Rss
Blog
Posted by Germain on 13 Sep 2012 /
51 Comments
Sep
13
2012
51Hello!
Most of you might have noticed that you received a new email yesterday or this morning about user account registration. This is the result of an ongoing process that started the day our Kickstarter ended. For those of you who are not interested in reading the whole thing, here’s the short version:
Basically, Paypal gave us an ultimatum. We had 20 days to deliver the product some of you pre-ordered via our Paypal widget. It is part of their terms of use, and they would force us to refund everyone if we didn’t go through with the transaction.
The problem is that we can only send you the game (or the prototype) when it is ready, not a day before that. Instead of selling you the game, we offered you the chance to subscribe to our alpha/beta test early. This includes registration to our newsletter, input on the game’s early development and access to a prototype version of the game and/or the beta version. This is not a pre-order, just a subscription.
Of course, this makes no difference on your side, you’ll get the prototype and/or the beta as planned. But for Paypal, they need assurance that we will deliver our product, and they need it fast. This is why we rushed this part: we had to create a user account database and a subscription system as soon as possible so we could get your usernames and passwords. Only then would Paypal be satisfied that we delivered something.
Most of this task was handled by Thierry, our newest team member, and KsaRedFx (aka. Red) from CastleStoryOnline.com. Here’s what they have to say about the process:
Thierry:
I have to thank KsaRedFx who offered a lot of his spare time to help us out in the
whole process described below. THANK YOU!here what we had to do:
Get the castlestory.net domain
The bank transfer took time since it was an international payment, but the guy who owned the domain was nice enough to do all the redirection when we needed it the most, even if he hadn’t yet received the payment.
Create a secure system to save and encrypt the passwords
We have never really worked on encryption before, so it is a rather new discipline for us. We successfully established a secure database for all your personal data, so you can be certain that things are in good hands.
Create a whole new website
We had to put something so you could register your username and password. We had something done the day before we were launching the whole process but we received a lot of complaints saying that the website didn’t look official enough and they were scared it was a scam so we had to redesign the whole thing. We plan on working with a design studio to create a whole template that will be only for the Castle Story website. Creating a website may seem easy but it’s not. Not with that amount of data. We had to create a database that will work with our game for the authentication on multiplayer and that same database is linked to the website that had to be secured.
Importing the data
God, that was a complete mess! Kickstarter has its own way to do it and Paypal too, so we had to manage a way to combine those databases together. Plus, there is some people who got their subscription on Kickstarter and when the Paypal session opened they got multiple ones on that platform too. We had to handle some refunds as well… so yeah, we finally managed to merge the two databases together, but it was complete hell.
Sending email and launching the whole process
Sending 30,000 emails at the same time is impossible by default. Our server lets us send, I think, 100 emails per hour and that’s it. So we had to connect to a system that will allow us to send a much bigger amount without being accused of spamming. So it is not that complicated, but like everything else, when you’ve never done something, you have to learn it first. The script we launched yesterday generated a unique token for every user and sent that token via the email you received in your mailbox. Our email service worked for 5 hours straight, sending thousands upon thousands of emails while we monitored it carefully in case it crashed.
You have questions, we have some answers!
What about the Credit Island names, are they the same as the username I just chose?
No, they are not. Every backer will have a form to fill about that later. The username you registered yesterday is your account username that will be needed for connecting to multiplayer and updating your client.
I bought a package of 2 prototypes and/or 2 betas, what about the second username?
The first prototype you bought includes the beta and is linked to your account, the second one is considered as a gift and you will be able to send that gift to another player. The reason you cannot do it now is because we need to discuss with our distributor about the best way to do it. There is something like 3 ways to do it properly, but we have to choose the one that’s perfect for our situation.
I didn’t receive an email? What should I do?
First, don’t panic, look into your spambox, even if we used a system that allows us to send a large amount of emails at the same time, it is possible that some of them are considered as spam. If not, go to www.castlestory.net and request an email from us.
Can I change my username and/or email address?
You cannot do it right now, our system isn’t developed enough to allow it. We’re working on it, so give us a little time and we’ll get back to you on this subject.
51 Comments for Newsletter and User Account Registration
Mako
8 months ago
Sweet, this is awesome, I hope the prototype comes soon-ish, Envy is killing me
Daniel
8 months ago
I hope by “encrypt the passwords” you really meant “salted and hashed.” Otherwise you should look into doing that and I should go change my password…
Sincerely,
Someone who’s made that same mistake
Germain
8 months ago
Yes we’ve read that recent ARS technica article about proper security. We have two members of our team that are ex-hackers, so we’re on it. ;)
Sebastian
8 months ago
Something like phpass for PHP or jBCrypt for Java would be enough to use if you do not want to mess with the details of using blowfish for hashing.
