Jump to content

The Impossible ?

Sumomo Cheri

By Sumomo Cheri,
in LSL Scripting

 Share
You are about to reply to a thread that has been inactive for 3380 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Sumomo Cheri

Sumomo Cheri

Posted
Posted

As a Former Biker in the SL MC community. There is always a issue with Bikers that leave or quit their MC and do not Delete their MC gear that they are no longer in. there are no ways to prevent this that the public knows about and which is why i set out this Thread a almost impossible task  can it be done ?

 

#1 First idea is a script that will only listen to the ID Key its given , Command would have understand who it is looking at and go after the item that person is wearing no one elses in the room. it will have to remove its self from said persons inventory and  llDie(); and detach from persons body thus gitting rid of the item from ever being used wrongly from that person .

this idea was seen in this script but does not work as it says or at least no one i know can figur out how to make it work for the MC community.

 

 

If a Working Script exist please point me in their direction this would be a big help for MC Members to know that if a member quits or leaves their MC that they items they aquired in the time they were a member cant be used against the MC and will Stop  CUT Collecters that join MC Get a Vest and leave only to hang their Vest on a wall of Vest like Trophies .

Link to comment
Share on other sites
Rolig Loon

Rolig Loon

Posted
Posted

It's not impossible, but it will be very difficult.  Your club's membership will change all the time.  If you want to verify that someone who wears the club gear is a member of the club, you will need some way to make the gear send a message to an on-line database when it is worn or rezzed.  That means writing scripts to create and update the database as well as scripts in the gear.  You will also need to have a way to prevent people from removing or disabling the scripts.  Unless you are very adept at writing scripts, you should probably post a description of your project in the InWorld Employment forum to attract a scripter who will do the custom job for you.

Link to comment
Share on other sites
Estelle Pienaar

Estelle Pienaar

Posted
Posted

Without testing it now, I would say that the script looks like it should work (there are some functions like llRemoveInventory) that I have never used, though).

 

I would just warn people in written that their inventory items will break when they break rules or leave. "Legalese" speaking you might be messing with other people's property and you don't want the Lab knocking at your door!

 

Link to comment
Share on other sites
Xiija

Xiija

Posted
Posted

Worn objects will have the avatar's current group, but they must be objects,

 as i don't think system clothes can have scripts.

the snippets below will head you in the right direction i hope :)

You can also do a check in the on_rez event to prevent them from rezzing it?

( this will mean that ALL  MC members will have to have the MC 's group title active to wear their items

but they may change groups after it is worn)

___________________________________________________

integer groupSame;

string MC_Group = "b7ad1b9e-a0b3-dd08-5f29-72807f2cfaf2"; // change the UUID to your MC's UUID

GroupCheck()
{
     list details = llGetObjectDetails(llGetKey(), ([OBJECT_GROUP]) );
     string myGroup = llList2String(details, 0);
     if( myGroup == MC_Group)
     { groupSame = TRUE;
     }
     else
     { groupSame = FALSE;      
     }
}

default

{

 attach(key id)
    {
        if (id)    
        {   llRequestPermissions(id, PERMISSION_ATTACH );
            
        }
        else
        { // detatched
        }
    }

  run_time_permissions(integer perm)
    {
        if(perm & PERMISSION_ATTACH)
        {   GroupCheck();
            if(groupSame)
            {  llOwnerSay("\nMC Group Verified !\nYou may now switch groups at will");
            }
            else
            { llOwnerSay("ERROR ! ! ! \n Wrong active Group,... Detatching ....
              \nPlease change to the MC group and re wear item");
              llDetachFromAvatar( );
            }
        }
    }

}

  • Like 1
Link to comment
Share on other sites
Sumomo Cheri

Sumomo Cheri

Posted
  • Author
Posted

ok this script works fine for the cut / vest ideas but need to make one like this that works but not for rez it still deletes rez items on the ELSE side of the end of the script.

