PenUltima Online

POL and PHP-Nuke scripts to add a secure Shard Status page to your Nuke website. Be sure to read instructions for install. Uses AUX SVC connections instead of webserver of POL for security.

Hey there, I have two questions about this, which I bring up just assuming that if I have these questions, maybe someone else does, too!

First; is it just me, or is that .rar missing the include file(s) with the functions that do the packing/unpacking? I know that part is simple to do, but someone looking for a 'turnkey' solution (which is the point to using PHPNuke in the first place, yes?) might not know how to recreate them.

Next, it seems your web server is sending the .rar file marked as a MIME type that at least my browser is thinking it just displays as text, requiring right-clicking and 'save link as' on Firefox. So just a heads-up for you, and anyone downloading it. (also depending on one's browser, you may need to rename the file while saving - the file IS a .rar file)


Errr... also, this is a minor point, to which I think I know the answer(s), but I want to make sure I'm not missing something: You say this method is more 'secure'. I assume you mean it's more secure than simply having people load up an .ecl from the WWW directory directly.

First, let me assure you that in no way do I disagree with that, assuming that's what you mean. I do a very similar thing on my shard with all web pages that get info from the game; My web server connects to an AUX or WWW script on POL (the AUX and WWW ports are firewalled, allowing only the web server access) and caches the results in a database and in application memory, much like your PHP system caches the results in a file.

'Security' is gained in your case by not allowing people direct access to repeatedly load a web page from the game server. Just to be clear, though; This assumes that the person using your system also makes sure there is no public access to an online.ecl script. (or any other public access to WWW scripts that could cause significant processing) I know that it might seem to be almost an insult to the intelligence of some people, to say that... but sometimes you need to spell things out

Also, your system takes into account that the person might not have firewall/packet filtering available (although Linux and Windows 2k/XP/2k3 all come with packet filtering as part of the OS), and so requires a password from the AUX script; so even if someone port scans the game server and finds the open port and connects... without the proper password, the script will simply send them a tiny bit of junk and disconnect.



Finally, I'm actually having a bit of an issue with an AUX script system myself, but that's a different thing for a different time and place, so I'll save that for then!

Aye, beyond the password, and firewalls, etc, is why this is stated as more secure. Also by caching, it saves bw from the game server, access time, etc.

I'll put up a download with the include (is in another pkg on my site) for the cfg file handling and such for PHP.

And, let's not forget.... none of us devs are exactly "Apache webserver developers". So pol's webserver isn't exactly fort knox if you know what i mean

So, does that mean no possibility of SSL implementations?