• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 02:34
CEST 08:34
KST 15:34
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins Maestros of the Game 239ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12TL.net Map Contest #22 - Voting & Ladder Map Selection7
Community News
BSL Season 22 Full Overview & Conclusion6BSL Season 22 Full Overview & Conclusion6Weekly Cups (June 29-July 5): Solar Doubles0MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon445.0.16 Hotfix (June 30) - Balance + Bug Fixes40
StarCraft 2
General
5.0.16 patch for SC2 goes live (8 worker start) What is your PC setup in 2026 for SCBW/SC2 ? Serral wins Maestros of the Game 2 Most successful SC2 players of Q2 2026 MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon
Tourneys
RSL Revival: Season 6 - Qualifiers and Main Event GSL CK #5 Race War HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10 Sea Duckling Open (Global, Bronze-Diamond)
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) BW General Discussion ASL22 General Discussion BGH Auto Balance -> http://bghmmr.eu/ BSL Season 22 Full Overview & Conclusion
Tourneys
[ASL22] Wildcard Qualifier IPSL Spring 2026 Top 4! [Megathread] Daily Proleagues CSLAN 4 is Coming!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
General RTS Discussion Thread Summer Games Done Quick 2026! Nintendo Switch Thread Stormgate/Frost Giant Megathread Dawn of War IV
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Anime Discussion Thread Movie Discussion! Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
The Automated Ban List
Blogs
Major Shifts in the Gaming I…
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
StarCraft improvement
iopq
Customize Sidebar...

Website Feedback

Closed Threads



Active: 4295 users

MafiaTools - Page 2

Forum Index > TL Mafia
Post a Reply
Prev 1 2 3 Next All
kushm4sta
Profile Blog Joined July 2011
United States8878 Posts
August 27 2014 21:01 GMT
#21
i dont have a mac
OMGUS.net, kush sex blogs every friday night
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 27 2014 21:02 GMT
#22
On August 28 2014 06:01 kushm4sta wrote:
i dont have a mac


Why did you talk about Mac stuff then? >.>
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
kushm4sta
Profile Blog Joined July 2011
United States8878 Posts
August 27 2014 21:04 GMT
#23
bad experiences with java not on my pc though. Mostly I talked about it because I was bored.
OMGUS.net, kush sex blogs every friday night
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 27 2014 21:08 GMT
#24
Haha k
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 27 2014 21:28 GMT
#25
Professor Apathy's first suggestion has been implemented. Sorry for any possible disturbances in the usage of the website.
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 27 2014 21:30 GMT
#26
(during the implementation of the new version just now, that is)
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
gonzaw
Profile Joined December 2011
Uruguay4911 Posts
Last Edited: 2014-08-28 03:18:26
August 28 2014 02:45 GMT
#27
Cool yo.

Suggestion (it's just small tiny stuff)

When you edit stuff about a player, the "points" thing is a <textarea>.
Change it to <input type="text">, or better yet to the new HTML5 stuff like this:
<input name="points" placeholder="Points" type="number" min="0"></input>

That way you get a better input box to put it (if you use "number" you even some mini buttons to increase it).

EDIT:

2)When you go back to the "Games" menu, or stuff like that, you need to redirect.
For instance, I try to access the next URL to delete a game (by pressing the "Delete" button for instance):
http://t-teesalmi.users.cs.helsinki.fi/MafiaTools/DeleteGame?id=29

However, after the game is deleted, I go back to the "Games" menu, yet the URL is exactly the same (it says "DeleteGame?id=29").
That means that when I hit Refresh, it goes back to that same URL. I.e it tries to delete the game I already deleted, which shows this nice little fella:
java.lang.NullPointerException
Servlets.DeleteGameServlet.processRequest(DeleteGameServlet.java:53)
Servlets.DeleteGameServlet.doGet(DeleteGameServlet.java:89)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)


Use "Redirect" instead of "Forward". I don't remember what you were using, but if you are using servlets and tomcat or stuff, then you did something like this:
request.getRequestDispatcher("games.jsp").forward(request,response);


I think you can use "response.sendRedirect(URL)" or "request.getRequestDispatcher(URL).forward(request,response)", where URL would be the servlet action (maybe "/Games"?)