integer groupSame;string MC_Group = "b4389e49-c800-69b4-166a-0a145d5d4bf0"; // change the UUID to your MC's UUIDGroupCheck(){     list details = llGetObjectDetails(llGetKey(), ([OBJECT_GROUP]) );     string myGroup = llList2String(details, 0);     if( myGroup == MC_Group)     { groupSame = TRUE;     }     else     { groupSame = FALSE;           }}default{ attach(key id)    {        if (id)            {   llRequestPermissions(id, PERMISSION_ATTACH );                    }        else        { // detatched        }    }  run_time_permissions(integer perm)    {        if(perm & PERMISSION_ATTACH)        {   GroupCheck();            if(groupSame)            {  llOwnerSay("\nMC Group Verified !\nYou may now switch groups at will");            }            else            { llOwnerSay("ERROR ! ! ! \n Wrong active Group,... Detatching ....              \nPlease change to the MC group and re wear item");              llDetachFromAvatar( );            } }}            on_rez(integer param)                     {        if (llGetAttached() == 0)         {   GroupCheck();            if(groupSame)            {  llOwnerSay("\nMC Group Verified !\nYou may now switch groups at will");            }            else            { llOwnerSay("ERROR ! ! ! \n Wrong active Group,... Deleting ....              \nPlease change to the MC group and re wear item");              llDie();            }        }    }}

 with out tag owner still cant wear it but with tag owner can wear it but still cant rez it . trying to make 2 verisons one for cuts which is working cause dont need them to rez the cuts anyways but for flags and pinup colors need to be group only rez at the end so that if they in group they can still rez the items. not sure where im doing wrong in this .

 

Even tried it like this and still skips right to Else on rez and deletes even with the right Group being worn.

integer groupSame;string MC_Group = "b4389e49-c800-69b4-166a-0a145d5d4bf0"; // change the UUID to your MC's UUIDGroupCheck(){     list details = llGetObjectDetails(llGetKey(), ([OBJECT_GROUP]) );     string myGroup = llList2String(details, 0);     if( myGroup == MC_Group)     { groupSame = TRUE;     }     else     { groupSame = FALSE;           }}default{ attach(key id)    {        if (id)            {   llRequestPermissions(id, PERMISSION_ATTACH );                    }        else        { // detatched        }    }  run_time_permissions(integer perm)    {        if(perm & PERMISSION_ATTACH)        {   GroupCheck();            if(groupSame)            {  llOwnerSay("\nMC Group Verified !\nYou may now switch groups at will");            }            else            { llOwnerSay("ERROR ! ! ! \n Wrong active Group,... Detatching ....              \nPlease change to the MC group and re wear item");              llDetachFromAvatar( );            } }}            on_rez(integer param)         {   GroupCheck();            if(groupSame)            {  llOwnerSay("\nMC Group Verified !\nYou may now switch groups at will");            }            else            { llOwnerSay("ERROR ! ! ! \n Wrong active Group,... Deleting ....              \nPlease change to the MC group and re wear item");              llDie();            }        }    }

 

Link to comment
Share on other sites
Xiija

Xiija

Posted
Posted

My bad,... as far as I know, there is no way to check what groups an avatar belogs to, nor anyway to

GET an avatar's current group title.( llSameGroup doesn't work in this situation)

Since objects are rezzed with the groupkey of the land group  where they are rezzed, it would mean members could only rez items on your  MC group land.

there may be a way to check the SL online website for which groups someone belongs to,

but i don't know how to do that :P

 

  • Like 1
Link to comment
Share on other sites
Sumomo Cheri

Sumomo Cheri

Posted
  • Author
Posted

yeah this thought crossed my mine in the last few mins so making this script work for group only items that could be rezzed is out of question but it does work great for vest even with out the group check like so .

            on_rez(integer param)         {        // Check if the object is attached. llGetAttached() returns 0 if object is not attached.        if (llGetAttached() == 0)         {              llDie();               }    }

  for the end of the coding . this will allow them to wear it with proper tag but not ever be able to rez it which makes it useless completely if they ever leave or quit or get kicked from a group that the script is for .

