Steam Community :: ARK Join Control

Store Page

ARK: Survival Evolved

All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

ARK: Survival Evolved > Workshop > Billy Boola's Workshop > ARK Join Control > Discussions

ARK Join Control

Description Discussions1 Comments93 Change Notes

Want to join the discussion? You need to sign in or create an account.

Date Posted: 17 Jun, 2017 @ 10:29pm

Posts: 7

Start a New Discussion

Discussions Rules and Guidelines

This topic has been pinned, so it's probably important

Billy Boola [developer] 17 Jun, 2017 @ 10:29pm

Example PHP code for JoinControl

This code assumes a MYSQL database with a Table named 'player' and columns 'steam_id' and 'allowed'

<?php if ($_GET["steam_id"]) { } else { http_response_code(404); die("Bad Input"); } // get the HTTP method, path and body of the request $method = $_SERVER['REQUEST_METHOD']; // connect to the mysql database $link = mysqli_connect('localhost', 'user', 'pass', 'dbname'); mysqli_set_charset($link,'utf8'); // create SQL $sql = "SELECT `steam_id`, `allowed` FROM `player` WHERE steam_id='".$_GET["steam_id"]."' "; // excecute SQL statement $result = mysqli_query($link,$sql); // die if SQL statement failed if (!$result) { http_response_code(404); die(mysqli_error()); } // print results if ($method == 'GET') { if (mysqli_num_rows($result) == 0) { echo ('{"steam_id":"' . $_GET["steam_id"] . '","allowed":"0"}'); } else { echo ($i>0?',':'').json_encode(mysqli_fetch_object($result)); } } // close mysql connection mysqli_close($link);

Last edited by Billy Boola; 17 Jun, 2017 @ 10:31pm

< >

Showing 1-7 of 7 comments

Toooni

22 Jun, 2017 @ 1:58am

I recommend doing it with pdo. The above code is old/unsecure.

<?php
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8mb4', 'username', 'password');

Billy Boola [developer] 22 Jun, 2017 @ 2:09am

It would be old, I havn't used any PHP in years, but as an example it works. I chose PHP as an example simply because it is so easy to setup PHP and MYSQL on any Linux server. But of course you could use any language and DB, or even a text file in place of the DB.

Toooni

14 Jul, 2017 @ 5:41am

Originally posted by Anu Zababa:
It would be old, I havn't used any PHP in years, but as an example it works. I chose PHP as an example simply because it is so easy to setup PHP and MYSQL on any Linux server. But of course you could use any language and DB, or even a text file in place of the DB.

What i posted above is php code to connect to your DB.
The code you used (mysqli) is unsecure. mysqli is deprecated.

Unknown

14 Jul, 2017 @ 1:42pm

He's right. Your code is injectable. I wouldn't provide this as an example. Anyone who uses this is begging to have some random 12 year old script kiddie hijack their website.

P.S. Injection prevention has been a thing since GET variables were created. Your code is not the product of being away for a few years, it's the product of being extremely green to scripting and not knowing the risks and dangers out there.

Last edited by Unknown; 14 Jul, 2017 @ 1:44pm

Billy Boola [developer] 14 Jul, 2017 @ 2:33pm

Bummer, so I don't know ♥♥♥♥ about PHP and some script kiddie is going to inject SQL into a web server they do not know the address of? This is the internet after all :)

Will this allow them to send a JSON response back to the ark server? I don't know the answer to that, maybe you do?

And as I said before, use Python or Ruby or some monks in a monastery in Hungry tapping out the JSON in morse code. This mod does not require that you use PHP.

It does not care how you receive and process the request, the web server (can and should be for performance be at 127.0.0.1) address is not needed by the clients who are connecting. It is all handled on the ark server, not the ark client. So unless it is an inside job I don't see how they can even begin to inject their SQL.

Finally, you do not need to use any database, no need for SQL, all your web server needs to to is return to the server the appropriate JSON

If you have more feedback please let me know, not just for my education but for any one else who reads these posts when setting up the mod fore them selves.

Cheers,

Last edited by Billy Boola; 15 Jul, 2017 @ 1:37pm

Toooni

19 Jul, 2017 @ 8:33am

Here is a more secure version of your example:

<?php header('Content-Type: application/json'); if ($_GET["steam_id"]) { $steamid = $_GET["steam_id"]; } else { http_response_code(404); die("Bad Input"); } //Create DB connection $pdo = @new PDO('mysql:host=YOURDBHOST;dbname=DBNAME', 'DBUSER', 'DBPW'); //Check Player $statement = $pdo->prepare("SELECT steam_id, allowed FROM player WHERE steam_id = ? LIMIT 1"); $statement->execute(array($steamid)); $row = $statement->fetchAll(); //Json Response if ($row[0]['accepted'] == "1"){ echo ('{"steam_id":"'.$_GET["steam_id"].'","allowed":"1"}'); }else{ echo ('{"steam_id":"'.$_GET["steam_id"].'","allowed":"0", "kick":"You are not allowed to join this server"}'); } ?>

=FS=Kaliber has ARK: Survival Evolved

15 Apr, 2022 @ 12:16am

change >> if ($row[0]['accepted'] == "1"){ << to >> if ($row[0]['allowed'] == "1"){ than it works ;)

< >

Showing 1-7 of 7 comments

Per page: 1530 50

ARK: Survival Evolved

Edit links

Report this post