We are currently working around an issue with the ordering of mods in the MP game browser by filtering out empty games for all but the current version.

This is done by adding

        $filter_empty = NULL;
        if (isset($_REQUEST['modversion']))
            $filter_empty = $_REQUEST['modversion'];

between the try and the $db lines at the start of games.php, and then

            // Filter empty servers from all but the current version
            if ($row['players'] == 0 && $filter_empty != NULL && explode("@", $row['mods'])[1] != $filter_empty)
                continue;

as the first line after the foreach.

This hack can and should be removed once most of the empty servers have migrated from release-20170421 to release-20170527.

Required for OpenRA/OpenRA#4495.

The most active and popular server by:

amount of players
activity
average game duration

show the most popular map per server too.

http://master.open-ra.org/ping.php?port=5354&name=Exploit&state=1&players=0&mods=ra@invalid&map=f1cc766418da45f987690cc6128444ada55d1a89&maxplayers=0

Can be fixed by checking for a custom user agent, suggested to be enforced in next version.

create some indexes as well perhaps.

That's why /games does not show client names field.
Probably required to drop and create table clients again.
This table does not store anything over time, it's for current online games, so no data is going to be lost.

and provide a page to serve saved info for external clients.

structure: new table with: id, hash, played_counter, version

api: request a page by hash and return a json: [{"hash":"hash", "played_counter":"amount","version":"version"}].

For example, resource site will have scheduled trigger (in background) which will update internal database with fresh data from master server, using API, several times per month.
This non-up-to-date info is enough to be trusted.

Having this fixed and a "community maps" tab added into OpenRA, there will be a possibility to have a filter ordered by "Playing Activity", requested by @X-A-N-A-X

Primary table "servers":

Table "finished":

Table "map_stats":

Table "activity":

So we can render it with JavaScript libraries like http://www.flotcharts.org/ in the way http://cncnet.org/statistics does it.

I think, that fields "latency" and "jitter" (from the Master server to a Playing server) may be useful for outputs of "list.php" and "list_json.php".

What do you think?

via OpenRA/OpenRA#4647 required for OpenRA/OpenRA#4621

1 field: game_started

RewriteRules in .htaccess don't work on xampp machines. Tested with xampp 1.7.7 and xampp 1.8.2 on Win7 and WinXP.

An overall redirection does the trick there:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^.]+)?$ $1.php

This will create new ID. Can happen because of issues with physical connnection

port check is done on $_SERVER["REMOTE_ADDR"] yet address in body is used in the database insert/update clause. perhaps you want to add a check that remote address matches body address and/or store remote address.

by setting the ip address to any active game ip address you can update/overwrite the database record for that game server.

in general many of the input fields are not checked, but the address being part of the key may be harmful.

also note that a dos attack is possible by executing an unlimited number of pings. i understand this may be by design, it being an open game.

What must be: 1 game == 1 ID for the game's lifetime

What really happens: game's ID is randomly (unpredicted moment) changed

What does it break: the uniqueness of the game is violated, which clients do not suspect about (bots, stream servers). Impossible to define the game's start moment for bots. Stream servers are unable to work because impossible to define a minor changes in a particular game (or at least impossible to rely on it).

What is probably causing such a behavior: ping.php -> $insert = $db->prepare('INSERT OR REPLACE INTO servers .......

Recently, it appears that the server listings are sorted in some manner other than alphabetical. In the past, server names have determined the order in which servers without any players appear in the server listing, and similarly among the group of servers that have current active players.

It is not clear how they are now being sorted or if this change in sorting mechanism was intentional.

There is no need to encode data that will be returned as yaml, and possibly likewise for JSON (I'd expect that to have its own sanitize function that could be done on display). We probably want to remove this to avoid issues like:

Hi,

I would like to ask, if it is possible to include basic information to games endpoint ?

For example, if you open developer tools on page http://www.openra.net/games/, you can see there is another request to obtain map info for every displayed game in list. IMO, it would be better to include basic map info right into games/ endpoint, so it would save several request.

The point, why I'm asking is that I'm trying to implement own games browser, where user can filter games based on mods, players, maps, etc. So, when my games browser will show for example 50 games, it needs also send another 50 request to get map info.

probably using services like http://api.hostip.info/country.php?ip=IP

http://activity.openra.net/ can be easily junked with invalid data such as games with unrealistic large player numbers, which is what @martinalderson did when he tested his exploits OpenRA/OpenRA#11826. Similar to #5, but more annoying as our graphs then scale to the super high player count.

INFO.md contains instructions for configuring nginx, but the server is running on apache.

games.php serves the the content-type application/javascript when selecting json as output.
this should be application/json.

by also being able to insert any string in the database this in some situations could lead to javascript being executed in the web clients that make the request. possible cross site scripting attack.