codestryke

Re: MyIsam or InnoDB or ? The biggest problem I've found with using INNODB for running games is INNODB is extremely slow when doing SELECT COUNT when it comes to large tables. This is a known and well documented "feature" of the INNODB engine. I still use the INNODB table, especially, for the player table as this is read and written to on each and every page hit for all games. With using myISAM the table locking produces a lot of lag, switching to INNODB and having record locking took care of the lag. I also moved lasthit to a HEAP table, the player table now only updates when they last logged in, once they are in the game I update the HEAP table to keep track if they are still logged in or not (ie who's online, number of players playing). Yes if I reboot the server or if it crashes I lose the data in the HEAP table, but guess what? If the server is down there isn't anyone online anyways LOL. If your game is experiencing lag try converting one of the more heavily written to tables to INNODB and see how it works for you (do a backup, of course, first). There isn't one cure all for everyone, with something like this (myISAM vs INNODB) it is very conditional.

Re: [mccode] 8 Lines to secure your site from known sql injections. Securing a site takes two things, checking input and storing into the database in a safe manner. You have to do both, period, so that kind of kills an all-in-one function. Oh and display it in a safe manner lets not forget that. I'm don't have a McCodes site but I've seen enough code here to give a good example.. The bank, you could secure the input but when you store it into the database is it what you want? If you don't check the input of a negative, mySQL is going to store it as a negative and thus will break the bank, so to speak. There is no magic bullet to cure McCodes of it's security flaws, period. It would take a great deal of effort to do so with pure code (yes Nyna I have a feeling I know what your using on your "test server"). I presented a way to store the data securely but it would require the coder (and I use that term loosely) to check for valid input. Instead of trying to re-work McCodes, or even trying to secure it, why not create an original game with some original thought? You think any of your versions of McCode will succeed when there are thousands already available and probably 10-20 of them being put online daily? It's done, it's crap and McCodes has been played out, try some originality for a change. I know this isn't going to happen because you can go to rapidshare or any other warez site and download v2.0 of McCodes and invest nothing. You all fight and find flaws and do whatever you do just to grap what 100 player signups? Please....

Re: [mccodes v2] Magic 8 Ball   Ummm, nothing is hitting the database, nor being displayed to other users. Could you please tell us all "Captain Security" what the hell is exploitable? Really I wanna know...

Re: tutorial? If you want to learn how to make games.... http://community.bbgamezone.com/ More into making your own games and somewhere in the archive we worked on a very simplistic framework. Also they carry numerous articles that give a basic how-to... This forum is about re-writing or augmenting one of the worst ever game engines ever coded on the internet. If you want to learn how to "plug holes" then this is the forum for you ;) Course, no offense, but seriously McCodes is crap, those that "re-wrote" the engine, good for you, but you still re-wrote something already in place you didn't create anything.

Re: Query Optimization   Care to present some benchmarks proving that? Without some sort of evidence, I'm not inclined to just take your word for it. That doesn't mean that I necessarily think you're wrong though. I merely challenge you to back up your fact. I don't have the facilities to show this any longer. Doing a query locally on a local database with a local browser isn't going to show the "real" results of the benchmark. I could though do it all locally configure mySQL and show vast differences to skew my point, but I rather not bother. I wouldn't provide a benchmark unless it's a true benchmark that is going to show real usage, not local usage. I suggest poking around http://forge.mysql.com/wiki/ about how to optimize mySQL they reference just what I said above in various places. I really don't know what other programming you do, hell I don't know you from Adam but do you honestly think that pulling 25 fields is going to be just as fast pulling 50 fields? Memory is memory and memory must be allocated and that takes time, period. I've been programming databases stuff since lotus123, then foxpro, paradox, access, mssql, oracle, mysql and postgres. SELECT * no matter what database you chose has ALWAYS been slower then pulling field names. This fact was driven into my head even further when I decided to write my own database for some boxed software my company was selling. We needed to reduce costs so rolling my own mini database used less space compiled then the current db lib we were using, ah the good old days of floppies. A little history lesson, from me to all the people making games right now. I made a game called BordelloBattles from scratch, no it wasn't a pimpwar clone. Anyways the game got Farked back in the day then we were featured in Maxim Magazine and the game hits went through the roof. It blew the hell out of my server, literally. It was then I had to really sit down and learn as many things as I could about optimization just so I could keep the game going. When you get to this point there is NEVER to much optimization, the things you do in the beginning greatly effect the future of the game. I made bad choices with some of the design this cost me heavily later with a LOT of development time to re-write things I should of never been rewriting cuz I thought "oh this would never happen". My experience isn't the norm, granted, but what if it happens to you? What if your game takes off like a wild fire, how well are you prepared. I was pushed to the limit so now I take the time to write it correctly so I don't have to watch all my buddies or come over and say "no I can't I have to work" or spend time with my family. Just something to think about.

Re: Query Optimization   The fact is that it is slower doing SELECT * then naming the fields. The most important thing about mySQL, or any database for that matter, is disk IO. The number of times the db has to go to disk slows it down. Doing a SELECT * is actually doing two queries, mySQL first must go to the disk and basically do a catalog search and grab all the field names. When you name the fields it doesn't do that compare, instead it throws what amounts to an exception when the field is not in place, which is faster. It has been said in this thread too that notepad and some other fields are not necessary. I don't have intimate knowledge of McCodes but if the notepad field is a text field then yes that will effect performance heavily, varchar and blob too also effects performance heavily with a select statement. Thats why when you look at good forum software the message, which is normally a text field, is never with the topic thread, it's in it's own table with a primary key and a text field. Text fields are dynamic and are allocated space in 8k chucks. So when a message is longer then all the rest mySQL must go through and reallocate ALL those fields to the new field size which is very IO intensive. Now I'll be very honest and blunt here. When it comes to a game that is going to have maybe a couple hundred accounts maybe a handful of players online the above optimizations are basically "theoretical" at best. Its only when you get into heavily traffic sites with a lot of data will you really see performance benefits from the above mentioned optimizations..

