firstly i want to say you have made an awesome addon.
below is the dkp system my guild is going to be using in TBC, and i can see how i can use your mod to do 80% of the
system. i just have a few questions forgive me if they are noobish.
i was thinking for setting up 2 pools 1st one as "Loot Points" 2nd as "Attendance Points"
am i able with your mod to reset the pool (loot points) of the winner that recieved the item to 0?
am i able to manually - & + a members pool dkp?
am i able to export database as xml or html?
<snip>
Thanks. :-) To address your questions:
1) You can manually +/- any particular person's DKP by any amount you'd like.
2) You can export the database as CSV, which should be convertable to html/xml fairly easily.
3) To use your loot system with DKPmon/Bidder would require forking the codebase and rewriting some of the points management stuff; it doesn't support anything close to what you've written.
In the couple of months I have between now and when TBC raiding gets going I might try to do a partial rewrite to allow people to write modules for different DKP systems. We'll see if I have the time for it...
thanks for your reply i will be watching to see if you get the time to make us add modules in.
I'm having trouble finding the module for eqdkp export, is it linked someplace? All I could find was the first revision that is posted earlier in this thread. From reading the later posts I gathered there was a new one?
Also, how does one get to the branches svn? Or is that only for devs?
I was hoping to use the module to import my eqdkp data since I have to do this every day it seems. Wish I could get a grasp on LUA. So I could help bring over the native EQDKP export that CTRT has. Just can't get my brain around the LUA thing though.
How do I delete someone from the DB? How do I edit people's points? I must not be doing something right because even saving the LUA it just re writes it.
How do I delete someone from the DB? How do I edit people's points? I must not be doing something right because even saving the LUA it just re writes it.
If you're going to manually edit the savedvariables lua, then you need to exit WoW to do it -- otherwise, as you've discovered, WoW just writes over your changes with what it has stored in-game.
Deleting someone from the DB requires manually editing the savedvariables file, but adding/removing points can be done through the award interface (/dkp award). A fairly full guide to how to use DKPmon, and associated addons, can be found at the web site -- http://dkpmonaddon.googlepages.com
But, the steps are:
1) type: /dkp award -- brings up the award points window
2) click on the text that says "0 players selected from the database" -- this'll bring up a listing of everyone in your database
3) select the players you want to add/remove points to/from.
4) check the checkbox to the right of "DB:"
5) Select the points pool you want to award points to by clicking the the "Pool: ..." text.
6) Enter the # of points (can be negative) in the box
7) Click "award custom"
I'm having trouble finding the module for eqdkp export, is it linked someplace? All I could find was the first revision that is posted earlier in this thread. From reading the later posts I gathered there was a new one?
Also, how does one get to the branches svn? Or is that only for devs?
I was hoping to use the module to import my eqdkp data since I have to do this every day it seems. Wish I could get a grasp on LUA. So I could help bring over the native EQDKP export that CTRT has. Just can't get my brain around the LUA thing though.
Dahn was working on the eqDKP stuff; I'm not sure what he's done with it, though.
My issue is really just about the security of DKPmon. I know the website said that ANYONE who has the DKPmon addon rather than Bidder can edit the database, but that just seems very iffy to me and the rest of the leaders in my guild. I don't think we can trust anyone to just use Bidder and not dick around with the tables...
The key is the password for your DKP broadcast. This is what you need to keep totally secret, known only to the trusted members of your guild who are going to actually be running bids. The less people the better really.
Also I'm not sure if you know but the only thing that is really at risk is your points database. This is what is broadcast with the /dkp bcast command. It's also the only thing people can mess up. If someone without authority does a /dkp bcast it will overwrite everyone who uses DKPmon and thus blow your points out of the water.
As far as the item values and raid values and what not, they are safe. Those values are not broadcast by /dkp bcast. So really all you have to watch out for is someone who might be stupid enough to try to run a bid, with their own item values and such. That would be pretty obvious to any officer because it will say who is starting the bid in the chat box.
Then you just Gkick that fool, and move on.
For myself I never talk about DKPmon to the guild. Only the officers are informed of it and only 3 of them know the broadcast password.
