PEMapModder · March 13, 2016 11:01 · Mar 13, 2016 · Mar 12, 2016
diff --git a/auth-protocol.md b/auth-protocol.md
@@ -12,3 +12,5 @@ When player joins the server:
   * If player is not registered: `NOTFOUND`.
     * If server forces the player to register first, kick the player with a message: `Join server at example.com port 19132 to register your account`.
     * If server doesn't force the player to register first, do nothing.
+
+Lines are delimited with the `\n` byte.
diff --git a/auth-protocol.md b/auth-protocol.md
@@ -0,0 +1,14 @@
+Before player logs in, player visits a website or tells the app to notify the database that he is going to join this server. Database logs his IP address.
+
+When player joins the server:
+* Server opens a TCP client-socket to the database server-socket.
+* Server sends a string that identifies which server the data are from.
+* If identified, database responds with a secret token (secret between database and that specific server) that confirms that the database is valid.
+* If server finds the token correct, it sends a batch of username and other relevant information of the player (e.g. IP address) to the database, using the JSON syntax.
+* Database responds with a line like this:
+  * If player is using the correct IP address and enables IP auth: `SUCCESS <message to send to player>`. Server should send the message as-is.
+  * If player is disables IP auth: `NEEDPASS <message to send to player>`. Server should send the message as-is. Then, server should wait for client to send a temp token.
+    * After player enters a temp token, server forwards the token to database: `PASS <temp token>`. Server should satinize the temp token to make sure that it does not contain `\n` (security vulnerability).
+  * If player is not registered: `NOTFOUND`.
+    * If server forces the player to register first, kick the player with a message: `Join server at example.com port 19132 to register your account`.
+    * If server doesn't force the player to register first, do nothing.