Monkuar Posted May 27, 2013 Share Posted May 27, 2013 (edited) like I don't want people to beable to use tamper data and just send in requests "ATTACKMOnster" "health/etc".... I need to setup some type of button or $_POST that can only be clicked/etc (Serverside too) if a user is actually killing a monster or clicking "Attack"....... Any idea? Hard to explain, but I need some type of mini captcha system in-game while people are attacking/killing mobs, so they just cant macro or refresh crap. (It's possible I guess to set a row in their column with a timestamp) via MYSQL and don't let them spam attacks/etc ( Kind of like a speedhack check? ) thx EDIT: TLDR.. Think of a hack in a MMORPG that sucks all the mobs and autoattacks, same thing here, but with PHP, how to stop that? Edited May 27, 2013 by Monkuar Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/ Share on other sites More sharing options...
Muddy_Funster Posted May 27, 2013 Share Posted May 27, 2013 preventing people from botting has been a bugbear of MMO developers for as long as there have been MMOs. There's not enough to work with for us to make practical suggestions for your code, Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432489 Share on other sites More sharing options...
jcbones Posted May 27, 2013 Share Posted May 27, 2013 Without extensive look at your code, I would suggest looking at tokens based on time. Setting the token in the session, and then making sure the next page request matches that token. Of, course, you would change the token each new request. Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432518 Share on other sites More sharing options...
mac_gyver Posted May 27, 2013 Share Posted May 27, 2013 you need to generate unique one-time tokens that are output in forms/links that are 'consumed' when they are used. by only producing a token at the appropriate point (a token produced at the point of starting an attack on a specific recourse, can only be used to carry out it's corresponding action on that resource) and by marking the token as being used once it has been submitted, you insure that someone at least visited the correct starting point to carry out an action and that they can only perform that action once per visit to that starting point. by keeping a recent history of the tokens, the action/resource the are for, and a timestamp of when they were created and used, you can create logic to prevent some of the automated flooding. Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432519 Share on other sites More sharing options...
Monkuar Posted May 27, 2013 Author Share Posted May 27, 2013 Would a more simplier idea be, just give users 150 "Stamina" per day? Each mob or XX amount of mobs killed, they lose X amount of stamina? Then they can either buy extra stamina through in-game cash shop/points/gold/etc? The token system, is like a column name in their character row, with a timestamp being updated? Or a table called character_tokens, with all the game mechanics and then fill that with their user_id, character_id, timestamp/etc? Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432613 Share on other sites More sharing options...
Q695 Posted May 27, 2013 Share Posted May 27, 2013 Do the calculations server side, and have the character interactions be the only thing going to the client. Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432620 Share on other sites More sharing options...
Monkuar Posted May 27, 2013 Author Share Posted May 27, 2013 I'm doing this so people cannot spam attacks vs mob. session_start(); if(isset($_SESSION['last_visit']) && time() - $_SESSION['last_visit'] < 2.5) { echo '<script>createToast("How can you swing your sword so fast?","danger",2500);</script>';exit; } $_SESSION['last_visit'] = time(); Also everything is serverside, and the mob will eventually die, or your character will die again.. Once that happens, how would I make it so the user revives? Do a small number verification captcha to have your character revive? (Seems like it would help mitigate automated refreshes?) Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432628 Share on other sites More sharing options...
Q695 Posted May 28, 2013 Share Posted May 28, 2013 Then put a dynamic string on each target to look up the target when it's being attacked. Quote Link to comment https://forums.phpfreaks.com/topic/278417-rpg-attack-system-need-help-on-to-make-unique-forms/#findComment-1432817 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.