Nellty
commented
1 year ago But why
Open creedhax opened 1 year ago
Nellty
commented
1 year ago But why
creedhax
commented
1 year ago To name a few, also it would be optional for players, and optional for room makers to restrict their rooms to it
Nellty
commented
1 year ago
- accountability
So the playerauth?
- better way to track stats
What would change?
- better way to assign auto admins
What would change?
- more efficient banning
Surely I would not create a tons of that accounts would I be the banned one
To name a few, also it would be optional for players, and optional for room makers to restrict their rooms to it
So the half rooms would not use it and that might be waste of time of the single one dev?
creedhax
commented
1 year ago So the playerauth?
player auth isn't reliable as its too easy to change on the fly
- better way to track stats
What would change?
Ties to your account instead of auth code (see comment above about auth code)
- better way to assign auto admins
What would change?
See previous answer
- more efficient banning
Surely I would not create a tons of that accounts would I be the banned one
I don't understand this? Are you saying you will create a ton of accounts to bypass bans? In that case I would say this is useful to limit that behavior as it would require submitting a form each time.
To name a few, also it would be optional for players, and optional for room makers to restrict their rooms to it
So the half rooms would not use it and that might be waste of time of the single one dev?
I don't consider it a waste of time, that's my opinion, up to basro though.
Nellty
commented
1 year ago player auth isn't reliable as its too easy to change on the fly
What do you mean by that? If you mean bad actors, they could change the accounts that easy aswell. If you mean the people, for example, who are using different browsers, the solution is to popularize in some way the habit to backup their keys. That might be done in manner of the accounts system, like if you're entering the credentials and getting your playerauth set up in response, but again, what would be the benefits of this?
Ties to your account instead of auth code (see comment above about auth code)
I don't get it. Same thing, different to call?
Are you saying you will create a ton of accounts to bypass bans? In that case I would say this is useful to limit that behavior as it would require submitting a form each time.
So what would stop me to submit the form twice?
Nellty
commented
1 year ago Also, isn't the thing you're talking about could be done by headless API? Like you're joining the room, the room sees your nickname. If it is not registered, you are prompted to enter new !password for that nickname. If it is registered already, you are prompted to enter current !password of the nickname. If you didn't password in X seconds, you're getting kicked
creedhax
commented
1 year ago player auth isn't reliable as its too easy to change on the fly
What do you mean by that? If you mean bad actors, they could change the accounts that easy aswell. If you mean the people, for example, who are using different browsers, the solution is to popularize in some way the habit to backup their keys. That might be done in manner of the accounts system, like if you're entering the credentials and getting your playerauth set up in response, but again, what would be the benefits of this?
Its too easy for players to change/lose auth codes and lose stats for example, most players I've encountered don't even know what an auth code is and their computer/browser wipes data every restart. This at least gives them a familiar way to interact with websites.
Ties to your account instead of auth code (see comment above about auth code)
I don't get it. Same thing, different to call?
Using the account id as the unique identifier instead of auth code (since auth code isn't as reliable as account id, like I mentioned)
Are you saying you will create a ton of accounts to bypass bans? In that case I would say this is useful to limit that behavior as it would require submitting a form each time.
So what would stop me to submit the form twice?
Nothing but a delay in submitting a form with a new unique username and new password with a re-captcha.
creedhax
commented
1 year ago Also, isn't the thing you're talking about could be done by headless API? Like you're joining the room, the room sees your nickname. If it is not registered, you are prompted to enter new !password for that nickname. If it is registered already, you are prompted to enter current !password of the nickname. If you didn't password in X seconds, you're getting kicked
Handling account credentials in this way seem wrong
Nellty
commented
1 year ago Handling account credentials in this way seem wrong
Why?
creedhax
commented
1 year ago Handling account credentials in this way seem wrong
Why?
Ive seem a couple rooms implement this, and have seem people mistype and reveal the information to everyone with no way to remove it. And if that room also has spam control, they can't even spam it out of view fast enough.
Nellty
commented
1 year ago Its too easy for players to change/lose auth codes and lose stats for example, most players I've encountered don't even know what an auth code is and their computer/browser wipes data every restart. This at least gives them a familiar way to interact with websites
Yeah, this is a problem, and a familiar way sounds good. I just wondering why the global accounts system is needed for that
So what would stop me to submit the form twice?
Nothing but a delay in submitting a form with a new unique username and new password with a re-captcha.
Sounds like nothing indeed
Ive seem a couple rooms implement this, and have seem people mistype and reveal the information to everyone with no way to remove it
So fix this by not revealing the user input at all until he's logged in?
AnddyAnddy
commented
1 year ago I support haxball accounts idea I own the BFF community stats bots and the players are retrieved in this way: auth, then conn, then if the name is already taken they are flagged to possible duplicates.
The issue is exposed by @creedhax Over the last 6 months Some players, I would say 60% had duplicates in the database: they changed browser because they try new ones to have better performances, they changed ip because the ips are rarely static and they might change their name
To fix those cases I run a script that looks for possible matching players but the script misses 10% of the players I have to figure out manually.
I also own a discord bot (Elo by Anddy) and compared to haxball, discord is really easy to deal with accounts: we have access to a public unique user id that never changes. We are not forced to have unique nicknames, only the full name must be unique (Anddy/Anddy#1234).
I would like to suggest the option of playing as a guest along with using an account, and some tools in the headless API to check if an user is a guest
Hi @basro really glad you are active again, we all appreciate the time you put into this.
Here is a feature that would be nice to have, user accounts, here is a short list of ideas:
account id/usernameon player joiningaccount+ip