POSTing JSON data is now supported, since apparently Axios does that by
default: #1160
In addition, error messages should be more informative, for anyone else
trying to write a third-party client.
This doesn't support setting accounts up for Google login: that still
has to be manually done via the database by setting the email field to
`username@gmail.com@`, where the second `@` denotes that it's using
Gmail login.
If the email field does end in `@`, `getassertion` will note this by
sending `;;@gmail`, to convey that the server is expecting a Google
login token rather than a password.
Upon receiving `;;@gmail`, the client will replace the password box will
with a Google login button, and then send the resulting Google login
token to the server in the `password` field. The server will validate
the "password" using the Google server libraries, and otherwise handle
the login as normal.
Note that Google login requires various features that a paranoid person
might disable; most notably 3rd-party cookies.
FixesZarel/Pokemon-Showdown#3394
Prepared statements are much better than manually constructing queries,
but PHP's MySQLi prepared statement syntax sucks.
So does PDO's, but we're abstracting it out so we can make it not suck,
and give it the syntax it should always have had. Which is what this
does.
Yay, finally.
For too long, ntbb-session and ntbb-database have been maintained
outside of this repo, but no longer! All these files are now part of the
repository, making it significantly more self-contained.
If I had to say why it took this long, I think it was mostly inertia. It
was easier leaving them where they were than having to audit them for
private keys in the wrong places, etc.
I'm starting to think of PS more as sim first, website secondary than
the other way around, now. Especially now that we don't have a forum,
the website itself isn't really important... Maybe one day I'll get rid
of the landing page and make the sim itself the first thing you see when
you hit pokemonshowdown.com... but today is not that day!
The repo is still not "batteries-included" since I am not going to teach
anyone how to set up PHP and MySQL or even get the config files working.
But for anyone who wanted their own client, well, it gets a lot easier
to do now.
Allows login server requests from non-matching IPs to go through when
the request is using token auth.
Affects certain request-proxying Node hosts such as c9.
See Zarel/Pokemon-Showdown@d5c622b493
New system is backwards-compatible with old one. This also slightly
refactors some other stuff, for an overall simpler system.
Right now, unregistered servers often get unclear error messages
about why laddering and replay saving doesn't work. This commit
attempts to clarify those error messages.
In addition, servers that make requests from different IPs from
their registered IP didn't have an easy way to fix. Reporting
IPs should make it clearer which IP they need to register.
We now have a rating decay of -1/day at 1400, -2/day at 1450, -3/day
at 1500, etc. This roughly translates to a fall from the top of OU to
the bottom over a month of full inactivity, which is somewhat harsh
considering it's done regardless of inactivity. I might tweak this to
be less harsh later.
There's no rating decay below 1400. People can stay there as long as
they want.
The only other tweak is that K is now 40 at >1300 instead of >1400.
Very very slight tweak so that ratings in the 1300-1500 range are
very very slightly more precise.
We are now attempting to enforce a center at 1100 (tentative, may move
to 1200 later) by increasing points gained for winning and decreasing
points lost for losing below that. This will make a user with equal
wins/losses higher than a user who consistently loses.
The other change is to scale K down at higher ratings. >1400 now uses
K=40, and >1600 uses K=32. This is a really conservative scale, and
we might make it less conservative later.
STAY TUNED!
COMING UP NEXT: rating decay