Here's more info:
http://en.wikipedia.org/wiki/Post/Redirect/Get


3)I tried testing some security stuff. Didn't see entrances for SQL injection, which is good (at least when creating things)

4)You are vulnerable to CSRF requests:
http://en.wikipedia.org/wiki/Cross-site_request_forgery

For example, you have this URL here:
http://t-teesalmi.users.cs.helsinki.fi/MafiaTools/DeleteGame?id=2

Now, if I inadvertently press that link, nothing happens since I don't own a game with id 2 (and it even shows me a nifty "Stop hacking the database!" tag :D ). But imagine that the player that DOES own the game with id 2 clicks that link. It will automatically delete his own game, even when he didn't want to (he just randomly clicked a link).
I could make it more obtrusive than that, for instance by doing something like this:
Free titties! Click Now!
Now your user clicks there thinking of free titties, but inadvertently deletes his game (check the actual URL).

5)It's protected against XSS attacks, good.
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 28 2014 12:27 GMT
#28
That's a lot of stuff :D I'll look into it tonight.
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 28 2014 19:39 GMT
#29
1) Done.

2) Done.

3) Nice to know.

4) How to prevent this? Seems like kind of a niche / not so dangerous thing though You'd require the user to be logged in on his account + knowledge of which id numbers his created games have + lure him to click a link that points to one of those id numbers. I have difficulty imagining anyone pulling all that off...

5) Nice to know.

Thanks for the more technical suggestions
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
gonzaw
Profile Joined December 2011
Uruguay4911 Posts
August 29 2014 14:21 GMT
#30
On August 29 2014 04:39 Xatalos wrote:
4) How to prevent this? Seems like kind of a niche / not so dangerous thing though You'd require the user to be logged in on his account + knowledge of which id numbers his created games have + lure him to click a link that points to one of those id numbers. I have difficulty imagining anyone pulling all that off...


You just need to add random numbers, like adding links with numbers from 1 up to 100, and you can just wait for somebody to open them up.

With today's browser navigation, you can always expect someone to be already logged in, unless you make user's session expire (say, after 10 minutes of no interaction with the web site or something).

Yeah, doubt you'll get anything if you post it as a link in this forum. But there are other ways to do so.
Easy one:

Send every player from TL Mafia an email with this message body:
<img src="http://t-teesalmi.users.cs.helsinki.fi/MafiaTools/DeleteGame?id=2" width="1" height="1" border="0">


Surely all players will regularly check their email. Once the dude that owns game with id "2" reads the email, the browser automatically sends a request to that URL, deleting his game. The user doesnt' even have to press a link.

I mean...if someone wants to fuck up you website he WILL do it. Hackers are resourceful little whippersnappers like that. I guess it's not that important for this "toy" proyect, but it's a good lesson when you make bigger stuff. I mean, you don't want to find out that ALL the games from your website were deleted with such an attack, just because there was a bored dude that checked that site out and wanted to fuck it up.

To prevent it, check the "Prevention" section in the wikipedia article. It's easier if you use a framework that does that automatically for you. If not the easiest is to add that "authentication hidden field" to the form, and send it with the request. Then check it in the server, and if it matches the one that's on the server you delete the game, if not you don't.

Basically, it's like this:
User goes to page "Games", you generate a random value XXYY and send it in the page in a hidden field
User presses button "Delete Game", sending, in the form (or cookies, or even the URL as another parameter), the value XXYY
In the server, you check that the value you get from the request is the same as the one you got (XXYY). If it's the same, you delete the game, if not you send an error.
Now if you just randomly arrive at that link from another place (like the email above), you won't send the correct value token (that gets generated ONLY when you go to the "My Games" page), so you'll never be able to mistakenly delete your own games.
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 29 2014 18:50 GMT
#31
On August 29 2014 23:21 gonzaw wrote:
Show nested quote +
On August 29 2014 04:39 Xatalos wrote:
4) How to prevent this? Seems like kind of a niche / not so dangerous thing though You'd require the user to be logged in on his account + knowledge of which id numbers his created games have + lure him to click a link that points to one of those id numbers. I have difficulty imagining anyone pulling all that off...


You just need to add random numbers, like adding links with numbers from 1 up to 100, and you can just wait for somebody to open them up.

With today's browser navigation, you can always expect someone to be already logged in, unless you make user's session expire (say, after 10 minutes of no interaction with the web site or something).

