Forums
October 07, 2022, 06:37 PM

Author Topic: PichulaNET (beta)  (Read 716 times)

0 Members and 1 Guest are viewing this topic.

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
PichulaNET (beta)
« on: September 07, 2022, 06:46 PM »
EDIT: Release post is just a couple messages below, or you can click here. Project is discontinued.

Hello. Time ago I hosted a server named Gusanonet, where rankings and medals worked (though glitchy with snoopers and exotic nicks). For it I have investigated a lot (thanks CleanAir for you searchable nick), i.e. how the points system work, the leagues, all the stuff. I even reached an official page with wayback machine featuring a score board, congratulating players and so on. Not everything was implemented back then, the goal was to have fun making something presentable and functional enough, making some of WA's dead code, undead code.
Turns out the server was a complete failure.

However, I promised I'd share the source code back then, but the simple truth is that I lost it. So what do I do? Make it again. I'm not going to host it this time (I don't want to "split the community"), but I'd release the software, just like MyWormNET. Fully written in PHP, including IRC server and bots.

The big question is, do you care? Am I doing something good or wasting my time?
All I'd need is your approval, and perhaps some help developing a wormkit module so maps can actually be changed in ranked channels (i.e. required to play some ranked shopper or such).

Snooper support is not yet planned.
« Last Edit: September 22, 2022, 07:45 PM by lolicon-guy »

Offline MonkeyIsland

Re: Ranked Server
« Reply #1 on: September 08, 2022, 04:34 AM »
I appreciate your effort but I don't think the community would switch to an alternative server as long as the official WormNet exists. Deadcode could modify the current W:A build to switch the official WN server and I think that requires Team17 approval. Even then, we'd be having different versions of W:A which point to different WN servers. Remember as of today still not everyone is using the latest build.
Due to massive misunderstandings: MonkeyIsland refers to an island not a monkey. I would be a monkey, if my name was IslandMonkey meaning a monkey who is or lives on an island. MonkeyIsland is an island which is related to monkeys. Also there's been a legend around saying MonkeyIsland is a game. So please, think of me as an island or a game.

Offline Lupastic

Re: Ranked Server
« Reply #2 on: September 08, 2022, 10:14 AM »
it would be nice to have a place/server where the moderation is equally balanced, where the mods are normal healthy people, able to judge every confrontation rationally and fairly :) also: registration available, no more nick-stealing etc. I wouldn't care too much about the rate system and medals and such. just registration

https://www.tus-wa.com/forums/worms-armageddon/wormnet-moderations-34822/

https://www.tus-wa.com/forums/tech-support/identity-theft-abuse-33934/

although, I feel like it is "too late" at this point :D everyone got used to this probably by now. the shitsteam of wormnet :D as for myself I would stay on the server where you can find the most players. if you'd manage to do this, and a daily amount of 5-10 people would go up on your server and stay AFK the whole tme, then it is really wormnet that remains to us, and the mods of wormnet sadly ;c I would gladly change to something else though.

Offline Lupastic

Re: Ranked Server
« Reply #3 on: September 08, 2022, 10:27 AM »
this should have come up in like 2012. also, wouldn't the most of us - europeans? - lag very often if your server would be stated in south america? oO

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
Re: Ranked Server
« Reply #4 on: September 08, 2022, 01:21 PM »
Ahhhhh no, I won't host a server this time, I'll just release the software/source code as if it was a more complete version of MyWormNET. Same deal, free use, anyone could host a server. After all, when I was a child we used to do MyWormNET experiments all over the hamachi groups, trying out different versions and setups, and that's how I learnt some basics on web programming; all I wanted was to revive the old times, when I wanted to see a server so functional that could revive some of the game's unused code.

Offline TheWalrus

Re: Ranked Server
« Reply #5 on: September 08, 2022, 05:31 PM »
I remember GusanoNET, great place, very non toxic, good people, free drinks

The fire rat hung out there was a good party

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
Re: Ranked Server
« Reply #6 on: September 21, 2022, 10:56 PM »
Well, here it is. Beta versions of this MyWormNET-like software.

WA Version (PichulaNET v0.9a) * _WA.rar (212.74 kB - downloaded 6 times.)

WWP Version (PichulaNET v0.9b) * _WWP.rar (210.8 kB - downloaded 5 times.)

ChanServ update: here

Make sure to read those readme files to know the requirements. Flaming bar settings won't work for WA, only WWP. Instead, you can use wkFlamingHealthBars.

