supertuxkart / stk-addons Goto Github PK

SuperTuxKart crashed :/

SuperTuxKart crashed!
Please hit Ctrl+C to copy to clipboard and signal the problem
to the developers on our forum: http://forum.freegamedev.net/viewforum.php?f=16

Call stack:

Create special user for stkaddon (instead of using DB root)

If stk aborts, users are not logged out properly, and appear to be still logged in (see supertuxkart/stk-code#1868). While there might be a bug in stk (e.g. time out for login too small, so it does not have time to log out before stk exits), we need a cron job (? or something similar) which cleans up logged in users who have been idle (i.e. not send a poll request) for a certain amount of time.

I switched to the new server, connected (which triggered an upload of my achievements), but if I look on the webpage, I don't see any achievements.

The downloaded addons.xml files does not contain icon information anymore. E.g.:

<kart id="alternative-tux" name="Alternative Tux" file="http://addons.supertuxkart.net/dl/1201809349552da39065bf9.zip" date="1429054353" uploader="Auria" designer="Joost Verdoorn" description="" format="2" revision="1" status="449" size="1947574" min-include-version="" max-include-version="" license="" image-list="" rating="2.000"/>

This causes bug supertuxkart/stk-code#2334 in STK (missing icons). There is a new (though empty) field image-list.

We need an option to create off-site backups.I can probably setup a cron job from a 24/7 machine to download them regularly.

We have now the option to limit graphical options depending on a config file. This means if we identify that certain driver/os/card combinations can not use feature XYZ, we can disable this feature without recompiling stk.

The idea is that this config file can be updated using our news service. My suggestion would be to include the context of this file inside the news.xml file. Ideally the online server would take this data from a separate file, so all we need to do is update this file (perhaps directly from our git??) on the server, and over time all clients would automatically be updated.

Atm only the ids are shown online, e.g.:

• 2
• 4
  It should at least show the titles, e.g.:
• 'Strike! (2)
• 'Marathoner' (4)

Currently, specific API calls are selected by changing a url parameter in the request to the api. This is not an effective long-term solution.

We should use a URL rewriting scheme to conceal the API file structure from game clients, for example:
http://api.stkaddons.net/v1/user/login/

This enables us to hide the implementation language from the game client, in case we decide to rewrite the api in a different language once we have a more capable web server. It will also make any api documentation much cleaner, and better conforms to the typical style of RESTful APIs.

The downloaded news.xml file contains:

    <include file="http://104.131.193.44/stkaddons/dl/xml/assets.xml" mtime="1407665491"/>

The url is wrong, stkaddons does not exist, and also the ip address should not be used.

User pages do not load correctly in the case that a user has a strictly numeric username. The fields on their user page do not populate correctly.

The root cause of this issue is some old code that allowed user pages to be accessed by either their numeric user ID or their username. I do not believe that any instances where links to user pages are created using only a numeric ID still exist.

The code that supports getting users by numeric ID in users.php should be removed.

http://addons.supertuxkart.net/stats/ has some problems in the 'clients' graph: the date at the bottom is: Dec 14 Dec 14 Dec 14 Jan 15 Jan 15, but no day :)

Showing the number of users online would be interesting, too (if keeping track of this stats, which would likely require a separate table is too much, just getting the number of currently logged in users would be nice)

Currently, the addon server has a max upload size set to 8MB, and a maximum POST size of 12MB.
I propose increasing the max upload size to 30MB, max POST size to 35MB, and increasing Apache's timeout from 5 minutes to 10 minutes to allow larger uploads.

Currently, both versions of stkaddons use self-signed ssl certificates although you can get a trusted ssl certificate for free (e.g. with StartSSL).

It would imo be good to replace the current certificates with trusted ones and configure both versions as https-only.