Steve A
8 months ago
congrats on the new account system, and for making an offering to the PayPal gods… ;)
here’s hoping you can relieve some of that stress, and get back to what you really enjoy…
have fun!
Yellowmooseman
8 months ago
Wow you guy at Souropod have been working sooo hard! I hope this will pay off HUGE for you guys. You totally deserve it :)
LittleMikey
8 months ago
Signed up! Can’t wait to see this game!
Hopefully Paypal don’t screw you guys over, I have been reading quite a few shock stories from them lately, and I don’t want anything to happen to the awesome guys at Sauropod. I also really loved your “Hugs” video, pity I’m from Australia and doubt I will be able to hug any of you any time soon :(
Keep up the great work!
-LittleMikey
Daniel
8 months ago
Hopefully with PAX coming to Australia next year, we will see indie studios coming as well :)
Keep up the good work sauropod!
Daniel.
adam
8 months ago
Im guessing its 2 late 2 sign up for the beta?
Doktor J
8 months ago
At the moment, yes. The prototype is probably done entirely (so you won’t be able to get your hands on that); however, there is lots of speculation that they might allow people to buy into the beta some time after the prototype is released… so stay tuned!
Collin
8 months ago
Actually, the prototype is not done yet.
As they have mentioned before, They are building it right now in order to enter it in an indie game convention contest.
It will be dispersed to us backers in late October (as they said in update #2)
However, you are right in saying that it is likely that they will open up a second change to join as a beta tester when the designers are ready.
I look forward to this interest project.
Beta bug detection activate!
Rob (BlueDagger)
8 months ago
Through, honest, and in depth updates like this is why I have ao much fairh in you guys delivering a great game and future great games. From day one tou have been complete open with what is goin on behind the scenes amd that means a lot to me. Keep up the completely fantastic work on all fronts!
Big Ben
8 months ago
inb4where’sthegame
inb4zomgtellmeaboutwhatisinthegamealready
jussayin
Seriously, nice job guys! You got that to me even faster then I expected!
BigMike
8 months ago
Awesome just awesome guys not more to say !
Johannes
8 months ago
Hey i didnt receive any email and on castlestory.net it sais email not found when i put in my emailadress.
What should i do? did something maybe go wrong with my donation? please help!!
Carpish
8 months ago
Make sure it’s the same email address as you used for your Paypal or Kickstarter (whichever you used to fund it). ;)
Jodern
8 months ago
I pledged to castle story on both paypal and kickstarter using the same email, but I have only received one registration email..
Vyker
8 months ago
This is why I adore Sauropod, they are upfront and honest about everything they do. Instead of Mainstream company’s like EA and Ubisfot, who when asked about anything, just tell you to shutup and wait, then release the game at any time they like without saying a word. You guys on the other hand, ask us politely to wait, then you come back witnan update tellings us everything you have being doing, just to keep the lions at bay! Great work guys, know this title will not be your last :D
Dechi
8 months ago
Yay! Love you guys… :D I hope you get the gifting thing running soon… :) I’m waiting with patience… hoping noone will snatch away my accountname… D:
Psychyn
8 months ago
Progress, for those still alive! .. The rest died from the sheer awesomeness of this game.
8 months ago
Actually a lot died from natural causes due to the length of the wait.
Oliver
8 months ago
I cant wait till i get the prototype i been follow you souropadstudio for a year now
i hope i will be able to revice the email.
Chris
8 months ago
The fact that the only visible form at castlestory.net is susceptible to xss attacks doesn’t give me great confidence in your security.
Chris
8 months ago
I also didn’t realize we were signing up for a Minecraft server…
http://castlestory.net:9321
http://castlestory.net:8889
Or a SHOUTcast server… (with the default admin password)
Are you guys positive that this is a secure system? o.O Because I have my doubts…
Menekis
8 months ago
for the time we are on red servers until we found what is the best for us. We are looking for a good server dedicated for our game but for the moment we had to take something very fast and that is why we made that choice. We could take the same server that we have for sauropodstudio but it would have been less secure. My quest this week is to find something for castlestory.net and setting it up :) .
Doktor J
8 months ago
Got any examples of this alleged vulnerability? I’m fairly certain any and all form input is sanitized…
Chris
8 months ago
It’s xss 101… Submit alert(‘hello’); in the text field…
Chris
8 months ago
Of course, that isn’t of any great consequence right now, but the moment users are able to do anything else at castlestory.net, it’ll be a big deal. In addition, castlestory.net sharing a box with a Minecraft server, SHOUTcast server, qBittorrent client, and a dozen other applications is just begging for trouble.
