Creating your own asynchronous server... •--•

12467

Comments

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited March 2014
  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited March 2014

    Quick video update... changing flow for registration and making it look a little nicer.

    Video shows:

    • the new easy to use bounce script in action (you can get the bounce script free here)

    • Possible username automatically generated from the letters before the @ symbol in email address

    • Partly updated graphics style, as result of me playing with some design ideas

    Need to add in a 'already registered' button, which will take the user to enter an email and password. (Password will be created after verifying their email address, which I'm yet to figure out... hopefully Google will help me once again there)

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    More things to consider... (the list is endless)

    • No idea how verifying emails are setup to function. Unique web address being created for each account to visit to activate account. Plus I'd like to have the password setup on the web page. hmm..

    • Ability to play the game without signing up. (they have it on Song Pop)

    • 'Forgotten password' button, where they will then enter and email address, sent to server, checked its a registered account, change their old password to a new temporary one, and email them the temporary one to let them log back in.

    • Ability to change password (Classic 'enter current password once', 'new password twice' setup). Might be better (more secure) if done on a website rather than in game... It seems having an accompanying website would have some advantages, but also another big project aspect to it all so would rather steer clear.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited March 2014

    Re-written some of the registration script.

    So you now give an email and a username to register.

    The server code checks that both the email and username are unique.

    If either one or both are not unique it reports back to the game and it can then highlight which one is not unique and the player will need to try something else. Or possibly try loggin in if they already have an active account.

    In the process of doing this I've broken my login script, which was expected.

    I will add password stage later via verification email just like Song Pop does, once i can get my head round it.

    This really is the hardest stuff I've done on a computer... with no sign at all of the finish line.

    Fortunately I still sort of treat this as a relaxed escape away from the normal day job and crazy (awesome but non stop) kids. Plus still loving the challenge of learning it all though kinda wish I could get onto the game stuff a bit more and less menu stuff.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    Quick...update...

    Hit a small breakable brick wall this evening...

    It seems that a normal install of the free version mamp (the local server software, for testing your server side code) does not easily support emailing with php scripts. You are able to do it if you purchase Mamp Pro, which for £39.00 I'm nearly tempted..

    Having googled it a lot, it seems to be a regular problem hit upon by web developers when using Mamp on a mac or Wamp on windows... I've tried and got confused by a few of the work arounds.

    About to try out one or two more, before biting the bullet and paying for Mamp Pro.
    http://www.webdevtuts.net/quicktips/how-to-send-emails-using-your-localhost-wamp-mamp-or-xampp/

    Once setup it looks farily straight forward to be able to create and send emails using some short bits of PHP script...

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    Quick...update...

    Hit a small breakable brick wall this evening...

    It seems that a normal install of the free version mamp (the local server software, for testing your server side code) does not easily support emailing with php scripts. You are able to do it if you purchase Mamp Pro, which for £39.00 I'm nearly tempted..

    Having googled it a lot, it seems to be a regular problem hit upon by web developers when using Mamp on a mac or Wamp on windows... I've tried and got confused by a few of the work arounds.

    About to try out one or two more, before biting the bullet and paying for Mamp Pro.
    http://www.webdevtuts.net/quicktips/how-to-send-emails-using-your-localhost-wamp-mamp-or-xampp/

    Once setup it looks farily straight forward to be able to create and send emails using some short bits of PHP script...

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited April 2014

    WOO!! SUCCESSFULLY CREATING AND SENDING EMAILS USING PHP TRIGGERED BY GAMESALAD.

    I gave in and started using the 14 day trial of MAMP Pro, and I'm now able to send test emails from my server to my email address so I can now test that side of the stuff locally. Quite cool being able to trigger an email arriving in my inbox via a single button press in GameSalad.

    I also upgraded to mamp 3 which came out recently it seems, this confused me for a bit.

    Now I need to work out how to generate a unique webpage address where a user can verify their email address, set a password or reset it if forgotten. Once I've got that I'Il at least be creating an email worth sending.

    I seem so very far away from working on the actual gameplay at the moment.

    I'll try and make a 'how to do some of this email stuff' video later once I've fully got my head round it.

  • EireStudiosEireStudios Member Posts: 451
    Well done mate you seem to be making excellent progress, I'm looking forward to seeing the video already :smile:
  • jonmulcahyjonmulcahy Member, Sous Chef Posts: 10,408
    haha the joys of web development.