Yeah, doubt you'll get anything if you post it as a link in this forum. But there are other ways to do so.
Easy one:

Send every player from TL Mafia an email with this message body:
Show nested quote +
<img src="http://t-teesalmi.users.cs.helsinki.fi/MafiaTools/DeleteGame?id=2" width="1" height="1" border="0">


Surely all players will regularly check their email. Once the dude that owns game with id "2" reads the email, the browser automatically sends a request to that URL, deleting his game. The user doesnt' even have to press a link.

I mean...if someone wants to fuck up you website he WILL do it. Hackers are resourceful little whippersnappers like that. I guess it's not that important for this "toy" proyect, but it's a good lesson when you make bigger stuff. I mean, you don't want to find out that ALL the games from your website were deleted with such an attack, just because there was a bored dude that checked that site out and wanted to fuck it up.

To prevent it, check the "Prevention" section in the wikipedia article. It's easier if you use a framework that does that automatically for you. If not the easiest is to add that "authentication hidden field" to the form, and send it with the request. Then check it in the server, and if it matches the one that's on the server you delete the game, if not you don't.

Basically, it's like this:
User goes to page "Games", you generate a random value XXYY and send it in the page in a hidden field
User presses button "Delete Game", sending, in the form (or cookies, or even the URL as another parameter), the value XXYY
In the server, you check that the value you get from the request is the same as the one you got (XXYY). If it's the same, you delete the game, if not you send an error.
Now if you just randomly arrive at that link from another place (like the email above), you won't send the correct value token (that gets generated ONLY when you go to the "My Games" page), so you'll never be able to mistakenly delete your own games.


I guess it's impossible to make my website 100% secure with my current knowledge (if it's even possible for any website since even government/bank websites are hacked into). I'm satisfied if it's hard enough to hack that it can't be just done on any random moment of boredom

I'll look into your suggestion.
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
gonzaw
Profile Joined December 2011
Uruguay4911 Posts
August 30 2014 00:54 GMT
#32
Yeah no problem. Surely you can add more and better stuff to your website instead of wasting time on this. Just keep it in mind if this ever gets big


Here are some suggestions which might be easy to do and could improve it, at least aesthetically:
In the "Game" page, have a little reference that says something like this:
"0 points = Confirmed Scum
1-2 points = Very scummy
3 points = Scummy
4 points = Leaning scum
5 points = Null
6 points = Leaning town
7 points = Townie
8-9 points = Super townie
10 points = Confirmed Town"

Now what you do, is add a little text next to each "score". Whenever a user changes the score of someone else to, say, 7 points, put the "Townie" text next to it, and paint both "Townie" and "7" green. If he changes it to 2, then change the text to "Very scummy" and change both of them to red.
You can have variant shades of red, green, and grey, depending on the points that player has.

It's relatively easy to do (you don't have to change the database, add new pages, etc), but it can increase the usability. Because if not, users will just be looking at a huge blob of numbers and players and won't really understand what's going on, or won't really "feel" their reads coming through this point system. But a simple color system can catch a user's eye more quickly and be more pleasant to the eye
Xatalos
Profile Joined January 2011
Finland9675 Posts
August 30 2014 19:29 GMT
#33
On August 30 2014 09:54 gonzaw wrote:
Yeah no problem. Surely you can add more and better stuff to your website instead of wasting time on this. Just keep it in mind if this ever gets big


Here are some suggestions which might be easy to do and could improve it, at least aesthetically:
In the "Game" page, have a little reference that says something like this:
"0 points = Confirmed Scum
1-2 points = Very scummy
3 points = Scummy
4 points = Leaning scum
5 points = Null
6 points = Leaning town
7 points = Townie
8-9 points = Super townie
10 points = Confirmed Town"

Now what you do, is add a little text next to each "score". Whenever a user changes the score of someone else to, say, 7 points, put the "Townie" text next to it, and paint both "Townie" and "7" green. If he changes it to 2, then change the text to "Very scummy" and change both of them to red.
You can have variant shades of red, green, and grey, depending on the points that player has.