 

Link to comment
Share on other sites
Rolig Loon

Rolig Loon

Posted
Posted

Xiija wrote:

My bad,... as far as I know, there is no way to check what groups an avatar belogs to, nor anyway to

GET an avatar's current group title.( llSameGroup doesn't work in this situation)

Since objects are rezzed with the groupkey of the land group  where they are rezzed, it would mean members could only rez items on your  MC group land.

there may be a way to check the SL online website for which groups someone belongs to,

but i don't know how to do that
:P

 

Right.  That's why I said you'd have to go the hard route of maintaining a database on a remote server to check against.

Link to comment
Share on other sites
Estelle Pienaar

Estelle Pienaar

Posted
Posted

Here is how to exchange the necessary information with the database:

I had a hard time learning php and mysql for my own project. A lot of the available online tutorials are outdated, the following tutorial too. I do however recommend to read it, because it gives you some ideas about the process: http://www.drnadolny.com/uploads/6/0/0/2/6002231/databases.pdf

Also do not use the following scripts for any other purpouse than testing until I/we have discussed the security aspects.

I. Set up a database and a table

I.1) You will need a host for your MySQL database and the webpages that contain the php-scripts. You will send the information from your LSL scripts to the php pages and from there it goes to the database (and the other way round). So google some web hosts and look at what they got to offer and how much they cost - some are even free. However I would invest in a well established and known service provider. What use is a database if the provider goes bankrupt and your data is gone?

I.2) Inquire how you can set-up the database. My host allows the management of tables via scripts. In phpMyAdmin is a "SQL" tab with a the text box and the heading: Run SQL query/queries on database DBxxxxxxx.

SQL script for table creation:

 

CREATE TABLE IF NOT EXISTS mcBikers (  bikerKey char(36) NOT NULL DEFAULT '00000000-0000-0000-0000-000000000000',  bikerName varchar(128) NOT NULL,  mcMember char(1) DEFAULT '1',  PRIMARY KEY (bikerKey)) ENGINE=MyISAM DEFAULT CHARSET=utf8;

Your table called "mcBikers" will have three records: "bikerKey", "bikerName", "mcMember". For your application you won't need more. You can also create the table manually with the phpMyAdmin interface but I will not explain how to do it here.

II. Insert data into the database

Introduction statement: I will use the method http-get in order to communicate the information from SL to SQL. I do so because it requires less php skills to write the php code: we just need to transform information which is contained in the link to variables. With the method http-post we would need to "simulate a webpage".

II.1. Create a php script and upload it to your webspace, so that it will have an http:// address

 

<?php//You need to insert your specific data for "DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE"$con=mysqli_connect("DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE");// Check connectionif (mysqli_connect_errno()) {  echo "Failed to connect to MySQL: " . mysqli_connect_error();}//use the parameters in the http-link to set the $ variables and real escape them for security reasons (against injection) $bikerKey = mysqli_real_escape_string($con, $_GET['bikerKey']);$bikerName = mysqli_real_escape_string($con, $_GET['bikerName']);  //if needed for debugging:
//echo $bikerKey, $bikerName;//Insert the $ variables into the table mcBikers
$sql="REPLACE INTO mcBikers (bikerKey, bikerName) VALUES ('".$bikerKey."', '".$bikerName."')"; 

//for debugging: print out the db query on the screen
//echo $sql . '<br/>'; 

if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } 
echo "1 record added"; 

//close connection to database
mysqli_close($con); ?>

 

Experienced PHP scripters might feel tempted to argue that my php script is outdated and even insecure. I agree that it doesn't use fancy object oriented (not even new procedural style).  It is very basic, but I don't think that it is insecure if the right precausion measures are taken. I will discuss this in more detail at a later point.

II.2 Create an LSL script. I propose to let people touch an object as part of the admission ceremony (or find an alternative way to capture the avatars unique key and to start the process). Downside of the touch method: Never leave your object rezzed, because random people might touch it and register.

