|
||||
|
Title: Chatroom Impersonations Post by Sconibulus on Aug 19th, 2011, 4:56pm It seems that, with what's probably javascript injection, it's pretty easy to alter the name that displays in the chat. Given that this is sometimes used as validation for other services, such as teamspeak during event games, this could be a little bit of an issue. |
||||
|
Title: Re: Chatroom Impersonations Post by rabbits on Aug 19th, 2011, 6:45pm It's true. Someone is able to change names in the chatroom, and the imposter claims to be ME! :o |
||||
|
Title: Re: Chatroom Impersonations Post by leo on Aug 22nd, 2011, 4:51am Hi guys ^_^ A patch was applied yesterday to fix the problem. If the chat window looks blank, please hit refresh to bypass your cache. The thing was actually not a bug or exploit, but a case of work-not-finished which I'm pretty ashamed of :-/ Initially, years ago, user identity was intentionally kept unchecked during the testing phase because I was planning to somehow link the chatroom to the gameroom, but we ran into more urgent problems such as making the chat work for every browser. Remember, we merrily trusted each other back then ;) Anyway, thank you Migi for finding the thing. You're more than welcome to do more fiddling with firebug so as to make sure everything's secure :) About the ugly color palette: Initially I was hoping we'd develop a nice handy color picker but the stamina went low. But I could add a little edit box to enter color hex codes; would it be useful? Ha, and while I was at it, I fixed the auto-logout bug, which wasn't visible before because most browsers didn't call the window.onunload event. If you have any suggestions for future versions of the chatroom, please use that (slightly old) thread: http://arimaa.com/arimaa/forum/cgi/YaBB.cgi?board=siteIssues;action=display;num=1277584475 Thanks! |
||||
|
Title: Re: Chatroom Impersonations Post by Fritzlein on Aug 22nd, 2011, 7:21am Leo, thanks for coming up with a patch so quickly. Don't apologize! Your chat client is a wonderful addition to the Arimaa community; it has helped make our friendly fellowship even friendlier. Thank you! |
||||
|
Title: Re: Chatroom Impersonations Post by Migi on Aug 22nd, 2011, 11:19am on 08/22/11 at 04:51:10, leo wrote:
Actually it wasn't me who found it out. I was just trying to find a way to pick my own color, told people about it and then they started messing with it too. I think it was rabbits who first started changing his name (to Rabbits). But I'm really glad it's fixed now. It was fun for like 5 minutes, and then it became annoying. on 08/22/11 at 04:51:10, leo wrote:
The color palette isn't all that ugly (though there are 2 identical greens). It's just that it's a fairly limited choice, so a color picker would be nice. But you don't have to develop all your javascript tools from scratch, you know. Developing datepickers and colorpickers from scratch takes far too much time. Definitely if you want to make them cross-browser compatible. There are tons of existing, plug-and-play color pickers available, like this (http://www.eyecon.ro/colorpicker/), this (http://intelliance.fr/jquery/color_picker/) and this (http://jquery.webspirited.com/2010/12/jquery-color-picker/). |
||||
|
Title: Re: Chatroom Impersonations Post by Hippo on Aug 22nd, 2011, 11:32am Great, leo, let me join Fritzlein to thank you. :) |
||||
|
Title: Re: Chatroom Impersonations Post by leo on Aug 23rd, 2011, 12:27am @ Fritz & Hippo - I'm glad there was a quick fix available: Actually Omar had already added the authentication system at the opening of the chatroom window. I simply extended it to the chat manager. @ Migi - So, congrats to Rabbits too :) But your changing the palette colors was the smart breakthrough. The color picker components all work within the JQuery framework, but the chatroom was developed in "plain javascript" which means we can't use them. But there has been some discussion last year to rewrite the whole chatroom using one of those frameworks. Anybody up to start again in september? Meanwhile, I've found a way for board piece impersonation, and I win everytime by elimination: http://img18.imageshack.us/img18/3937/14632128.jpg ;D |
||||
|
Title: Re: Chatroom Impersonations Post by Migi on Aug 24th, 2011, 4:47pm on 08/23/11 at 00:27:15, leo wrote:
Actually, jquery is not so much a framework, more a library with a set of tools. Sure, there's a "jquery way" of doing things and a "plain javascript way", but you can mix the two perfectly fine. So there's no need to rewrite anything. I'm not trying to push you towards using jquery or anything, it's just the only javascript library I have experience with, and it's been generally quite a pleasant experience so far. on 08/23/11 at 00:27:15, leo wrote:
Haha, that's pretty funny. ;D |
||||
|
Title: Re: Chatroom Impersonations Post by Swynndla on Aug 30th, 2011, 6:17am When I try and connect to the chat using google-chrome on linux, it says: Checks: 1 Checks: 2 Checks: 3 ... and so on, but I'm not able to see anyone (even though there are many people in the chat room) and I'm not able to chat. When I use firefox (also on linux) it works with no problems. Hmmm - I wonder if this a problem with the chat or if it something I've done at my end. |
||||
|
Title: Re: Chatroom Impersonations Post by Nazgand on Aug 30th, 2011, 8:56am I think that's what happens when someone views the archived version. http://arimaa.com/arimaa/chat/arch.php |
||||
|
Title: Re: Chatroom Impersonations Post by leo on Aug 30th, 2011, 12:22pm @Swynndla - Most probably your Chrome is using the cached version of the chatroom prior to the patch, which means the old-way requests are rejected. Try hitting refresh to bypass the cache. @Migi - Thanks, I'll have a look at how to mix both. Next version of the chatroom will be much better if everybody works on it ;) |
||||
|
Title: Re: Chatroom Impersonations Post by Migi on Aug 30th, 2011, 3:16pm on 08/30/11 at 12:22:07, leo wrote:
If you want my help on something, just PM or email me and I'll gladly help out a bit. On a sidenote, it would be great if we could use JSON for all the server-to-client messages. For the gameroom and the game itself this seems to be the case already, but for the chatroom it looks like we use a sort of ad-hoc format right now. The reason I say this is that apparently other people are making arimaa clients too (like this one (http://arimaa.com/arimaa/forum/cgi/YaBB.cgi?board=talk;action=display;num=1314177362)) and they basically make a separate gameroom, which splits the community. JSON is easy to parse, and there are libraries for every language, so when people want to make a new Arimaa interface they could easily use the same server data so the community wouldn't be divided between the different interfaces. |
||||
|
Title: Re: Chatroom Impersonations Post by leo on Dec 12th, 2011, 2:55pm 4 months later... Oops, I somehow managed to totally not see your post, Migi. Sorry about that. I'm going to start a little thread about minor changes to the chatroom for options that have been discussed on the chatroom itself, mainly a command for kicking players who forget to log out before playing an official game. We can discuss the question of data encoding on that same thread. See you there ;) |
||||
|
Arimaa Forum » Powered by YaBB 1 Gold - SP 1.3.1! YaBB © 2000-2003. All Rights Reserved. |