Chris
8 months ago
Okay my previous reply looks like it was hit with a strip_tags() or something. But put script tags or any type of html in the text box and you’ll see what I mean.
Argoyne
8 months ago
The password system seems to have issues with symbols I was using a PW generator so I can’t say if its one specific thing, the only common thing is brackets () all the passwords I tried that failed had either open or closing brackets. After the first fail I copied the list of characters from the site so it should be right.
jesse
8 months ago
I am confused about the double beta/prototype thing. My friend bought the double so we can each have a copy and save $5. I dont understand what they are saying about it. Simplify it for me so I can understand
Menekis
8 months ago
it’s simply mean that when the gift shop is ready, your friend will be able to send you an email that will allow you to claim the prototype and beta.
John
8 months ago
Sweet!
Wait, so you have a deadline or else everyone gets a refund and **** happens?
That sucks.
Unless it means you crank out the prototype earlier XD kidding, hope you make it.
Nagadak
8 months ago
Sell me your extra account on ebay!!!
Kratons
8 months ago
Hello,
I have a question!
I and my Brother have both buy the game over the paypal acc. of my father!
and now the e mail, I get was telling i must use the e-mail to indentify.
can i and my brother have the same e-mail addres in registration?
and good luck with the paypal guys,
hope realy they dont make it bad.
Doktor J
8 months ago
I believe that you will only be able to specify one name initially, and when the “gift” registration opens you will be able to use that to specify the second. So get to flipping a coin to see who goes first (or let whoever’s got the more common name go first!)
Rotem
8 months ago
I have a little problem. In the site where I needed to register my username EXACTLY like my kickstarter username, I wrote a different one because I thought it was my ingame name for good, so…. yeah… Does the user authentication system works on usernames or emails?
Rotem
8 months ago
Stupid me… I need the same email, not the same username >.< Nevermind then.
Keep doing an awesome job! And good luck with all the mess you have right now :D
Sirnaut
8 months ago
I’m glad I checked in and saw this you made my week.
Eric Phy
8 months ago
I have just discovered all of this, and have reviewed everything…this game looks awesome! And, unfortunately, I don’t get excited about too many games anymore.
I hope you open the beta up to some more people, and if not, obviously I can’t wait to get my hands on the game itself!
Lev Kucha
8 months ago
The thing you are making is just awesome and I cant realy wait for it ;)
I was playing around 7 different games like minecraft/SC2/DK2 etc but as soon as I saw the first gameplay show around half a year or more, I just cant stop thinking of what I am going to build and when it gone a weak before Kick Starter than a month before it ends and than dunno how long until done I just feel quite in a mood to try n hit my head to the wall to get that game :)
I dont realy need magic or something-the early alfa with no fighting mobsters equipment etc will do it because of the gameplay where you can build a castle of any shape you want and it is the thing of your game.I realy think that if you would post somewhat around a alfa test version with realy low possibilities and no saves possible to get ppl want a full version you would make a big thing to people who cant think of anything else to play.
Yrots Eltsac
8 months ago
Say hello to Yrots Eltsac.
Rob
8 months ago
Hello! ;)
Joebass
8 months ago
Hey Sauropod, je pense que vous devriez rectifier quelques trucs dans le Q&A sessions:
” Monsters aren’t implemented yet, but they’re an important part of our lore.”
“To be able to “slice” in the terrainand see what’s inside is a really difficult system to build. We’ve been working on it for more than a year and its not ready yet.”
etc…
vous avez pas mal progressés depuis que vous avez rédigé ca, évidemment.
j’attends avec impatience le prototype! ;)
m1n1m3
8 months ago
anyone know if there’s gonna be mod support?
Dev diary number twenty four : back in the routine ‹ Sauropod Studio
8 months ago
[...] you’re curious though, you can read last’s Tuesday’s blog; it answers a few questions about registering and the user [...]
Matthew
8 months ago
I didn’t get an Email and the link says I might not be in the system yet…. im still kinda scared since it has been days. If you could help that would mean a lot
damien
8 months ago
and by “Salted and Hashed,” I hope you mean potatoes =)
Bricktrons of Castle Story » » Dev diary number twenty four : back in the routine
6 months ago
[...] you’re curious though, you can read last’s Tuesday’s blog; it answers a few questions about registering and the user [...]
