Nadeo just emailed me their API is going to change a little and asked me for waiting with releasing TM-Stats until it’s released. I of course listen to Nadeo 
, so there will be a little delay in the TM-Stats delay. It’s holiday anyway so I hope you don’t care much 
.
A little delay
The TM-Stats testing server
Today I got a trackmania server running to test TM-Stats on. At the moment of writing this the only thing you can do is use /stylevote. And of course: all the data will be logged(all your times etc.).
Increo is the company behind TM-Stats by the way. I’m one of the two founders of Increo.
The new generation of websites, TM-Stats belongs there
Long time no post , but now I got 2 free hours at school I have time to make a little post again with technical details of TM-Stats.
I’m currently working on upgrading the first TM-Stats draft to GWT’s MVP pattern. Now you probably think, wtf is GWT and wtf is a MVP pattern. Well, GWT stands for Google Web Toolkit. It’s a new way to develop sites, with GWT you can basically do just about anything you see in a desktop application on a website. Google actually uses it themselves for Google Wave(one of their latest projects) and they intend to use it more often in the future. What GWT can do for TM-Stats is that it enables it to, for example, display times driven on servers around the world 99.9% live. It also gives me the possibility to make very nice graphs etc. Now some web developers might think: Uh oh, that will probably make tm-stats very slow. This is absolutely not true, I’ll show you an example how fast it is: In Google Wave it’s possible to see exactly what the other person is typing, character by character, and almost 100% live.
Now what is that MVP pattern I was talking about? Well, some developers/programmers might know MVC(Model-View-Controller), MVP(Model-View-Presenter) is slightly different. You have models, this are programs that get the data from the big tm-stats database and convert it to a more logical format. Then you have views, this is basically the layout of the site, or like I’d rather call it: the web-application. And finally you have the presenter, this does all the calculations, the big difference between a controller and a presenter is that the presenter does all the calculations client-side(on the computer of the visitor) so no latency(ping) gets in between it. MVP is also a lot faster because it’s easy to reuse stuff. See it as a Trackmania challenge with a lot of reuses, that uses less coppers and thus will run faster than a challenge with no reuses(and the same roads).
For those who understand all this: thanks for reading. For those who don’t understand a thing of what I just said: just don’t worry, TM-Stats will be f*cking great.
Expected first release time: ~14 July
Expected 100% completion time: Never, since I’ll always be improving it 
The TM-Stats dataserver(software)
One of the primary things TM-Stats needs is the dataserver of course. Which receives all data from the servers and stores it somewhere in a database. I wanted to have a very efficient way to send your data to me. I searched for existing protocols like XMLRPC and SOAP. But they all have quite a lot of overhead. Then I decided to make my own, very simple, protocol. It basically uses lines as the reference and will use > to seperate the parameters(not comma, cause players can use that in their name), if there is a > in the name you have to send it as >(just use htmlspecialchars on the whole nickname/challengename). So like this:
- Line 1: Serverdata: servername>serverport>server_login>server_contact>current unix timestamp
- Line 2: Playerdata: login>nickname>joined-at>left at>next login>next nickname>next joined-at>next left at where joined-at is the unix timestamp(in seconds) when the user joined and left at is the unix timestamp of the time the player left OR went to spec. If the player hasn’t left for that round you set left-at to 0
- Line 3: Challengedata: uid>name>author>environment>nr of cps
- Line 4: Stylevotes: login>vote>next login>next vote where vote is the style id(which you will later be able to get from my server)
- Line 5-infinity: Driven times: login>cp>cp>cp And that every line
This data has to be send on the end of every challenge.
For the player data you’ll need to make a new player “object”(so define the same player twice) if the player has gone into spec or left for more than 2 minutes and then rejoines/comes out of spec. If the player left for less than 2 minutes you’ll just set the left-at to 0 again. This also means that you’ll have to handle a player that goes into spec as a player that goes offline.
You actually don’t need to send a lot of data. I could have been even less data(for example, I could have dropped nickname) but the problem with that is that I’d have to make a lot of requests to the nadeo main servers. Which makes my own server slower. And what I don’t want is what is happening to dedimania: the server can’t process all the data.
Please comment and discuss about this way to send data .
Extra: So this is an example:
JaScotest>5000>server_tmu_xai>my@email.com>1272481700
xai_death>Xai>1272481560>0>karjen_noob>Karjen>1272481500>1272481600
abc123>Poise>fahoff>Stadium>3
xai_death>1
karjen_noob>14000>24000>36000
xai_death>12500>23500>35500
A dangerous leak in some systems
This security leak was already known for a while. Some systems fix it, some don’t. It comes down to this:
-There are a lot of different scripts to view serverdata(like the playerlist) from a website
-This is not always safe!
