypassing the auth requirement.

These two options are the best i've come up with so far, and combined they make for a nice system allowing security and flexibility (i've been thinking of this for a while since it would be nice for a raidbot)

Additionally you could add another layer to the auth mechanism (optional via setting) to require admin approval as well in addition to being confirmed by the target player, or maybe just admin approved (think forum registration options).

Thoughts?
BeBot Founder and Fixer Kingpin

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: bugs in 0.3.4
« Reply #7 on: June 19, 2007, 04:11:54 pm »
those are good ideas
but till then i added a small bit to my alts.php

Code: [Select]
// Check if the Alt being Added has Higher Security
if ($this -> bot -> security -> get_access_level($name) < $this -> bot -> security -> get_access_level($alt))
{
return "##error##Character ##highlight##$alt##end## is Higher User Level and Cannot be Added as your Alt.##end##";
}
i added this on Alts.php in modules Direction on function add_alt($name, $alt)
i added it before it did the actual adding and after the rest of the checks
 
« Last Edit: June 19, 2007, 06:45:26 pm by Chris96 »

Offline Ebag333

  • Contributor
  • *******
  • Posts: 134
  • Karma: +0/-0
Re: bugs in 0.3.4
« Reply #8 on: June 19, 2007, 06:35:15 pm »
Option 1 sounds cool, but *WAY* too complex.  Most of my users wouldn't be able to figure that out.

Option 2 sounds more feasible, but also increases the complexity quite a bit.


This problem only occurs with people who do not have alts set.  So there is no need for any of these measures if the person has alts set.

It seems to me that the person with the highest access on the bot should be the main.  So as Chris suggested a simple check to see if the person has a higher access level than the person trying to add them as their alt should fix the problem.  This closes the hole, and doesn't really increase complexity all that much (not nearly as much as option 1 or 2 would).  A slightly clearer message than what Chris has should be added ("Admin level" is ambiguous and implies it has something to do with the specific access level of Admin, rather than admin in a general sense).

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: bugs in 0.3.4
« Reply #9 on: June 19, 2007, 06:44:58 pm »
Quote
This problem only occurs with people who do not have alts set.  So there is no need for any of these measures if the person has alts set.
in my case i has set all Advisors of org to admin im  nto sure if they all have alts set etc and this may change

i have changed Admin Level to User Level

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: bugs in 0.3.4
« Reply #10 on: June 19, 2007, 07:17:47 pm »
i got another bug with !help

[Leetboss2]: /tell Leetboss2 !help !irc
To [Leetboss2]: !help !irc
[Leetboss2]: No help found for !irc
To [Leetboss2]: !help irc
[Leetboss2]: help on irc

The bot is telling me to put a ! before the help subject but its no longer used

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: bugs in 0.3.4
« Reply #11 on: June 19, 2007, 07:19:37 pm »
Also there is no help on !irc i know there is a section in setting but it would be nice to put that command in !help irc
just incase they dont know

Offline Ebag333

  • Contributor
  • *******
  • Posts: 134
  • Karma: +0/-0
Re: bugs in 0.3.4
« Reply #12 on: June 19, 2007, 07:27:25 pm »
Indeed, ever since post the release of 0.3.3 (when we started on 0.3.4) !help expects command, and not <pre>command.

That's something that should be allowed either way...

Offline Khalem

  • BeBot Founder
  • Administrator
  • ********
  • Posts: 1169
  • Karma: +0/-0
    • http://www.ancarim.com
Re: bugs in 0.3.4
« Reply #13 on: June 19, 2007, 07:41:51 pm »
Option 1 sounds cool, but *WAY* too complex.  Most of my users wouldn't be able to figure that out.

How is it complex?
Player A: /tell botname !alts add Player B
Bot: /tell Player B Player A has requested that you be added as an alt, click here to confirm
Player B: Clicks link
Bot: /tell Player B You are now an confirmed alt of Player A

If people think it's to complex to click a link, they probably cant handle playing AO in the first place imho.

Thanx for the reports btw Chris. And good catch on the alts issue.
« Last Edit: June 19, 2007, 08:06:43 pm by Khalem »
BeBot Founder and Fixer Kingpin

Offline Alreadythere

  • BeBot Maintainer
  • BeBot Hero
  • ******
  • Posts: 1288
  • Karma: +0/-0
Re: bugs in 0.3.4
« Reply #14 on: June 19, 2007, 08:30:55 pm »
#1 is easiest to use I think, at least from the user point of view. Just clicking a link shouldn't be too hard.

#2 is more comfortable as we could allow adding of mains then using the password.

Your fix is ok Chris, just the way you implemented it now makes every adding of a character with higher access rights as alt to you impossible, even using altadmin. I'd move the check out of the add_alt() function.

 

* Recent Posts
[AoC] special char for items module by bitnykk
[February 09, 2024, 09:41:18 pm]


0.8.x updates for AoC by bitnykk
[January 30, 2024, 11:16:08 pm]


0.8.x updates for AO by bitnykk
[January 30, 2024, 11:15:37 pm]


BeBot still alive & kicking ! by bitnykk
[December 17, 2023, 12:58:44 am]


Bebot and Rasberry by bitnykk
[November 29, 2023, 11:04:14 pm]

* Who's Online
  • Dot Guests: 501
  • Dot Hidden: 0
  • Dot Users: 0

There aren't any users online.
* Forum Staff
bitnykk admin bitnykk
Administrator
Khalem admin Khalem
Administrator
WeZoN gmod WeZoN
Global Moderator
SimplePortal 2.3.7 © 2008-2024, SimplePortal