The error:

array(3) { [0]=> string(5) "42000" [1]=> int(1064) [2]=> string(150) "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''25'' at line 6" } SQLSTATE ERR: 42000
mySQL ERR: 1064
Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''25'' at line 6
Query: SELECT `l`.`date`, `l`.`user`, `l`.`message`, `u`.`name` FROM `v2_logs` `l` LEFT JOIN `v2_users` `u` ON `l`.`user` = `u`.`id` ORDER BY `l`.`date` DESC LIMIT :limit

The problem is with the :limit named parameter.
A proposed solution is to hardcode the limit or as proposed by https://stackoverflow.com/questions/2269840/php-pdo-bindvalue-in-limit to cast the value to an integer which will require further modification of DBConnection::query

Hi,

not sure if this is a duplicate of the activation email or not, but the link in a recovery email is:
http://api.stkaddons.net/password-reset.php?action=valid&num=*******&user=**

Only logins via public/private keys

I've tried to use the new server on our vps, but it only works if I use http, if I use https, I get a 'Couldn't connect to server'.

I noticed that when I previously tested the server, I only used http as well.

I'm reporting here what was initially posted to the wrong issue tracker:

The profile URL (users' homepage) can be a javascript: initiated URL. allowing users to inject client side script code into the DOM. Look at the homepage given for the "demo" user for an example.

Atm the privacy policy and termsn&conditions are on the wiki at:
http://supertuxkart.sourceforge.net/Privacy
http://supertuxkart.sourceforge.net/Terms

Since too many people can edit this page, it would be safer to copy the text into the addons web page (so there is less risk of someone adding incorrect stuff).

once this is done let Arthur know so that he can change the redirects from privacy.supertuxkart.net and terms.supertuxkart.net to the new pages. STK itself is already using the redirecting URLs.

Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

Trying to login using phpadmin didn't work either.

There is currently no mechanism in place to search or filter addons from the web ui. Add-on search should be added to the website so users may easily search by name, artist, description, or other fields.

There is some partial server code to look up an add-on based on this requirement, but it may need refactoring based on the design of the search ui.
Partial search code is in the json directory of the source.

Author: rubberduck7

You should be able to see, if an addon-track or kart is updated

this could be in news, or the track/kart could be marked as "updated" or "new"

another idea is to add a "sort by modification-date"-funktion on addon-site (like you have it in game)

Migrated-From: https://sourceforge.net/apps/trac/supertuxkart/ticket/1032

We should have donation buttons, and also enable a custom thank-you page to be displayed after a donation.

Hi,
Sorry to use the bug tracker for such question, but I'd starting to create a Kart and a Track then SF.net gone down. I did not saved statics pages.

Could some one put somewhere those documentation that permits to construct Supertuxkart stuff.

Thanks a lot & Cheers

The button should either get a better name or be replaced by a "fork me on github" picture.

We need to merge in leyyin's fork. The current tux family 'master' should probably be moved to a branch (in case of emergency fixes on current server), leyyins then the new fork, which is then to be used on our vps.

How are we going to migrate the current DB to our VPS? Not sure if we should copy addon tracks over (many would need to be ported to work well with the new graphics. Karts don't need porting (afaik), but maybe remove some really low quality karts? What about user ids?

Atm the achieving request only takes a single achievement id. If STK is synching local achievement to the server, several achievements might need to be transmitted. Atm a separate request is send for each achievement, it would save some overhead if several achievements could be sent in one request. Proposed format: comma or space separated list of achievement ids.

When STKAddons was originally written, a set of database functions were written to speed up development. This all uses the (deprecated as of PHP 5.5) mysql module.

To replace this,we are using PDO, through a DBConnection class written in a more modern style. This also has the advantage of being more secure, as all queries run through it are prepared statements. This removes the need for explicit escaping of strings in queries, for example.

As such, all references to functions in sql.php should be removed. Helper functions can be added to DBConnection.class.php.as the need arises.

The emails to activate an account or recover one contain links to api.stkaddons.net instead of stkaddons.net. This should be changed (and tested again).

In supertuxkart/stk-code#1459, the root cause of the issue was that the stkaddons server did not have 60MB free space available for the 30MB add-on being uploaded. We needed double the space because the compressed version of the add-on was unnecessarily being copied to an area with a disk quota.

Adjust the upload code to either decompress the uploaded file without copying it to the quota'd space, or use scratch space without a quota for this purpose. (It is still useful to store something in the space with a quota if something goes wrong, so that I can investigate why upload failed.)