Why you ask? Well, because of XSS Injection.
I’ll give you a simple (harmless, of course) example. What if I’d call myself <script>alert(“LEAK”)</script> and join a server I know that uses a system that’s bugged. Now, when people visit the player list for example, the site will execute this javascript. Now you probably ask: how to fix this if this happens to my site? It’s actually quite simple if you use php: htmlspecialchars() you just have to put that around the nicknames displayed and everything will be fixed.
Now what I do in this example might seem harmless, and you might think: why protect me from that? Well, you can also read cookies with javascript, sometimes a password is stored in a cookie. Or you can make a redirect with javascript. How to do this and put this many code in your nickname I won’t tell, but I tell you this: it’s possible.
TM-Stats: External site APIs
TM-Stats will not just use it’s own data. We’re also going to fetch some data from sites like TMX and from the Trackmania Stats Server.
In the last days I’ve worked on building these APIs into my site. We won’t fetch from dedimania, since we log the information dedimania generates ourselves already. We do get extra info about challenges from TMX though. And for the sake of the speed of the final server plugins(and the tm-stats datalimit ) we decided servers only have to send us the player login names. I then fetch the nickname, rank and some more info from the main Trackmania Stats Servers using that login.. Next to that I also use their servers to make you able to login using your community code. See it as an OpenID for Trackmania.
So next to being an entirely new idea. TM-Stats can also be a new platform overlapping all main Trackmania sites.
If you have ideas how we could implement other sites in tm-stats. Please say so.
Idea list:
- Fetch track related videos from tm-tube and youtube – Might be done
- Read RSS feeds from various Trackmania Blogs – Hasn’t got anything to do with tm-stats, so no
New Trackmania Entertainment Platform: Trackmania Planet
There is a new site in the Trackmania network! Namely: http://tm-planet.net . I quote what they are about:
TM-Planet.net was created by a small group of people willing to provide services related to Trackmania. But while we were creating the website, we decided to provide some other things except services like events, tournaments and some other stuff that trackmania players may like / enjoy / have fun with ^^
You can say what you think of the site in the comments here.
TM-Stats: The trackstyle voting system
A thing I really want in TM-Stats is a clear division of the different track styles. The styles I have now are:
- Tech
- Speedtech
- Fullspeed
- Lol
- RPG
- Trial
- Maze
- Stunt
Now I have 3 ways to make a track into a style. First of all, on all servers that run the TM-Stats plugin you can use the /votestyle command to vote for the style of the current track. Then, on the site itself, you can login with your community code and go to a challenge and vote there. And finally, the author of a track can vote in the same way players do, but their vote counts for 25% of the total amount of votes on that track. So for example, if there are 50 votes for Tech, 50 votes for Lol and the author does his vote, his vote will count for 25 votes.
If you have any comments on this method, please say so in comments .
Mania-World announcing:TM-Stats
An example chart
I was thinking a couple of weeks ago: what kind of site does Trackmania lack? We have dedimania for world records, we have tm-forum as a community, tm-creative for tutorials and of course tm-exchange for tracks. Where is the site where you can see how much you play, when you play, what times your driven(in a history way, not in a record way like dedimania) on what time. And what your pb is on every track? A site where I can see how much a track is played? A site where you can see when you drove on what server? In short: a site that tracks everything that happens on Trackmania.
There is no site like that yet. So I decided: let’s make TM-Stats. This will have all these features. Next to that I’ll also make a system where people can vote if a track is Tech, Speed, RPG or whatever you want. So you can also see for every server how much % of that server’s tracks is Tech for example, or how many % of your played tracks is Tech. Of course, I’ll make it very graphical, so you can see all kinds of nice charts .
As with any project: you run into problems, what if people don’t want other people to see this data?(Make an option to make your page private). What if people cheat?(make it very easy to report a cheated time to the staff). How do I collect all this data?(Same way as dedimania did: make a plugin for both FAST and XAseco)
This will all be released soon. On http://www.tm-stats.com!
I will be blogging my progress right here, on mania-world.net.
If you have any ideas, please post them here. Almost anything is possible(except for measuring the distance you’ve driven, been requested a lot already, but that’s just not possible )
Quick tip: the dedicated_cfg.txt examined
In this small tip/tutorial I’ll explain about the dedicated_cfg.txt and talk you through every setting.
The structure of dedicated_cfg.txt suggests it is actually a xml file. So it’s easy to walk you through it.
