Prepared statements are much better than manually constructing queries,
but PHP's MySQLi prepared statement syntax sucks.
So does PDO's, but we're abstracting it out so we can make it not suck,
and give it the syntax it should always have had. Which is what this
does.
Yay, finally.
For too long, ntbb-session and ntbb-database have been maintained
outside of this repo, but no longer! All these files are now part of the
repository, making it significantly more self-contained.
If I had to say why it took this long, I think it was mostly inertia. It
was easier leaving them where they were than having to audit them for
private keys in the wrong places, etc.
I'm starting to think of PS more as sim first, website secondary than
the other way around, now. Especially now that we don't have a forum,
the website itself isn't really important... Maybe one day I'll get rid
of the landing page and make the sim itself the first thing you see when
you hit pokemonshowdown.com... but today is not that day!
The repo is still not "batteries-included" since I am not going to teach
anyone how to set up PHP and MySQL or even get the config files working.
But for anyone who wanted their own client, well, it gets a lot easier
to do now.
Allows login server requests from non-matching IPs to go through when
the request is using token auth.
Affects certain request-proxying Node hosts such as c9.
See Zarel/Pokemon-Showdown@d5c622b493
New system is backwards-compatible with old one. This also slightly
refactors some other stuff, for an overall simpler system.
Right now, unregistered servers often get unclear error messages
about why laddering and replay saving doesn't work. This commit
attempts to clarify those error messages.
In addition, servers that make requests from different IPs from
their registered IP didn't have an easy way to fix. Reporting
IPs should make it clearer which IP they need to register.
We now have a rating decay of -1/day at 1400, -2/day at 1450, -3/day
at 1500, etc. This roughly translates to a fall from the top of OU to
the bottom over a month of full inactivity, which is somewhat harsh
considering it's done regardless of inactivity. I might tweak this to
be less harsh later.
There's no rating decay below 1400. People can stay there as long as
they want.
The only other tweak is that K is now 40 at >1300 instead of >1400.
Very very slight tweak so that ratings in the 1300-1500 range are
very very slightly more precise.
We are now attempting to enforce a center at 1100 (tentative, may move
to 1200 later) by increasing points gained for winning and decreasing
points lost for losing below that. This will make a user with equal
wins/losses higher than a user who consistently loses.
The other change is to scale K down at higher ratings. >1400 now uses
K=40, and >1600 uses K=32. This is a really conservative scale, and
we might make it less conservative later.
STAY TUNED!
COMING UP NEXT: rating decay
This drops support for the pre-challenge-response authentication scheme
(i.e. the scheme in use before Zarel/Pokemon-Showdown@7dbd8cfec5 on
February 8, 2013), and, by doing so, simplifies quite a bit of the
authentication code.
In particular, it is no longer necessary to make any database queries in
index.php, which reduces our database use significantly and also moves us
closer to the goal of the index page being static HTML.
Previously, a bug prevented a replay from being re-uploaded if the
first replay upload failed, or if the battle continued after a
replay was uploaded. This has been fixed.
The replay upload system should be a lot less brittle now. Errors
should be rarer, and when they do happen, the error message will
be clearer.
For instance, 'hash mismatch' will happen much less often, and
when it does happen it will give the message: "Someone else is already
uploading a replay. Try again in five seconds."
This moves most of the logic of action.php into a separate file
lib/dispatcher.lib.php and separates the actions into ladder-related
actions and non-ladder-related actions. This is intended to make it
possible to have a second action.php that handlers only ladder-related
actions, which can run on the main server computer and allow
that computer to make HTTP requests to `localhost`, which should
help reduce ladder errors.