Hi

The addons website url is very hard to find. It's not in pages

• http://supertuxkart.sourceforge.net/Main_Page
• http://supertuxkart.sourceforge.net/Discover

And in page http://supertuxkart.sourceforge.net/Get_involved it's only about "submit a add-on" which is not understandable by end-users (players).

Cheers and thousand Thanks for STK !

Atm the achievements table is empty. @leyyin suggested to put this into the create table script.

Still a release blocker.

I'm reporting here what was initially posted to the wrong issue tracker:

On Addons, when users submit special characters as part of, for example, their full name, then these special characters are not encoded once but twice at the time you look at the users' profile page. Look at the "real name" field of the "demo" user for an example.

Currently, there are quite a few domains owned by the STK team, e.g. http://addons.supertuxkart.net, http://issues.supertuxkart.net, but there's also http://supertuxkart.org. There is also a number of special redirects, e.g. http://supertuxkart.sourceforge.net/forum. We should create a list of all of them so that they can be used throughout the project. And if, not yet done, someone should create a redirect for the latest download links for windows/mac/linux.

When an addon is buggy it'd be great to be report the bug directly to the author. Contacting the author via e-mail would be a great option

Currently, there is one big textarea for admins to write comments to author into. This is not ideal, because the submitter receives the contents of the entire textbox everytime, and it may not be easy for them to tell what the email is actually about given the extra noise. We should make an improved comment system, for addons and the submitter, that works a bit like a forum - and then email notifications can be adapted to only notify people about new comments

Users, that didn't activate their accounts yet aren't displayed in the user list, but you can see their profile by directly typing their name in the url. @leyyin considers that as a bug. 😉

When the 'create' command is sent to the server, it only expects name and max-player as parameter, not the ip address or port. api/server.php then passes 0 as ip address and port to createServer.

This then results in an error (since atm there is already one server on 0.0.0.0:0), and no server can be created.

It appears that the a second command is expected ('set') which will set the ip address and port, and/or start which appears to do something similar. I don't know how the protocol is supposed to work :(

Is there a reason for this two-step process? STK could provide the public ip address and port number in this request (though the 'start' command also takes a second port number as parameter ('private-port'), at this stage I am not sure what this exactly is). Even if the 0:0 address would be only temporary, it's not a viable solution (since more than one server might be created at the same time).

Atm the email on account creation is:
subject: New Account at api.stkaddons.net
Thank you for registering an account on the SuperTuxKart Add-Ons Manager. Please go to http://104.131.193.44/stkaddons/register.php?action=valid&num=dCpecVaGkr6V&user=10 to activate your account. Username: lia

The subject should be better: E.g. New SuperTuxKart Account

And then as text:
Hello USERNAME,

Thank you for registering an account on the SuperTuxKart server. Please go to http://104.131.193.44/stkaddons/register.php?action=valid&num=dCpecVaGkr6V&user=10 to activate your account. The username is USERNAME.

If you should not have requested an account for SuperTuxKart, please just ignore this email.

Best regards,
Your SuperTuxKart Team

See #1471 of stk-code.

Worst case I would be happy to postpone this, even though it might mean more work later.

The subject of the email is:

Reset Password on SITE_NAME

The upload control tries to display a preview of the uploaded file, but for zips this just adds a long stream of meaningless characters to the page, also making it very slow

the admins need to get an email if a new addon is uploaded, that functionality from the old web page appears to be missing atm.

If you enter a user name in the user search field, and press return, the search is not performed.

When trying to reproduce this issue I noticed that the search works as expected if you do not press enter (e.g. only enter 'hiker') - then hiker will be shown on the left after a few seconds. But if you press enter, the user list on the left contains all names again.

I'm re-reporting here what was initially posted to the wrong issue tracker:

When registering a new user account on Addons using the graphical web interface, the application requires the user to solve a CAPTCHA. Registrations using the API (such as used by the game client) do, however, now require a CAPTCHA to be solved. This may indicate that the anti-abuse functionality the CAPTCHA is supposed to provide on the web interface can be bypassed by suing the API.

As to match the other project prefixes https://github.com/supertuxkart.
How to rename e repository on github: https://help.github.com/articles/renaming-a-repository/