This wiki is archived and useful information is being migrated to the main bzflag.org website

Difference between revisions of "Global Registration"

From BZFlagWiki
Jump to: navigation, search
(Third party sites: link improvement)
 
(18 intermediate revisions by 6 users not shown)
Line 1: Line 1:
=Overview=
+
==Overview==
  
Global Registration is the link between the [[BZFlag Forums]] and the game. If you are registered at the forums, you are registered on the game (although you only have one registration - the forums). The game uses the forums to authenticate you as a registered user.
+
Global Registration is the link between the [[BZFlag Forums]] and the BZFlag [[List Server]]. This link allows players to use their forum users names as call signs in game, and receive a number of in game services tied to that account, such as;
  
= Frequently asked questions =
+
* exclusive use of the name on most servers
== How do I create a name or callsign? ==
+
* the ability to remove or "ghost" unregistered users attempting to use your existing name.
 +
* access to public groups that many servers use to grant in game permissions.
  
Go to the board at http://my.BZFlag.org/bb/, click on the tab at the upper left side of the page which says “Register,” and follow the instructions. More information on user names is available in the [http://my.bzflag.org/bb/viewtopic.php?t=2382 Usernames] thread.
+
==Registration and Account Management==
 +
Currently registration and account management is handled by the [[BZFlag Forums]], but may be split off to a separate system at a later date. Users wishing to create a global account should visit the forums and create a new account. Each user account will require a unique e-mail address.
  
== Do I have to create a name or callsign here? ==
+
=== Activation ===
 +
After registration is complete, the user will receive a verification e-mail to ensure that all contact information is correct. The user must follow the instruction in the e-mail before the account will be made active and can be used.
  
No, you do not.  Most game servers still allow local registration, and unregistered users.  We recommend that you register your name here, though.  You can read the board content, but you cannot post content without board registration. Also, registration here protects your callsign from being used by someone else on those game servers utilizing the list server.
+
===Username and Password Changes===
 +
The user can use the "profile" page on the fourms to modify any of the information about the account, including username and password. It his highly recomended that users keep their passwords secure.  
  
== How is my password stored? ==
+
===Password Retrieval===
 +
In the unfortunate event that a user forgets their password, they can use the "forgot password" link on the fourm login page to have the system e-mail them a new password.
  
Your password is encrypted by the board server with an MD5 hash and stored in the board name database. The MD5 hash is a one-way encryption.  In other words, there is no way to decrypt the encrypted password.  For example, the password “joey” encrypts to the MD5 hash “<code>d6ba0682d75eb986237fb6b594f8a31f</code>.
+
==Security==
 +
Passwords are encrypted and stored only in the registration system's database, they are never sent out to game servers, or any other player. The list server uses a temporary token system when communicating with game servers to protect the user's private information.
  
The only way to break your password is to use a computer to generate words, run the same MD5 encryption on them, and compare the results, until it finds a match. This requires a tremendous amount of computing power.  Generally, the longer your password is, and the more unusual symbols you place in it, the more secure it is, too.  Most passwords are compromised or broken because players use a simple word, one that a friend knows, such as a pet’s name.  Many people have been unpleasantly surprised by this.  Some users make their password the same as their call sign...this is really easy to guess, so don't do it!
+
Weak passwords based on simple numeric strings (1234) or dictionary words (dog, god, mom ) are easily guessable and are not recommended. Users are responsible for keeping their own passwords secure.
  
== How secure is my call sign and password? ==
+
'''NOTE:'''
  
Your password is encrypted in the board server database.  However, when you use a Web browser to enter the board, your password is transmitted in clear text to the forum server.  The server encrypts it and compares it to what it has stored in its database. You may want to read more about [http://www.rsasecurity.com/rsalabs/node.asp?id=2253 MD5]. The board server utilizes phpbb, an open source forum system.
+
By default, BZFlag saves your game settings when you exit the program. If you entered your password in the "Join Game" menu, it will be saved in plain text in the configuration file along with other settings. If you share this configuration file with anyone (for debugging, etc) they will have your password!
  
