This wiki is archived and useful information is being migrated to the main bzflag.org website

Global Registration

From BZFlagWiki
Revision as of 03:16, 1 January 2017 by Zehra (Talk | contribs) (Third party sites: link improvement)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview[edit]

Global Registration is the link between the BZFlag Forums and the BZFlag List Server. This link allows players to use their forum users names as call signs in game, and receive a number of in game services tied to that account, such as;

  • exclusive use of the name on most servers
  • the ability to remove or "ghost" unregistered users attempting to use your existing name.
  • access to public groups that many servers use to grant in game permissions.

Registration and Account Management[edit]

Currently registration and account management is handled by the BZFlag Forums, but may be split off to a separate system at a later date. Users wishing to create a global account should visit the forums and create a new account. Each user account will require a unique e-mail address.

Activation[edit]

After registration is complete, the user will receive a verification e-mail to ensure that all contact information is correct. The user must follow the instruction in the e-mail before the account will be made active and can be used.

Username and Password Changes[edit]

The user can use the "profile" page on the fourms to modify any of the information about the account, including username and password. It his highly recomended that users keep their passwords secure.

Password Retrieval[edit]

In the unfortunate event that a user forgets their password, they can use the "forgot password" link on the fourm login page to have the system e-mail them a new password.

Security[edit]

Passwords are encrypted and stored only in the registration system's database, they are never sent out to game servers, or any other player. The list server uses a temporary token system when communicating with game servers to protect the user's private information.

Weak passwords based on simple numeric strings (1234) or dictionary words (dog, god, mom ) are easily guessable and are not recommended. Users are responsible for keeping their own passwords secure.

NOTE:

By default, BZFlag saves your game settings when you exit the program. If you entered your password in the "Join Game" menu, it will be saved in plain text in the configuration file along with other settings. If you share this configuration file with anyone (for debugging, etc) they will have your password!

In Game services[edit]

Usage[edit]

To use your global account in game, a user must enter their forum username as the callsign, and enter their forum password into the appropriate fields in the "Join Game" menu in the game client.

Callsign Markers[edit]

In-game, when a registered callsign has been authenticated, the callsign is prefixed with a '+' symbol as displayed on the user's screen.

If a registered callsign is used, but failed authentication for any reason, it is displayed with a '-' symbol prefixed.

The callsign of the game server's administrator ( with kick, ban and other powers ) is prefixed with a '@' symbol when they are logged into the game.


Examples:

 tankdriver1 : a player with an unregistered callsign
+tankdriver2 : a player with a registered callsign that has been authenticated
-tankdriver3 : a player with a registered callsign that has not been authenticated
@tankdriver4 : a player who has administrative rights on the game server

Third party sites[edit]

BZFlag provides a service to allow third party sites to use bzflag login info to authenticate users. This can be very useful and allows many sites the ability to do lots of cool things. When using one of these sites, it must send you first to the bzflag.org site to login. This prevents the website from being able to capture your password. A third party site should never ask a user for a global password directly. When entering in login information, users can check the address bar of the page they are using and check to see that it is my.bzflag.org. No other addresses will keep passwords secure. In order to allow users to authenticate on your website using the official BZFlag service, you can utilize the checkToken.php script.

See also[edit]