First you have the <authorization_levels> tag. In this element there are 3 levels: SuperAdmin, Admin and User. The fact is that only the SuperAdmin is useful, since all server controllers I currently know require SuperAdmin. There are actually methods that don’t require SuperAdmin, actually, most are already available to Admin, and stuff like GetPlayerList is available to User. So you might consider putting the User password to a public one to allow other servers to use Zeroswitch on your server(haven’t tested it with zeroswitch yet, but it might just work), you’ll need to put xmlrpc_allowremote(see later) on true though.
The next part is the masterserver_account. Here you have to define a login, a password and a validation_key. The login and password are the stats of the server account. Don’t fill in your own account here, make a new account. For the validation key the last 3 letters of the key you get are enough. For united you have to use the last 3 letters of your own key.
The server_options element is the biggest. All these settings can actually be changed with method calls(use /admin call list in xaseco to see all methods, then /admin call methodname paramaters to call it).
The name and comment are pretty straightforward. The hide_server isn’t. When you put hide_server on 1 the server is only reachable with a tmtp link or by clicking a person on the server in your friendlist.
max_players and password are also straightforward, if you put password empty there is no password, as simple as that. Same goes for their spectators equivalent. When you put both a spectator password and a player password you can’t even see the playerlist without the password.
If you put ladder_mode to inactive people can’t gain ladder points on your server. The ladder_serverlimit_min defines the minimal amount of points people need to have to join your server. The ladder_serverlimit_max defines the amount of points where people under it will still get points. You can’t increase this if you have a nations account server, if you have an united account you can increase this by going to your player page and buying a higher limit. You still have to increase that number though and restart your server after you bought a higher limit.
p2p_download and p2p_upload define if players can use custom skins, and if your server will upload mods etc. to players.
Callvote_timeout is the time in milliseconds it takes to timeout a vote, for example a kickvote or a restart vote. This doesn’t count for the xaseco variant where you have to type /y to vote yes.
Callvote_ratio defines how many people need to vote yes for a vote to pass. If for example, there are 100 people on your server, and you put it on 0.75, 75 people need to vote yes for a vote to pass.
In callvote_ratios you can also set the callvote_ratio for each separate callvote.
allow_challenge_download defines if people can use the escape menu to download the current challenge.
autosave_replays and autosave_validation_replays will say if your server will automaticly save every replay on your server, the validation just saves the validation replay, this will only confirm if a time is cheated or not.
referee_password will define a password for a referee, referees are normal clients that will automaticly validate the replays of the top 3, or of all players(defined in referee_validation_mode).
I don’t know for sure what use_changing_validation_seed does. But I think it will check for players who use a script that types in the arrow keys automaticly, so they will drive the same time every time.
Now we come at the system_config part. Here you define the more technical settings.
connection_uploadrate and connection_downloadrate define the speeds at which your server will upload and download skins, horns and mods etc. If you don’t run a lot of servers and have a high uploadrate it might be wise to put connection_uploadrate higher. This way people will see other people’s skins sooner, as well as mods.
force_ip_address will probably do something for proxies, I’m not sure.
server_port and server_p2p_port will define what ports your server will use, you also need to open these ports in your NAT/firewall.
I honestly have no idea what the next 3 things mean(client_port , bind_ip_address and use_nat_upnp), but they’re probably not important .
p2p_cache_size will define the size of your cache in MB. In the cache all skins, mods etc. are saved to be uploaded to other players sooner. So if for example, a player with a custom skin joins, your server will download that skin in the cache, if the player comes back later the skin is still in the cache and you don’t have to download the skin again to upload it to other players later.
xmlrpc_port defines the port where server controllers contact you on and xmlrpc_allow_remote defines if the server controller is allowed to run on a different ip than your server. You can also define an ip here, then it will allow only that ip.
In blacklist_url you can define an url for a blacklist, this way you can share one blacklist with multiple servers on different machines.
guestlist_filename and blacklist_filename define the guestlist and blacklist on your local machine. This can’t be an url.
packmask is interesting for united servers. In early versions you had to define united here to make a united server. Now you have to make it empty(like <packmask></packmask>) to make a united server.
allow_spectator_relays defines is relay servers are possible. So you have to put this on true if you want to enable other server owners to make a relay server to spectate your server without the actual drivers on your server noticing.
In minimum_client_build you can set a minimum required version you need to have to join the server. You need to remove <!– and –> around it make it work though.
And as final part, the proxy settings are pretty straightforward.
I hope I’ve helped you enough. If you still have questions, ask in comments.
Comments