Vanilla Core r71480 is released!
A few words about this release:
This release brings a lot of unifying and more security options. I'm sorry that the development wasn't as fast as I wanted it to be. RL and stuff. And with that little time it's hard to test and as you may know I've had no options to debug or even test the code I was writing. But this is now gone since I have a working compile station. Also I have great news for those who really want to work with Windows. I'm working on a windows-working port for the source. Of course this won't be another branch or something. It'll be part of the main source. But please, don't expect it to be done ASAP since I have other things in my mind which I consider more important.
As you may have noted most changes are about security. I want server-owners to have the option to add as much security as possible. It was the main goal in the earlierst revisions and will still be. This time we'll have a few things thanks to contributors from all over the world. I tried to mention them when it's fitting, if I missed someone, please immediately send me a pm and I'll add it! This release should help to reduce the problems that could occur when leaking databases and other stuff. I hope you enjoy it!
Oh, and additionally I returned to include the qc-program into my bundled pre-built package. This way people without compiling vanilla core from source are able to use it at it's full extent.
Note that this release still uses boost. Next release will drop boost entirely and declares it's implementation as deprecated. We don't need a library if everything we need is already supplied by newer c++ revisions.
CHANGES from 70220 -> 71480
* fixed a bug with cancelling servertimers (thanks to Socialized and Yiv)
* fixed crashes due to wrong Compiler flags under release mode (thanks to Damn)
* cleaned a few code lines and rewrote some stuff
+ added unifying stuff to the core
Unify-mode is a new mode which forces the encoding to be utf8. Note that this does NOT break backwards-compatibility and your locale is still set to the region you chose to have. So if you're running on locale/euckr (example) before, the core will still fetch it's files from that place like it did before. It only changes how the server core processes data internally and sends it to client/db. The advantages of utf-8 can be looked up, it'd be obvious. But since it affects the core in one way or another, I moved it to a CONFIG flag.
~Database changes (optional for you)~
+ If you want to use utf-8 mode it's recommended to convert your whole database to utf-8 (you can use the utf_general_ci collate)
+ If you want to use the /su command with a customized passphrase per player you'll have to add a new column called 'passphrase' as varchar(45) and add the passphrase of the user as a mysql-Password (just like you'd add a Password to an account).
+ elevation_enable (bool, default false)
Enables the elevation mode. This way you have to use the /su command along with the passphrase in order to get superuser access. The session ends with teleporting or relogging. Note that using the master-passphrase is only allowed in testserver unless elevation_use_key (see below) is enabled.
+ elevation_key (string, default 'vanilla')
Sets the default passphrase if you want to use it. It's like a master-password for the su-system and works only
+ elevation_use_key (bool, default false)
If enabled, it allows you to use the masterkey even without testserver being enabled.
+ interrupt_interval (int, max 32767)
sets the time how long the player must wait until he can execute another command. This way you can prevent command spamming since all players/gms have to wait until the timer is over. Note that this does not count for admins, so GM_IMPLEMENTOR will not be affected by this!
+ pepper_key (string, default "peppertest12345")
If you set this to anything else than "peppertest12345" it'll automaticall enable the pepper system. This way all passwords will be hashed with an additional phrase appended. This further enhances security. Note that all passwords should be encoded with the new pepper phrase. It works just like this: Instead of calling PASSWORD(userpass) it appends the pepper-phrase which results in this: PASSWORD(userpass + pepper_phrase). So be careful if you change this since your database must have valid entries, otherwise users will fail to log in.
+ MYSQL_PASSWORD_FUNCTION (string, default 'PASSWORD')
this variable sets the name of the password-function that will be called when dealing with passwords. You can further enhance security this way if you define your own function to your database. You can for example first encode the passwords and then hash it. Note that if you change this value, your database must have a proper function that returns the encoded/hashed/whatever password out from plain text. If the function doesn't exist or your passwords aren't adapted to work with your custom function, login will fail!
+ unify_enable (bool, default false)
Enables the unify-mode. This way the server forces utf-8 as it's encoding standard. Note: If you enable this, you'd change your database etc. to use utf-8 too!
+ su passphrase(string)
Tries to elevate the player and grants him the permissions stored in gmlist after successfully elevating. Minimum rank: GM_PLAYER
+ promote user(string) gm_level(string, optional)
First the command elevates the player. So if no gm_level is given, the player will receive the permissions he'd have if he elevates normally. If a gm_level is given (just type it like it's labeled, so if you want to give him high-wizard, type GM_HIGH_WIZARD) it'll overwrite the gm level for the current session (relog/teleport will remove it).
Download (prebuilt): r71480
Download (source): r71480_source
pass (for both): vanilla