Web Based GM Management

Lalolyen · #1 09-18-2007, 03:06 AM

I'm starting development of another code he he...

I hope to have this released this afternoon sometime or at least working on our server.

Would anyone happen to be interested in a GM Management code that will have features like:

1. Access controlled Management of GM accounts of lesser status of their own (such as status lvl 150 can manage 149 and lower meaning they can demote them and promote them up to 1 level below the promoter.), delete their characters, copy characters (like dynamic quest characters for us old SoE GMs that still uses the /become command he he)).
2. Able to run as a plugin or standalone from my Web Based Petition system.
3. Able to create an empty character to the GM's account.

Basically this is setup so if like for instance, I am at work and I hear a GM went whaco, you could simply login to the website, and demote him, period, no having to wait to get home and login to the server to demote him or promote.

koldar · #2 09-18-2007, 04:51 AM

I would be very interested. I've also been searching for something that would allow for start/stopping zones, viewing zone status, viewing number of users connected, etc. Can you think of any other web-based tools that would accomplish this?

Koldar

Lalolyen · #3 09-18-2007, 07:50 AM

Actually the web interface built into EQEMU should accomplish that.

koldar · #4 09-18-2007, 08:24 AM

No way - how do I access the web interface? i didn;t know there was a web interface with eqemu.

Lalolyen · #5 09-18-2007, 10:31 AM

look at eqemu_config.xml.full ...

There is an entire tag line in there that looks something like...

Quote:

<http port="9080" enabled="true" mimefile="mime.types" />

that http port, just got to http://yourdomain:9080 *or what ever number you have specified*.

Though it is a bit underdeveloped, and limited on functionality, but you can start up zones, stop them, move characters from account to account, thats about all though.

Lalolyen · #6 09-18-2007, 10:41 AM

Just a small update btw, it may take a bit longer than anticipated... I'm really hacking out the work here on a very complex permissions system, that will be customizable by the operator... A brief description..

Ops (200+) can specify:
1. What status level can edit/change/or add to other status levels.
2. What status level can access the system.
3. Status names (such as 0 = Player, 100 = GM-Admin etc however defaults are preloaded).
4. What status levels are active (like you can say the entire GM-Coder, Quest Master, EQ Support statuses are blocked out).

As you can tell this is a bit more complex than checking if someone is a user or admin lol... And is taking a bit more work.

So far the main fuction of status checking is complete, access permissions are being worked on atm... The last thing I will work on is the actual forms and how they will manipulate the database along with the login itself... So thus far, I'm about 20% complete with the project, and as you can tell I'm way behind on my own expectations.

**fathernitwit** · #7 09-24-2007, 01:48 PM

I would strongtly encourage you to develop this functionality inside the existing web interface instead of writting it as a seperate app. I know its an annoying php wannabe perl thing, but executing directly in the server itself provides access to a lot more information than an external application can access, plus it is more likely to be useful to the broad community because they do not have to set up a seperate web server to do it (yes, its beyond many people to do so)... There is a lot of potential in the integrated web interface, I have always held out hope that somebody would come along and extend the basic starting point which I put together...

Lalolyen · #8 09-24-2007, 04:10 PM

The overall goal was a point of contact for the players... Whereas a player can create a petition, GM's can follow up, and players can follow up with that, only in that petition system.

Running that through the pre-built web interface can provide a lot of challenges, however I do not see it really as security but as a lack of scalability; whereas the pre-built-in interface confines you really to the machine that is running the world server. If someone like DR is running a world server, several zone servers and have an entirely separate network for web, and controlling the server, that really wouldn't work.

Allowing the program to run outside the built-in system provides more scalability imo =). But, its not hard for any developer to import/convert that php to perl for the interface =).

As far as security issues go, I cannot really see any more security risks than that of it running on the local host.

EQEMU has to have a username and password for the database, just like php/apache has to have it =S I'm not sure how there would be a greater threat running the program outside the eqemu web admin interface =S.

Lalolyen · #9 09-24-2007, 06:59 PM

Actually what I have so far in this system... Its really really nice =)...

Our GMs are currently using it and it features the following:

1. Fully functional GM login (from the account table).
2. Permissions are based upon status, in which you can CUSTOMIZE from the backend.
3. You specify what "groups" can see, read, modify, delete what, you specify what other groups can specify what you can, you specify what other groups can login, see players, see only GM's etc.
4. If you can see and modify a GM group, you can reset passwords, reset statuses, see characters (Working on editing characters atm) and much more.

This thing already has a ton of features and I'm only about 30% done with it... Its a pre-alpha right now, so if you want to help test it out, send me a pm, but I'm not publishing it just yet publically.

Also some security measures I took in this script to really drown any one whom might want to hack it =)...

I currently made one function that constantly checks for some values, and if any are true, the function runs a rutine that basically destroys (if any) session cookies (to log the user out), if they were logged in, it would reset their status to -2 (for banned), and would ban the IP address from the virtual host directory (in .htaccess).

So if you are an admin, make sure you aren't trying anything funny on the script, it has already locked me out once he he... but of course I was testing it too =P.

Basically here are a few things its looking for... Being the form only displays the values you can submit (like if your status is 100 and you are editing someone 80 as per defined by the admin) and if you submit the form for a higher value than what is allowed (like trying to submit a value of 150 in status) would kick in the HackerBurner function.

Attempts to use fake cookies to gain access would activate the function, and trying to access areas of the site you aren't supposed to be able to access.

I put an old Army Buddy tot he test the other day on a test box. I told him there was 20 dollars for him if he could break into the system without a ban within 10 mins...

It took him 14, however keep in mind hes a pro as well and would make VB or phpBB look like wet paper sacks when it comes to security lol =P.

So basically, the system has been locked down, it is functional... but there are a few other changes we will make before releasing it...

1. Characters and items will be editable from the web interface =).
2. Keys/Flags Skills, and AA's will also be manageable.
3. Full intergration of the petition system into this system.
4. Code Clean up... and make the HTML look half-way decent he he.

Lalolyen · #10 09-29-2007, 10:33 PM

I'm having a bit of problems with the hex for the inventory blob so thats kinda stalling the development here.

So far the GM management part, just managing GM's and players as far as status, and things that can be edited from the account table is working. The GM permissions are fully functional, however it was a severe headache to get working he he.

Lalolyen · #11 10-06-2007, 10:52 PM

Well... Here are the teases... So far the code works... however about 40% of the functions I want to work are working (server control functions).

All displays, permissions, account functions etc, WORK.

So far a GM Impossible by default install can:
* edit all other GMs (usernames, passwords, last character on, GM speed, status etc.
* edit all other users of the system.
* ban players and GM's.
* change permissions of ALL GM groups (see screenshots for all the groups).

WORKING TEMPLATE/STYLE SYSTEM that runs directly from the database (uber fast page loads he he)

Lalolyen · #12 10-06-2007, 10:58 PM

I have designed this system with a little thing I call hacker buster... Basically illegal page requests, without a valid cookie or attempts to post data that a user doesn't have permission to post, etc, will instantly set the status (which this system depends on) as -2 for banned, and will destroy their session cookies and log them out.

This by far doesn't make this system hack proof, but it sure helps, plus it keeps people "snooping" out =).

Lalolyen · #13 10-10-2007, 06:55 PM

JUST AN ANNOUNCEMENT!

No more of this!