Jump to content

Close
Photo

Problem With V32 Verify


  • Please log in to reply

#1
mein-sachsen

Posted 13 December 2009 - 07:39 PM

mein-sachsen

    Newbie

  • Gamer
  • 4 posts
Hello, I've scripted my own arcade with help of E-Arcade 2.5.9. The important parts are:

function ArcadeVerifyIBP() {
	 $randomchar = rand(1, 200);
	 $randomchar2 = rand(1, 200);
	 $_SESSION['games']['ibp_verify'] = array($randomchar, $randomchar2, microtime(true));
	 ob_end_clean();
	 ob_start();
	 echo "&randchar=".$randomchar."&randchar2=".$randomchar2."&savescore=1&blah=OK";
	 ob_end_flush();
 }

and

} elseif ($gametype == 'ibp3' || $gametype == 'ibp32') {
	 $theGame = getVar('gname',"POST");
	 if ($theGame == '') $theGame = $_SESSION['games']['game_name'];
	 $theScore = getVar('gscore',"POST");
	 $time_taken = microtime(true) - $_SESSION['games']['ibp_verify'][2];
	 if ($time_taken < 0 || $time_taken > 7) {
		 $_SESSION["action"]="fail_submit";
		 redir("/games",false);
	 } elseif ($_POST['enscore'] != ($theScore * $_SESSION['games']['ibp_verify'][0] ^ $_SESSION['games']['ibp_verify'][1])) {
		 $_SESSION["action"]="fail_submit";
		 redir("/games",false);
	 }
 }


Today I've checked the code of SMF Arcade and this parts are nearly the same. I use only V32 games from ibpArcade Downloads. The problem is, that sometimes the submission fails because of the score comparision. In 99% of all submits there is no problem. I think that this problem often occurs with Yeti games - is this a known problem? For example there are the following values (in a case when submission fails)

$_POST['enscore']=2260
$theScore=12.6
$_SESSION['games']['ibp_verify'][0]=24
$_SESSION['games']['ibp_verify'][1]=47

so 12.6 * 24 ^ 47 is 257 and not 2260. Another example

$_POST['enscore']=13226
$theScore=472.5
$_SESSION['games']['ibp_verify'][0]=28
$_SESSION['games']['ibp_verify'][1]=7

472.5 * 28 ^ 7 is 13225 and not 13226 (so only 1 difference). Remember in most cases there is no problem and highscore is written to db. Can someone help?

#2
mein-sachsen

Posted 13 December 2009 - 08:16 PM

mein-sachsen

    Newbie

  • Gamer
  • 4 posts
For example this often occurs with Yeti Sports Stagedive. I've logged now some activities and it seems that this .swf tries to make an ArcadeVerifyIBP twice!??? I can see the following in web server log

XXX - - [13/Dec/2009:21:04:33 +0100] "GET /games/41-yeti-pinguine/index.php?autocom=arcade&do=verifyscore HTTP/1.1" 200 71 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)" "-"
XXX - - [13/Dec/2009:21:04:33 +0100] "POST /games/41-yeti-pinguine/sec/stagedive_score.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)" "-"
XXX - - [13/Dec/2009:21:04:33 +0100] "GET /games/41-yeti-pinguine/index.php?autocom=arcade&do=verifyscore HTTP/1.1" 200 69 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)" "-"
XXX - - [13/Dec/2009:21:04:33 +0100] "POST /games/41-yeti-pinguine/index.php?autocom=arcade&do=savescore HTTP/1.1" 302 5 "http://YYY/games/41-...orts-stagedive" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)" "-"

What's this stagedive_score.php it wants to call? So you can see two calls of "/games/41-yeti-pinguine/index.php?autocom=arcade&do=verifyscore" in a second. (Now it's clear why the score comparing fails, but why are there two HTTP calls from the swf?)

#3
TechGuy

Posted 13 December 2009 - 09:49 PM

TechGuy

    Administrator

  • Administrator
  • PipPipPip
  • 583 posts
  • Gender:Male
  • Location:USA
You would have to speak with the author of the arcade ipbcoding.com to see if he will work with you on the session security info that is parsed.

#4
jeza

Posted 18 December 2009 - 07:53 PM

jeza

    Newbie

  • Gamer
  • 7 posts
  • Gender:Male
Mein, do a $_SESSION check on your site.
I too have a standalone arcade, just raw php so no influence from any script.
I experimented with that yeti game with no problems until the entire thing crashed with mysql errors.
As several settings are SESSION driven I did a session check and that bloody game was writing its own sessions and conflicting with mine, even AFTER I deleted it.
I had to do a c-cleaner to get rid of it.

I think that game needs looking at.
8-)

#5
mein-sachsen

Posted 18 December 2009 - 08:01 PM

mein-sachsen

    Newbie

  • Gamer
  • 4 posts

Mein, do a $_SESSION check on your site.
I too have a standalone arcade, just raw php so no influence from any script.
I experimented with that yeti game with no problems until the entire thing crashed with mysql errors.
As several settings are SESSION driven I did a session check and that bloody game was writing its own sessions and conflicting with mine, even AFTER I deleted it.
I had to do a c-cleaner to get rid of it.

I think that game needs looking at.
8-)


Hum, what do you mean with c-cleaner? I use SESSIONs too, but there is no problem with it. All other games are working fine. I've noticed, that this game calls the ArcadeVerifyIBP() twice (see my posted log). For test I've setup $_SESSION['games']['ibp_verify'] as a multi-dim-array and changed

$_SESSION['games']['ibp_verify'] = array($randomchar, $randomchar2, microtime(true));

to

array_push($_SESSION['games']['ibp_verify'],array($randomchar, $randomchar2, microtime(true)));

And I can see two sub-array in it when running the game. The strange thing is, that this happens not(!) all the time with this game.

#6
jeza

Posted 18 December 2009 - 11:40 PM

jeza

    Newbie

  • Gamer
  • 7 posts
  • Gender:Male

Hum, what do you mean with c-cleaner? I use SESSIONs too, but there is no problem with it. All other games are working fine. I've noticed, that this game calls the ArcadeVerifyIBP() twice (see my posted log). For test I've setup $_SESSION['games']['ibp_verify'] as a multi-dim-array and changed

$_SESSION['games']['ibp_verify'] = array($randomchar, $randomchar2, microtime(true));

to

array_push($_SESSION['games']['ibp_verify'],array($randomchar, $randomchar2, microtime(true)));

And I can see two sub-array in it when running the game. The strange thing is, that this happens not(!) all the time with this game.


I spent a wasted day checking code when it wasn't the code, it was the game.
I'm only relating what I found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users