H3lp

[TheFoxman]

How to change my ig stats picture settings (tried to find it)

[Martin]

You need to be a VIP to be able to do that.

[TheFoxman]

Ok...

[Ethan]

You need to be an [active] VIP to be able to do that.

fixed it

[Deff]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

[Ethan]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

wait, dont you have to have the VIP active to change your sig because of they way the signature is done?

[Shock]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

wait, dont you have to have the VIP active to change your sig because of they way the signature is done?

Yes you do and there is already a script when u have active vip that lets u customize the individual signature things

[Kake]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

idk what she did but i can create a custom ct signature using her link without vip

u can see my signature below

[Deff]

yeah only VIPs can do it from cvt website, but this one is public, its done from django rest framework, all it needs is player stats like time online, score, etc, which are publically available already on django rest framework or the cvt website, it can get player info easily
If admins don't allow it, i will disable it, no problem.
and it might be buggy as it was a quick script, if someone wants me to improve let me know

[Ethan]

this is awesome, TY Viky/Deff

[CarlJohnson]

yeah only VIPs can do it from cvt website, but this one is public, its done from django rest framework, all it needs is player stats like time online, score, etc, which are publically available already on django rest framework or the cvt website, it can get player info easily
If admins don't allow it, i will disable it, no problem.
and it might be buggy as it was a quick script, if someone wants me to improve let me know

I see your are familiar with Django rest framework, interested in helping us with the website?

[TheFoxman]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

The script is good but i wanted to do a different things like removing  my achievements from my signature but ty anyway

[Kake]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

@viky I think the achievements data is bugged. It is showing that i have 6 achievemnts(I have only 4) and ethan is having 57/17

[Joshy]

or you can try this:
http://cvt.is-great.net/signature/

Just made a quick script when I saw this thread.

@viky I think the achievements data is bugged. It is showing that i have 6 achievemnts(I have only 4) and ethan is having 57/17

@viky player.achievements is an integer field containing a bitwise representation of achievement states.

I know (1 << 0) is artic (1)
And that (1 << 1) is probably dumper (2)

You can check an achievements status by bitwise-ANDing the field against the achievement number, e.g. how to check if i have dumper achievement is:
var hasDumper = player.achievements & (1 << 1) == (1 << 1)
You can count the number of set bits (I.e. number of achievements) by either iterating through all bits and adding them up, or use an algorithm called popcount/Hamming weight. This is the iterative approach:

Code Select Expand

var achCount = 0;
for (var achIndex = 0; achIndex < 18 /*There are 17 achs*/; achIndex++) {
    if (player.achievements & (1 << achIndex) == (1 << achIndex)) {
        achCount++;
    }
}

Idk what the achievement numbers are but if all you're after is the count, the above code should do.

[TheFoxman]

If viky can make a signature that shows 17/17 will be great

[Ethan]

If viky can make a signature that shows 17/17 will be great

for people who actually have 17/17, sure, itd be great.... but since you dont, why ask for it?

[TheFoxman]

If viky can make a signature that shows 17/17 will be great

for people who actually have 17/17, sure, itd be great.... but since you dont, why ask for it?

Well u dont have 17 or 57 but it shows that u have 57 so i want only 17

[Deff]

Thanks for the explanation Joshy
Fixed that way.

[TheFoxman]

Thanks for the explanation Joshy
Fixed that way.

Not surprised

[Ethan]

yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

[Deff]

yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Oh its public, anyone can make signature for anyone. But I have disabled it now. Those who have already made, it will work for them, no one can make/edit signatures now, this can't be authenticated as of now, hence disabled.

[Joshy]

yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Oh its public, anyone can make signature for anyone. But I have disabled it now. Those who have already made, it will work for them, no one can make/edit signatures now, this can't be authenticated as of now, hence disabled.

That's quite unfortunate, it was good to see the API being used by someone other than Mick (CT Android app).

You should suggest API authentication (OAuth2 or something), Django REST framework probably has it built in.