Parts of the following script are inspired by Gwyneth: http://gwynethllewelyn.net/2014/09/17/registering-users-on-a-website/

// Script by Estelle Pienaar. A substantial part of this code is based on Gwyneth Llewelyn's script: http://gwynethllewelyn.net/2014/09/17/registering-users-on-a-website/// Touch to get your avatar registered remotely  // Global Variableskey bikerKey;string bikerName;key requestKey; default{    state_entry()    {        llSetText("Click to join the MC club.",            <1.0,1.0,1.0>, 1.0);    //Touch to send data to     }      on_rez(integer startParam){    llResetScript();} changed(integer change){    if (change & (CHANGED_OWNER))        llResetScript();} touch_end(integer int){    bikerKey = llDetectedKey(0);
    bikerName = llGetUsername(bikerKey);    llOwnerSay("SQLsender was touched by " + bikerName);             llSetText("Sending registration for " +            bikerName + "...", <1.0,0.0,0.0>, 1.0);        // start communication with database    string body = "";        //llEscapeURL is not really necessary but I have the habit to use it with all data I send to an URL    string URL = "http://www.PUT-YOUR-URL-HERE.php" + "?bikerKey=" + llEscapeURL(bikerKey)  + "&bikerName=" + llEscapeURL(bikerName);     //define a list to contain the parameters of the http request.    list parameters = [HTTP_METHOD, "GET"];     //send the request    requestKey = llHTTPRequest(URL, parameters, body);        //Use this for debugging:     //llOwnerSay(URL);    } // Catching reply from webserverhttp_response(key request_id, integer status, list metadata, string body){        //For debugging:    //llOwnerSay((string)status + " ." + llList2CSV(metadata) + " ." + body);    if (request_id == requestKey)    {    llSetText("Click to join the MC club.",            <1.0,1.0,1.0>, 1.0);        if (body == "1 record added")        {            llOwnerSay("Avatar has been registered");        }        else        {            llOwnerSay("There has been a problem to connect to the database or the avatar is already registered. Please try again, check for dublicates or register the person manually. bikerKey = " + (string)bikerKey + "; bikername = " + (string)bikerName + ".");        }    }}  }

Comment: If you delete yourself from the database for testing purpouses in order to be able to register again, wait a few moments. Or the database will answer that there is a dublicate entry where there is non and the LSL script will answer that "there has been a problem to connect to the database" ..

 

Ok, that wasn't too hard, was it? To be continued.

III Test if avatar is member of MC community.

III1. The LSL script. I will post a script that demonstrates the principle. The script contains the global variable "mcMember". In the demonstration script, the key of the touching avatar is send to the database (you can customize this in your own script, so that the key of the object owner is sent to the database in the state_entry event. If the response from the database is "1", then the global variable "mcMember" is true. If the database responds "0" or that no such entry exists, then the global variable "mcMember" is false. I leave it up to you to create the LSL script to delete the object based on this information.

// Script by Estelle Pienaar. // Touch and check if member is a registered MC biker  // Global Variableskey touchKey;string avatarName;key requestKey;integer mcMember; default{    state_entry()    {        llSetText("Click to test if avatar is \n member of the MC club.",            <1.0,1.0,1.0>, 1.0);    //Touch to send data to     }      on_rez(integer startParam){    llResetScript();} changed(integer change){    if (change & (CHANGED_OWNER))        llResetScript();} touch_end(integer int){    avatarName = llDetectedName(0);    touchKey = llDetectedKey(0);    llOwnerSay("Test prim was touched by " + avatarName);             llSetText("Sending registration for " +            avatarName + "...", <1.0,0.0,0.0>, 1.0);        // start communication with database    string body = "";        //llEscapeURL is not really necessary but I have the habit to use it with all data I send to an URL    string URL = "http://www.PUT_YOUR_URL_HERE.php" + "?bikerKey=" + llEscapeURL(touchKey);     //define a list to contain the parameters of the http request.    list parameters = [HTTP_METHOD, "GET"];     //send the request    requestKey = llHTTPRequest(URL, parameters, body);        //Use this for debugging:     //llOwnerSay(URL);    } // Catching reply from webserverhttp_response(key request_id, integer status, list metadata, string body){        //For debugging:    //llOwnerSay((string)status + " ." + llList2CSV(metadata) + " ." + body);    if (request_id == requestKey)    {    llSetText("Click to test if avatar is \n member of the MC club.",            <1.0,1.0,1.0>, 1.0);        if (body == "1")        {        mcMember = TRUE;            llOwnerSay("Avatar is member of MC");        }        else        {        mcMember = FALSE;        llOwnerSay("Avatar is not a member of MC");        }    }}  }