The key is the password for your DKP broadcast. This is what you need to keep totally secret, known only to the trusted members of your guild who are going to actually be running bids. The less people the better really.
Also I'm not sure if you know but the only thing that is really at risk is your points database. This is what is broadcast with the /dkp bcast command. It's also the only thing people can mess up. If someone without authority does a /dkp bcast it will overwrite everyone who uses DKPmon and thus blow your points out of the water.
As far as the item values and raid values and what not, they are safe. Those values are not broadcast by /dkp bcast. So really all you have to watch out for is someone who might be stupid enough to try to run a bid, with their own item values and such. That would be pretty obvious to any officer because it will say who is starting the bid in the chat box.
Then you just Gkick that fool, and move on.
For myself I never talk about DKPmon to the guild. Only the officers are informed of it and only 3 of them know the broadcast password.
As an addendum to Alaros' post, "hiding" DKPmon is also an excellent way to protect your points database. That is to say, inform your guild to download Bidder, and that is the only mod they need. When you broadcast your points database, see who responds. If you see a name that should not belong tell that person to uninstall DKPmon, as they don't need it. It probably won't be necessary to say "omfg uninstall that you can hack our points with that," just let them know that they will never use it (and that they won't get re-invited to raids until it is gone). In my experience, 30% of the people will download both DKPmon and Bidder, because they see both of them. And should you see someone that does have the DKPmon, don't change your password until you are sure they have uninstalled it. No sense in them receiving another needless broadcast.
I wasn't even aware that there was a password function. What exactly is it that's being passworded?
Because if the risk is if someone without the current DKP points broadcasts it'll erase everyone who does have the points database, is there no confirmation needed on my end before accepting that blank database?
EDIT: The reason I'm trying to make sure is because I have to convince my other officers that there's not going to be any risk of people screwing around. Even being able to check and make sure that they aren't running DKPmon wouldn't be enough if they could wipe a database before we get them to uninstall it.
My issue is really just about the security of DKPmon. I know the website said that ANYONE who has the DKPmon addon rather than Bidder can edit the database, but that just seems very iffy to me and the rest of the leaders in my guild. I don't think we can trust anyone to just use Bidder and not dick around with the tables...
To reiterate, and add to, what Alaros & Piett have already said. The DKPmon password combined with DKPmon printing a message to your chatlog when someone does/receives a broadcast are your security features.
1) Tell only those officers that are supposed to be running DKPmon the password.
2) When you do a "/dkp bcast" in raid watch for a message from anyone that shouldn't be running DKPmon; the way DKPmon is coded, even if someone else is running DKPmon they'll be ignored unless they have the same password set as you.
3) If someone who shouldn't be running DKPmon has somehow managed to acquire your password, then your database isn't toast unless the people who are supposed to be running DKPmon are boneheads. To prevent any changes that the person who acquired the password might have manually made to the points, you need to:
a) Boot the person from the raid, and maybe even the guild -- there's no good reason for them to have that password, so you can safely assume that they acquired it with malicious intent.
b) Have all who should be running DKPmon alt-f4 from WoW (this will prevent your current in-game database from being writen to the SavedVariables file).
c) Log back in and change the password.
d) If even one person who -should- be running DKPmon doesn't follow these steps, you might be in trouble -- which is why you don't allow boneheads to run DKPmon with the correct password. ;)
Additionally, to avoid potentially losing an entire raid-night's worth of points updates at least one person should "/console reloadui" after every loot distribution -- of course, only do this if you didn't have to kick a malicious raid member who guessed the password. This'll save your in-game points database to your DKPmon SavedVariables file.
-Eraslin
edit: To clarify, the "password" is essentially a key that's sent with every points broadcast. If the password of a broadcast doesn't match what you've set your password to, then the broadcast is ignored.
edit2: The password functionality is briefly mentioned in the "Full List of Console Commands" section on the DKPmon web site (/dkp password <X>).
Another option is doing a little work with the chat frame, to send the database sync in officer channel only instead of the MOD channel, or combine those 2 concepts
Alright, that's put my concerns at rest. Thanks guys.