Your password is not sent to the game server where you will be playing, unless you are using a locally registered ID on that server.
+
==In Game services==
  
== What if I forget my password? ==
+
===Usage===
 +
To use your global account in game, a user must enter their forum username as the callsign, and enter their forum password into the appropriate fields in the "Join Game" menu in the game client.
  
BZBB has a "Forgot My Password" feature. Use it, and it will e-mail you your current password. If that doesn't work for you for some reason, you can use the [http://my.bzflag.org/bb/viewforum.php?f=67 Registration Issues] forum and post for help (guest posts are allowed).
+
===Callsign Markers===
 +
In-game, when a registered callsign has been authenticated, the callsign is prefixed with a '+' symbol as displayed on the user's screen.  
  
== What if someone else has changed my password? ==
+
If a registered callsign is used, but failed authentication for any reason, it is displayed with a '-' symbol prefixed.
  
That should be difficult to do.  Under normal circumstances, passwords can only be changed by someone who knows your password.  If you haven’t shared it, it shouldn’t have been changed.  If this has happened, it’s a far more serious circumstance than just forgetting your password.  You should make a post in the [http://my.bzflag.org/bb/viewforum.php?f=67 Registration Issues] forum, or PM one of the board admins.
+
The callsign of the game server's administrator ( with kick, ban and other powers ) is prefixed with a '@' symbol when they are logged into the game.  
  
== How many IDs can I have? ==
 
  
As many as you have email addresses.  Each email address you have created in the forum can only have one associated callsign.  Therefore, you must have a separate email address for each callsign you have registered in the system.
+
Examples:
  
[There is an official forum note that multiple accounts are frowned upon here: http://my.bzflag.org/bb/viewtopic.php?t=890, item 13, which should be addressed above and in the Board Rules thread, depending on whether or not this is going to be encouraged or enforced. This question has already been raised by some users, and JeffM has been responding that it’s possible to do it with multiple email addresses, though it appears that he also wrote the Board guidelines above. Just need a decision about that conflict and the text smoothed out appropriately. -john]
+
  tankdriver1 : a player with an unregistered callsign
 +
  +tankdriver2 : a player with a registered callsign that has been authenticated
 +
-tankdriver3 : a player with a registered callsign that has ''not'' been authenticated
 +
  @tankdriver4 : a player who has administrative rights on the game server
  
== When I join a game, I see -, +, and @ in front of player callsigns. What do these mean? ==
+
==Third party sites==
 +
BZFlag provides a service to allow third party sites to use bzflag login info to authenticate users. This can be very useful and allows many sites the ability to do lots of cool things. When using one of these sites, it must send you first to the bzflag.org site to login. This prevents the website from being able to capture your password. A third party site should never ask a user for a global password directly. When entering in login information, users can check the address bar of the page they are using and check to see that it is my.bzflag.org. No other addresses will keep passwords secure.
 +
In order to allow users to authenticate on your website using the official BZFlag service, you can utilize the [https://github.com/BZFlag-Dev/bzflag/blob/2.4/misc/checkToken.php checkToken.php] script.
  
The game status screen shows the different levels of player registration.  Players without a symbol are using unregistered callsigns.
+
==See also==
 +
* [[List Server Usage Policy]]
 +
* [[List Server]]
 +
* [[BZFS]]
  
* The – (dash or minus sign) indicates a player using a registered callsign that has not yet identified him or herself with a valid password.  Most servers require that registered players identify with a password, or with a global login through the list server, in order to play.
+
[[Category:Public Services]]
* The + (plus sign) indicates a player that is registered and identified, either locally or through the list server.
+
* The @ (at sign) identifies players with some level of administrator authority on the game server.
+
 
+
== How do I use my account once I've created one? ==
+
 
+
When you start the client, you are presented with the main menu.  When you select Join Game, you are taken to the Join sub-menu.  You have a number of options at this point.  The third selection on this screen is where you enter your callsign.  The fourth selection is where you enter your password.  When you attempt to connect to a game, your client software will automatically attempt to authenticate you on the list server.
+
 
