This article is currently only a proposal
The features or design guidelines described in this article are only a proposal made by one or some persons. It has not been evaluated or accepted by the core development team yet. Feel free to add your personal opinion about them or make counter proposals.
People who approve this proposal | People who oppose this proposal |
---|---|
|
Synopsis
This proposal documents a method for external applications to perform tmwserv related operations and data calls.
After a lengthy review of the web interface code located at the old svn repository I've came to the conclusion that while indeed a meritorious task with lots of potential, I am unhappy with the current implementation as it has a few several severe limitations. One of major limitation is connecting directly to the database located on tmwserv.
- Uncovered sql injections in the web interface could render the entire database completely vulnerable to malicious exploitation.
- The web server will either have to be hosted local to tmwserv or connect directly via an open port to the database server (unlikely in the event of using sqlite)
- The web interface will need to support multiple types of databases (mysql, postgresql, sqlite)
- Web interface specific data will eventually clog tmwserv database, unless it uses a separate database.
Advantages and disadvantages to using XML-RPC
Advantages | Disadvantages |
---|---|
|
|
Proposed RPC Methods
Method | Description | Input Parameters | Output Parameters |
---|---|---|---|
account.authenticate | Provide a mechanism to authenticate a user. Returns true if successful. |
|
|
account.character.list | Provides a list of characters associated with an account |
|
|
account.character.owner | Returns the username of the account owning the character |
|
|
account.character.stats | Returns an array of stats for the specified character |
|
|
account.character.level | Returns the character's level |
|
|
account.character.gc | Returns the character's gold coins |
|
|
account.character.gender | Returns the character's gender |
|
|
account.character.skilllevel | Returns the characters basic skill level |
|
|
server.statistics.online | Returns the amount of players online |
|
|
server.statistics.maxonline | Returns the max amount of players that was online. |
|
|
Other uses
Account creation can be performed both on the website, or via the client, with data being passed via XML RPC. One particularly useful area is the email confirmation links, for example, if the player registers an account via the client, then the server generates a confirmation hash, stores it in the database and sends an email with a url+confirmation hash pointing to the website. The website then takes the hash and passes that via XML-RPC. The server then validates the hash, if correct activates the account and returns true, else returns false.
Method | Description | Input Parameters | Output Parameters |
---|---|---|---|
account.activate | Activates the account based on confirmation hash, Returns true if successful. |
|
|
Implementaton
I will leave this details for the developers.