Re: B:   Humm... Well lets see whats the famous quote... Oh yea.. "Those Who Forget the Lessons of History Are Doomed To Repeat It". Firefox didn't start out with the market share it has now, it was *NOT* an easy road traveled and just a couple years ago a quote like that was put out on all the boards as well about Firefox.. If Firefox can't render like IE then screw it I won't bother, even to this day there are STILL major web sites that don't fix there CSS to handle Firefox. I'm not going to debate what is the better browser because nor you, I or anyone here knows what the future has in store. I will say though in less then, what 4 months, Google has captured 2% of the market share. I can guarantee Firefox did NOT make that kinds of in roads in 4 months, I know because I was there. If I can use a javascript rendering library to make my stuff work on IE, FF, WebKit and Opera then thats what I do. If writing an interface that uses tables so I don't have to fight with how each of those rendering engines handles divs then thats what I'm going to do. I have about the same stats as you do, FF and IE go back and forth depending on the game. What I don't do is discount Chrome (webkit) if I can help it. Sorry Google has been way to good and doing what they do for far to long and IMHO Chrome is not about the desktop at all, its about Android. Firefox whether you want to believe it is slipping down and slipping fast when it comes to there Javascript engine, right now it is one of the slowest of the browsers. I use FF as my primary browser I love FF but the javascript engine by todays standards is below par at best (I'm really hoping for a turn around with 3.0). We are in the world of Web 2.0, AJAX and all that is reliant upon the javascript engine. Like I said I've seen posts like this showing web stats for certain sites and what browser they are using.. At one time Netscape was top dog, then IE was top dog, now FF and now even though it's "small" currently we have WebKit. I've been coding and have had web games online for over 9 years now and what I've learned is everything changes and you better be ready for it because the guy behind you already is ;)

Re: Basic Ajax is easy Yup, Firebug is a must imho. Still, like you said, the first time is almost as bad a pulling teeth even with the help of Firebug. Course isn't that with everything.. The first time is killer but after that it just gets easier. Course I'll be the FIRST to admit when it comes to really well coded CSS I am at a loss. I can do the basics, thats it, period. To me, personally, CSS has just way to many "hacks" you have to know to get the most simple thing to render consistently in IE, FF and now WebKit (safari / chrome).

Re: Basic Ajax is easy Yes I used (and still do) YUI for the widget factor, specifically there ajax data table, damn it's just so nice :) Pain in the butt though to understand and work with the CSS (IMHO). Plus, like I said, they come out with updates fast which normally is a good thing but I was bit twice now by there updates. I do like that more and more sites are using it and when it gets to a stable release (stable meaning not so many rapid updates) it'll be great as it'll be cached.

Re: Basic Ajax is easy I wanted to relay a bit of my own experience with AJAX.... First try to go with JSON and skip learning / using XML. XML with Javascript is a REAL pain in the butt to parse though. I started with XML and was writing more parsing routines then actually writing the meat of the game / interface. I would look at using a javascript library, it has made coding AJAX and javascript so much easier and more importantly faster. Floydian in his other post used YUI while I've used that in the past (and still do in some places) I found it difficult to work with as it really is ever changing and VERY heavy (file size wise). This is personal preference so do some research before committing to a javascript library as they are not very interchangeable so when you start down the path of using one switching to a new one can be very costly in coding time. I'm currently using Prototype, again personal preference and it suited my needs at the time. Now for some shameless promotion.. With the Prototype engine, a lot of AJAX and a lot of hair pulled out we are getting ready to release a game called CyberStryke. Since it's a very graphical and interactive game we've posted a little video of the game in action which you can view here. Yes the demo is somewhat confusing we will be releasing another one soon with captions, sounds etc to better explain what is going on. It does though show how far you can push web technology with AJAX and truely become a very interactive experience for game players.

Re: script to prevent users to register or login using proxies We use a 3 tier approach and it's worked out very well thus far. Like everyone has said it still requires human intervention, nothing on a web based game is 100%... IP Cookies Then check the following headers HTTP_X_FORWARDED_FOR HTTP_PROXY_CONNECTION HTTP_VIA Any of these answer up then it's a proxy and probably a good one (AOL etc) because they answered up as a proxy and let us know it's a proxy. If they don't answer up as a proxy (like most anonymous proxy services) we then go the RBL check (Realtime Block List). We subscribe to 2 moderate RBL servers. When it first went online I used strict servers and they were, well, VERY strict and blocked a lot more players then we thought they should. If the RBL records a hit we either mark them in the logs or we just block the signup process right there. The choice is based on which game, some of our games we are less strict as they don't tend to attract problem players. Once again not 100% but it's taken our multi check from an all day affair to less then an hour every couple days. So for us it's "good enough". -------- Edit... Also I have to note we do track a login history. So as someone aboved mentioned you can delete cookies, however, this is logged and scrubbed nightly. So if a player logs in and has cookie, then logs in later with no cookie this account is flagged to let us know they cookie is missing. Not always a bad thing but can sometimes alert you to a possible problem down the road.

Hello all... I'm codestryke and I run www.extremecast.com I've been coding for a very, very long time. Started coding games on my old c64, moved to coding door games on the c64 then to PC's. I've worked in the programming field for 10 years as a professional consultant and designer. I just took down my longest running web game BordelloBattles which was online for over 8 years. Came from bbgamezone.com via a disscussion with mdshare about this forum. Think that about sums it all up...