Yep, supports rankings, weekly "season" (or whatever) and all, but maps can't be changed though. Too bad. On the other hand, it's a complete server, showing all functions the frontend could possibly handle.


Fully written in PHP, including IRC server and bots. To put it simple, both can and do connect to the same database, using the same API; which means all parts can be fully connected. IRC server is a modified version of DanoServ, fixing bugs and compatibility. Also, I ported d4d's authping/pong code to it. Ported d4d's work to WA, completed the admin panel, made some arrangement.

WA Version's #PartyTime channel is special. It is currently hardcoded to connect to Team17's #AnythingGoes channel; its game list and the ability to host. To top it, it includes a very old bot of mine, HostingBridge, which allows users to communicate host requests to Team17's HostingBuddy (by stealing your nick lol). I'm not going to deal with chat connection though.

WWP Version requires the attached files below, else the hosted games list won't appear. Must be installed on game's root folder.


Tested in XAMPP with PHP 7.4.29. Windows 7.

More testing IS necessary. This is what I have for now, it works and does it well.
I doubt I'd continue doing this project.

Credits to d4d for the Admin panel and WWP reverse engineering. Thanks to Danopia for his DanoServ IRC Server.


Snoopers aren't supported, the reason, in short, is due to how they login into the server, from design level.
Great Snooper will try to connect to IRC directly and get constantly kicked by ChanServ, game list isn't visible, hosting isn't possible. There's no option to input a password.
Wheat Snooper couldn't connect at all; Secure logging isn't an option, because is restricted to wormnet1's address.
« Last Edit: September 22, 2022, 09:49 PM by lolicon-guy »

Offline MonkeyIsland

Re: Ranked Server
« Reply #7 on: September 22, 2022, 05:33 AM »
Thanks for sharing.
Due to massive misunderstandings: MonkeyIsland refers to an island not a monkey. I would be a monkey, if my name was IslandMonkey meaning a monkey who is or lives on an island. MonkeyIsland is an island which is related to monkeys. Also there's been a legend around saying MonkeyIsland is a game. So please, think of me as an island or a game.

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
Re: Ranked Server
« Reply #8 on: September 22, 2022, 07:32 PM »
Update, just fixed ChanServ's annoyance.


Offline nizikawa

Re: PichulaNET
« Reply #9 on: September 22, 2022, 07:49 PM »
I would say that this is a very faithful implementation compared to the original WormNET, it even implements the same SQL Injection vulnerability in the "Channel" parameter.
Code: [Select]
if(isset($_GET['Channel'])){
$channel = $_GET['Channel'];
$command = "SELECT * from `HostGames` WHERE Chan='$channel' ORDER BY GameID DESC";
$res = $con->query($command) or die($con->error);

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
Re: PichulaNET (beta)
« Reply #10 on: September 22, 2022, 07:58 PM »
Hm, what kind of things should I keep in consideration when writing PHP code? I'm "relatively new" to it, let alone web development at all, and I don't know where/who to ask. I've programmed for years, but what mattered was optimization; security I don't have much idea.

In the example given, how can it inject SQL at all if only the WHERE clause gets affected?
EDIT: An attacker can close the remaining of the request and insert new commands this way, got it
« Last Edit: September 22, 2022, 08:26 PM by lolicon-guy »

Offline MonkeyIsland

Re: PichulaNET (beta)
« Reply #11 on: September 22, 2022, 08:08 PM »
ANY time there's user input, that input should be verified thoroughly. You should always think about how things could go wrong and start closing those gaps.

Code: [Select]
if(isset($_GET['Channel'])){
$channel = $con->real_escape_string($_GET['Channel']);

https://www.php.net/manual/en/mysqli.real-escape-string.php
Due to massive misunderstandings: MonkeyIsland refers to an island not a monkey. I would be a monkey, if my name was IslandMonkey meaning a monkey who is or lives on an island. MonkeyIsland is an island which is related to monkeys. Also there's been a legend around saying MonkeyIsland is a game. So please, think of me as an island or a game.

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
Re: PichulaNET (beta)
« Reply #12 on: September 22, 2022, 08:38 PM »
Fixed, download links updated

Offline nizikawa

Re: PichulaNET (beta)
« Reply #13 on: September 22, 2022, 09:04 PM »
Please use prepared statements, addGameToTable() is vulnerable to SQLi through Loc , Type, pwd parameters

Offline lolicon-guy

  • New Member
  • *

  • Chile Chile
  • Posts: 47
    • View Profile
Re: PichulaNET (beta)
« Reply #14 on: September 22, 2022, 09:48 PM »
Updated all references to $_GET.