DeletedUser159
Guest
This is not a browser related issue at all but there is no other forum
When trying to login to the game, with a wrong username/password connection there is an according error message. However when I try to login with a username like **** (the account doesn't exist, I don't have a beta key^^), there is no error message but the WebSocket response from from the socket.io backend is
which suggests that the backend treats the * symbol as a wildcard. That could lead to problems with those usernames containing an asterisk and also is either a misconfiguation (wildcard enabled for login seams not reasonable) or a security flaw (wildcard not escaped; other symbols seem to be escaped: http://puu.sh/9IkLF/fa25301fba.jpg, that looks crappy btw with the textbox value overflowing the textbox)
When trying to login to the game, with a wrong username/password connection there is an according error message. However when I try to login with a username like **** (the account doesn't exist, I don't have a beta key^^), there is no error message but the WebSocket response from from the socket.io backend is
Code:
5:::{"name":"msg","args":[{"id":2,"type":"Exception/ApiErrorException","headers":{"traveltimes":[["node_deliver",1403633860957]]},"data":{"message":"Position of wildcard in value for nickname '%%%%%%%%' must be at least at position 4","trace":"#0 /www/twx/backend/vendor/portal/portal-api-library-php/src/Ig/Portal/PortalApiLibrary/Service/PlayersServiceImpl.php(72): Ig\\Portal\\PortalApiLibrary\\Client\\ApiClientImpl->request('GET', '/games/340/play...', Array)\n#1 /www/twx/backend/vendor/portal/portal-api-library-php/src/Ig/Portal/PortalApiLibrary/Service/PlayersServiceImpl.php(167): Ig\\Portal\\PortalApiLibrary\\Service\\PlayersServiceImpl->getByField('nicknames', Array, true, 0, 1)\n#2 /www/twx/backend/source/Ig/Twx/Game/System/Authentication/Player/PlayerLogic.php(88): Ig\\Portal\\PortalApiLibrary\\Service\\PlayersServiceImpl->getByNicknames(Array, true, 0, 1)\n#3 /www/twx/backend/source/Ig/Twx/Game/System/Authentication/Player/PlayerLogic.php(120): Ig\\Twx\\Game\\System\\Authentication\\Player\\PlayerLogic->loadPlayerByName('****')\n#4 /www/twx/backend/source/Ig/Twx/Game/System/Authentication/AuthenticationController.php(183): Ig\\Twx\\Game\\System\\Authentication\\Player\\PlayerLogic->authenticate('****', '1234', Object(Ig\\Twx\\System\\Util\\IpAddress\\Ipv4Address), 'desktop', 'Mozilla/5.0 (Wi...', '', false)\n#5 [internal function]: Ig\\Twx\\Game\\System\\Authentication\\AuthenticationController->login(Object(Ig\\Twx\\System\\Messaging\\Message))\n#6 /www/twx/backend/source/Ig/Twx/System/Routing/Dispatcher.php(62): call_user_func(Array, Object(Ig\\Twx\\System\\Messaging\\Message))\n#7 /www/twx/backend/source/Ig/Twx/System/Worker.php(165): Ig\\Twx\\System\\Routing\\Dispatcher->route(Object(Ig\\Twx\\System\\Messaging\\Message))\n#8 /www/twx/backend/source/Ig/Twx/System/Worker.php(99): Ig\\Twx\\System\\Worker->work()\n#9 /www/twx/backend/source/Ig/Twx/System/Worker.php(89): Ig\\Twx\\System\\Worker->spawnChild()\n#10 /www/twx/backend/scripts/worker.php(12): Ig\\Twx\\System\\Worker->run()\n#11 {main}"}}]}
which suggests that the backend treats the * symbol as a wildcard. That could lead to problems with those usernames containing an asterisk and also is either a misconfiguation (wildcard enabled for login seams not reasonable) or a security flaw (wildcard not escaped; other symbols seem to be escaped: http://puu.sh/9IkLF/fa25301fba.jpg, that looks crappy btw with the textbox value overflowing the textbox)