    I was actually thinking of digging out my old ruby on rails books to design the back end. it made doing a ton of that back end stuff pretty easy, but its been years since I've coded in it.
  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited April 2014

    Thanks @‌EireStudios

    Found this tutorial which covers creating a unique url to verify an email address... something to tackle over this week I guess.

    http://code.tutsplus.com/tutorials/how-to-implement-email-verification-for-new-members--net-3824

    @jonmulcahy this is all thanks to your first send/receive url tutorial. Since then I seem to be living in a world of MAMP, PHP, and my chosen coding software 'Komodo Edit 8'. Loving it most of the time though.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited April 2014

    Think I'm going to update my encryption for the 3rd time... might as well do it right...

    First I setup some md5 encryption, then sha1 now it seems the preferred way is to use phpass library...

    Sharing just incase anyone else is doing similar work.

    On this link read his info on storing passwords:
    https://phpbestpractices.org/

    Follow this for using phpass for encryption
    http://sunnyis.me/blog/secure-passwords/

  • LumpAppsLumpApps Member Posts: 2,881

    I made a version with constraints and sin. If you like I can post it. (Don't want to steal away your glory Trooper :)

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    @LumpApps for a bounce ? or for encryption? :\

  • LumpAppsLumpApps Member Posts: 2,881

    Ow, bounce. Not working with the encryption stuff yet.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    yeah love to see it... chuck it on this thread
    http://forums.gamesalad.com/discussion/comment/463737#Comment_463737

  • LumpAppsLumpApps Member Posts: 2,881

    In a minute. I accidently posted this in the wrong thread :s sorry for that.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    Another brief update... I'll do a video once it's all a little more complete.

    Setup first part of email verification:

    Now when the server creates a new user account it also creates a unique HASH code, which is generated based on the provided email address.

    Once the account is created it triggers a verification email script which creates and sends an email with a verification link.

    The verification link is made up of, the address of the webpage your sending them to, plus their email address, and the hash.

    Once the link is pressed it takes the user to a webpage, a PHP script is run, which runs the same hash technique as before on the email address, and compares it with the hash included in the url. This confirms the verification link is legit and then I can do the next bits.. i.e. mark account as verified, and move onto them inputting a password.

    Also need to figure out what the normal process is if the verfication link is not pressed... i.e. freeze the gamers ability to play the game aft 24hours, delete the account after a week. ?

  • jonmulcahyjonmulcahy Member, Sous Chef Posts: 10,408

    very cool work, been following along closely for when i pick it back up again :)

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited April 2014

    Thanks @jonmulcahy good to know someone might find it useful.

    Main setup now consists of:

    • Mamp local server, running PHP 5.5.10

    • Created 18 PHP scripts so far.

    • Including a separate script which connects to the database, which is 'included' into any of the PHP scripts that need it using the 'include' function.. So when this goes live I only have to change the one connection script to update the database connections. It also means I can put the connection script outside of the root, and make it a little more secure again.

    • Using PHPass for encryption of passwords and things, as it seems to be the most secure option at the moment, better than MD5 and SKA options.

    • Using PHPMailer for sending the email, this is a free opensource library, that you can down load from GitHub. Seems better than the standard mail functions built into PHP. (This might also work if i go back to using the free version of MAMP)

    It almost sounds like I know what I'm talking about... :-)

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited April 2014

    Other things to add.

    Make sure usernames are case insensitive.

    So I don't have similar registered users i.e.

    'boris' , 'Boris' and 'BORIS'

    Info here I'm yet to try out:
    http://www.daniweb.com/web-development/php/threads/420859/make-username-case-insensitive-login-php

    Also it might be nice to be able to refer to the user in any emails with a capital for the first letter of their username.

    http://us2.php.net/manual/en/function.ucwords.php

    Also need to build in a setup for minimum password length.

    Plus after a number of failed logins lock the account for a given time.

    i.e. after 5 attempts lock account to stop Brute Force attacks... Though if I Lock it for too long there is another problem where an evil system could go through and block all the known accounts... So it makes sense to have the accounts come back online after 20 minutes for the real player to login.

    Also not sure but might need to add a captcha code at some point in this... I'm not a fan of those things though, must find a more elegant solution.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    Video update, showing email verification setup.. plus the beginnings or a password reset system.

    Also now have case insenstive usernames/emails setup so all registered and login details are forced to be lowercase so usernames are always unique.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    Starting to really appreciate the intricacies of login systems on even the most mundane of websites.

    Another thing to add..