As a short term workaround you could send people unique URLs that only work for their profile via PM, that way in order to make a signature they'll have to PM you and then you make them a URL / token for their account. Idk if it's worth the effort though.

edit: here's how I would do this in PHP (it's been a while since I wrote any PHP, C# ftw) (also this is totally untested) (it's probably not bulletproof and/or cryptographically secure but who cares lol ¯\_(ツ)_/¯):

const SECRET_KEY = "some secret constant string here";

function generate_token($username) {
   return hash_hmac("sha256", $username, SECRET_KEY);
}

// function which is able to verify a MAC for a given username
function verify_token($username, $token) {
    // basically you re-create the MAC for a given username and then verify it against the passed in MAC
    return hash_equals(generate_mac($username), $token); // interesting fact: hash_equals isn't susceptible to timing attacks, however "==" is
}

// to verify a URL
$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
$token = isset($_GET["token"]) ? $_GET["token"] : NULL;

if (empty($username) || empty($token)) {
    echo "kek nice try...";
    return;
}

$isActuallyTheUser = verify_token($username, $token);

if ($isActuallyTheUser) {
    // Do signature stuff
} else {
    // Firewall the user's IP address into oblivion
}

////////////////

// for giving out URLs (put this behind a password or something)
const BASE_URI = "http://cvt.is-great.net/signature/";
// URL generation
function generate_url_with_token($username) {
    $token = generate_token($username);
    return BASE_URI . "?" . http_build_query(array("username" => $username, "token" => $token));
}

$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
if (empty($username)) {
    echo "Good joke viky... srsly";
    return;
}
echo generate_url_with_token($username);


The result I got with that "secret" key and my username is http://cvt.is-great.net/signature/?username=Joshy&token=44939cf6f335a44a6a7acdc09566691d7c5f7bec3c1b321f13dc6f9e64d80ea2

You can use the code at https://repl.it/EmJm/3 to test your environment to make sure it works properly (some web hosting disable hash_hmac for "security" - klol).

[Deff]

Thanks alot joshy! Did it that way.
Now everyone will have a unique URL for editing/making the signature. To get this, they will need to PM me on forum.

[TheFoxman]

yeah, for some odd reason my profile picture I chose changed to some random thing.. I had to change it... maybe becasue of Viky updated it?

Oh its public, anyone can make signature for anyone. But I have disabled it now. Those who have already made, it will work for them, no one can make/edit signatures now, this can't be authenticated as of now, hence disabled.

That's quite unfortunate, it was good to see the API being used by someone other than Mick (CT Android app).

You should suggest API authentication (OAuth2 or something), Django REST framework probably has it built in.

As a short term workaround you could send people unique URLs that only work for their profile via PM, that way in order to make a signature they'll have to PM you and then you make them a URL / token for their account. Idk if it's worth the effort though.

edit: here's how I would do this in PHP (it's been a while since I wrote any PHP, C# ftw) (also this is totally untested) (it's probably not bulletproof and/or cryptographically secure but who cares lol ¯\_(ツ)_/¯):

const SECRET_KEY = "some secret constant string here";

function generate_token($username) {
   return hash_hmac("sha256", $username, SECRET_KEY);
}

// function which is able to verify a MAC for a given username
function verify_token($username, $token) {
    // basically you re-create the MAC for a given username and then verify it against the passed in MAC
    return hash_equals(generate_mac($username), $token); // interesting fact: hash_equals isn't susceptible to timing attacks, however "==" is
}

// to verify a URL
$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
$token = isset($_GET["token"]) ? $_GET["token"] : NULL;

if (empty($username) || empty($token)) {
    echo "kek nice try...";
    return;
}

$isActuallyTheUser = verify_token($username, $token);

if ($isActuallyTheUser) {
    // Do signature stuff
} else {
    // Firewall the user's IP address into oblivion
}

////////////////

// for giving out URLs (put this behind a password or something)
const BASE_URI = "http://cvt.is-great.net/signature/";
// URL generation
function generate_url_with_token($username) {
    $token = generate_token($username);
    return BASE_URI . "?" . http_build_query(array("username" => $username, "token" => $token));
}

$username = isset($_GET["username"]) ? $_GET["username"] : NULL;
if (empty($username)) {
    echo "Good joke viky... srsly";
    return;
}
echo generate_url_with_token($username);


The result I got with that "secret" key and my username is http://cvt.is-great.net/signature/?username=Joshy&token=44939cf6f335a44a6a7acdc09566691d7c5f7bec3c1b321f13dc6f9e64d80ea2

You can use the code at https://repl.it/EmJm/3 to test your environment to make sure it works properly (some web hosting disable hash_hmac for "security" - klol).

Still dont know who created the coding that doesnt make sence at all