Jump to content

Recommended Posts

Posted (edited)

Hello Everyone,

 

 

I bring you not a PHP-based L2 server, not a full-fledged website, but a library that will revolutionize L2J web development.

 

Introduction


Many parallel projects have been developed over the years, and L2J today is divided into several distributions, each with a different database, whether by table name, fields, etc. A standard was never established for all banks to respect a specific nomenclature, sometimes they were developed by amateur developers, who despite being skilled, never studied and do not know good practices or follow some type of standard.   

This makes it difficult to develop compatible applications with so many revisions (L2jserver, l2jbrasil, dream, sunrise, frozen, etc.) and different game versions (Interlude, Gracia, Classic, etc.). 

The big challenge of all is,  How to create web applications, in php, that are compatible with the largest number of revisions possible?

 The answer to that is Data Harmonization.

 

 

Quote

Data Harmonization is the concept that you can create applications that interpret several different data sources and that act with a single input and output pattern.

 

 

 

And the best way to do that is to work on the Model layer, which passes to controllers a single known data format. It sounds complex, but isn't it that much ?

 

 

How it works?

 

First we have to define a set of constants:

 

<?php

//PROJECT DEFAULTS
define('L2JBR_DIST', "L2JSERVER"); //Wich distribuition?
define('L2JBR_L2VERSION', "Interlude"); //Game Version 

define('L2JBR_SALT', 'change_it_for_something_else'); //This constant will be used to encription and security in the future.



//DATABASE
define('L2JBR_DB_DRIVER', "mysql");
define('L2JBR_DB_HOST', "localhost");
define('L2JBR_DB_PORT', 3306);
define('L2JBR_DB_NAME', "l2jdb");
define('L2JBR_DB_USER', "root");
define('L2JBR_DB_PWD', "");

 

When configuring the application, it will be necessary to tell which version the Models will be used for. The standard model is the L2JSERVER, as it is the base project for 99% of the other projects, and Interlude, which is the most widespread version, which already increases the initial compatibility of the library.

But there you go, you must be asking "okay, but how does it all happen?", See the example below with the Model "Characters" responsible for manipulating a character's data:

 

<?php

$CharactersModel = \L2jBrasil\L2JPHP\ModelFactory::build('Players/Characters');

$CharactersModel->get('ID'); //Get Character by ID
$CharactersModel->update('ID', ["name"=> "Grundor"]); //Update character name given ID
$CharactersModel->ban('ID'); //Apply ban routines for an character
$CharactersModel->all(['name','level'],false,10,'level'); //Get Top 10 characters

//Advanced Example:
$CharactersModel->select(['character.id','account.name'])
    ->join(\L2jBrasil\L2JPHP\ModelFactory::build('Players/Account'))
    ->orderby('level')
    ->limit(100)
    ->query()
    ->FetchAll();

 

The secret is in this "ModelFactory" class. The build method returns the requested model instance, in this case, in the Player/Character namespace. But how does he do it?

It dynamically assembles the class instance based on the configuration of the DIST and L2JBR_L2VERSION and will throw an exception if it does not exist, 

So in the example above the call to "Build" would do the same thing as:

 

<?php

$CharactersModel = \L2jBrasil\L2JPHP\Models\Dist\Interlude\L2JSERVER\Players\Characters();
//...

 

 

Which can be used directly too, without problems, since they are all independent and instantiable classes.
 

Every model will have CRUD ( Create, Read, Update and Delete  in English)   and "listing (all)" operations. In addition, models implement interfaces, these interfaces will ensure that every model, for example "Characters", of all versions, has the same more standard methods (ban, move, changeProfession, changeLevel, cleanPK, etc.), in addition it will be dynamically allowed.

 

In order to maintain compatibility, a class is being developed that will set up the "where" conditions (second parameter of the all method (listing)) so that the conversion of column names is also applied dynamically by a "field map" that mantain compatibility among all diferent databases, so nomore problens with diferent l2j or l2off distribuitions. 

 

Take a look at Characters class

 

 

<?php
/**
 * Copyright (C) 2018 L2JBrasil
 * @autor Leonan Carvalho
 * @license MIT
 */

namespace L2jBrasil\L2JPHP\Models\Dist\Interlude\L2JSERVER\Players;


use L2jBrasil\L2JPHP\Models\AbstractBaseModel;

class Characters extends AbstractBaseModel implements \L2jBrasil\L2JPHP\Models\Interfaces\Players\Characters
{
    protected $_table = 'characters';
    protected $_primary = 'charId';
    protected $_tableMap = [
        "name" => "charName",
        "id" => "charId"
    ];

    public function ban($id)
    {
        // TODO: Implement ban() method.
    }

    public function getOnline()
    {
        $onlineCol = $this->translate('online');
        $where = "{$onlineCol}  = 1";
        return $this->count($where);
    }
}

 

 

 

 

 

 

How can you help?

 

There are several revisions, all of them will need and can be implemented,

  • you can write models compatible with the revisions so that it can be used to expand the compatibility of the applications developed using this framework.
  • You may help bulding websites or tools using these library, tools, painels and more web (php) based applications using this library, to expand its coverage.

 

 

 

 

Technical information

 

Licence: MIT

PHP version supported: 7.0+

Installation method:  composer

Namespace standard: "Autoloading Standard" ( PSR-0 ) (migrating to new PSR-4 since deprecation of PSR-0)

Status: Work in Progress

Repository and Versioning: GIT

Repository link:   https://github.com/L2jBrasil/L2JPHP

 

 

Edited by Grundor
  • Like 1
  • Haha 1
  • 3 weeks later...
  • 1 month later...
Posted
On 10/1/2020 at 12:33 PM, iTopZ said:

sql injection? repeated post requests work or 'fixed'

All transactions are made by PDO, naturally sql-injection proof for most of cases.

 

Is nice to review all code, double-checks is never enougth.

 

https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection

Posted
12 hours ago, iTopZ said:

 

SQL injection protection in most of case are implemented on input layer validation, for example:

 

<?php
$login = "a test or '1='1;";
$result = preg_replace('/[^[:alpha:]_]/', '',$login);
echo $result;

 

The L2JPHP handles the DataLayer its not intent to be a Controller, but some logics can be implemented.

 

The protection on L2JPHP is prepearing every transaction in a single statement, the data is sent in a single transaction, not two transaction, I prefer this way.

 

https://github.com/L2jBrasil/L2JPHP/blob/master/src/L2jBrasil/L2JPHP/Models/AbstractSQL.php#L108

 

If you try to send something like this will trigger an exception:

 

<?php


$dataInput = "grundor';Select * From accounts;"

$sql = "INSERT INTO accounts(login,pwd) VALUES('{$dataInput}','{$pwd}')";

 

 

 

Posted
On 11/7/2020 at 9:16 AM, xdem said:

oh no, please no

?

On 11/7/2020 at 11:49 AM, iTopZ said:

to late.

 

It's a open-source project, feel free to make your contribuition to improve its security.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...