    If the email verification is not successfully sent I can now set that as a -1 in the email verification table field on my database. Now I need to decide what to do when that happens.. I guess try again, if it fails twice, send message back to GameSalad so user can see there's something wrong with the address they gave... but then I need to figure out what to do then... either they have to fix the problem (i.e. empty their mailbox), or register a new account with a working email address...

    I only started thinking about this problem after I'd typed in the wrong email address and registered it, it stopped its own and all future verification emails going off as well, as the code kept getting stuck on the one dodgy email address that it couldn't reach.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    next ideas...

    When the verification email link is clicked, I'll award the player some free credits... then if they add their password they'll get some more.

    Got the basics of this working fine. ( sort of )

    But now need to add the rules so they can't keep pressing the verification link and keeping getting more free bonus's... so I need to add a check on the page...

  • jonmulcahyjonmulcahy Member, Sous Chef Posts: 10,408

    Seeing all this progress has got my wheels turning. I've wrapped up all current development tasks on old projects, so it's time to start planning for my upcoming apps, and I want to have a metrics gathering system in place for all of them, and a multiplayer system in place for some of them.

    While my last tutorial was in PHP, I'm going to dip my toe back into Ruby on Rails, a framework I used to developer 2 websites a few years ago. It's going to be tough to remember everything I forgot but it will be worth it. :)

    @stormystudio, I'm sure you've already setup a UID system for your stuff, but I created a system yesterday: http://forums.gamesalad.com/discussion/66786/generating-a-unique-id-for-asyc-metrics-whatever#latest
    might be helpful if you haven't created one yet.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    @jonmulcahy very cool. Interesting technique for the UID, mines done server side but I do like your approach. Intrigued as to how your going to use it. I'd not yet thought about metrics gathering techniques.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    Finally got the code working so the registered user can only verify their email address the once. And so only get their bonus credits the once.

    Also ended up writing the code so first I found out their gamer id based on the email address, then checked the verification state of that game id. If I'd just used the email address as the search for verification state, it would probably get a little messy if they change their email address in the future, and their might have been away to abuse the system and get countless free credits by constantly changing your email address.

    Now I need to do the same for the 'setting a password' ... so it also can't be repeated (as they get credits for that too).

    Plus I guess I need to figure out a method so a user could change their email address. Need to look into the best approach for that.... back to seeing how other games implement it.

  • jonmulcahyjonmulcahy Member, Sous Chef Posts: 10,408

    @StormyStudio said:
    Finally got the code working so the registered user can only verify their email address the once. And so only get their bonus credits the once.

    Also ended up writing the code so first I found out their gamer id based on the email address, then checked the verification state of that game id. If I'd just used the email address as the search for verification state, it would probably get a little messy if they change their email address in the future, and their might have been away to abuse the system and get countless free credits by constantly changing your email address.

    Now I need to do the same for the 'setting a password' ... so it also can't be repeated (as they get credits for that too).

    Plus I guess I need to figure out a method so a user could change their email address. Need to look into the best approach for that.... back to seeing how other games implement it.

    if you stored a UID locally, when they go to change their email address you could check against the server UID to see if one already exists, if it does, no credits!

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989

    @jonmulcahy Something along those lines should work... having looked at 'Song Pop' it seems they simple don't let you change your email address.. you can email support and they'll do it manually for you I think, from looking at their support forum.

    Also need to create the setup so if you've verified your email address, but did'nt add a password. If you then follow the verification link, it knows, it won't give you credits but it will let you add a password...

    So there's 4 outcomes to cater for on the verification page

    1 - verify email, give credits, allow them to add a password
    2 - email already verified, password already saved (give message saying as much)
    3 - email already verified, allow them to add a password
    4 - problem with server, display message asking them to try in a few minutes.

  • jonmulcahyjonmulcahy Member, Sous Chef Posts: 10,408

    I have found the 'with friends' apps have terrible multiplayer implementations. The whole account creation/lookup/management leaves a lot to be desired, from what you're developing you are already out of their league.

  • StormyStudioStormyStudio United KingdomMember Posts: 3,989
    edited April 2014

    Thanks @jonmulcahy I'm pretty determined now to make a solid registration system.

    Hopefully I won't run out of motivation once I come back round to the game side of things.

    Here's an update on the password setting, credits and verification stuff... It all still needs final artwork one day, but I figure I'll get a fully working async setup then pretty it up later...

    (Also thanks to the OpenStock Project for the free coin graphic)

Sign In or Register to comment.