Mako
8 months ago
Sweet, this is awesome, I hope the prototype comes soon-ish, Envy is killing me
Daniel
8 months ago
I hope by “encrypt the passwords” you really meant “salted and hashed.” Otherwise you should look into doing that and I should go change my password…
Sincerely,
Someone who’s made that same mistake
Germain
8 months ago
Yes we’ve read that recent ARS technica article about proper security. We have two members of our team that are ex-hackers, so we’re on it. ;)
Sebastian
8 months ago
Something like phpass for PHP or jBCrypt for Java would be enough to use if you do not want to mess with the details of using blowfish for hashing.
Steve A
8 months ago
congrats on the new account system, and for making an offering to the PayPal gods… ;)
here’s hoping you can relieve some of that stress, and get back to what you really enjoy…
have fun!
Yellowmooseman
8 months ago
Wow you guy at Souropod have been working sooo hard! I hope this will pay off HUGE for you guys. You totally deserve it :)
LittleMikey
8 months ago
Signed up! Can’t wait to see this game!
Hopefully Paypal don’t screw you guys over, I have been reading quite a few shock stories from them lately, and I don’t want anything to happen to the awesome guys at Sauropod. I also really loved your “Hugs” video, pity I’m from Australia and doubt I will be able to hug any of you any time soon :(
Keep up the great work!
-LittleMikey
Daniel
8 months ago
Hopefully with PAX coming to Australia next year, we will see indie studios coming as well :)
Keep up the good work sauropod!
Daniel.
adam
8 months ago
Im guessing its 2 late 2 sign up for the beta?
Doktor J
8 months ago
At the moment, yes. The prototype is probably done entirely (so you won’t be able to get your hands on that); however, there is lots of speculation that they might allow people to buy into the beta some time after the prototype is released… so stay tuned!
Collin
8 months ago
Actually, the prototype is not done yet.
As they have mentioned before, They are building it right now in order to enter it in an indie game convention contest.
It will be dispersed to us backers in late October (as they said in update #2)
However, you are right in saying that it is likely that they will open up a second change to join as a beta tester when the designers are ready.
I look forward to this interest project.
Beta bug detection activate!
Rob (BlueDagger)
8 months ago
Through, honest, and in depth updates like this is why I have ao much fairh in you guys delivering a great game and future great games. From day one tou have been complete open with what is goin on behind the scenes amd that means a lot to me. Keep up the completely fantastic work on all fronts!
Big Ben
8 months ago
inb4where’sthegame
inb4zomgtellmeaboutwhatisinthegamealready
jussayin
Seriously, nice job guys! You got that to me even faster then I expected!
BigMike
8 months ago
Awesome just awesome guys not more to say !
Johannes
8 months ago
Hey i didnt receive any email and on castlestory.net it sais email not found when i put in my emailadress.
What should i do? did something maybe go wrong with my donation? please help!!
Carpish
8 months ago
Make sure it’s the same email address as you used for your Paypal or Kickstarter (whichever you used to fund it). ;)
Jodern
8 months ago
I pledged to castle story on both paypal and kickstarter using the same email, but I have only received one registration email..
Vyker
8 months ago
This is why I adore Sauropod, they are upfront and honest about everything they do. Instead of Mainstream company’s like EA and Ubisfot, who when asked about anything, just tell you to shutup and wait, then release the game at any time they like without saying a word. You guys on the other hand, ask us politely to wait, then you come back witnan update tellings us everything you have being doing, just to keep the lions at bay! Great work guys, know this title will not be your last :D
Dechi
8 months ago
Yay! Love you guys… :D I hope you get the gifting thing running soon… :) I’m waiting with patience… hoping noone will snatch away my accountname… D:
Psychyn
8 months ago
Progress, for those still alive! .. The rest died from the sheer awesomeness of this game.
8 months ago
Actually a lot died from natural causes due to the length of the wait.
Oliver
8 months ago
I cant wait till i get the prototype i been follow you souropadstudio for a year now
i hope i will be able to revice the email.
Chris
8 months ago
The fact that the only visible form at castlestory.net is susceptible to xss attacks doesn’t give me great confidence in your security.
Chris
8 months ago
I also didn’t realize we were signing up for a Minecraft server…
http://castlestory.net:9321
http://castlestory.net:8889
Or a SHOUTcast server… (with the default admin password)
Are you guys positive that this is a secure system? o.O Because I have my doubts…
Menekis
8 months ago
for the time we are on red servers until we found what is the best for us. We are looking for a good server dedicated for our game but for the moment we had to take something very fast and that is why we made that choice. We could take the same server that we have for sauropodstudio but it would have been less secure. My quest this week is to find something for castlestory.net and setting it up :) .