+
== Why does it say “Identify yourself” when I join a server? ==
+
 
+
This is telling you that your callsign wasn’t properly identified.  Perhaps the game server got a bad token from the list server, or your callsign is also registered locally on this game server.  The actual message in this case is slightly longer.  It should read:
+
 
+
<code>This callsign is registered.  You must identify yourself before playing.<br>
+
Identify with /identify <your password></code>
+
 
+
If you used this server previously and registered on it, you should be able to use the /identify command to join with the local password you had registered on this server.
+
 
+
If you didn’t register on this server previously, you may have just mistyped your password in the Join Game menu.  Go back, retype it, and rejoin the game.
+
 
+
There is also the possibility that someone else registered the callsign you are trying to use.  If that’s the case, you need to contact the game server admin.  Most game servers have contact information that displays as soon as you join the server.  Some also have entries in the board forum “Servers: General Discussion.”
+

Latest revision as of 03:16, 1 January 2017

Overview[edit]

Global Registration is the link between the BZFlag Forums and the BZFlag List Server. This link allows players to use their forum users names as call signs in game, and receive a number of in game services tied to that account, such as;

  • exclusive use of the name on most servers
  • the ability to remove or "ghost" unregistered users attempting to use your existing name.
  • access to public groups that many servers use to grant in game permissions.

Registration and Account Management[edit]

Currently registration and account management is handled by the BZFlag Forums, but may be split off to a separate system at a later date. Users wishing to create a global account should visit the forums and create a new account. Each user account will require a unique e-mail address.

Activation[edit]

After registration is complete, the user will receive a verification e-mail to ensure that all contact information is correct. The user must follow the instruction in the e-mail before the account will be made active and can be used.

Username and Password Changes[edit]

The user can use the "profile" page on the fourms to modify any of the information about the account, including username and password. It his highly recomended that users keep their passwords secure.

Password Retrieval[edit]

In the unfortunate event that a user forgets their password, they can use the "forgot password" link on the fourm login page to have the system e-mail them a new password.

Security[edit]

Passwords are encrypted and stored only in the registration system's database, they are never sent out to game servers, or any other player. The list server uses a temporary token system when communicating with game servers to protect the user's private information.

Weak passwords based on simple numeric strings (1234) or dictionary words (dog, god, mom ) are easily guessable and are not recommended. Users are responsible for keeping their own passwords secure.

NOTE:

By default, BZFlag saves your game settings when you exit the program. If you entered your password in the "Join Game" menu, it will be saved in plain text in the configuration file along with other settings. If you share this configuration file with anyone (for debugging, etc) they will have your password!

In Game services[edit]

Usage[edit]

To use your global account in game, a user must enter their forum username as the callsign, and enter their forum password into the appropriate fields in the "Join Game" menu in the game client.

Callsign Markers[edit]

In-game, when a registered callsign has been authenticated, the callsign is prefixed with a '+' symbol as displayed on the user's screen.

If a registered callsign is used, but failed authentication for any reason, it is displayed with a '-' symbol prefixed.

The callsign of the game server's administrator ( with kick, ban and other powers ) is prefixed with a '@' symbol when they are logged into the game.


Examples:

 tankdriver1 : a player with an unregistered callsign
+tankdriver2 : a player with a registered callsign that has been authenticated
-tankdriver3 : a player with a registered callsign that has not been authenticated
@tankdriver4 : a player who has administrative rights on the game server

Third party sites[edit]

BZFlag provides a service to allow third party sites to use bzflag login info to authenticate users. This can be very useful and allows many sites the ability to do lots of cool things. When using one of these sites, it must send you first to the bzflag.org site to login. This prevents the website from being able to capture your password. A third party site should never ask a user for a global password directly. When entering in login information, users can check the address bar of the page they are using and check to see that it is my.bzflag.org. No other addresses will keep passwords secure. In order to allow users to authenticate on your website using the official BZFlag service, you can utilize the checkToken.php script.

See also[edit]