 

III2. This is the PHP script that checks if the record "mcMember" in the table "mcMembers" is "1" or "0".

<?php//You need to insert your specific data for "DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE"$con=mysqli_connect("DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE");// Check connectionif (mysqli_connect_errno()) {  echo "Failed to connect to MySQL: " . mysqli_connect_error();}//use the parameters in the http-link to set the $ variables and real escape them for security reasons (against injection)$bikerKey = mysqli_real_escape_string($con, $_GET['bikerKey']);//Define which entry you chose from the database$readthis = mysqli_query($con, "SELECT mcBikers.mcMember FROM mcBikers WHERE mcBikers.bikerKey = '$bikerKey'");//Fetch the information arraywhile($output = mysqli_fetch_array( $readthis )) {// Print out the contents of each row into a table        echo $output['mcMember'];}//close connection to databasemysqli_close($con); ?>

 Here we go. With this information your project is already very possible. You can go to phpMyAdmin and change the variable for "mcMember" manually from "1" to "0" when someone leaves MC. And his/her scripted equipment won't work anymore.

iV Delete an avatar from MC community

Rule number one when deleting an entry from a database: Never delete an entry from the database. Instead change the number from mcMember from "1" to "0". There are many good reasons for this, here are two of them: (1) If you delete an entry by mistake, you will have a lot of hassle to get it back. If you change an entry by mistake, you can easily change it back. (2) If anyone should hack your scripts she can delete the entries with it...

IV.1 The LSL scirpt: The username of the avatar that gets excluded from MC has to said in chat on the channel 535. The username should be said in the format "all lower cases" and a "." for the space between first name and last name: for example "estelle.pienaar" and NOT "Estelle Pienaar".

// Script by Estelle Pienaar. // Touch to and talk on channel 535 to eject an avatar  // Global Variableskey ownerKey;string avatarName;key requestKey;integer talkNow;integer mcMember; default{    state_entry()    {        llSetText("Click to ban someone.",            <1.0,1.0,1.0>, 1.0);        ownerKey = llGetOwner();    }      on_rez(integer startParam)    {        llResetScript();    }     changed(integer change)    {        if (change & (CHANGED_OWNER))            llResetScript();    }     touch_end(integer int)    {        if (llDetectedKey(0) == llGetOwner())        {            talkNow = llListen(535, "", ownerKey, "");            llOwnerSay("The script is now listening on channel 535. Type the username of the avatar that should be banned on that channel.");                  llSetText("Say username on channel \n 535", <1.0,0.0,0.0>, 1.0);            llSetTimerEvent (60.0);        }        else            llOwnerSay("Only the owner can use this object.");       }listen( integer channel, string name, key id, string message )    {        avatarName = message;        // start communication with database        string body = "";            //llEscapeURL is not really necessary but I have the habit to use it with all data I send to an URL        string URL = "http://www.URL_TO_SCRIPT.php" + "?bikerName=" + llEscapeURL(avatarName);         //define a list to contain the parameters of the http request.        list parameters = [HTTP_METHOD, "GET"];         //send the request        requestKey = llHTTPRequest(URL, parameters, body);            //Use this for debugging:         //llOwnerSay(URL);        llListenRemove(talkNow);        llSetText("Click to ban someone.", <1.0,1.0,1.0>, 1.0);        llSetTimerEvent(0.0);        } // Catching reply from webserverhttp_response(key request_id, integer status, list metadata, string body)    {        //For debugging:    //llOwnerSay((string)status + " ." + llList2CSV(metadata) + " ." + body);    if (request_id == requestKey)        {            if (body == "Affected rows: 1")            llOwnerSay("The membership has been cancelled.");                    else            llOwnerSay("Username not found in database.");                }    }         timer()    {           llOwnerSay("No username has been said on channel 535. Listener will be removed.");            llSetText("Click to ban someone.", <1.0,1.0,1.0>, 1.0);            llSetTimerEvent(0.0);}  }

