Monk Posted March 2, 2009 Share Posted March 2, 2009 I decided that I hate the FTP server that is built into it. I have my reasons, but Here's the SQL code for the server to allow for dirs, UID and stuff. I'm using pure-ftpd in production without any issues. Enjoy! MYSQLGetPW SELECT MD5_Password as Password FROM tc_users WHERE User_ID="\L" AND status="1" # Hackity Hack Hack! Better way to do this, but it works. # Allows for multiple services to show up when a user logins MYSQLGetDir SELECT "c:\servers/\L/GameServers" AS Dir FROM tc_services WHERE USER_ID="\L" AND SERVER_IP="\I" Link to comment Share on other sites More sharing options...
Dan M Posted March 2, 2009 Share Posted March 2, 2009 Thank you Monk, I'm sure this will come in handy for the future Link to comment Share on other sites More sharing options...
maddanny Posted March 2, 2009 Share Posted March 2, 2009 I hope you didnt forgot to deny executable files uploading Link to comment Share on other sites More sharing options...
jcroom Posted March 2, 2009 Share Posted March 2, 2009 Great work Monk! I hope you didnt forgot to deny executable files uploading This isnt the actual FTP server, this is just going to get you the password and game directory so that you can integrate it with your own FTP server Link to comment Share on other sites More sharing options...
ECF Posted March 2, 2009 Share Posted March 2, 2009 Be careful with this code. You need to make sure that you have locked down the FTP server so users cannot access certain files etc... I know Monk will be security wise with it, but others users should not simply use it to connect to pure-ftpd. Link to comment Share on other sites More sharing options...
Monk Posted March 2, 2009 Author Share Posted March 2, 2009 I have Chroot enabled, and antiwarez enabled. The server runs with privsep, and it doesn't allow chmod. The server runs as a user (tcadmin) and it's completely secure. I'm working on getting TLS enabled with this, which will be totally secure in upload config files with passwords in them. Link to comment Share on other sites More sharing options...
maddanny Posted March 2, 2009 Share Posted March 2, 2009 If you allow .exe or any executable file uploading, it's not secure. And your idea has just a bad thing: each server is shown as its ID, not as IP:port, if a customer has more than one server, he might not be very happy Link to comment Share on other sites More sharing options...
Monk Posted March 2, 2009 Author Share Posted March 2, 2009 The ID isn't a big deal, I can script it to get created when a server is created. I am currently working on denying certain types of uploads, aka obeying what tcadmin deny's. Link to comment Share on other sites More sharing options...
ECF Posted March 2, 2009 Share Posted March 2, 2009 Just for curiousity sake Gary. What did you not like about the built in FTP? Link to comment Share on other sites More sharing options...
Monk Posted March 2, 2009 Author Share Posted March 2, 2009 On my other.. setup, ECF, it corrupts uploads for maps. Not really an issue that your fault, just my environment. Plus I thought it would be fun to do Another thing is, I can centralize logging to see if people try and upload zip files with warez in them (it's happended before) Link to comment Share on other sites More sharing options...
ECF Posted March 2, 2009 Share Posted March 2, 2009 Freaking people try everything nowadays.... Link to comment Share on other sites More sharing options...
jcroom Posted March 2, 2009 Share Posted March 2, 2009 Yep, just when I thought I have seen it all someone usually does something to top it. Link to comment Share on other sites More sharing options...
Monk Posted March 3, 2009 Author Share Posted March 3, 2009 This isn't bad, I think it's nifty, considering. Link to comment Share on other sites More sharing options...
ECF Posted March 3, 2009 Share Posted March 3, 2009 I meant the warez uploads Gary. Not the FTP. Link to comment Share on other sites More sharing options...
compiledI Posted April 6, 2009 Share Posted April 6, 2009 Ave, http://shysave.com/?said=t192 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.