And I know it may have been mentioned already in this thread and I might have just missed it, but A) Can DKPmon be used without using Bidder, simply to assign DKP easily when an event occurs and B) How easy would it be to export all that back and forth between eqDKP and DKPmon?
Alright, that's put my concerns at rest. Thanks guys.
And I know it may have been mentioned already in this thread and I might have just missed it, but A) Can DKPmon be used without using Bidder, simply to assign DKP easily when an event occurs and B) How easy would it be to export all that back and forth between eqDKP and DKPmon?
DKPmon doesn't actually support eqDKP; though, I'm really starting to think more and more that it should. You can export your database in a CSV format (which I'm told can be imported to eqDKP with a little fiddling), and import from a CSV format (via DKPmonInit).
If someone's willing to do a little leg work for me, I can look more in-depth into having DKPmon natively support eqDKP. What I need are docs -- grammars for what the import/export files for eqDKP look like (maybe even some example files for WoW), what sorts of information is tracked by eqDKP (what are the events -- mob kills, item drops, other), how the information is tracked, etc. I just don't have a clue where to find the documentation for all that, nor do I have a tonne of time to try to track it all down. ;)
So, if someone more in the know can find out all that information for me, and provide a list of urls/documents I'd be able to assess how doable it'd be.
for further concerns with data security, i wrote an implmentation of RC4 encryption in lua, ill try to get it packaged up over the weekend as a mixin so sync data can be encrypted before being sent, so IF someone snooping doesnt have the password, they can do squat with the data. As long as just your officer have the password data is secure from most, someone with lots of time on their hands could attack the encrypted text to get the password back out, but it would take a good chuck of time, .. im still working on secodndary key encryption so its not useful at all
I have checked my little library works in live wow and on the test realm. Ill make a project for it today and try to have it done and tested by tonight
The PHP folder has the eqDKP file to export the data. It's a first pass script as it won't do any more sophisticated SQL queries to merge multiple databases (I'll work on it for the next revision after some testing/feedback).
thanks for your reply i will be watching to see if you get the time to make us add modules in.
/salute
Also, how does one get to the branches svn? Or is that only for devs?
I was hoping to use the module to import my eqdkp data since I have to do this every day it seems. Wish I could get a grasp on LUA. So I could help bring over the native EQDKP export that CTRT has. Just can't get my brain around the LUA thing though.
How do I delete someone from the DB? How do I edit people's points? I must not be doing something right because even saving the LUA it just re writes it.
If you're going to manually edit the savedvariables lua, then you need to exit WoW to do it -- otherwise, as you've discovered, WoW just writes over your changes with what it has stored in-game.
Deleting someone from the DB requires manually editing the savedvariables file, but adding/removing points can be done through the award interface (/dkp award). A fairly full guide to how to use DKPmon, and associated addons, can be found at the web site -- http://dkpmonaddon.googlepages.com
But, the steps are:
1) type: /dkp award -- brings up the award points window
2) click on the text that says "0 players selected from the database" -- this'll bring up a listing of everyone in your database
3) select the players you want to add/remove points to/from.
4) check the checkbox to the right of "DB:"
5) Select the points pool you want to award points to by clicking the the "Pool: ..." text.
6) Enter the # of points (can be negative) in the box
7) Click "award custom"
-Eraslin
Dahn was working on the eqDKP stuff; I'm not sure what he's done with it, though.
Also I'm not sure if you know but the only thing that is really at risk is your points database. This is what is broadcast with the /dkp bcast command. It's also the only thing people can mess up. If someone without authority does a /dkp bcast it will overwrite everyone who uses DKPmon and thus blow your points out of the water.
As far as the item values and raid values and what not, they are safe. Those values are not broadcast by /dkp bcast. So really all you have to watch out for is someone who might be stupid enough to try to run a bid, with their own item values and such. That would be pretty obvious to any officer because it will say who is starting the bid in the chat box.
Then you just Gkick that fool, and move on.
For myself I never talk about DKPmon to the guild. Only the officers are informed of it and only 3 of them know the broadcast password.