 IV.2: PHP script

<?php

//You need to insert your specific data for "DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE"$con=mysqli_connect("DB_HOSTNAME","DB_USERNAME","DB_PASSWORD","DB_DATABASE");

if (mysqli_connect_errno())
 { echo "Failed to connect to MySQL: " . mysqli_connect_error(); }

//use the parameters in the http-link to set the $ variables and real escape them for security reasons (against injection) 

$bikerName = mysqli_real_escape_string($con, $_GET['bikerName']); 
$newValue = "0"; 

//Update the value of "mcMember" for this user to "0"; 
mysqli_query($con, "UPDATE mcBikers SET mcMember = '$newValue' WHERE bikerName = '$bikerName'"); 

//Show on screen how many entries have been affected; If "0" rows are affected, something has gone wrong... 
echo "Affected rows: " . mysqli_affected_rows($con); 

//close connection to database 
mysqli_close($con); ?>

 


V Some words about security

I am not a PHP expert and I am not a security expert. So don't take my words as the unquestionable truth. Here are my 5 cents about security in LSL-PHP-MySQL communication.

There have been a lot of security breaches to databases via PHP-MySQL data injection and therefore PHP has been changed a lot in the last years. However I think that all these new fancy functions are not necessary for SL-Database communication. In order to hack a database via PHP, a hacker needs to know the exact URL. For websites, it is extremely easy to find these URLs. Everything where a user has to fill out a form is run by a PHP script. For our SL use however it is almost impossible to find out the URL when an SL script is non-modify.

If you are  concerned about security, the following tips should help: a) don't give your scripts a name that someone can guess easily llike "input.php", "users.php", "bikers.php" etc. It's safer to give it a total random name like "t0m0t0s.php". b) don't put the php scripts in the root directory of your website. Use another folder and give the folder a very random name, like "Xu6O79nJk". Who would ever guess such an URL: "http://mywebsite.com/Xu6O79nJk/t0m0t0s.php". I would say it is as safe as a strong password.

If you are still concerned, then change the name of the variables in the script. You should anyway NEVER just copy and paste PHP scripts from websites (like this one) without changing the variable names. The biggest threat to your database security is that someone can easily guess your URL and your variable names.

Another layer of security is therefore to make the variables in the URL more random. You could change to following code snippet of my first LSL script (Don't forget to change the name of the variables in the PHP script accordingly): 

 

    string URL = "http://www.PUT-YOUR-URL-HERE.php" + "?bikerKey=" + llEscapeURL(bikerKey)  + "&bikerName=" + llEscapeURL(bikerName);

into

    string URL = "http://www.PUT-YOUR-URL-HERE.php" + "?I8lkbikerKey=" + llEscapeURL(bikerKey)  + "&eR2PbikerName=" + llEscapeURL(bikerName);

 No one would guess such variables. That is more than enough security and all the complicated fancy PHP procedures and object oriented PHP shinies can be ignored for SL->Database communication.

 

Link to comment
Share on other sites
Estelle Pienaar

Estelle Pienaar

Posted
Posted

Phew, SL-databse communication is not "The Impossible" but it is a fiddly task. There is a lot that can go wrong between the LSL, PHP and SQL communication. And there are no obvious error message like in the LSL editor that will point you to the problem.

Also there is clearly a lack of good php tutorias and wikis. I only realised how great the LSL wiki is when I saw the documentation mess for PHP...

Unfortunately the OP seems to have given up, has lost interest or doesn't want to look into a database solution. He hasn't given any feedback. I hope however that these examples can be useful for other scripters who need a database communication via an http-bridge.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 3380 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...