Doktor J
8 months ago
Got any examples of this alleged vulnerability? I’m fairly certain any and all form input is sanitized…
Chris
8 months ago
It’s xss 101… Submit alert(‘hello’); in the text field…
Chris
8 months ago
Of course, that isn’t of any great consequence right now, but the moment users are able to do anything else at castlestory.net, it’ll be a big deal. In addition, castlestory.net sharing a box with a Minecraft server, SHOUTcast server, qBittorrent client, and a dozen other applications is just begging for trouble.
Chris
8 months ago
Okay my previous reply looks like it was hit with a strip_tags() or something. But put script tags or any type of html in the text box and you’ll see what I mean.
Argoyne
8 months ago
The password system seems to have issues with symbols I was using a PW generator so I can’t say if its one specific thing, the only common thing is brackets () all the passwords I tried that failed had either open or closing brackets. After the first fail I copied the list of characters from the site so it should be right.
jesse
8 months ago
I am confused about the double beta/prototype thing. My friend bought the double so we can each have a copy and save $5. I dont understand what they are saying about it. Simplify it for me so I can understand
Menekis
8 months ago
it’s simply mean that when the gift shop is ready, your friend will be able to send you an email that will allow you to claim the prototype and beta.
John
8 months ago
Sweet!
Wait, so you have a deadline or else everyone gets a refund and **** happens?
That sucks.
Unless it means you crank out the prototype earlier XD kidding, hope you make it.
Nagadak
8 months ago
Sell me your extra account on ebay!!!
Kratons
8 months ago
Hello,
I have a question!
I and my Brother have both buy the game over the paypal acc. of my father!
and now the e mail, I get was telling i must use the e-mail to indentify.
can i and my brother have the same e-mail addres in registration?
and good luck with the paypal guys,
hope realy they dont make it bad.
Doktor J
8 months ago
I believe that you will only be able to specify one name initially, and when the “gift” registration opens you will be able to use that to specify the second. So get to flipping a coin to see who goes first (or let whoever’s got the more common name go first!)
Rotem
8 months ago
I have a little problem. In the site where I needed to register my username EXACTLY like my kickstarter username, I wrote a different one because I thought it was my ingame name for good, so…. yeah… Does the user authentication system works on usernames or emails?
Rotem
8 months ago
Stupid me… I need the same email, not the same username >.< Nevermind then.
Keep doing an awesome job! And good luck with all the mess you have right now :D
Sirnaut
8 months ago
I’m glad I checked in and saw this you made my week.
Eric Phy
8 months ago
I have just discovered all of this, and have reviewed everything…this game looks awesome! And, unfortunately, I don’t get excited about too many games anymore.
I hope you open the beta up to some more people, and if not, obviously I can’t wait to get my hands on the game itself!
Lev Kucha
8 months ago
The thing you are making is just awesome and I cant realy wait for it ;)
I was playing around 7 different games like minecraft/SC2/DK2 etc but as soon as I saw the first gameplay show around half a year or more, I just cant stop thinking of what I am going to build and when it gone a weak before Kick Starter than a month before it ends and than dunno how long until done I just feel quite in a mood to try n hit my head to the wall to get that game :)
I dont realy need magic or something-the early alfa with no fighting mobsters equipment etc will do it because of the gameplay where you can build a castle of any shape you want and it is the thing of your game.I realy think that if you would post somewhat around a alfa test version with realy low possibilities and no saves possible to get ppl want a full version you would make a big thing to people who cant think of anything else to play.
Yrots Eltsac
8 months ago
Say hello to Yrots Eltsac.
Rob
8 months ago
Hello! ;)
Joebass
8 months ago
Hey Sauropod, je pense que vous devriez rectifier quelques trucs dans le Q&A sessions:
” Monsters aren’t implemented yet, but they’re an important part of our lore.”
“To be able to “slice” in the terrainand see what’s inside is a really difficult system to build. We’ve been working on it for more than a year and its not ready yet.”
etc…
vous avez pas mal progressés depuis que vous avez rédigé ca, évidemment.
j’attends avec impatience le prototype! ;)
m1n1m3
8 months ago
anyone know if there’s gonna be mod support?
Dev diary number twenty four : back in the routine ‹ Sauropod Studio
8 months ago
[...] you’re curious though, you can read last’s Tuesday’s blog; it answers a few questions about registering and the user [...]
Matthew
8 months ago
I didn’t get an Email and the link says I might not be in the system yet…. im still kinda scared since it has been days. If you could help that would mean a lot
damien
8 months ago
and by “Salted and Hashed,” I hope you mean potatoes =)
Bricktrons of Castle Story » » Dev diary number twenty four : back in the routine
6 months ago
[...] you’re curious though, you can read last’s Tuesday’s blog; it answers a few questions about registering and the user [...]