It's relatively easy to do (you don't have to change the database, add new pages, etc), but it can increase the usability. Because if not, users will just be looking at a huge blob of numbers and players and won't really understand what's going on, or won't really "feel" their reads coming through this point system. But a simple color system can catch a user's eye more quickly and be more pleasant to the eye


That's an idea worth considering. However, there's one problem with that: I wouldn't want to limit the usage of the points too much? Different users might want to use the points differently. Well, maybe that would just be more simple, so much so that it would outweigh the disadvantages of losing customization...
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Xatalos
Profile Joined January 2011
Finland9675 Posts
September 01 2014 00:15 GMT
#34
Well, if there are any more suggestions, please post them here / PM me. Not sure if I'll be able to focus that much on this project for the following weeks, since my studies will be starting now, but at least small changes should be doable on a quick schedule. Ultimately I'm not sure if this website is *that* useful compared to just a plain text file / spreadsheet... But perhaps some players will find uses for it
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
The_Templar
Profile Blog Joined January 2011
your Country52798 Posts
Last Edited: 2014-09-03 19:55:51
September 03 2014 19:53 GMT
#35
Hey. I'm trying to register on mafiatools but it's telling me every username I type is already taken. This includes The_Templar, TehTemplar, and The Templar, among other IDs I go by on other forums. There is no way these are all taken. (Some of my usernames also involve random-looking letters or obscure words)

The usernames I have tried are:
The_Templar
TehTemplar
The Templar
Lord Molyb
Lord Molybdenum
GalacticShovel
TemporaryWorker
TemplarTemp
ModeratorI am still alive, somehow
TL+ Member
Blazinghand *
Profile Blog Joined December 2010
United States25561 Posts
September 03 2014 20:09 GMT
#36
oh, sorry, I made a bunch of accounts on it with those names
When you stare into the iCCup, the iCCup stares back.
TL+ Member
The_Templar
Profile Blog Joined January 2011
your Country52798 Posts
September 03 2014 20:17 GMT
#37
On September 04 2014 05:09 Blazinghand wrote:
oh, sorry, I made a bunch of accounts on it with those names

Seems legit.
ModeratorI am still alive, somehow
TL+ Member
Xatalos
Profile Joined January 2011
Finland9675 Posts
September 03 2014 22:41 GMT
#38
On September 04 2014 04:53 The_Templar wrote:
Hey. I'm trying to register on mafiatools but it's telling me every username I type is already taken. This includes The_Templar, TehTemplar, and The Templar, among other IDs I go by on other forums. There is no way these are all taken. (Some of my usernames also involve random-looking letters or obscure words)

The usernames I have tried are:
The_Templar
TehTemplar
The Templar
Lord Molyb
Lord Molybdenum
GalacticShovel
TemporaryWorker
TemplarTemp


Are you sure you're not confusing the alert messages with each other? If it says "The username 'The_Templar' is already in use!" then it's already taken, but if it says something like "User 'testa' has been registered!" then it was successful. Did you try to log in on those accounts? I think you might have just created a bunch of accounts
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Xatalos
Profile Joined January 2011
Finland9675 Posts
September 03 2014 22:43 GMT
#39
I admit the success message might be a bit confusing...
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Xatalos
Profile Joined January 2011
Finland9675 Posts
September 04 2014 16:25 GMT
#40
I searched for the usernames in the database and it looks like you successfully created those accounts. Just try logging in
"The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." - Sun Tzu
Prev 1 2 3 Next All
Please log in or register to reply.
Live Events Refresh
Next event in 4h 26m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
NeuroSwarm 201
Nina 117
StarCraft: Brood War
Rain 5170
GuemChi 3640
Leta 248
Sacsri 108
actioN 106
Bale 33
ZergMaN 13
IntoTheRainbow 9
Icarus 9
League of Legends
JimRising 775
Counter-Strike
summit1g9475
Other Games
m0e_tv548
WinterStarcraft457
ceh963
Sick38
Organizations
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 16 non-featured ]
StarCraft 2
• practicex 37
• intothetv
• AfreecaTV YouTube
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Dota 2
• lizZardDota286
League of Legends
• Rush1377
• Lourlo1259
• Stunt467
• HappyZerGling141
Upcoming Events
GSL
4h 26m
Monday Night Weeklies
9h 26m
Replay Cast
17h 26m
WardiTV Weekly
1d 4h
The PondCast
2 days
Replay Cast
3 days
CrankTV Team League
3 days
Replay Cast
4 days
CrankTV Team League
4 days
Replay Cast
4 days
[ Show More ]
RSL Revival
5 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
5 days
RSL Revival
6 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
6 days
Liquipedia Results

Completed

YSL S3
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.