Ephinea PSO Homepage

Sodaboy

Administrator
Staff member
If you haven't already, please visit the very basic Ephinea PSO Homepage at http://ephinea.pioneer2.net/

A couple of people had asked me to host a sort of generic PSO Blue Burst server, so I threw it up. Whether you play on it or not is up to you, I'll leave it running for those who do want to play. :)

Rules are basically no cheating (you can cheat to your heart's content on the development server, Algol) and to be respectful to other people, that's basically it.

Looking for any GMs who would also like to help administer the game server and some forum moderators!

You can read more on the FAQ page: http://ephinea.pioneer2.net/faq.php

If you encounter a problem user, you can PM me about them. (For now, until a GM group is created on the forum when there is more than one GM.)

Later, gators.
 

Sodaboy

Administrator
Staff member
Oh, I could do that, I already know how, I just haven't written it yet.

Basically, what I was going to do, is just generate a token in the MySQL database for the Guildcard # then send a link to their e-mail with the PHP page and token attached as a URL parameter. Then they can reset their password, one time, from there.

If you'd like to write that for me, by all means, please do. ;)
 

Chuk

Member
Sodaboy said:
Oh, I could do that, I already know how, I just haven't written it yet.

Basically, what I was going to do, is just generate a token in the MySQL database for the Guildcard # then send a link to their e-mail with the PHP page and token attached as a URL parameter. Then they can reset their password, one time, from there.

If you'd like to write that for me, by all means, please do. ;)

That was also how I was going to get around it, it's how I've done the account activation on the ultima registration. Are you going to release the webserver code publically?
 

Sodaboy

Administrator
Staff member
Yeah, I planned to sign it with a CRC or some other method I will devise. I'll probably also log all downloads in the database too. (Date, time, guild card #, character name, the signature of the data when it left the server)

Though, I don't really need to, because I don't think I'll be restoring anyone's character that way. The server has plenty of point in time backups, and I can easily restore the server's data to a different database or even just take a dump of it, take the character out, and import it into the current server. I don't need any user interaction.

The download data is just for a user's peace of mind for the paranoia they have of the server shutting down forever or the whole server getting corrupted without any means of restoration. They can hold onto a piece of them that can be brought to another server. But yeah, I'll still sign it either way.
 
This password recovery feature can be shared ?.
I created my account on Ephinea seriei a player Active hahahahha.
whenever it is not in the Brazilian server. fasso support friends and newly arrived in psobb.
(I hope to be useful to the community, even not knowing how to speak very well English)
but I can count on my support because I am in love with PSOBB
 

Sodaboy

Administrator
Staff member
Awesome. Welcome!

Downloading of your character data is now available for the paranoid. ;) We won't restore data given back to us by a user unless all of the server's backups are toast. (Which will never happen.) This is just provided for peace of mind.
 

Sodaboy

Administrator
Staff member
Haha, no. Welcome, bro! Nice to see you here, even though I know you won't be around that much, still always a welcome presence. :)
 

Chuk

Member
Sodaboy said:
OK! Passwords can now be reset from the home page. :)

So you went with the manual token, I was going to warn you that with the url there is a possibility someone else can change your password if they get a hold of your password change url (by looking at your history for example). The fix for this is to make the token only valid for a short amount of time. :p
 

Sodaboy

Administrator
Staff member
I thought of this when I wrote it, that's why you don't see the token right away and it's e-mailed to you.

If you visited the page from the link in your e-mail, which contains the token, and reset your password, even if someone goes into your URL history and clicks the same link, it won't work. (Unless you didn't go completely through your password reset procedure.)

The token is only valid for one use only and is deleted from the database once used.
 
Top