Java-Gaming.org    
Featured games (79)
games approved by the League of Dukes
Games in Showcase (477)
Games in Android Showcase (106)
games submitted by our members
Games in WIP (533)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Picnic highscore system for HTTP written in PHP  (Read 1513 times)
0 Members and 1 Guest are viewing this topic.
Offline Mads

JGO Ninja


Medals: 26
Projects: 3
Exp: 6 years


One for all!


« Posted 2013-11-28 21:28:50 »

Hey guys!  Smiley

I wrote a super-simple highscoring system for HTTP in PHP and MySQL. I figured it would be appropiate to post it here, since.. online highscores for games.

It works using only GET- and POST-requests, and JSON-formatted text. It is currently very basic feature-wise, and not cryptic at all to developers. It's supposed to be easy to change for your needs.

The script can be found here, along with a few words about how to to integrate it:
https://github.com/JavaDaemon/picnic-highscore

It is published as public-domain, so knock yourselves out!

If you have an opinion about this, I'm very interested in hearing it.

I'm planning to add a few example client implementations, to show how easy it is to integrate.
I'm also planning to add further functionality to the, currently, fairly limited GET-requests.

Take care Smiley

Offline Slyth2727
« Reply #1 - Posted 2013-11-28 21:45:27 »

Cool, I like it, but it seems like it would be extremely easy to modify the scores externally, no?

Was I before Chuang Tzu who dreamt about being a butterfly, or am I now a butterfly who dreams about being Chuang Tzu?
Offline Mads

JGO Ninja


Medals: 26
Projects: 3
Exp: 6 years


One for all!


« Reply #2 - Posted 2013-11-28 22:26:14 »

Cool, I like it, but it seems like it would be extremely easy to modify the scores externally, no?

You are right! As with any REST API, it can be accessed from everwhere equally.
Currently, there is next to no validation going on in the highscore. This is because scores are calculated differently in every game, so I could not implement any universal score-validator.

This is what I suggest doing, to prevent cheating:
  • Add a UNID field to all POST-requests. That way hackers can't spam by resending packets.
  • Add a few statistics of the game to all POST-requests. Then check on the server, if the game was viable. For a fly-the-copter type game, send the flight time, the powerups collected, the seed for level-generation and place of death. That way you can check if the score is equal to what the flight-time/powerups suggest, and you can check if there is an obstacle in the place the player died, resulting in death.
  • If you're into it, you can encrypt the "score" field using a predetermined seed.

All of the above are security through obscurity though, and can be broken. Then again, it's next to impossible to completely prevent cheating unless the game logic is executed remotely.

If you can think of any more ways to prevent cheating, please do tell. Smiley

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline xsvenson
« Reply #3 - Posted 2013-11-29 10:32:15 »

Well, my suggestion is to look around, how others have done.
For example, the big game portals, like kongregate. It has it's own api, it has lots and lots of games so it would be logical to assume they also have had lots and lots of problems Smiley
Also, I think that google had a gameportal thingy (cant' remember the name) and a scores api.

“The First Rule of Program Optimization: Don't do it. The Second Rule of Program Optimization (for experts only!): Don't do it yet.” - Michael A. Jackson
Offline Mads

JGO Ninja


Medals: 26
Projects: 3
Exp: 6 years


One for all!


« Reply #4 - Posted 2013-12-01 02:30:06 »

Well, my suggestion is to look around, how others have done.
For example, the big game portals, like kongregate. It has it's own api, it has lots and lots of games so it would be logical to assume they also have had lots and lots of problems Smiley
Also, I think that google had a gameportal thingy (cant' remember the name) and a scores api.

Okay, I took a look around. Smiley  It seems that most of these places (Kongregate included) has problems with keeping their highscore table safe. Not because people figure out an exploit in the submitting process, but because they edit the score in the actual game. No kind of security on the highscore end can prevent this, sadly.

I guess it just goes to show that it is an almost impossible task, with Cheat Engine out there.
However, I think I'm going to encrypt all the fields in the JSON, just to add another layer for the actual network hackers.

I'm also thinking about adding a data-array to the JSON, containing data about the game.
That way, developers can plug-in their game-specific values and do validatory calculations on them, on the server. I'm confident that would stop Cheat Engine-powered cheats.

What do you think of this? Are these good ideas, or am I unnecessarily obscuring this for developers?

Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

pw (24 views)
2014-07-24 01:59:36

Riven (22 views)
2014-07-23 21:16:32

Riven (18 views)
2014-07-23 21:07:15

Riven (21 views)
2014-07-23 20:56:16

ctomni231 (50 views)
2014-07-18 06:55:21

Zero Volt (45 views)
2014-07-17 23:47:54

danieldean (36 views)
2014-07-17 23:41:23

MustardPeter (39 views)
2014-07-16 23:30:00

Cero (54 views)
2014-07-16 00:42:17

Riven (54 views)
2014-07-14 18:02:53
HotSpot Options
by dleskov
2014-07-08 03:59:08

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:58:24

Java and Game Development Tutorials
by SwordsMiner
2014-06-14 00:47:22

How do I start Java Game Development?
by ra4king
2014-05-17 11:13:37

HotSpot Options
by Roquen
2014-05-15 09:59:54

HotSpot Options
by Roquen
2014-05-06 15:03:10

Escape Analysis
by Roquen
2014-04-29 22:16:43

Experimental Toys
by Roquen
2014-04-28 13:24:22
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!