As an addendum to Alaros' post, "hiding" DKPmon is also an excellent way to protect your points database. That is to say, inform your guild to download Bidder, and that is the only mod they need. When you broadcast your points database, see who responds. If you see a name that should not belong tell that person to uninstall DKPmon, as they don't need it. It probably won't be necessary to say "omfg uninstall that you can hack our points with that," just let them know that they will never use it (and that they won't get re-invited to raids until it is gone). In my experience, 30% of the people will download both DKPmon and Bidder, because they see both of them. And should you see someone that does have the DKPmon, don't change your password until you are sure they have uninstalled it. No sense in them receiving another needless broadcast.
Because if the risk is if someone without the current DKP points broadcasts it'll erase everyone who does have the points database, is there no confirmation needed on my end before accepting that blank database?
EDIT: The reason I'm trying to make sure is because I have to convince my other officers that there's not going to be any risk of people screwing around. Even being able to check and make sure that they aren't running DKPmon wouldn't be enough if they could wipe a database before we get them to uninstall it.
To reiterate, and add to, what Alaros & Piett have already said. The DKPmon password combined with DKPmon printing a message to your chatlog when someone does/receives a broadcast are your security features.
1) Tell only those officers that are supposed to be running DKPmon the password.
2) When you do a "/dkp bcast" in raid watch for a message from anyone that shouldn't be running DKPmon; the way DKPmon is coded, even if someone else is running DKPmon they'll be ignored unless they have the same password set as you.
3) If someone who shouldn't be running DKPmon has somehow managed to acquire your password, then your database isn't toast unless the people who are supposed to be running DKPmon are boneheads. To prevent any changes that the person who acquired the password might have manually made to the points, you need to:
a) Boot the person from the raid, and maybe even the guild -- there's no good reason for them to have that password, so you can safely assume that they acquired it with malicious intent.
b) Have all who should be running DKPmon alt-f4 from WoW (this will prevent your current in-game database from being writen to the SavedVariables file).
c) Log back in and change the password.
d) If even one person who -should- be running DKPmon doesn't follow these steps, you might be in trouble -- which is why you don't allow boneheads to run DKPmon with the correct password. ;)
Additionally, to avoid potentially losing an entire raid-night's worth of points updates at least one person should "/console reloadui" after every loot distribution -- of course, only do this if you didn't have to kick a malicious raid member who guessed the password. This'll save your in-game points database to your DKPmon SavedVariables file.
-Eraslin
edit: To clarify, the "password" is essentially a key that's sent with every points broadcast. If the password of a broadcast doesn't match what you've set your password to, then the broadcast is ignored.
edit2: The password functionality is briefly mentioned in the "Full List of Console Commands" section on the DKPmon web site (/dkp password <X>).
And I know it may have been mentioned already in this thread and I might have just missed it, but A) Can DKPmon be used without using Bidder, simply to assign DKP easily when an event occurs and B) How easy would it be to export all that back and forth between eqDKP and DKPmon?
DKPmon doesn't actually support eqDKP; though, I'm really starting to think more and more that it should. You can export your database in a CSV format (which I'm told can be imported to eqDKP with a little fiddling), and import from a CSV format (via DKPmonInit).
If someone's willing to do a little leg work for me, I can look more in-depth into having DKPmon natively support eqDKP. What I need are docs -- grammars for what the import/export files for eqDKP look like (maybe even some example files for WoW), what sorts of information is tracked by eqDKP (what are the events -- mob kills, item drops, other), how the information is tracked, etc. I just don't have a clue where to find the documentation for all that, nor do I have a tonne of time to try to track it all down. ;)
So, if someone more in the know can find out all that information for me, and provide a list of urls/documents I'd be able to assess how doable it'd be.
-Eraslin
As soon as it's working, my branch will go in. The path will be http://svn.wowace.com/wowace/branches/DKPmonInit/dahn/DKPmonInit/
The PHP folder has the eqDKP file to export the data. It's a first pass script as it won't do any more sophisticated SQL queries to merge multiple databases (I'll work on it for the next revision after some testing/feedback).
Crypotlib is a facade for crypto libraries, you can use it and add rc4 to your project or just rc4 itself. Ill be adding wiki pages tonight sometime